Chapter 7: Cryptographic Systems CCNA Security v2.0
Chapter Outline 7.0 Introduction 7.1 Cryptographic Services 7.2 Basic Integrity and Authenticity 7.3 Confidentiality 7.4 Public Key Cryptography 7.5 Summary Chapter Outline
Section 7.1: Cryptographic Services Upon completion of this section, you should be able to: Explain the requirements of secure communications including integrity, authentication, and confidentiality. Explain cryptography. Describe cryptoanalysis. Describe cryptology.
Topic 7.1.1: Securing Communications
Authentication, Integrity, and Confidentiality
Authentication 7.1.1.2 Authentication
Data Integrity 7.1.1.3 Data Integrity
Data Confidentiality 7.1.1.4 Data Confidentiality 7.1.1.5 Activity – Identify the Secure Communication Objective
Topic 7.1.2: Cryptography
Creating Ciphertext Ciphertext can be creating using several methods: Transposition Substitution One-time pad 7.1.2.1 Creating Ciphertext
Transposition Ciphers
Substitution Ciphers xxxx 7.1.2.3 Substitution Ciphers 7.1.2.4 Substitution Ciphers (Cont.)
One-Time Pad Ciphers 7.1.2.5 One-Time Pad Ciphers
Topic 7.1.3: Cryptanalysis
Cracking Code 7.1.3.1 Cracking Code
Methods for Cracking Code Methods used for cryptanalysis: Brute-force method Ciphertext method Known-Plaintext method Chosen-Plaintext method Chosen-Ciphertext method Meet-in-the-Middle method 7.1.3.2 Methods for Cracking Code
Methods for Cracking Code Frequency Analysis of the English Alphabet 7.1.3.3 Cracking Code Example Deciphering Using Frequency Analysis
Topic 7.1.4: Cryptology
Making and Breaking Secret Codes
Cryptanalysis 7.1.4.2 Cryptanalysis
The Secret is in the Keys 7.1.4.4 Activity – Identify the Cryptology Terminology
Section 7.2: Basic Integrity and Authenticity Upon completion of the section, you should be able to: Describe the purpose of cryptographic hashes. Explain how MD5 and SHA-1 are used to secure data communications. Describe authenticity with HMAC. Describe the components of key management.
Topic 7.2.1: Cryptographic Hashes
Cryptographic Hash Function
Cryptographic Hash Function Properties
Well-Known Hash Functions
Topic 7.2.2: Integrity with MD5, SHA-1, and SHA-2
Message Digest 5 Algorithm
Secure Hash Algorithm 7.2.2.2 Secure Hash Algorithm
MD5 Versus SHA 7.2.2.3 MD5 Versus SHA
Topic 7.2.3: Authenticity with HMAC
Keyed-Hash Message Authentication Code
HMAC Operation 7.2.3.2 HMAC Operation
Hashing in Cisco Products
Topic 7.2.4: Key Management
Characteristics of Key Management
Key Length and Keyspace 7.2.4.2 Key Size and Keyspace
The Keyspace 7.2.4.3 The Keyspace
Types of Cryptographic Keys Symmetric keys Asymmetric keys Digital signatures Hash keys 7.2.4.4 Types of Cryptographic Keys
Choosing Cryptographic Keys 7.2.4.6 Activity – Identify the Characteristics of Key Management
Section 7.3: Confidentiality Upon completion of the section, you should be able to: Explain how encryption algorithms provide confidentiality. Explain the function of the DES, 3DES, and the AES algorithms . Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithms.
Topic 7.3.1: Encryption
Two Classes of Encryption Algorithms
Symmetric and Asymmetric Encryption
Symmetric Encryption 7.3.1.3 Symmetric Encryption
Symmetric Block Ciphers and Stream Ciphers
Choosing an Encryption Algorithm 7.3.1.6 Activity – Compare Symmetric and Asymmetric Encryption Algorithms
Topic 7.3.2: Data Encryption Standard
DES Symmetric Encryption
DES Summary 7.3.2.2 DES Summary
Improving DES with 3DES 7.3.2.3 Improving DES with 3DES
3DES Operation 7.3.2.4 3DES Operation
AES Origins 7.3.2.5 AES Origins
AES Summary 7.3.2.6 AES Summary
Topic 7.3.3: Alternate Encryption Algorithms
Software-Optimized Encryption Algorithm (SEAL) SEAL has several restrictions: The Cisco router and the peer must support IPsec. The Cisco router and the other peer must run an IOS image that supports encryption. The router and the peer must not have hardware IPsec encryption. 7.3.3.1 Software-Optimized Encryption Algorithm (SEAL)
RC Algorithms 7.3.3.2 RC Algorithms
Topic 7.3.4: Diffie-Hellman Key Exchange
Diffie-Hellman (DH) Algorithm
DH Operation 7.3.4.2 DH Operation 7.3.4.3 Activity – Identify the Steps of the DH Process
Section 7.4: Public Key Cryptography Upon completion of the section, you should be able to: Explain the differences between symmetric and asymmetric encryptions and their intended applications. Explain the functionality of digital signatures. Explain the principles of a public key infrastructure (PKI).
Topic 7.4.1: Symmetric Versus Asymmetric Encryption
Asymmetric Key Algorithms Four protocols that use asymmetric key algorithms: Internet Key Exchange (IKE) Secure Socket Layer (SSL) Secure Shell (SSH) Pretty Good Privacy (PGP) 7.4.1.1 Asymmetric Key Algorithms
Public Key + Private Key = Confidentiality
Private Key + Public Key = Authenticity
Asymmetric Algorithms Please use all 4 Figs from this page with the Graphic titles as they tell a story. It may require 2 slides. Asymmetric Algorithms Alice Encrypts Message Using Bob’s Public Key Alice Encrypts A Hash Using Bob’s Public Key 7.4.1.4 Asymmetric Algorithms
Asymmetric Algorithms Bob Uses Alice’s Public Key to Decrypt Hash Bob Uses His Public Key to Decrypt Message 7.4.1.4 Asymmetric Algorithms (Cont.)
Types of Asymmetric Algorithms 7.4.1.6 Activity – Identify the Key Types Required to Provide Authenticity and Confidentiality
Topic 7.4.2: Digital Signatures
Using Digital Signatures Digital Signature Properties: Signature is authentic Signature is unalterable Signature is not reusable Signature cannot be repudiated 7.4.2.1 Using Digital Signatures
Code Signing Digitally signing code provides several assurances about the code: The code is authentic and is actually sourced by the publisher. The code has not been modified since it left the software publisher. The publisher undeniably published the code. 7.4.2.2 Code Signing
Digital Certificates 7.4.2.3 Digital Certificates
Using Digital Certificates Sending a Digital Certificate 7.4.2.4 Using Digital Certificates Receiving a Digital Certificate
Digital Signature Algorithms DSA Scorecard 7.4.2.5 Digital Signature Algorithms 7.4.2.6 Activity – Compare Code Signing and Digital Certificates RSA Scorecard
Topic 7.4.3: Public Key Infrastructure
Public Key Infrastructure Overview
PKI Framework Elements of the PKI Framework PKI Example
Certificate Authorities
Interoperability of Different PKI Vendors
Public-Key Cryptography Standards
Simple Certificate Enrollment Protocol
PKI Topologies Single-Root PKI Topology Cross Certified CA Hierarchical CA
Registration Authority
Digital Certificates and CAs Retrieving CA Certificates 7.4.3.9 Digital Certificates and CAs Submitting Certificate Requests to the CA
Digital Certificates and CAs Peers Authenticate Each Other 7.4.3.9 Digital Certificates and CAs (Cont.) 7.4.3.10 Activity – Identify Elements of the PKI Framework
Section 7.5: Summary Chapter Objectives: Explain the areas of cryptology. Explain to two kinds of encryption algorithms. 7.5.1.1 Video Demonstration – Wireshark Packet Sniffing Usernames, Password, and Web Pages 7.5.1.2 Lab – Exploring Encryption Methods 7.5.1.3 Summary
Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2 https://www.netacad.com