Cryptography

1 / 45

# Cryptography - PowerPoint PPT Presentation

Cryptography. Chapter 14. Learning Objectives. Understand the basics of algorithms and how they are used in modern cryptography Identify the differences between asymmetric and symmetric algorithms

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Cryptography' - kateb

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Cryptography

Chapter 14

Learning Objectives
• Understand the basics of algorithms and how they are used in modern cryptography
• Identify the differences between asymmetric and symmetric algorithms
• Have a basic understanding of the concepts of cryptography and how they relate to network security

continued…

Learning Objectives
• Discuss characteristics of PKI certificates and the policies and procedures surrounding them
• Understand the implications of key management and a certificate’s lifecycle
Cryptography
• Study of complex mathematical formulas and algorithms used for encryption and decryption
• Allows users to transmit sensitive information over unsecured networks
• Can be either strong or weak
Cryptography Terminology
• Plaintext
• Data that can be read without any manipulation
• Encryption
• Method of disguising plaintext to hide its substance
• Ciphertext
• Plaintext that has been encrypted and is an unreadable series of symbols and numbers
Algorithms
• Mathematical functions that work in tandem with a key
• Same plaintext data encrypts into different ciphertext with different keys
• Security of data relies on:
• Strength of the algorithm
• Secrecy of the key
Hashing
• Method used for verifying data integrity
• Uses variable-length input that is converted to a fixed-length output string (hash value)
Symmetric Algorithms
• Usually use same key for encryption and decryption
• Encryption key can be calculated from decryption key and vice versa
• Require sender and receiver to agree on a key before they communicate securely
• Security lies with the key
• Also called secret key algorithms, single-key algorithms, or one-key algorithms
Categories of Algorithms
• Stream algorithms
• Operate on the plaintext one bit at a time
• Block algorithms
• Encrypt and decrypt data in groups of bits, typically 64 bits in size
Asymmetric Algorithms
• Use different keys for encryption and decryption
• Decryption key cannot be calculated from the encryption key
• Anyone can use the key to encrypt data and send it to the host; only the host can decrypt the data
• Also known as public key algorithms
Lucifer (1974)

Diffie-Hellman (1976)

RSA (1977)

DES (1977)

Triple DES (1998)

IDEA (1992)

Blowfish (1993)

RC5 (1995)

Common Encryption Algorithms
Primary Functions of Cryptography
• Confidentiality
• Authentication
• Integrity
• Nonrepudiation
Digital Signatures
• Based on asymmetric algorithms, allow the recipient to verify whether a public key belongs to its owner
Certificates
• Credentials that allow a recipient to verify whether a public key belongs to its owner
• Verify senders’ information with identity information that is bound to the public key
• Components
• Public key
• One or more digital signatures
• Certificate information (eg, user’s name, ID)
Public Key Infrastructure (PKI) Certificates
• Certificate storage facility that provides certification management functionality (eg, ability to issue, revoke, store, retrieve, and trust certificates)
• Certification authority (CA)
• Primary feature of PKI
• Trusted person or group responsible for issuing certificates to authorized users on a system
• Creates certificates and digitally signs them using a private key
PKI Policies and Practices
• Validity establishes that a public key certificate belongs to its owner
• CA issues certificates to users by binding a public key to identification information of the requester
• User can manually check certificate’s fingerprint
PKI Revocation
• Certificates have a restricted lifetime; a validity period is created for all certificates
• Certificate revocation list (CRL)
• Communicates which certificates within a PKI have been revoked
Trust Models
• Techniques that establish how users validate certificates
• Direct trust
• Hierarchical trust
• Web of trust
Direct Trust Model
• User trusts a key because the user knows where it came from
Hierarchical Trust Model
• Based on a number of root certificates
Web of Trust
• Combines concepts of direct trust and hierarchical trust
• Adds the idea that trust is relative to each requester
Key and Certificate Life Cycle Management
• Setup or initialization
• Administration of issued keys and certificates
• Certificate cancellation and key history
Setup and Initialization
• Registration
• Key pair generation
• Certificate creation
• Certificate distribution
• Certificate dissemination
• Key backup
Registration
• User requests certificate from CA
• CA verifies identity and credentials of user
• Certificate practice statement
• Published document that explains CA structure to users
• Certificate policy establishes:
• Who may serve as CA
• What types of certificates may be issued
• How they should be issued and managed
Key Pair Generation
• Involves creation of one or more key pairs using different algorithms
• Dual or multiple keys are often utilized to perform different roles to support distinct services
• Key pair can be restricted by policy to certain roles based on usage factors
• Multiple key pairs usually require multiple certificates
Certificates
• Distinguished name (DN)
• Unique identifier that is bound to a certificate by a CA
• Uses a sequence of character(s) that is unique to each user
• Appropriate certificate policies govern creation and issuance of certificates
Certificate Dissemination Techniques
• Securely make certificate information available to requester without too much difficulty
• Out-of-band distribution
• In-band distribution
• Publication
• Centralized repositories with controlled access
Key Backup
• Helps recover encrypted data
• Essential element of business continuity and disaster recovery planning
Key Escrow
• Key administration process that utilizes a third party
• Initialization phase involves:
• Certificate retrieval and validation
• Key recovery and key update
Cancellation Procedures
• Certificate expiration
• Certificate revocation
• Key history
• Key archive
Certificate Expiration
• Occurs when validity period of a certificate expires
• Options upon expiration
• Certificate renewal
• Certificate update
Certificate Revocation
• Implies cancellation of a certificate prior to its natural expiration
• Revocation delay
• Delay associated with the revocation requirement and subsequent notification
Certificate Revocation
• Certificate revocation lists (CRLs)
• CRL distribution points
• Certificate revocation trees (CRTs)
• Redirect/Referral CRLs
• Single-entity approvals
Key History
• Deals with secure and reliable storage of expired keys for later retrieval to recover encrypted data
• Applies more to encryption keys than signing keys
Key Archive
• Service undertaken by a CA or third party to store keys and verification certificates
• Meets audit requirements and handles resolution of disputes when used with other services (eg, time stamping and notarization)
Setting up an Enterprise PKI
• Extremely complex task with enormous demands on financial, human, hardware, and software resources
• Areas to explore
• Basic support
• Training
• Documentation issues
Areas to Explore in Detail When Setting up an Enterprise PKI
• Support for standards, protocols, and third-party applications
• Issues related to cross-certification, interoperability, and trust models
• Multiple key pairs and key pair uses
• How to PKI-enable applications and client-side software availability

continued…

Areas to Explore in Detail When Setting up an Enterprise PKI
• Impact on end user for key backup, key or certificate update, and nonrepudiation services
• Performance, scalability, and flexibility issues regarding distribution, retrieval, and revocation systems
• Physical access control to facilities
Chapter Summary
• Ways that algorithms and certificate mechanisms are used to encrypt data flows
• Concepts of cryptography
• Key and certificate life cycle management