1 / 78

Cryptography

Cryptography. What is Cryptography?. A method of storing and transmitting data in a form that is unreadable to unauthorized individuals. History of Cryptography. It has been around since the time of the Egyptians It can take on many different forms

troy-parks
Download Presentation

Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography CISSP All in One Shon Harris

  2. What is Cryptography? • A method of storing and transmitting data in a form that is unreadable to unauthorized individuals CISSP All in One Shon Harris

  3. History of Cryptography • It has been around since the time of the Egyptians • It can take on many different forms • Scytale - Used by Egyptians to send encoded messages to front line • Caesars cipher - A simple substitution cipher • Enigma • Red machine - WWII CISSP All in One Shon Harris

  4. Cryptography in the Modern World • Used by - • The military • Government • Industry • Individuals CISSP All in One Shon Harris

  5. Cryptography in Our Life • Secure Web browsing • PGP • ATM • DVD's • Mobile phones CISSP All in One Shon Harris

  6. Understanding Cryptography • Encryption = Plaintext converted to Ciphertext • Decryption = Ciphertext converted to Plaintext CISSP All in One Shon Harris

  7. Terms • Secret key encryption - Symmetric keys that cryptography algorithms use • One key used to lock and unlock the data • Public key encryption - Asymmetric keys that cryptography algorithms use • Two keys • One key is used to lock the data • One key is used to unlock the data • Algorithm - Set of mathematical rules used in encryption and decryption • Cryptanalysis - Practice of - • Obtaining plaintext from ciphertext without a key • Breaking the encryption • Steganography - Method of hiding data in another media so that the very existence of the data is concealed CISSP All in One Shon Harris

  8. Goals of Cryptography • Goals • Privacy • Integrity • Authentication • Nonrepudiation • Realistic goal • To make obtaining the information too work intensive or time-consuming to be worthwhile to the attacker CISSP All in One Shon Harris

  9. Cipher Methods • Plaintext can be encrypted through bit stream or block cipher method • Bit stream: each plaintext bit transformed into cipher bit one bit at a time • Block cipher: message divided into blocks (e.g., sets of 8,16,32,64-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key • Bit stream methods use algorithm functions like exclusive OR (XOR) • Block methods use substitution, transposition, XOR or combinations of each CISSP All in One Shon Harris

  10. Substitution Cipher Substitution cipher: substitute one value for another • Example: Substitute a letter in the alphabet with 3 letters to the right • Monoalphabeticsubstitution: uses only one alphabet • Polyalphabetic substitution: more advanced; uses two or more alphabets CISSP All in One Shon Harris

  11. Transposition and XOR • Transposition cipher (Permutation Cipher): rearranges values within a block to create ciphertext • Exclusive OR (XOR): function of Boolean algebra; two bits are compared • If two bits are identical, result is binary 0 • If two bits not identical, result is binary 1 • XOR is simple to implement and equally simple to break CISSP All in One Shon Harris

  12. Elements of Cryptosystems • Vernam cipher: developed at AT&T • uses set of characters once per encryption process • Also known as the one-time pad • Message is XORed with a keystream • Most secure if the key is secure CISSP All in One Shon Harris

  13. Running and Concealment Cipher • Book (running key) cipher • uses text in book as key to decrypt a message • ciphertext contains codes representing page, line and word numbers • Example: Message = 259.19.8; 22,3,8; 375,7,4 • Concealment Cipher • Message within a message. CISSP All in One Shon Harris

  14. What is Steganography? The process of hiding data in images • Uses- • Graphic images • MP3 files • Word documents • Does not use algorithms or keys to encrypt the data • Changes the least significant bit of each byte within the image CISSP All in One Shon Harris

  15. Steganography in MP3 Files • MP3Stego hides information in MP3 files • The data is - • Compressed • Encrypted • Hidden in the MP3 bit stream CISSP All in One Shon Harris

  16. Secret Key Encryption and Uses CISSP All in One Shon Harris

  17. Secret Key Encryption CISSP All in One Shon Harris

  18. Public Key Encryption CISSP All in One Shon Harris

  19. Encryption Methods • Symmetric keys (or secret keys) • Asymmetric keys (or public keys) CISSP All in One Shon Harris

  20. Symmetric Cryptography • Strengths • Fast • Weaknesses • Key distribution • Scalability • Many keys for encrypting different data • Limited security • Symmetric crypto achieves • Confidentiality • NO authentication or non repudiation • Security of the encryption depends on how well users protect the key • Keys must be distributed in an out-of-band method • Number generation must be random CISSP All in One Shon Harris

  21. PRNGs, Truly Random Seed Values, and Keys PRNG (Psudo Random Number Generator) and Key Generator Truly Random Seed Value Keys The security of an algorithm rests in the key. If you're using a cryptographically weak process to generate keys, then your whole system is weak. — Bruce Schneier, Applied Cryptography CISSP All in One Shon Harris

  22. Random Seed values and Keys • How keys are generated • Primer • Dummy initialization vector (IV) to build up the cipher speed and strength of the key • Padding • Adds random data to even-out block sizes CISSP All in One Shon Harris

  23. Block and Stream Ciphers • Block cipher • A cipher which processes one block at a time • Blocks of data • Subject to frequency analysis • Not suited for hardware • Implemented in software • Stream cipher • A cipher which processes a single bit or byte at a time • Stream of bits • Easily implemented in hardware • Sending and receiving device must have the same key CISSP All in One Shon Harris

  24. Block Cipher • Confusion • Carried out through substitution • Diffusion • Carried out by using transposition • S-boxes • Substitution boxes • Contain lookup tables used by the algorithm to encrypt • Key dictates the use of an s-box • Implemented in Software CISSP All in One Shon Harris

  25. Symmetric Cryptography CISSP All in One Shon Harris

  26. DES – Data encryption Standard • NIST-National Institute of Standards and Technology • Began researching symmetric ciphers in the 1960s • Lucifer • Developed by IBM in 1974 • Accepted as the first national standard • ANSI • Agreed in 1978 • From these roots, the NSA developed DES • Replaced by Rijndael (AES) CISSP All in One Shon Harris

  27. DES Attacks • Cryptanalysis assumptions • Algorithm known by adversaries • Adversary may have ciphertext and /or plaintext • Adversary must try to find all possible keys • Trying all keys is a very time-intensive process but possible with the increasing power of computer processors CISSP All in One Shon Harris

  28. How Does DES Work? • 64 bit blocks • Minus 8 parity bits = 56 bit key • 16 rounds of transposition and substitution • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Cipher Feedback Mode (CFB) • Output Feedback Mode (OFB) • Counter mode CISSP All in One Shon Harris

  29. Electronic Code Book (ECB) • A mode of DES that operates like a code book • Using a key, a 64 bit data block is entered into the algorithm • A block of cipher text is produced • ECB pads the ends of messages that don't have exactly 64 bits • Fast/simple • Small amounts of data – PIN numbers CISSP All in One Shon Harris

  30. Cipher Block Chaining (CBC) • Produces a more secure cipher text • Each block of text and the key is applied to the next block of text • 64 bit plaintext blocks loaded sequentially • XORed with next text block CISSP All in One Shon Harris

  31. Cipher Feedback Mode (CFB) • Takes the previously-generated ciphertext from the last encrypted block of text • Inputs it into an algorithm • Generates random values • Combines random values with the current block of text to produce ciphertext • Block cipher CISSP All in One Shon Harris

  32. Output Feedback Mode (OFM) • Similar to CFB • Keystream from the previous block used to generate keystream for the next block • OFB used to encrypt digital video, digital voice CISSP All in One Shon Harris

  33. Counter Mode • Similar to OFB • Instead of using randomly unique IV to generate keystream uses a IV counter to increment IV for each block • Used for encrypting ATM cells for virtual circuits, IPSec and 802.11i CISSP All in One Shon Harris

  34. Double DES • Developed to be more secure than DES • No more effective than standard DES • Key length 112 bits CISSP All in One Shon Harris

  35. Triple-DES (3DES) • 3 rounds of computation • May use two or three keys • DES-EEE3 • Three different keys • DES-EDE3 • Encrypt / decrypt / encrypt method • DES-EEE2 • Same as previous except first and third encryption use same key • DES-EDE2 • Same as EDE3, except first and third encryption use the same key CISSP All in One Shon Harris

  36. Advanced Encryption Standard (AES) • DES was crackable • Government searched for a new symmetric encryption standard • Rijndael was chosen • Block cipher • Variable block and key lengths CISSP All in One Shon Harris

  37. Public Key Algorithms and Uses CISSP All in One Shon Harris

  38. Asymmetric Cryptography • Secure message format • Open message format • Signatures CISSP All in One Shon Harris

  39. Strengths – Asymmetric cryptography • Key distribution • Scalability • Provides - • Confidentiality • Authentication • Non-repudiation • Weaknesses • Slow CISSP All in One Shon Harris

  40. Asymmetric Cryptography • Two keys in a public key system • Public - Known to everyone • Private - Known only to the sender • Public keys are usually listed in directories or databases CISSP All in One Shon Harris

  41. Public Key Cryptography Ciphertext PlainText Encryption Receiver's Public Key Receiver's Private Key PlainText Ciphertext Decryption CISSP All in One Shon Harris

  42. Asymmetric Cryptography Types • RSA • Large prime numbers • Elliptical curve cryptosystem (ECC) • Wireless • Diffie-Hellman (DH) • Only for session key agreement • Based on calculating discrete logarithms into a finite field CISSP All in One Shon Harris

  43. Asymmetric Cryptography Types • EIGamal • Same algorithm as DH • Used for more services • Digital Signature Algorithm (DSA) • Used in DSS • Knapsack • Older key agreement protocol • Based on weights CISSP All in One Shon Harris

  44. RSA • A public-key cryptosystem • Developed in 1977 by MIT professors Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman • Goal was to help ensure internet security • Widely used • "De-facto" encryption standard • Used with - • SSL • PGP • Many Web browsers CISSP All in One Shon Harris

  45. El Gamal • Another public key algorithm • Can be used for digital signatures and key exchange • Operates by calculating discrete logarithms CISSP All in One Shon Harris

  46. Elliptical Curve Cryptosystem (ECC) • Much like RSA Used for - • Digital signatures • Secure key distribution • Encryption • Widely used in wireless devices CISSP All in One Shon Harris

  47. Knapsack • Older key agreement protocol • Developed in 1984 • Revised in 1988 • Based on weights • Has been broken CISSP All in One Shon Harris

  48. Diffie-Hellman • Public-key cryptography • Invented in 1976 by Whitfield Diffie and Martin Hellman • Used for key distribution • Cannot be used to encrypt and decrypt messages CISSP All in One Shon Harris

  49. E-commerce Protection Methods • IPSEC • SHTTP • SSL CISSP All in One Shon Harris

  50. Network Layer Protection -IPSEC Main advantage • Transparency to applications • Main disadvantage - Requires a new version of the operating system CISSP All in One Shon Harris

More Related