Show
Skills You'll LearnWireless Security, Intrusion Detection System, Firewall (Computing), Computer Network Reviews
ND Oct 13, 2020 the course was awesome , and clear to read and understand , thanks for the team who prepared the course of managing network secuirty PK Oct 21, 2020 The course that I attended is an exelent one. This sessions helped me to learn more about cyber security From the lesson Cybersecurity Technology Administration (Module 3.2) Learning objectives for the module on Cybersecurity Technology Administration Taught By
Presentation on theme: "Cryptography."— Presentation transcript: 1 Cryptography
2 Objectives Describe the most significant events and discoveries from the history of
cryptology Understand the basic principles of cryptography Understand the operating principles of the most popular tools in the area of cryptography List and explain the major protocols used for secure communications Understand the nature and execution of the dominant methods of attack used against cryptosystems Learning Objectives: Upon completion of this chapter you should be able to: Define and identify
the various types of firewalls. Discuss the approaches to firewall implementation. Discuss the approaches to dial-up access and protection. Identify and describe the two categories of intrusion detection systems. Discuss the two strategies behind intrusion detection systems. Discuss the process of encryption and define key terms. Identify and discuss common approaches to cryptography. Compare and contrast
symmetric and asymmetric encryption. Discuss various approaches to biometric access control. 3 Introduction Cryptography: process of making
and using codes to secure transmission of information Encryption: converting original message into a form unreadable by unauthorized individuals Cryptanalysis: process of obtaining original message from encrypted message without knowing algorithms Cryptology: science of encryption; combines cryptography and cryptanalysis Cryptography And Encryption-Based Solutions Although not a specific application or security tool, encryption
represents a sophisticated approach to security that is implemented in many security systems. In fact, many security-related tools use embedded encryption technologies to protect sensitive information handled by the application. Encryption is the process of converting an original message into a form that is unreadable by unauthorized individuals, that is anyone without the tools to convert the encrypted message back to its original format. The science of
encryption, known as cryptology encompasses cryptography, from the Greek words kryptos, meaning hidden, and graphein, meaning to write, and cryptanalysis, the process of obtaining the original message (or plaintext) from an encrypted message (or ciphertext), without the knowledge of the algorithms and keys used to perform the encryption.
4 Principles of Cryptography 5 Cipher Methods Plaintext can be encrypted through bit stream or block cipher method
Bit stream: each plaintext bit transformed into cipher bit one bit at a time Block cipher: message divided into blocks (e.g., sets of 8- or 16-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key Cryptography And Encryption-Based Solutions The notation used to describe the encryption process differs depending on the source. The first uses the letters M to represent the original message, C to
represent the ending ciphertext, and E to represent the encryption process: E(M) = C. This formula represents the application of encryption to a message to create ciphertext. D represents the decryption or deciphering process, thus D[E(M)]=M. K is used to represent the key, thus E(M, K) = C, or encrypting the message with the key results in the ciphertext. Now look at a simple form of encryption based on two concepts: the block cipher and the exclusive OR
operation. With the block cipher method, the message is divided into blocks, i.e., 8 or 16 bit blocks, and then each block is transformed using the algorithm and key. The exclusive or operation (XOR) is a function of Boolean algebra whereby two bits are compared, and if the two bits are identical, the result is a binary 0. If the two bits are NOT the same, the result is a binary 1.
6 Elements of Cryptosystems 7 8 Elements of Cryptosystems (continued) 9 Elements of Cryptosystems (continued) 10 Hash Functions Mathematical algorithms that generate message summary/digest to
confirm message identity and confirm no content has changed Hash algorithms: publicly known functions that create hash value Use of keys not required; message authentication code (MAC), however, may be attached to a message Used in password verification systems to confirm identity of user Hash Functions Hash algorithms are publicly known functions that create a hash value, also known as a message digest, by converting
variable-length messages into a single fixed-length value. The message digest is a fingerprint of the author’s message that is to be compared with the receiver’s locally calculated hash of the same message. Hashing functions do not require the use of keys, but a message authentication code (MAC), which is essentially a one-way hash value that is encrypted with a symmetric key. The recipients must possess the key to access the message digest and to confirm message
integrity. 11 Cryptographic Algorithms
12 Cryptographic Algorithms (continued) 13
Cryptographic Algorithms (continued) 14 Cryptographic Algorithms (continued) 15 Encryption Key Size When using ciphers, size of cryptovariable or key very important
Strength of many encryption applications and cryptosystems measured by key size For cryptosystems, security of encrypted data is not dependent on keeping encrypting algorithm secret Cryptosystem security depends on keeping some or all of elements of cryptovariable(s) or key(s) secret Encryption Key Size When using ciphers, one of the decisions that has to be made is the size of the cryptovariable or key. The strength of many encryption
applications and cryptosystems is measured by key size. When it comes to cryptosystems, the security of encrypted data is not dependent on keeping the encrypting algorithm secret; in fact, algorithms are often published, so that research to uncover their weaknesses can be done. The security of any cryptosystem depends on keeping some or all of the elements of the cryptovariable(s) or key(s) secret.
16 Encryption Key Power 17 Cryptography Tools Public Key Infrastructure (PKI): integrated system of software, encryption methodologies, protocols, legal agreements,
and third-party services enabling users to communicate securely PKI systems based on public key cryptosystems; include digital certificates and certificate authorities (CAs) Cryptography Tools Public Key Infrastructure (PKI) is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. PKI systems are based on public key cryptosystems and include
digital certificates and certificate authorities (CAs). 18 Cryptography Tools (continued)
19 Digital Signatures Encrypted messages that can be mathematically proven to be authentic Created in response to rising need to verify information transferred using electronic
systems Asymmetric encryption processes used to create digital signatures Digital Signatures An interesting thing happens when the asymmetric process is reversed, that is the private key is used to encrypt a short message. The public key can be used to decrypt it, and the fact that the message was sent by the organization that owns the private key cannot be refuted. This is known as non-repudiation, which is the foundation of
digital signatures. Digital Signatures are encrypted messages that are independently verified by a central facility (registry) as authentic.
20 Digital Certificates Electronic document containing key value and identifying information about entity that controls key
Digital signature attached to certificate’s container file to certify file is from entity it claims to be from Digital Certificates and Certificate Authorities As alluded to earlier, a digital certificate is an electronic document, similar to a digital signature, attacked to a file certifying that this file is from the organization it claims to be from and has not been modified from the originating format. A Certificate Authority is an agency that
manages the issuance of certificates and serves as the electronic notary public to verify their worth and integrity. 21 Figure 8-5 Digital Signatures
22 Hybrid Cryptography Systems
23 Steganography Process of hiding information; in use for a long time 24 Protocols for Secure Communications 25 Protocols for Secure Communications (continued) 26
Protocols for Secure Communications (continued) 27
Protocols for Secure Communications (continued) 28 Protocols for Secure Communications (continued) 29 IPSec Headers
30 Protocols for Secure Communications (continued) 31 Protocols for Secure Communications
(continued 32 PGP Function
33 Attacks on Cryptosystems 34 Man-in-the-Middle Attack 35 Correlation Attacks Collection of brute-force methods that attempt to deduce statistical relationships between structure of unknown key and ciphertext Differential and linear cryptanalysis have been used to mount successful attacks Only defense is selection of strong cryptosystems, thorough key
management, and strict adherence to best practices of cryptography in frequency of changing keys Correlation Attacks Correlation attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem. Differential and linear cryptanalysis, both of which are advanced methods of breaking codes have been used to mount successful attacks
on block cipher encryptions such as DES. The only defense against this kind of attack is the selection of strong cryptosystems that have stood the test of time, thorough key management, and strict adherence to the best practices of cryptography in the frequency of changing keys.
36 Dictionary Attacks Attacker encrypts every word in a dictionary using same cryptosystem used by target Dictionary attacks can be successful when the
ciphertext consists of relatively few characters (e.g., usernames, passwords) Dictionary Attacks In a dictionary attack, the attacker encrypts every word in a dictionary using the same cryptosystem as used by the target. Dictionary attacks can be successful when the ciphertext consists of relatively few characters, as for example files which contain encrypted usernames and passwords. After a match is located, the attacker has essentially
identified a potential valid password for the system under attack. 37 Timing Attacks Attacker eavesdrops during victim’s session; uses statistical analysis of user’s typing patterns and inter-keystroke timings to discern sensitive session information Can be used to gain information about encryption key and
possibly cryptosystem in use Once encryption successfully broken, attacker may launch a replay attack (an attempt to resubmit recording of deciphered authentication to gain entry into secure source Timing Attacks In a timing attack, the attacker eavesdrops during the victim’s session and uses statistical analysis of the user’s typing patterns and inter-keystroke timings to discern sensitive session information. While timing analysis may not
directly result in the decryption of sensitive data, it can be used to gain information about the encryption key and perhaps the cryptosystem in use. Once the attacker has successfully broken an encryption, he or she may launch a replay attack, which is an attempt to resubmit a recording of the deciphered authentication to gain entry into a secure source.
38 Defending From Attacks
39 Summary Cryptography and encryption provide sophisticated approach to
security Many security-related tools use embedded encryption technologies Encryption converts a message into a form that is unreadable by the unauthorized Many tools are available and can be classified as symmetric or asymmetric, each having advantages and special capabilities Strength of encryption tool dependent on key size but even more dependent on following good management practices Cryptography is used to secure most aspects
of Internet and Web uses that require it, drawing on extensive set of protocols and tools designed for that purpose Cryptosystems are subject to attack in many ways Which cipher simply rearranges the values within a block to create the ciphertext?The permutation cipher simply rearranges the values within a block to create the ciphertext. You cannot combine the XOR operation with a block cipher operation. A cryptovariable is a value representing the application of a hash algorithm on a message.
Which of the following is used in conjunction with an algorithm to create the ciphertext from the plaintext?Cryptographic key = Information used in conjunction with the algorithm to create the ciphertext from plaintext or derive the plaintext from ciphertext.
What is the process of hiding messages for example Hiding a message within the digital encoding of a picture or graphic so that it is almost impossible to detect?Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting data.
Is the process of converting a message into a form that is unreadable to unauthorized people?Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.
|