Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

Published byDominic Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology

2 © 2006 Cisco Systems, Inc. All rights reserved. Lesson 3.1 Encryption Basics Module 3: VPN and Encryption Technology

3 © 2006 Cisco Systems, Inc. All rights reserved. Symmetrical encryption

4 © 2006 Cisco Systems, Inc. All rights reserved. Symmetrical encryption  Used for large volumes of data  Encryption algorithms available in the IOS Digital Encryption Standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES)  The most important feature of a cryptographic algorithm is its security against being compromised.  Symmetric encryption algorithms are built so that it is extremely difficult for anyone to determine the clear text without having this key.

5 © 2006 Cisco Systems, Inc. All rights reserved. Symmetrical encryption  DES is the most widely used symmetric encryption scheme today. 64-bit message blocks  3DES is an alternative to DES Preserves the existing investment in software Makes a brute- force attack more difficult. Takes a 64-bit block of data and performs the operations of encrypt, decrypt, and encrypt. US Government restricts export of 3DES technology  AES is a newer encryption algorithm. Specifies keys with a length of 128, 192, or 256 bits Nine combinations of key length and block length are possible.

6 © 2006 Cisco Systems, Inc. All rights reserved. Asymmetric Encryption

7 © 2006 Cisco Systems, Inc. All rights reserved. Asymmetric Encryption  AKA public key encryption  Can use either the same or different but complementary algorithms to scramble and unscramble data.  The required public key and a private key are different, but related. Key pairs generation are complex, result in two very large random numbers. Processor intensive.  Rarely used for data confidentiality because of performance constraints.  Used in applications involving authentication using digital signatures and key management.  Common public key algorithms are the Rivest-Shamir-Adleman (RSA) algorithm and the El Gamal algorithm.

8 © 2006 Cisco Systems, Inc. All rights reserved. Asymmetric Encryption – RSA Encryption

9 © 2006 Cisco Systems, Inc. All rights reserved. Asymmetric Encryption – RSA Encryption  For RSA there are two methods RSA signatures and RSA encryption.  RSA encryption generates a value known as a nonce. Nonce is temporary random string, combined with the peer public key. Requires more processing power and decreases throughput  An RSA signature is the method that uses digital certificates. Very scalable and used by medium and large corporations.  Non-repudiation is the ability to prove a transaction occurred, RSA signatures provide non-repudiation. RSA encryption does not provide non-repudiation.

10 © 2006 Cisco Systems, Inc. All rights reserved. DH Key Exchange Merchant Bank Public Key A + Private Key B Shared Secret Key (BA) Credit Card Charge $100.00 Public Key B + Private Key A Shared Secret Key (AB) = 4ehIDx67NMop9eR U78IOPotVBn45TR 4ehIDx67NMop9eR U78IOPotVBn45TR Key Decrypt Encrypt Internet

11 © 2006 Cisco Systems, Inc. All rights reserved. Lesson 3.2 Integrity Basics Module 3: VPN and Encryption Technology

12 © 2006 Cisco Systems, Inc. All rights reserved. Hashing

13 © 2006 Cisco Systems, Inc. All rights reserved. Hashing Two common hashing algorithms are Message Digest (MD) and Secure Hash Algorithm (SHA)

14 © 2006 Cisco Systems, Inc. All rights reserved. Hashed Method Authentication Code (HMAC)

15 © 2006 Cisco Systems, Inc. All rights reserved. Hashed Method Authentication Code (HMAC)  HMAC combines shared secret key with the message. A hash algorithm is a formula used to develop a fixed-length string of digits that is unique to the contents of the message.

16 © 2006 Cisco Systems, Inc. All rights reserved. Digital signatures and certificates

17 © 2006 Cisco Systems, Inc. All rights reserved. Digital signatures and certificates

18 © 2006 Cisco Systems, Inc. All rights reserved. Digital signatures and certificates

19 © 2006 Cisco Systems, Inc. All rights reserved. Q and A

20 © 2006 Cisco Systems, Inc. All rights reserved.

Download ppt "© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |

GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Chapter 11: Cryptography

Chapter 11: Cryptography
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Similar presentations

Ads by Google