slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Security & Cryptographic Principles PowerPoint Presentation
Download Presentation
Information Security & Cryptographic Principles

Loading in 2 Seconds...

play fullscreen
1 / 39

Information Security & Cryptographic Principles - PowerPoint PPT Presentation


  • 166 Views
  • Uploaded on

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 2. Single key cryptographic algorithms 3. Public key cryptographic algorithms 4. Crypto Applications 5. Business Continuity.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Security & Cryptographic Principles' - elton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Information Security

&

Cryptographic Principles

slide2

Infosec and Cryptography

Subjects / Topics :

1. Introduction to computer cryptography

2. Single key cryptographic algorithms

3. Public key cryptographic algorithms

4. Crypto Applications

5. Business Continuity

basic problem

IntranetExtranet

Internet

Bob

Alice

Basic Problem

There are Confidence and Trust Issues …

multiple security issues
Multiple Security Issues

Privacy

Authentication

Interception

Spoofing

Integrity

Non-repudiation

Not sent not received

Claims

Proof of parties involved

Modification

information security
Information Security

Confidentiality

Integrity

Availability

security services
Security Services

Integrity

Information has not been altered

Confidentiality

Content hidden during transport

Authentication

Identity of originator confirmed

Non-Repudiation

Originator cannot repudiate transaction

data confidentiality

Some confidential

text (message)

in clear (readable)

form

Data Confidentiality
cryptography
Cryptography

Someconfid

entialtext

essage)

in clear

Some confidential

text (message)

in clear (readable)

form

E n c r y p t i o n

cryptography1
Cryptography

Someconfid

entialtext

essage)

in clear

Some confidential

text (message)

in clear (readable)

form

D e c r y p t i o n

crypto transformations

Some confidential

text (message)

in clear (readable)

form

Crypto Transformations
  • Someconfi
  • Entialte
  • essage)
  • in clear
crypto transformations1

Some confidential

text (message)

in clear (readable)

form

Crypto Transformations
  • Someconfi
  • Entialte
  • essage)
  • in clear
parameterization

Someconfid

entialtext

essage)

in clear

Someconfid

entialtext

essage)

in clear

Someconfid

entialtext

essage)

in clear

Someconfid

entialtext

essage)

in clear

Someconfid

entialtext

essage)

in clear

Someconfid

entialtext

essage)

in clear

Someconfid

entialtext

essage)

in clear

Parameterization

Some confidential

text (message)

in clear (readable)

form

  • Someconfi
  • Entialte
  • essage)
  • in clear

Crypto key

slide13

Infosec and Cryptography

Subjects / Topics :

1. Introduction to computer cryptography

2. Single key cryptographic algorithms

3. Public key cryptographic algorithms

4. Crypto Applications

5. Business Continuity

single key crypto

E n c r y p t i o n

Someconfid

Entialtext

essage)

in clear

Some confidential

text (message)

in clear (readable)

form

D e c r y p t i o n

Single Key Crypto

Crypto key

slide16

Principles

1. Simple for users

2. Complicated for intruders

3. Public algorithm

4. Secret key

5. Large number of combinations

6. Special properties

slide17

Other Symmetric Algorithms

1. AES

2. IDEA

3. Triple - DES

4. RC-2

5. RC-4

6. Blowfish

slide18

Infosec and Cryptography

Subjects / Topics :

1. Introduction to computer cryptography

2. Single key cryptographic algorithms

3. Public key cryptographic algorithms

4. Crypto Applications

5. Business Continuity

slide19

E n c r y p t i o n

D e c r y p t i o n

Secret Key Systems

Someconfi entialtext

essage)

in clear

Some confidential

text (message)

in clear (readable)

form

Crypto key

slide20

?

Key Exchange

slide21

Public Key Cryptography

Encryption

Key 2

Some confidential

text (message)

in clear (readable)

form

Someconfi entialtext

essage)

in clear

Key 1

Decryption

slide22

Public Key Cryptography

Bob

Alice

MSG

tia

Encryption

Decryption

MSG

Bob Private

Alice Private

Bob Public

Alice Public

Digital Signature … Authentication … Non-Repudiation

slide23

Public Key Cryptography

Bob

Alice

MSG

tia

Encryption

Decryption

MSG

Bob Private

Alice Private

Bob Public

Alice Public

Confidentiality

slide24

Symmetric and Asymmetric Encryption

  • Symmetric: Faster than asymmetric, hard to break with large key, hard to distribute keys, too many keys required, cannot authenticate or provide non-repudiation.
  • Includes: DES, Triple DES, Blowfish, IDEA, RC4, RC5, RC6, AES
slide25
Asymmetric cryptography: Better at key distribution, better scalability for large systems, can provide authentication and non-repudiation, slow, math intensive

Includes: RSA, ECC, Diffie Hellman, El Gamal, DSA, Knapsack, PGP

Symmetric and Asymmetric Encryption

slide26

Infosec and Cryptography

Subjects / Topics :

1. Introduction to computer cryptography

2. Single key cryptographic algorithms

3. Public key cryptographic algorithms

4. Crypto Applications

5. Business Continuity

slide27

Crypto Applications

1. Digital signature

2. Digital enveloping

3. Digital certificates

4. Secret key exchange

slide28

Digital Signature

A Digital Signature is a data item

that vouches for the origin and

the integrity of a Message

Intranet

Extranet

Internet

Alice

Bob

slide29

Digital Signature

Message

Message

Digest

Algorithm

Digest

Algorithm

Hash Function

Hash Function

Digest

Public Key

Encryption

Decryption

Private Key

Expected

Digest

Actual

Digest

Signature

Signer

Receiver

Channel

slide30

Digital Signature

“Real Identity” of the Signer.

Why should I trust what the Sender claims to

be ?

Moving towards PKI …

slide31

Digital Certificate

A Digital Certificate is a binding

between an entity’s Public Key

and one or more Attributes related to its Identity.

The entity can be a Person, an Hardware Component, a Service, etc.

  • A Digital Certificate is issued (and signed) by someone :
  • Usually the issuer is a Trusted Third Party
slide32

CERTIFICATE

Digital Certificate

Subject

Issuer

Subject Public Key

Issuer Digital Signature

slide33

Digital Certificate

  • How are Digital Certificates Issued?
  • Who is issuing them?
  • Why should I Trust the Certificate Issuer?
  • How can I check if a Certificate is valid?
  • How can I revoke a Certificate?
  • Who is revoking Certificates?

Moving towards PKI …

slide34

Infosec and Cryptography

Subjects / Topics :

1. Introduction to computer cryptography

2. Single key cryptographic algorithms

3. Public key cryptographic algorithms

4. Crypto Applications

5. Business Continuity

business continuity and disaster recovery
Business Continuity and Disaster Recovery
    • Businesses are more susceptible to failure after a disaster
  • Goal
    • To minimize disaster aftermath and ensure resources, personnel, and business processes resume
  • By
    • Planning measures
    • Backing up data and hardware
    • Getting the right people in place
  • Requirements
    • Management support
    • Driving the project, top-down approach
    • Must understand value of investing in BCP
      • Returns can be priceless
business continuity steps
Business Continuity Steps
  • Steps
    • Develop the continuity planning policy statement
    • Conduct the business impact analysis (BIA)
    • Identify preventive controls
    • Develop recovery strategies
    • Develop the contingency plan
    • Test the plan and conduct training and exercises
    • Maintain the plan
  • Understanding the Organization
business impact analysis bia
Business Impact AnalysisBIA
  • Considered a functional analysis
  • Team collects data in variety of ways
  • Maps out following characteristics:
    • Maximum tolerable downtime
    • Operational disruption and productivity
    • Financial considerations
    • Regulatory responsibilities
    • Reputation
  • Understand the variety of possible threats
  • Must go through all possible scenarios