Download presentation
1
Chapter 7: Cryptographic Systems
CCNA Security v2.0
2
Chapter Outline 7.0 Introduction 7.1 Cryptographic Services
7.2 Basic Integrity and Authenticity 7.3 Confidentiality 7.4 Public Key Cryptography 7.5 Summary Chapter Outline
3
Section 7.1: Cryptographic Services
Upon completion of this section, you should be able to: Explain the requirements of secure communications including integrity, authentication, and confidentiality. Explain cryptography. Describe cryptoanalysis. Describe cryptology.
4
Topic 7.1.1: Securing Communications
5
Authentication, Integrity, and Confidentiality
6
Authentication Authentication
7
Data Integrity Data Integrity
8
Data Confidentiality 7.1.1.4 Data Confidentiality
Activity – Identify the Secure Communication Objective
9
Topic 7.1.2: Cryptography
10
Creating Ciphertext Ciphertext can be creating using several methods:
Transposition Substitution One-time pad Creating Ciphertext
11
Transposition Ciphers
12
Substitution Ciphers xxxx 7.1.2.3 Substitution Ciphers
Substitution Ciphers (Cont.)
13
One-Time Pad Ciphers One-Time Pad Ciphers
14
Topic 7.1.3: Cryptanalysis
15
Cracking Code Cracking Code
16
Methods for Cracking Code
Methods used for cryptanalysis: Brute-force method Ciphertext method Known-Plaintext method Chosen-Plaintext method Chosen-Ciphertext method Meet-in-the-Middle method Methods for Cracking Code
17
Methods for Cracking Code
Frequency Analysis of the English Alphabet Cracking Code Example Deciphering Using Frequency Analysis
18
Topic 7.1.4: Cryptology
19
Making and Breaking Secret Codes
20
Cryptanalysis Cryptanalysis
21
The Secret is in the Keys
Activity – Identify the Cryptology Terminology
22
Section 7.2: Basic Integrity and Authenticity
Upon completion of the section, you should be able to: Describe the purpose of cryptographic hashes. Explain how MD5 and SHA-1 are used to secure data communications. Describe authenticity with HMAC. Describe the components of key management.
23
Topic 7.2.1: Cryptographic Hashes
24
Cryptographic Hash Function
25
Cryptographic Hash Function Properties
26
Well-Known Hash Functions
27
Topic 7.2.2: Integrity with MD5, SHA-1, and SHA-2
28
Message Digest 5 Algorithm
29
Secure Hash Algorithm Secure Hash Algorithm
30
MD5 Versus SHA MD5 Versus SHA
31
Topic 7.2.3: Authenticity with HMAC
32
Keyed-Hash Message Authentication Code
33
HMAC Operation HMAC Operation
34
Hashing in Cisco Products
35
Topic 7.2.4: Key Management
36
Characteristics of Key Management
37
Key Length and Keyspace
Key Size and Keyspace
38
The Keyspace The Keyspace
39
Types of Cryptographic Keys
Symmetric keys Asymmetric keys Digital signatures Hash keys Types of Cryptographic Keys
40
Choosing Cryptographic Keys
Activity – Identify the Characteristics of Key Management
41
Section 7.3: Confidentiality
Upon completion of the section, you should be able to: Explain how encryption algorithms provide confidentiality. Explain the function of the DES, 3DES, and the AES algorithms . Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithms.
42
Topic 7.3.1: Encryption
43
Two Classes of Encryption Algorithms
44
Symmetric and Asymmetric Encryption
45
Symmetric Encryption Symmetric Encryption
46
Symmetric Block Ciphers and Stream Ciphers
47
Choosing an Encryption Algorithm
Activity – Compare Symmetric and Asymmetric Encryption Algorithms
48
Topic 7.3.2: Data Encryption Standard
49
DES Symmetric Encryption
50
DES Summary DES Summary
51
Improving DES with 3DES Improving DES with 3DES
52
3DES Operation DES Operation
53
AES Origins AES Origins
54
AES Summary AES Summary
55
Topic 7.3.3: Alternate Encryption Algorithms
56
Software-Optimized Encryption Algorithm (SEAL)
SEAL has several restrictions: The Cisco router and the peer must support IPsec. The Cisco router and the other peer must run an IOS image that supports encryption. The router and the peer must not have hardware IPsec encryption. Software-Optimized Encryption Algorithm (SEAL)
57
RC Algorithms RC Algorithms
58
Topic 7.3.4: Diffie-Hellman Key Exchange
59
Diffie-Hellman (DH) Algorithm
60
DH Operation 7.3.4.2 DH Operation
Activity – Identify the Steps of the DH Process
61
Section 7.4: Public Key Cryptography
Upon completion of the section, you should be able to: Explain the differences between symmetric and asymmetric encryptions and their intended applications. Explain the functionality of digital signatures. Explain the principles of a public key infrastructure (PKI).
62
Topic 7.4.1: Symmetric Versus Asymmetric Encryption
63
Asymmetric Key Algorithms
Four protocols that use asymmetric key algorithms: Internet Key Exchange (IKE) Secure Socket Layer (SSL) Secure Shell (SSH) Pretty Good Privacy (PGP) Asymmetric Key Algorithms
64
Public Key + Private Key = Confidentiality
65
Private Key + Public Key = Authenticity
66
Asymmetric Algorithms
Please use all 4 Figs from this page with the Graphic titles as they tell a story. It may require 2 slides. Asymmetric Algorithms Alice Encrypts Message Using Bob’s Public Key Alice Encrypts A Hash Using Bob’s Public Key Asymmetric Algorithms
67
Asymmetric Algorithms
Bob Uses Alice’s Public Key to Decrypt Hash Bob Uses His Public Key to Decrypt Message Asymmetric Algorithms (Cont.)
68
Types of Asymmetric Algorithms
Activity – Identify the Key Types Required to Provide Authenticity and Confidentiality
69
Topic 7.4.2: Digital Signatures
70
Using Digital Signatures
Digital Signature Properties: Signature is authentic Signature is unalterable Signature is not reusable Signature cannot be repudiated Using Digital Signatures
71
Code Signing Digitally signing code provides several assurances about the code: The code is authentic and is actually sourced by the publisher. The code has not been modified since it left the software publisher. The publisher undeniably published the code. Code Signing
72
Digital Certificates Digital Certificates
73
Using Digital Certificates
Sending a Digital Certificate Using Digital Certificates Receiving a Digital Certificate
74
Digital Signature Algorithms
DSA Scorecard Digital Signature Algorithms Activity – Compare Code Signing and Digital Certificates RSA Scorecard
75
Topic 7.4.3: Public Key Infrastructure
76
Public Key Infrastructure Overview
77
PKI Framework Elements of the PKI Framework PKI Example
78
Certificate Authorities
79
Interoperability of Different PKI Vendors
80
Public-Key Cryptography Standards
81
Simple Certificate Enrollment Protocol
82
PKI Topologies Single-Root PKI Topology Cross Certified CA
Hierarchical CA
83
Registration Authority
84
Digital Certificates and CAs
Retrieving CA Certificates Digital Certificates and CAs Submitting Certificate Requests to the CA
85
Digital Certificates and CAs
Peers Authenticate Each Other Digital Certificates and CAs (Cont.) Activity – Identify Elements of the PKI Framework
86
Section 7.5: Summary Chapter Objectives:
Explain the areas of cryptology. Explain to two kinds of encryption algorithms. Video Demonstration – Wireshark Packet Sniffing Usernames, Password, and Web Pages Lab – Exploring Encryption Methods Summary
88
Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. ( These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.