Computer Security Fundamentals by Chuck Easttom Chapter 8 Encryption.

Slides:



Advertisements
Similar presentations
Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.
Advertisements

Module XXI Cryptography
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Crytography Chapter 8.
Principles of Information Security, 2nd edition1 Cryptography.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Chapter 12 Cryptography (slides edited by Erin Chambers)
David Froot.  How do we transmit information and data, especially over the internet, in a way that is secure and unreadable by anyone but the sender.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
A Cryptography Education Tool Anna Yu Department of Computer Science College of Engineering North Carolina A&T State University June 18, 2009.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Linux Networking and Security Chapter 8 Making Data Secure.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography, Authentication and Digital Signatures
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs.
Lecture 2: Introduction to Cryptography
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Computer Security Fundamentals
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
Chapter 8 Network Security.
Cryptography and Security Technologies
Cryptography.
CompTIA Security+ Study Guide (SY0-501)
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Virtual Private Networks (VPN)
10/7/2019 Created by Omeed Mustafa 1 st Semester M.Sc (Computer Science department) Cyber-Security.
Presentation transcript:

Computer Security Fundamentals by Chuck Easttom Chapter 8 Encryption

© 2012 Pearson, Inc. Chapter 8 Encryption 2 Chapter 8 Objectives Explain the basics of encryption Discuss modern cryptography methods Select appropriate cryptography for your organization Understand the function and protocols of VPNs

© 2012 Pearson, Inc. Chapter 8 Encryption 3 Introduction Encryption  Scrambling information.  One critical part to the security puzzle.  Without it, all security measures are inadequate. Cryptography  An art form

© 2012 Pearson, Inc. Chapter 8 Encryption 4 Cryptography Basics Decryption  Reversal of the scrambling protocol Encryption  Algorithm scrambles plain  Sender and receiver agree on algorithm  Message difficult to re-create without protocol

© 2012 Pearson, Inc. Chapter 8 Encryption 5 Cryptography Basics (cont.) Two basic types Single/symmetric key encryption  Stream  Block  Substitution and transposition Public/asymmetric key encryption

© 2012 Pearson, Inc. Chapter 8 Encryption 6 History of Encryption Old as written communication and war Caesar Cipher  Shift cipher A DOG  Shift 1 – B EPH  Shift 2 – C FQI  Shift negative 1 – Z CNF

© 2012 Pearson, Inc. Chapter 8 Encryption 7 History of Encryption (cont.) Caesar Cipher  Frequency distribution cracks this simple cipher.  Substitution alphabet. Substitutes one letter in the alphabet for another. Caesar is a mono-alphabetic cipher.

© 2012 Pearson, Inc. Chapter 8 Encryption 8 History of Encryption (cont.) Multi-alphabetic  Select multiple shifts Shift 1, 2, –1 Rotate through the shifts A DOG becomes B FNH  Old cipher considered weak today

© 2012 Pearson, Inc. Chapter 8 Encryption 9 History of Encryption (cont.) Binary Operations  AND, OR, XOR Example of AND operation

© 2012 Pearson, Inc. Chapter 8 Encryption 10 History of Encryption (cont.) Example of OR operation

© 2012 Pearson, Inc. Chapter 8 Encryption 11 History of Encryption (cont.) Example of XOR operation

© 2012 Pearson, Inc. Chapter 8 Encryption 12 History of Encryption (cont.) XOR only reversible binary operation  Convert plain text to ASCII A DOG =  Then, convert ASCII to binary , , ,

© 2012 Pearson, Inc. Chapter 8 Encryption 13 History of Encryption (cont.) XOR the ASCII , , , , , , , , , Result is cipher text.

© 2012 Pearson, Inc. Chapter 8 Encryption 14 Cryptography Terms Key: The bits that are combined with the plain text to encrypt it. In some cases this is random numbers; in other cases it is the result of some mathematical operation. Plain text: The unencrypted text. Cipher text: The encrypted text. Algorithm: A mathematical process for doing something.

© 2012 Pearson, Inc. Chapter 8 Encryption 15 Modern Methods Single key (symmetric) encryption  Same key to encrypt and decrypt Blowfish  Symmetric block cipher  Works on “blocks” of letters  Uses variable length key (32–448 bits)  Freeware

© 2012 Pearson, Inc. Chapter 8 Encryption 16 Modern Methods (cont.) Data Encryption Standard (DES) 1. Divided into 64-bit blocks; then transposed 2. Manipulated by 16 steps of encryption, using 56-bit key 3. Scrambled by a swapping algorithm 4. Transposed one final time

© 2012 Pearson, Inc. Chapter 8 Encryption 17 Modern Methods (cont.) Advanced Encryption Standard (AES). Advanced Encryption Standard was the algorithm eventually chosen to replace DES. It is a block cipher that works on 128- bit blocks. It can have one of three key sizes of 128, 192, or 256 bits. This was selected by the United States government to be the replacement for DES and is now the most widely used symmetric key algorithm.

© 2012 Pearson, Inc. Chapter 8 Encryption 18 Modern Methods (cont.) One major problem with symmetric key encryption How do you transmit the symmetric key? The answer: public key encryption

© 2012 Pearson, Inc. Chapter 8 Encryption 19 Modern Methods (cont.) Public key (asymmetric) encryption  Opposite of single key encryption.  One key (public key) used to encrypt.  One key (private key) used to decrypt.  Only holder of a private key can decrypt messages.

© 2012 Pearson, Inc. Chapter 8 Encryption 20 Modern Methods (cont.) Public key (asymmetric) encryption  Depends on large prime numbers, factoring, and number theory.  Public key encryption is most widely used.  Pretty Good Privacy (PGP): Freeware Quite secure

© 2012 Pearson, Inc. Chapter 8 Encryption 21 Modern Methods (cont.) Public key (asymmetric) encryption  Pretty Good Privacy (PGP) Freeware Phil Zimmerman – 2004 Quite secure

© 2012 Pearson, Inc. Chapter 8 Encryption 22 Modern Methods (cont.) The MIT Distribution Center for PGP home page (

© 2012 Pearson, Inc. Chapter 8 Encryption 23 Modern Methods (cont.) Public key (asymmetric) encryption  RSA You start by generating two large random primes, p and q, of approximately equal size. Now you need to pick two numbers so that when multiplied together the product will be the size you want (that is, 128 bits, 256 bits, and so on). Now multiply p and q to get n. Let n = pq Let m = (p - 1)(q – 1)

© 2012 Pearson, Inc. Chapter 8 Encryption 24 Modern Methods (cont.) Public key (asymmetric) encryption  RSA Now select another number; call this number e. Pick e so that it is co-prime to m. Choose a small number e, co-prime to m. Youare almost done generating a key. Now you just find a number d that when multiplied by e and modulo m would yield a 1. (Note: Modulo means to divide two numbers and return the remainder. For example 8 modulo 3 would be 2.). Find d, such that de % m = 1. Now publish e and n as the public key. Keep d and n as the secret key. To encrypt, simply take your message raised to the e power and modulo n.

© 2012 Pearson, Inc. Chapter 8 Encryption 25 Modern Methods (cont.) The RSA Security home page (

© 2012 Pearson, Inc. Chapter 8 Encryption 26 Modern Methods (cont.) Legitimate versus fraudulent encryption  Warning signs of frauds Unbreakable Certified Inexperienced people

Digital Signatures A digital signature is not used to ensure the confidentiality of a message, but rather to guarantee who sent the message. This is referred to as nonrepudiation. Essentially, it proves who the sender is. Digital signatures are actually rather simple, but clever. They simply reverse the asymmetric encryption process. Recall that in asymmetric encryption the public key (which anyone can have access to) is used to encrypt a message to the recipient, and the private key (which is kept secure and private) can decrypt it. With a digital signature, the sender encrypts something with his private key. If the recipient can decrypt that with the sender's public key, then it must have been sent by the person purported to have sent the message. © 2012 Pearson, Inc. Chapter 8 Encryption 27

Hash Hashing is a type of cryptographic algorithm that has some specific characteristics. First and foremost it is one way. That means you cannot "unhash" something. The second characteristic is that you get a fixed-length output no matter what input is given. Finally, it should have few or no collisions. A collision is when two different inputs provide the same output. © 2012 Pearson, Inc. Chapter 8 Encryption 28

Authentication PAP: Password Authentication Protocol is the simplest form of authentication and the least secure. Usernames and passwords are sent unencrypted in plain text. SPAP: Shiva Password Authentication Protocol is an extension to PAP that does encrypt the username and password that is sent over the Internet. © 2012 Pearson, Inc. Chapter 8 Encryption 29

Authentication (Continued) CHAP: Challenge Handshake Authentication Protocol calculates a hash after the user has logged in. Then it shares that hash with the client system. Periodically the server asks the client to provide that hash. (This is the challenge part.) Kerberos: Kerberos is used widely, particularly with Microsoft operating systems. It was invented at MIT and derives its name from the mythical three-headed dog that was reputed to guard the gates of Hades. © 2012 Pearson, Inc. Chapter 8 Encryption 30

© 2012 Pearson, Inc. Chapter 8 Encryption 31 Virtual Private Networks Virtual Private Networks (VPN)  Virtual connection through the Internet  Packets are encrypted  Protocols PPTP L2TP IPSec

© 2012 Pearson, Inc. Chapter 8 Encryption 32 Virtual Private Networks (cont.) PPTP – Point-to-Point Protocol  Secure extension of PPP  Authenticates users Extensible Authentication Protocol (EAP) Challenge Handshake Authentication Protocol (CHAP)  Encrypts packets Microsoft Point-to-Point Encryption (MPPE)

© 2012 Pearson, Inc. Chapter 8 Encryption 33 Virtual Private Networks (cont.) L2TP – Layer 2 Tunneling Protocol  Five user authentication methods: CHAP and EAP plus: PAP – Password Authentication Protocol SPAP – Shiva Password Authentication Protocol MS-CHAP – Microsoft-specific extension of CHAP

© 2012 Pearson, Inc. Chapter 8 Encryption 34 Virtual Private Networks (cont.)  IPSec – Internet Protocol Security Used by L2TP for encryption Encrypts packet data and header Prevents unauthorized retransmission of packets

© 2012 Pearson, Inc. Chapter 8 Encryption 35 Summary Encryption is a basic element of security. Encrypting data when transmitting is an integral part of any security plan.