Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7: Cryptographic Systems

Similar presentations


Presentation on theme: "Chapter 7: Cryptographic Systems"— Presentation transcript:

1 Chapter 7: Cryptographic Systems
CCNA Security v2.0

2 Chapter Outline 7.0 Introduction 7.1 Cryptographic Services
7.2 Basic Integrity and Authenticity 7.3 Confidentiality 7.4 Public Key Cryptography 7.5 Summary Chapter Outline

3 Section 7.1: Cryptographic Services
Upon completion of this section, you should be able to: Explain the requirements of secure communications including integrity, authentication, and confidentiality. Explain cryptography. Describe cryptoanalysis. Describe cryptology.

4 Topic 7.1.1: Securing Communications

5 Authentication, Integrity, and Confidentiality

6 Authentication Authentication

7 Data Integrity Data Integrity

8 Data Confidentiality 7.1.1.4 Data Confidentiality
Activity – Identify the Secure Communication Objective

9 Topic 7.1.2: Cryptography

10 Creating Ciphertext Ciphertext can be creating using several methods:
Transposition Substitution One-time pad Creating Ciphertext

11 Transposition Ciphers

12 Substitution Ciphers xxxx 7.1.2.3 Substitution Ciphers
Substitution Ciphers (Cont.)

13 One-Time Pad Ciphers One-Time Pad Ciphers

14 Topic 7.1.3: Cryptanalysis

15 Cracking Code Cracking Code

16 Methods for Cracking Code
Methods used for cryptanalysis: Brute-force method Ciphertext method Known-Plaintext method Chosen-Plaintext method Chosen-Ciphertext method Meet-in-the-Middle method Methods for Cracking Code

17 Methods for Cracking Code
Frequency Analysis of the English Alphabet Cracking Code Example Deciphering Using Frequency Analysis

18 Topic 7.1.4: Cryptology

19 Making and Breaking Secret Codes

20 Cryptanalysis Cryptanalysis

21 The Secret is in the Keys
Activity – Identify the Cryptology Terminology

22 Section 7.2: Basic Integrity and Authenticity
Upon completion of the section, you should be able to: Describe the purpose of cryptographic hashes. Explain how MD5 and SHA-1 are used to secure data communications. Describe authenticity with HMAC. Describe the components of key management.

23 Topic 7.2.1: Cryptographic Hashes

24 Cryptographic Hash Function

25 Cryptographic Hash Function Properties

26 Well-Known Hash Functions

27 Topic 7.2.2: Integrity with MD5, SHA-1, and SHA-2

28 Message Digest 5 Algorithm

29 Secure Hash Algorithm Secure Hash Algorithm

30 MD5 Versus SHA MD5 Versus SHA

31 Topic 7.2.3: Authenticity with HMAC

32 Keyed-Hash Message Authentication Code

33 HMAC Operation HMAC Operation

34 Hashing in Cisco Products

35 Topic 7.2.4: Key Management

36 Characteristics of Key Management

37 Key Length and Keyspace
Key Size and Keyspace

38 The Keyspace The Keyspace

39 Types of Cryptographic Keys
Symmetric keys Asymmetric keys Digital signatures Hash keys Types of Cryptographic Keys

40 Choosing Cryptographic Keys
Activity – Identify the Characteristics of Key Management

41 Section 7.3: Confidentiality
Upon completion of the section, you should be able to: Explain how encryption algorithms provide confidentiality. Explain the function of the DES, 3DES, and the AES algorithms . Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithms.

42 Topic 7.3.1: Encryption

43 Two Classes of Encryption Algorithms

44 Symmetric and Asymmetric Encryption

45 Symmetric Encryption Symmetric Encryption

46 Symmetric Block Ciphers and Stream Ciphers

47 Choosing an Encryption Algorithm
Activity – Compare Symmetric and Asymmetric Encryption Algorithms

48 Topic 7.3.2: Data Encryption Standard

49 DES Symmetric Encryption

50 DES Summary DES Summary

51 Improving DES with 3DES Improving DES with 3DES

52 3DES Operation DES Operation

53 AES Origins AES Origins

54 AES Summary AES Summary

55 Topic 7.3.3: Alternate Encryption Algorithms

56 Software-Optimized Encryption Algorithm (SEAL)
SEAL has several restrictions: The Cisco router and the peer must support IPsec. The Cisco router and the other peer must run an IOS image that supports encryption. The router and the peer must not have hardware IPsec encryption. Software-Optimized Encryption Algorithm (SEAL)

57 RC Algorithms RC Algorithms

58 Topic 7.3.4: Diffie-Hellman Key Exchange

59 Diffie-Hellman (DH) Algorithm

60 DH Operation 7.3.4.2 DH Operation
Activity – Identify the Steps of the DH Process

61 Section 7.4: Public Key Cryptography
Upon completion of the section, you should be able to: Explain the differences between symmetric and asymmetric encryptions and their intended applications. Explain the functionality of digital signatures. Explain the principles of a public key infrastructure (PKI).

62 Topic 7.4.1: Symmetric Versus Asymmetric Encryption

63 Asymmetric Key Algorithms
Four protocols that use asymmetric key algorithms: Internet Key Exchange (IKE) Secure Socket Layer (SSL) Secure Shell (SSH) Pretty Good Privacy (PGP) Asymmetric Key Algorithms

64 Public Key + Private Key = Confidentiality

65 Private Key + Public Key = Authenticity

66 Asymmetric Algorithms
Please use all 4 Figs from this page with the Graphic titles as they tell a story. It may require 2 slides. Asymmetric Algorithms Alice Encrypts Message Using Bob’s Public Key Alice Encrypts A Hash Using Bob’s Public Key Asymmetric Algorithms

67 Asymmetric Algorithms
Bob Uses Alice’s Public Key to Decrypt Hash Bob Uses His Public Key to Decrypt Message Asymmetric Algorithms (Cont.)

68 Types of Asymmetric Algorithms
Activity – Identify the Key Types Required to Provide Authenticity and Confidentiality

69 Topic 7.4.2: Digital Signatures

70 Using Digital Signatures
Digital Signature Properties: Signature is authentic Signature is unalterable Signature is not reusable Signature cannot be repudiated Using Digital Signatures

71 Code Signing Digitally signing code provides several assurances about the code: The code is authentic and is actually sourced by the publisher. The code has not been modified since it left the software publisher. The publisher undeniably published the code. Code Signing

72 Digital Certificates Digital Certificates

73 Using Digital Certificates
Sending a Digital Certificate Using Digital Certificates Receiving a Digital Certificate

74 Digital Signature Algorithms
DSA Scorecard Digital Signature Algorithms Activity – Compare Code Signing and Digital Certificates RSA Scorecard

75 Topic 7.4.3: Public Key Infrastructure

76 Public Key Infrastructure Overview

77 PKI Framework Elements of the PKI Framework PKI Example

78 Certificate Authorities

79 Interoperability of Different PKI Vendors

80 Public-Key Cryptography Standards

81 Simple Certificate Enrollment Protocol

82 PKI Topologies Single-Root PKI Topology Cross Certified CA
Hierarchical CA

83 Registration Authority

84 Digital Certificates and CAs
Retrieving CA Certificates Digital Certificates and CAs Submitting Certificate Requests to the CA

85 Digital Certificates and CAs
Peers Authenticate Each Other Digital Certificates and CAs (Cont.) Activity – Identify Elements of the PKI Framework

86 Section 7.5: Summary Chapter Objectives:
Explain the areas of cryptology. Explain to two kinds of encryption algorithms. Video Demonstration – Wireshark Packet Sniffing Usernames, Password, and Web Pages Lab – Exploring Encryption Methods Summary

87

88 Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. ( These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2


Download ppt "Chapter 7: Cryptographic Systems"

Similar presentations


Ads by Google