IS3230 Access Security Unit 9 PKI and Encryption

Class Agenda 11/12/15 Chapter 13 Learning Objectives Lesson Presentation and Discussions. Quiz 4 will be held today Lab Activities will be performed in class. Assignments will be given in class. Break Times. 10 Minutes break in every 1 Hour. Note: All Assignment and labs due today.

Learning Objective Implement public key infrastructure (PKI) and encryption solutions to ensure the confidentiality of business communications.

Key Concepts PKI—component parts and their roles Non-repudiation and digital signatures PKI certificate authorities (CAs) Encryption processes Encryption in everyday life

Public Key Infrastructure (PKI) Important management tool for the use of: Digital certificates: Asymmetric cryptography Aspects of PKI Public-key cryptography standards Trust models Key management Security+ Guide to Network Security Fundamentals, Fourth Edition

Managing Digital Certificates Technologies used for managing digital certificates Certificate Authority (CA) Registration Authority (RA) Certificate Revocation List (CRL) Certificate Repository (CR) Certificate Server Web browser Certificate Authority Trusted third party Responsible for issuing digital certificates Can be internal or external to an organization

Defining Cryptography What is cryptography? Scrambling information so it appears unreadable to attackers Transforms information into secure form Steganography Hides the existence of data Image, audio, or video files containing hidden message embedded in the file Achieved by dividing data and hiding in unused portions of the file Security+ Guide to Network Security Fundamentals, Fourth Edition

What is Cryptography? (cont’d.) Origins of cryptography Used by Julius Caesar Encryption Changing original text into a secret message using cryptography Decryption Changing secret message back to original form Cleartext data Data stored or transmitted without encryption

What is Cryptography? (cont’d.) Plaintext Data to be encrypted Input into an encryption algorithm Key Mathematical value entered into the algorithm to produce ciphertext (scrambled text) Reverse process uses the key to decrypt the message

Figure 11-2 Cryptography process © Cengage Learning 2012

Shared Key Encryption Data Key Encryption Process on System 1 System 2 applies shared key to decrypt encrypted data Encryption Data sent to System 2 Original Data

Cryptography and Security Cryptography can provide five basic information protections Confidentiality Insures only authorized parties can view it Integrity Insures information is correct and unaltered Availability Authorized users can access it Authenticity of the sender Nonrepudiation Proves that a user performed an action

Cryptographic Algorithms Three categories of cryptographic algorithms Hash algorithms Symmetric encryption algorithms Asymmetric encryption algorithms Most basic type of cryptographic algorithm Process for creating a unique digital fingerprint for a set of data Primarily used for comparison purposes Example of hashing (ATMs)

Symmetric Cryptographic Algorithms Original cryptographic algorithms Data Encryption Standard Triple Data Encryption Standard Advanced Encryption Standard Several other algorithms Diffie-Hellman key exchange Understanding symmetric algorithms Same shared single key used to encrypt and decrypt document

Figure 11-6 Symmetric (private key) cryptography © Cengage Learning 2012

Asymmetric Cryptographic Algorithms Weakness of symmetric algorithms Distributing and maintaining a secure single key among multiple users distributed geographically Asymmetric cryptographic algorithms Also known as public key cryptography Uses two mathematically related keys Public key available to everyone and freely distributed Private key known only to individual to whom it belongs

Security+ Guide to Network Security Fundamentals, Fourth Edition Figure 11-12 Asymmetric (public key) cryptography © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Asymmetric Cryptographic Algorithms (cont’d.) Important principles Key pairs Public key Private key Both directions Digital signature Verifies the sender Prevents sender from disowning the message Proves message integrity

Figure 11-13 Digital signature © Cengage Learning 2012

Asymmetric Cryptographic Algorithms (cont’d.) RSA Published in 1977 and patented by MIT in 1983 Most common asymmetric cryptography algorithm Uses two large prime numbers Elliptic curve cryptography (ECC) Users share one elliptic curve and one point on the curve Uses less computing power than prime number-based asymmetric cryptography Key sizes are smaller

Digital Certificates Common application of cryptography Digital signature Used to prove a document originated from a valid sender Weakness of using digital signatures Imposter could post a public key under a sender’s name Trusted third party Used to help solve the problem of verifying identity Verifies the owner and that the public key belongs to that owner Helps prevent man-in-the-middle attack that impersonates owner of public key

Defining Digital Certificates (cont’d.) Information contained in a digital certificate Owner’s name or alias Owner’s public key Issuer’s name Issuer’s digital signature Digital certificate’s serial number Expiration date of the public key Security+ Guide to Network Security Fundamentals, Fourth Edition

Certificate Authority Duties of a CA Generate, issue, an distribute public key certificates Distribute CA certificates Generate and publish certificate status information Provide a means for subscribers to request revocation Revoke public-key certificates Maintain security, availability, and continuity of certificate issuance signing functions Security+ Guide to Network Security Fundamentals, Fourth Edition

Registration Authority Subordinate entity designed to handle specific CA tasks Offloading registration functions creates improved workflow for CA General duties of an RA Receive, authenticate, and process certificate revocation requests Identify and authenticate subscribers Security+ Guide to Network Security Fundamentals, Fourth Edition

Managing Digital Certificates Web browser management Modern Web browsers preconfigured with default list of CAs Advantages Users can take advantage of digital certificates without need to manually load information Users do not need to install a CRL manually Automatic updates feature will install them automatically if feature is enabled Security+ Guide to Network Security Fundamentals, Fourth Edition

Certificate Revocation List Lists digital certificates that have been revoked Reasons a certificate would be revoked Certificate is no longer used Details of the certificate have changed, such as user’s address Private key has been lost or exposed (or suspected lost or exposed) Security+ Guide to Network Security Fundamentals, Fourth Edition

Encryption Through Software File and file system cryptography Encryption software can be applied to one or many files Protecting groups of files Based on operating system’s file system Pretty Good Privacy (PGP) Widely used asymmetric cryptography system Used for files and e-mails on Windows systems GNU Privacy Guard (GPG) Runs on Windows, UNIX, and Linux

Encryption Through Software Whole disk encryption Protects all data on a hard drive Example: BitLocker drive encryption software Security+ Guide to Network Security Fundamentals, Fourth Edition

Importance of Digital Signatures Organizations are implementing standard digital signatures to: Cut operational costs. Automate and expedite business processes. Address legal compliance and limit liability. Go green.

Summary Shared encryption key PKI-enabled applications Importance of digital signatures

Unit 8 Lab Activities Lab # 9: Apply Encryption to Mitigate risk Complete the lab activities in class

Unit 8 Assignments Unit 9: Assignment: Complete chapter 13 Assessment Reading assignment: Read Chapters 14 for the next class