Download presentation
Presentation is loading. Please wait.
1
Web Security for Network and System Administrators1 Chapter 4 Encryption
2
Web Security for Network and System Administrators2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms Recognize popular asymmetric encryption algorithms Understand a variety of hash encryption algorithms Identify a variety of cryptanalytic attacks
3
Web Security for Network and System Administrators3 Encryption Basics
4
Web Security for Network and System Administrators4 Encryption Basics
5
Web Security for Network and System Administrators5 Encryption Basics Transposition vs. substitution –With transposition ciphers, data is rearranged –With substitution ciphers, data is replaced Block vs. stream –With block ciphers, data is broken into chunks The encryption algorithm and key are then applied to each chunk –With stream ciphers, the encryption algorithm and key are applied to each piece of data continuously until the entire message is transformed into ciphertext
6
Web Security for Network and System Administrators6 Encryption Basics General Problems –Algorithm privacy –Randomness –Performance –Processing power –Key security
7
Web Security for Network and System Administrators7 Symmetric Encryption A symmetric encryption algorithm is generally defined as a system that uses the same key for both encryption and decryption
8
Web Security for Network and System Administrators8 Symmetric Encryption
9
Web Security for Network and System Administrators9 Symmetric Encryption Digital Encryption Standard (DES) Consists of both an algorithm and a key 56-bit key 16-bit blocks 16 rounds Four operating modes ECB (Electronic Codebook) CBC (Cipher Block Chaining) CFB (Cipher Feedback) OFB (Output Feedback)
10
Web Security for Network and System Administrators10 Symmetric Encryption
11
Web Security for Network and System Administrators11 Symmetric Encryption DES Electronic Codebook (ECB) Block cipher 64-bit blocks 48-bit key Each 48-bit block XORed with 48-bit key
12
Web Security for Network and System Administrators12 Symmetric Encryption DES Cipher Block Chaining (CBC) Block cipher 64-bit blocks 48-bit key First block XORed with random block of data then encrypted Each block XORed with previous 64-bit encrypted block
13
Web Security for Network and System Administrators13 Symmetric Encryption DES Cipher Feedback (CFB) Block cipher 64-bit blocks 48-bit key Random block of 64-bit data encrypted by DES First block of data then XORed with encrypted random data then encrypted using DES Each block XORed with previous 64-bit encrypted block
14
Web Security for Network and System Administrators14 Symmetric Encryption DES Output Feedback (OFB) Block cipher 64-bit blocks 48-bit key Similar to CFB, but does not chain ciphertext Previous DES output is used as input
15
Web Security for Network and System Administrators15 Symmetric Encryption 3DES 168-bit key (effective length) 16-bit blocks 16 rounds Four operation modes DES-EEE3 DES-EDE3 DES-EEE2 DES-EDE2
16
Web Security for Network and System Administrators16 Symmetric Encryption 3DES DES-EEE3 Data encrypted with 3 different keys
17
Web Security for Network and System Administrators17 Symmetric Encryption 3DES DES-EDE3 Data encrypted with Key 1 Data decrypted with Key 2 Data encrypted with Key 3
18
Web Security for Network and System Administrators18 Symmetric Encryption 3DES DES-EEE2 Data encrypted with Key 1 Data encrypted with Key 2 Data encrypted with Key 1
19
Web Security for Network and System Administrators19 Symmetric Encryption 3DES DES-EDE2 Data encrypted with Key 1 Data decrypted with Key 2 Data encrypted with Key 1
20
Web Security for Network and System Administrators20 Symmetric Encryption Advanced Encryption Standard (AES) Rijndael algorithm Variable length key Variable length blocks
21
Web Security for Network and System Administrators21 Symmetric Encryption Commercial algorithms RC2 RC4 RC5 RC6 IDEA Blowfish Twofish
22
Web Security for Network and System Administrators22 Symmetric Encryption Key Management Password-based encryption (PBE) Hardware-based keys Smart cards Biometrics
23
Web Security for Network and System Administrators23 Asymmetric Encryption
24
Web Security for Network and System Administrators24 Asymmetric Encryption
25
Web Security for Network and System Administrators25 Asymmetric Encryption RSA 1.Computes the product of two large primary numbers of equal length: (n = p * q). The length is usually 154-bit or 512-bit. 2.Chooses a random public key, e, so that e < n and relatively prime to the product of (p-1)(q-1). 3.Chooses a random public key component, e, so that e < n and relatively prime to the product of (p-1)(q-1). 4.Computes the private key component, d, using the equation: d = e-1 mod [(p-1)(q-1)]. 5.The private key is then expressed as (d,n) and the public key is expressed as (e,n). To encrypt a message, p, the formula is c = pe mod n where c is the final ciphertext. To decrypt a message, the formula is p = cd mod n.
26
Web Security for Network and System Administrators26 Asymmetric Encryption Digital Signature Standard (DSS) RSA DSA ECDSA
27
Web Security for Network and System Administrators27 Asymmetric Encryption Public-key Infrastructure (PKI) Digital certificate
28
Web Security for Network and System Administrators28 Asymmetric Encryption Public-key Infrastructure (PKI) Certificate authority (CA) Registration authority (RA) Certificate directory Key backup and recovery server
29
Web Security for Network and System Administrators29 Hash Algorithms Message Digest algorithms MD MD2 MD3 MD4 MD5
30
Web Security for Network and System Administrators30 Hash Algorithms
31
Web Security for Network and System Administrators31 Hash Algorithms Secure Hash Algorithm (SHA-1) NIST standard 160-bit digest
32
Web Security for Network and System Administrators32 Cryptanalytic Attacks Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext Brute force Dictionary
33
Web Security for Network and System Administrators33 Cryptanalytic Attacks Man-in-the-middle Meet-in-the-middle Recreate the key Rubber hose
34
Web Security for Network and System Administrators34 Summary Encryption algorithms produce ciphertext through transposition or substitution. There are two major categories of encryption algorithms: block and stream. Four major problems apply to encryption algorithms: algorithms are not tested sufficiently when kept private, computers do not adequately produce random numbers by default, encryption results in reduced performance, and increased processing power can ultimately break encryption.
35
Web Security for Network and System Administrators35 Summary Symmetric encryption uses the same key for both the encryption and decryption processes. DES, 3DES, AES, RC, IDEA, Blowfish, and Twofish are popular symmetric encryption algorithms. PBE, tokens, smart cards, and biometrics offer a number of ways to protect symmetric keys. Asymmetric encryption uses two keys, one key to encrypt the plaintext and the other to decrypt. The Diffie-Hellman Key Exchange, RSA algorithm, and DSS are robust foundations for public-key encryption.
36
Web Security for Network and System Administrators36 Summary PKI is designed to manage the keys necessary to perform public-key encryption. PKI consists of digital certificates, a certificate authority (CA), a registration authority (RA), certificate directory, and a key backup and recovery server. Hash algorithms take a variable plaintext input and produce a fixed length output. The most popular hash algorithms are the MD series and SHA-1 algorithms. Many cryptanalytic attacks pose threats to today’s encryption systems.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.