Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Linux Networking and Security Chapter 8 Making Data Secure.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography, Authentication and Digital Signatures
Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.
CSCE 201 Introduction to Information Security Fall 2010 Data Protection.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 2 “Cryptographic Tools”.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lecture 2: Introduction to Cryptography
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
Cryptography Gerard Klonarides. What is cryptography? Symmetric Encryption Symmetric Encryption Asymmetric Encryption Asymmetric Encryption Other cryptography.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
BCIS 4630 Fundamentals of IT Security
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Cryptographic Hash Function
Encryption. Encryption Basics • Plaintext - the original message ABCDEFG • Ciphertext - the coded message DFDFSDFSD • Cipher - algorithm for.
Cryptographic Algorithms
Encryption
IS3230 Access Security Unit 9 PKI and Encryption
Presentation transcript:

Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition

Security+ Guide to Network Security Fundamentals, 2e 2 Objectives Define cryptography Secure with cryptography hashing algorithms Protect with symmetric encryption algorithms Harden with asymmetric encryption algorithms Explain how to use cryptography

Security+ Guide to Network Security Fundamentals, 2e 3 Cryptography Terminology Cryptography: science of transforming information so it is secure while being transmitted or stored Steganography: attempts to hide existence of data Encryption: changing the original text to a secret message using cryptography

Security+ Guide to Network Security Fundamentals, 2e 4 Cryptography Terminology (continued) Decryption: reverse process of encryption Algorithm: process of encrypting and decrypting information based on a mathematical procedure Key: value used by an algorithm to encrypt or decrypt a message

Security+ Guide to Network Security Fundamentals, 2e 5 Cryptography Terminology (continued) Weak key: mathematical key that creates a detectable pattern or structure Plaintext: original unencrypted information (also known as clear text) Cipher: encryption or decryption algorithm tool used to create encrypted or decrypted text Ciphertext: data that has been encrypted by an encryption algorithm

Security+ Guide to Network Security Fundamentals, 2e 6 Cryptography Terminology (continued)

Security+ Guide to Network Security Fundamentals, 2e 7 How Cryptography Protects Intended to protect the confidentiality of information Second function of cryptography is authentication Should ensure the integrity of the information as well Should also be able to enforce nonrepudiation, the inability to deny that actions were performed Can be used for access control

Security+ Guide to Network Security Fundamentals, 2e 8 Securing with Cryptography Hashing Algorithms One of the three categories of cryptographic algorithms is known as hashing

Security+ Guide to Network Security Fundamentals, 2e 9 Defining Hashing Hashing, also called a one-way hash, creates a ciphertext from plaintext Cryptographic hashing follows this same basic approach Hash algorithms verify the accuracy of a value without transmitting the value itself and subjecting it to attacks A practical use of a hash algorithm is with automatic teller machine (ATM) cards

Security+ Guide to Network Security Fundamentals, 2e 10 Defining Hashing (continued)

Security+ Guide to Network Security Fundamentals, 2e 11 Defining Hashing (continued) Hashing is typically used in two ways: –To determine whether a password a user enters is correct without transmitting the password itself –To determine the integrity of a message or contents of a file Hash algorithms are considered very secure if the hash that is produced has the characteristics listed on pages 276 and 277 of the text

Security+ Guide to Network Security Fundamentals, 2e 12 Defining Hashing (continued)

Security+ Guide to Network Security Fundamentals, 2e 13 Message Digest (MD) Message digest 2 (MD2) takes plaintext of any length and creates a hash 128 bits long –MD2 divides the message into 128-bit sections –If the message is less than 128 bits, data known as padding is added Message digest 4 (MD4) was developed in 1990 for computers that processed 32 bits at a time –Takes plaintext and creates a hash of 128 bits –The plaintext message itself is padded to a length of 512 bits

Security+ Guide to Network Security Fundamentals, 2e 14 Message Digest (MD) (continued) Message digest 5 (MD5) is a revision of MD4 designed to address its weaknesses –The length of a message is padded to 512 bits –The hash algorithm then uses four variables of 32 bits each in a round-robin fashion to create a value that is compressed to generate the hash

Security+ Guide to Network Security Fundamentals, 2e 15 Secure Hash Algorithm (SHA) Patterned after MD4 but creates a hash that is 160 bits in length instead of 128 bits The longer hash makes it more resistant to attacks SHA pads messages less than 512 bits with zeros and an integer that describes the original length of the message

Security+ Guide to Network Security Fundamentals, 2e 16 Protecting with Symmetric Encryption Algorithms Most common type of cryptographic algorithm (also called private key cryptography) Use a single key to encrypt and decrypt a message With symmetric encryption, algorithms are designed to decrypt the ciphertext –It is essential that the key be kept confidential: if an attacker secured the key, she could decrypt any messages

Security+ Guide to Network Security Fundamentals, 2e 17 Protecting with Symmetric Encryption Algorithms (continued) Can be classified into two distinct categories based on amount of data processed at a time: –Stream cipher (such as a substitution cipher) –Block cipher Substitution ciphers substitute one letter or character for another –Also known as a monoalphabetic substitution cipher –Can be easy to break

Security+ Guide to Network Security Fundamentals, 2e 18 Protecting with Symmetric Encryption Algorithms (continued)

Security+ Guide to Network Security Fundamentals, 2e 19 Protecting with Symmetric Encryption Algorithms (continued) A homoalphabetic substitution cipher maps a single plaintext character to multiple ciphertext characters A transposition cipher rearranges letters without changing them With most symmetric ciphers, the final step is to combine the cipher stream with the plaintext to create the ciphertext

Security+ Guide to Network Security Fundamentals, 2e 20 Protecting with Symmetric Encryption Algorithms (continued)

Security+ Guide to Network Security Fundamentals, 2e 21 Protecting with Symmetric Encryption Algorithms (continued) A block cipher manipulates an entire block of plaintext at one time The plaintext message is divided into separate blocks of 8 to 16 bytes and then each block is encrypted independently The blocks can be randomized for additional security

Security+ Guide to Network Security Fundamentals, 2e 22 Data Encryption Standard (DES) One of the most popular symmetric cryptography algorithms DES is a block cipher and encrypts data in 64-bit blocks The 8-bit parity bit is ignored so the effective key length is only 56 bits DES encrypts 64-bit plaintext by executing the algorithm 16 times The four modes of DES encryption are summarized on pages 282 and 283

Security+ Guide to Network Security Fundamentals, 2e 23 Triple Data Encryption Standard (3DES) Uses three rounds of encryption instead of just one The ciphertext of one round becomes the entire input for the second iteration Employs a total of 48 iterations in its encryption (3 iterations times 16 rounds) The most secure versions of 3DES use different keys for each round

Security+ Guide to Network Security Fundamentals, 2e 24 Advanced Encryption Standard (AES) Approved by the NIST in late 2000 as a replacement for DES Process began with the NIST publishing requirements for a new symmetric algorithm and requesting proposals Requirements stated that the new algorithm had to be fast and function on older computers with 8-bit, 32-bit, and 64-bit processors

Security+ Guide to Network Security Fundamentals, 2e 25 Advanced Encryption Standard (AES) (continued) Performs three steps on every block (128 bits) of plaintext Within step 2, multiple rounds are performed depending upon the key size: –128-bit key performs 9 rounds –192-bit key performs 11 rounds –256-bit key uses 13 rounds

Security+ Guide to Network Security Fundamentals, 2e 26 Rivest Cipher (RC) Family of cipher algorithms designed by Ron Rivest He developed six ciphers, ranging from RC1 to RC6, but did not release RC1 and RC3 RC2 is a block cipher that processes blocks of 64 bits RC4 is a stream cipher that accepts keys up to 128 bits in length

Security+ Guide to Network Security Fundamentals, 2e 27 International Data Encryption Algorithm (IDEA) IDEA algorithm dates back to the early 1990s and is used in European nations Block cipher that processes 64 bits with a 128-bit key with 8 rounds

Security+ Guide to Network Security Fundamentals, 2e 28 Blowfish Block cipher that operates on 64-bit blocks Can have a key length from 32 to 448 bits

Security+ Guide to Network Security Fundamentals, 2e 29 Hardening with Asymmetric Encryption Algorithms The primary weakness of symmetric encryption algorithm is keeping the single key secure This weakness, known as key management, poses a number of significant challenges Asymmetric encryption (or public key cryptography) uses two keys instead of one –The private key typically is used to encrypt the message –The public key decrypts the message

Security+ Guide to Network Security Fundamentals, 2e 30 Hardening with Asymmetric Encryption Algorithms (continued)

Security+ Guide to Network Security Fundamentals, 2e 31 Rivest Shamir Adleman (RSA) Asymmetric algorithm published in 1977 and patented by MIT in 1983 Most common asymmetric encryption and authentication algorithm Included as part of the Web browsers from Microsoft and Netscape as well as other commercial products Multiplies two large prime numbers

Security+ Guide to Network Security Fundamentals, 2e 32 Diffie-Hellman Unlike RSA, the Diffie-Hellman algorithm does not encrypt and decrypt text Strength of Diffie-Hellman is that it allows two users to share a secret key securely over a public network Once the key has been shared, both parties can use it to encrypt and decrypt messages using symmetric cryptography

Security+ Guide to Network Security Fundamentals, 2e 33 Elliptic Curve Cryptography First proposed in the mid-1980s Instead of using prime numbers, uses elliptic curves An elliptic curve is a function drawn on an X-Y axis as a gently curved line By adding the values of two points on the curve, you can arrive at a third point on the curve

Security+ Guide to Network Security Fundamentals, 2e 34 Understanding How to Use Cryptography Cryptography can provide a major defense against attackers If an message or data stored on a file server is encrypted, even a successful attempt to steal that information will be of no benefit if the attacker cannot read it

Security+ Guide to Network Security Fundamentals, 2e 35 Digital Signature Encrypted hash of a message that is transmitted along with the message Helps to prove that the person sending the message with a public key is whom he/she claims to be Also proves that the message was not altered and that it was sent in the first place

Security+ Guide to Network Security Fundamentals, 2e 36 Benefits of Cryptography Five key elements: –Confidentiality –Authentication –Integrity –Nonrepudiation –Access control

Security+ Guide to Network Security Fundamentals, 2e 37 Benefits of Cryptography (continued)

Security+ Guide to Network Security Fundamentals, 2e 38 Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) PGP is perhaps most widely used asymmetric cryptography system for encrypting messages on Windows systems –Commercial product GPG is a free product

Security+ Guide to Network Security Fundamentals, 2e 39 Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) (continued) GPG versions run on Windows, UNIX, and Linux operating systems PGP and GPG use both asymmetric and symmetric cryptography PGP can use either RSA or the Diffie-Hellman algorithm for the asymmetric encryption and IDEA for the symmetric encryption

Security+ Guide to Network Security Fundamentals, 2e 40 Microsoft Windows Encrypting File System (EFS) Encryption scheme for Windows 2000, Windows XP Professional, and Windows 2003 Server operating systems that use the NTFS file system Uses asymmetric cryptography and a per-file encryption key to encrypt and decrypt data When a user encrypts a file, EFS generates a file encryption key (FEK) to encrypt the data

Security+ Guide to Network Security Fundamentals, 2e 41 Microsoft Windows Encrypting File System (EFS) (continued) The FEK is encrypted with the user’s public key and the encrypted FEK is then stored with the file EFS is enabled by default When using Microsoft EFT, the tasks recommended are listed on page 293 of the text

Security+ Guide to Network Security Fundamentals, 2e 42 UNIX Pluggable Authentication Modules (PAM) When UNIX was originally developed, authenticating a user was accomplished by requesting a password from the user and checking whether the entered password corresponded to the encrypted password stored in the user database /etc/passwd Each new authentication scheme requires all the necessary programs, such as login and ftp, to be rewritten to support it

Security+ Guide to Network Security Fundamentals, 2e 43 UNIX Pluggable Authentication Modules (PAM) (continued) A solution is to use PAMs Provides a way to develop programs that are independent of the authentication scheme

Security+ Guide to Network Security Fundamentals, 2e 44 Linux Cryptographic File System (CFS) Linux users can add one of several cryptographic systems to encrypt files One of the most common is the CFS Other Linux cryptographic options are listed on pages 294 and 295 of the text

Security+ Guide to Network Security Fundamentals, 2e 45 Summary Cryptography seeks to fulfill five key security functions: confidentiality, authentication, integrity, nonrepudiation, and access control Hashing, also called a one-way hash, creates a ciphertext from plaintext Symmetric encryption algorithms use a single key to encrypt and decrypt a message

Security+ Guide to Network Security Fundamentals, 2e 46 Summary (continued) A digital certificate helps to prove that the person sending the message with a public key is actually whom they claim to be, that the message was not altered, and that it cannot be denied that the message was sent The most widely used asymmetric cryptography system for encrypting messages on Windows systems is PGP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.