Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS3230 Access Security Unit 9 PKI and Encryption

Published byKirsti Eveliina Majanlahti Modified over 6 years ago

Similar presentations

Presentation on theme: "IS3230 Access Security Unit 9 PKI and Encryption"— Presentation transcript:

1 IS3230 Access Security Unit 9 PKI and Encryption

2 Class Agenda 11/12/15 Chapter 13 Learning Objectives
Lesson Presentation and Discussions. Quiz 4 will be held today Lab Activities will be performed in class. Assignments will be given in class. Break Times. 10 Minutes break in every 1 Hour. Note: All Assignment and labs due today.

3 Learning Objective Implement public key infrastructure (PKI) and encryption solutions to ensure the confidentiality of business communications.

4 Key Concepts PKI—component parts and their roles
Non-repudiation and digital signatures PKI certificate authorities (CAs) Encryption processes Encryption in everyday life

5 Public Key Infrastructure (PKI)
Important management tool for the use of: Digital certificates: Asymmetric cryptography Aspects of PKI Public-key cryptography standards Trust models Key management Security+ Guide to Network Security Fundamentals, Fourth Edition

6 Managing Digital Certificates
Technologies used for managing digital certificates Certificate Authority (CA) Registration Authority (RA) Certificate Revocation List (CRL) Certificate Repository (CR) Certificate Server Web browser Certificate Authority Trusted third party Responsible for issuing digital certificates Can be internal or external to an organization

7 Defining Cryptography
What is cryptography? Scrambling information so it appears unreadable to attackers Transforms information into secure form Steganography Hides the existence of data Image, audio, or video files containing hidden message embedded in the file Achieved by dividing data and hiding in unused portions of the file Security+ Guide to Network Security Fundamentals, Fourth Edition

8 What is Cryptography? (cont’d.)
Origins of cryptography Used by Julius Caesar Encryption Changing original text into a secret message using cryptography Decryption Changing secret message back to original form Cleartext data Data stored or transmitted without encryption

9 What is Cryptography? (cont’d.)
Plaintext Data to be encrypted Input into an encryption algorithm Key Mathematical value entered into the algorithm to produce ciphertext (scrambled text) Reverse process uses the key to decrypt the message

10 Figure 11-2 Cryptography process
© Cengage Learning 2012

11 Shared Key Encryption Data Key Encryption Process on System 1
System 2 applies shared key to decrypt encrypted data Encryption Data sent to System 2 Original Data

12 Cryptography and Security
Cryptography can provide five basic information protections Confidentiality Insures only authorized parties can view it Integrity Insures information is correct and unaltered Availability Authorized users can access it Authenticity of the sender Nonrepudiation Proves that a user performed an action

13 Cryptographic Algorithms
Three categories of cryptographic algorithms Hash algorithms Symmetric encryption algorithms Asymmetric encryption algorithms Most basic type of cryptographic algorithm Process for creating a unique digital fingerprint for a set of data Primarily used for comparison purposes Example of hashing (ATMs)

14 Symmetric Cryptographic Algorithms
Original cryptographic algorithms Data Encryption Standard Triple Data Encryption Standard Advanced Encryption Standard Several other algorithms Diffie-Hellman key exchange Understanding symmetric algorithms Same shared single key used to encrypt and decrypt document

15 Figure 11-6 Symmetric (private key) cryptography
© Cengage Learning 2012

16 Asymmetric Cryptographic Algorithms
Weakness of symmetric algorithms Distributing and maintaining a secure single key among multiple users distributed geographically Asymmetric cryptographic algorithms Also known as public key cryptography Uses two mathematically related keys Public key available to everyone and freely distributed Private key known only to individual to whom it belongs

17 Security+ Guide to Network Security Fundamentals, Fourth Edition
Figure Asymmetric (public key) cryptography © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

18 Asymmetric Cryptographic Algorithms (cont’d.)
Important principles Key pairs Public key Private key Both directions Digital signature Verifies the sender Prevents sender from disowning the message Proves message integrity

19 Figure 11-13 Digital signature
© Cengage Learning 2012

20 Asymmetric Cryptographic Algorithms (cont’d.)
RSA Published in 1977 and patented by MIT in 1983 Most common asymmetric cryptography algorithm Uses two large prime numbers Elliptic curve cryptography (ECC) Users share one elliptic curve and one point on the curve Uses less computing power than prime number-based asymmetric cryptography Key sizes are smaller

21 Digital Certificates Common application of cryptography Digital signature Used to prove a document originated from a valid sender Weakness of using digital signatures Imposter could post a public key under a sender’s name Trusted third party Used to help solve the problem of verifying identity Verifies the owner and that the public key belongs to that owner Helps prevent man-in-the-middle attack that impersonates owner of public key

22 Defining Digital Certificates (cont’d.)
Information contained in a digital certificate Owner’s name or alias Owner’s public key Issuer’s name Issuer’s digital signature Digital certificate’s serial number Expiration date of the public key Security+ Guide to Network Security Fundamentals, Fourth Edition

23 Certificate Authority
Duties of a CA Generate, issue, an distribute public key certificates Distribute CA certificates Generate and publish certificate status information Provide a means for subscribers to request revocation Revoke public-key certificates Maintain security, availability, and continuity of certificate issuance signing functions Security+ Guide to Network Security Fundamentals, Fourth Edition

24 Registration Authority
Subordinate entity designed to handle specific CA tasks Offloading registration functions creates improved workflow for CA General duties of an RA Receive, authenticate, and process certificate revocation requests Identify and authenticate subscribers Security+ Guide to Network Security Fundamentals, Fourth Edition

25 Managing Digital Certificates
Web browser management Modern Web browsers preconfigured with default list of CAs Advantages Users can take advantage of digital certificates without need to manually load information Users do not need to install a CRL manually Automatic updates feature will install them automatically if feature is enabled Security+ Guide to Network Security Fundamentals, Fourth Edition

26 Certificate Revocation List
Lists digital certificates that have been revoked Reasons a certificate would be revoked Certificate is no longer used Details of the certificate have changed, such as user’s address Private key has been lost or exposed (or suspected lost or exposed) Security+ Guide to Network Security Fundamentals, Fourth Edition

27 Encryption Through Software
File and file system cryptography Encryption software can be applied to one or many files Protecting groups of files Based on operating system’s file system Pretty Good Privacy (PGP) Widely used asymmetric cryptography system Used for files and s on Windows systems GNU Privacy Guard (GPG) Runs on Windows, UNIX, and Linux

28 Encryption Through Software
Whole disk encryption Protects all data on a hard drive Example: BitLocker drive encryption software Security+ Guide to Network Security Fundamentals, Fourth Edition

29 Importance of Digital Signatures
Organizations are implementing standard digital signatures to: Cut operational costs. Automate and expedite business processes. Address legal compliance and limit liability. Go green.

30 Summary Shared encryption key PKI-enabled applications
Importance of digital signatures

31 Unit 8 Lab Activities Lab # 9: Apply Encryption to Mitigate risk
Complete the lab activities in class

32 Unit 8 Assignments Unit 9: Assignment: Complete chapter 13 Assessment
Reading assignment: Read Chapters 14 for the next class

Download ppt "IS3230 Access Security Unit 9 PKI and Encryption"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Similar presentations

Ads by Google