Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.

Published byMay Garrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences."— Presentation transcript:

1 Cryptography Chapter 14

2 Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences between asymmetric and symmetric algorithms Have a basic understanding of the concepts of cryptography and how they relate to network security continued…

3 Learning Objectives Discuss characteristics of PKI certificates and the policies and procedures surrounding them Understand the implications of key management and a certificate’s lifecycle

4 Cryptography Study of complex mathematical formulas and algorithms used for encryption and decryption Allows users to transmit sensitive information over unsecured networks Can be either strong or weak

5 Cryptography Terminology Plaintext  Data that can be read without any manipulation Encryption  Method of disguising plaintext to hide its substance Ciphertext  Plaintext that has been encrypted and is an unreadable series of symbols and numbers

6 How Encryption and Decryption Work

7 Algorithms Mathematical functions that work in tandem with a key Same plaintext data encrypts into different ciphertext with different keys Security of data relies on:  Strength of the algorithm  Secrecy of the key

8 Hashing Method used for verifying data integrity Uses variable-length input that is converted to a fixed-length output string (hash value)

9 Symmetric versus Asymmetric Algorithms Type of Algorithm AdvantagesDisadvantages SymmetricSingle keyRequires sender and receiver to agree on a key before transmission of data Security lies only with the key High cost AsymmetricEncryption and decryption keys are different Decryption key cannot be calculated from encryption key Security of keys can be compromised when malicious users post phony keys

10 Symmetric Algorithms Usually use same key for encryption and decryption Encryption key can be calculated from decryption key and vice versa Require sender and receiver to agree on a key before they communicate securely Security lies with the key Also called secret key algorithms, single-key algorithms, or one-key algorithms

11 Encryption Using a Symmetric Algorithm

12 Categories of Algorithms Stream algorithms  Operate on the plaintext one bit at a time Block algorithms  Encrypt and decrypt data in groups of bits, typically 64 bits in size

13 Asymmetric Algorithms Use different keys for encryption and decryption Decryption key cannot be calculated from the encryption key Anyone can use the key to encrypt data and send it to the host; only the host can decrypt the data Also known as public key algorithms

14

15 Common Encryption Algorithms Lucifer (1974) Diffie-Hellman (1976) RSA (1977) DES (1977) Triple DES (1998) IDEA (1992) Blowfish (1993) RC5 (1995)

16 Primary Functions of Cryptography Confidentiality Authentication Integrity Nonrepudiation

17 Digital Signatures Based on asymmetric algorithms, allow the recipient to verify whether a public key belongs to its owner

18

19 Certificates Credentials that allow a recipient to verify whether a public key belongs to its owner  Verify senders’ information with identity information that is bound to the public key Components  Public key  One or more digital signatures  Certificate information (eg, user’s name, ID)

20 Public Key Infrastructure (PKI) Certificates Certificate storage facility that provides certification management functionality (eg, ability to issue, revoke, store, retrieve, and trust certificates) Certification authority (CA)  Primary feature of PKI  Trusted person or group responsible for issuing certificates to authorized users on a system  Creates certificates and digitally signs them using a private key

21 PKI Policies and Practices Validity establishes that a public key certificate belongs to its owner CA issues certificates to users by binding a public key to identification information of the requester User can manually check certificate’s fingerprint

22 PKI Revocation Certificates have a restricted lifetime; a validity period is created for all certificates Certificate revocation list (CRL)  Communicates which certificates within a PKI have been revoked

23 Trust Models Techniques that establish how users validate certificates  Direct trust  Hierarchical trust  Web of trust

24 Direct Trust Model User trusts a key because the user knows where it came from

25 Hierarchical Trust Model Based on a number of root certificates

26

27 Web of Trust Combines concepts of direct trust and hierarchical trust Adds the idea that trust is relative to each requester Central theme: the more information available, the better the decision

28 Key and Certificate Life Cycle Management Setup or initialization Administration of issued keys and certificates Certificate cancellation and key history

29 Setup and Initialization Registration Key pair generation Certificate creation Certificate distribution Certificate dissemination Key backup

30 Registration User requests certificate from CA CA verifies identity and credentials of user Certificate practice statement  Published document that explains CA structure to users Certificate policy establishes:  Who may serve as CA  What types of certificates may be issued  How they should be issued and managed

31 Key Pair Generation Involves creation of one or more key pairs using different algorithms Dual or multiple keys are often utilized to perform different roles to support distinct services Key pair can be restricted by policy to certain roles based on usage factors Multiple key pairs usually require multiple certificates

32 Certificates Distinguished name (DN)  Unique identifier that is bound to a certificate by a CA  Uses a sequence of character(s) that is unique to each user Appropriate certificate policies govern creation and issuance of certificates

33 Certificate Dissemination Techniques Securely make certificate information available to requester without too much difficulty  Out-of-band distribution  In-band distribution  Publication  Centralized repositories with controlled access

34 Key Backup Addresses lost keys Helps recover encrypted data Essential element of business continuity and disaster recovery planning

35 Key Escrow Key administration process that utilizes a third party Initialization phase involves:  Certificate retrieval and validation  Key recovery and key update

36 Cancellation Procedures Certificate expiration Certificate revocation Key history Key archive

37 Certificate Expiration Occurs when validity period of a certificate expires Options upon expiration  Certificate renewal  Certificate update

38 Certificate Revocation Implies cancellation of a certificate prior to its natural expiration Revocation delay  Delay associated with the revocation requirement and subsequent notification

39 Certificate Revocation How notification is accomplished  Certificate revocation lists (CRLs)  CRL distribution points  Certificate revocation trees (CRTs)  Redirect/Referral CRLs Notification is unnecessary for:  Short certificate lifetimes  Single-entity approvals

40 Key History Deals with secure and reliable storage of expired keys for later retrieval to recover encrypted data Applies more to encryption keys than signing keys

41 Key Archive Service undertaken by a CA or third party to store keys and verification certificates Meets audit requirements and handles resolution of disputes when used with other services (eg, time stamping and notarization)

42 Setting up an Enterprise PKI Extremely complex task with enormous demands on financial, human, hardware, and software resources Areas to explore  Basic support  Training  Documentation issues

43 Areas to Explore in Detail When Setting up an Enterprise PKI Support for standards, protocols, and third- party applications Issues related to cross-certification, interoperability, and trust models Multiple key pairs and key pair uses How to PKI-enable applications and client- side software availability continued…

44 Areas to Explore in Detail When Setting up an Enterprise PKI Impact on end user for key backup, key or certificate update, and nonrepudiation services Performance, scalability, and flexibility issues regarding distribution, retrieval, and revocation systems Physical access control to facilities

45 Chapter Summary Ways that algorithms and certificate mechanisms are used to encrypt data flows Concepts of cryptography Key and certificate life cycle management

Download ppt "Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (X509 PKI)

Public Key Infrastructure (X509 PKI)
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google