cryptography n.
Skip this Video
Loading SlideShow in 5 Seconds..
Cryptography PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 45

Cryptography - PowerPoint PPT Presentation

  • Uploaded on

Cryptography. Chapter 14. Learning Objectives. Understand the basics of algorithms and how they are used in modern cryptography Identify the differences between asymmetric and symmetric algorithms

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Chapter 14

learning objectives
Learning Objectives
  • Understand the basics of algorithms and how they are used in modern cryptography
  • Identify the differences between asymmetric and symmetric algorithms
  • Have a basic understanding of the concepts of cryptography and how they relate to network security


learning objectives1
Learning Objectives
  • Discuss characteristics of PKI certificates and the policies and procedures surrounding them
  • Understand the implications of key management and a certificate’s lifecycle
  • Study of complex mathematical formulas and algorithms used for encryption and decryption
  • Allows users to transmit sensitive information over unsecured networks
  • Can be either strong or weak
cryptography terminology
Cryptography Terminology
  • Plaintext
    • Data that can be read without any manipulation
  • Encryption
    • Method of disguising plaintext to hide its substance
  • Ciphertext
    • Plaintext that has been encrypted and is an unreadable series of symbols and numbers
  • Mathematical functions that work in tandem with a key
  • Same plaintext data encrypts into different ciphertext with different keys
  • Security of data relies on:
    • Strength of the algorithm
    • Secrecy of the key
  • Method used for verifying data integrity
  • Uses variable-length input that is converted to a fixed-length output string (hash value)
symmetric algorithms
Symmetric Algorithms
  • Usually use same key for encryption and decryption
  • Encryption key can be calculated from decryption key and vice versa
  • Require sender and receiver to agree on a key before they communicate securely
  • Security lies with the key
  • Also called secret key algorithms, single-key algorithms, or one-key algorithms
categories of algorithms
Categories of Algorithms
  • Stream algorithms
    • Operate on the plaintext one bit at a time
  • Block algorithms
    • Encrypt and decrypt data in groups of bits, typically 64 bits in size
asymmetric algorithms
Asymmetric Algorithms
  • Use different keys for encryption and decryption
  • Decryption key cannot be calculated from the encryption key
  • Anyone can use the key to encrypt data and send it to the host; only the host can decrypt the data
  • Also known as public key algorithms
common encryption algorithms
Lucifer (1974)

Diffie-Hellman (1976)

RSA (1977)

DES (1977)

Triple DES (1998)

IDEA (1992)

Blowfish (1993)

RC5 (1995)

Common Encryption Algorithms
primary functions of cryptography
Primary Functions of Cryptography
  • Confidentiality
  • Authentication
  • Integrity
  • Nonrepudiation
digital signatures
Digital Signatures
  • Based on asymmetric algorithms, allow the recipient to verify whether a public key belongs to its owner
  • Credentials that allow a recipient to verify whether a public key belongs to its owner
    • Verify senders’ information with identity information that is bound to the public key
  • Components
    • Public key
    • One or more digital signatures
    • Certificate information (eg, user’s name, ID)
public key infrastructure pki certificates
Public Key Infrastructure (PKI) Certificates
  • Certificate storage facility that provides certification management functionality (eg, ability to issue, revoke, store, retrieve, and trust certificates)
  • Certification authority (CA)
    • Primary feature of PKI
    • Trusted person or group responsible for issuing certificates to authorized users on a system
    • Creates certificates and digitally signs them using a private key
pki policies and practices
PKI Policies and Practices
  • Validity establishes that a public key certificate belongs to its owner
  • CA issues certificates to users by binding a public key to identification information of the requester
  • User can manually check certificate’s fingerprint
pki revocation
PKI Revocation
  • Certificates have a restricted lifetime; a validity period is created for all certificates
  • Certificate revocation list (CRL)
    • Communicates which certificates within a PKI have been revoked
trust models
Trust Models
  • Techniques that establish how users validate certificates
    • Direct trust
    • Hierarchical trust
    • Web of trust
direct trust model
Direct Trust Model
  • User trusts a key because the user knows where it came from
hierarchical trust model
Hierarchical Trust Model
  • Based on a number of root certificates
web of trust
Web of Trust
  • Combines concepts of direct trust and hierarchical trust
  • Adds the idea that trust is relative to each requester
  • Central theme: the more information available, the better the decision
key and certificate life cycle management
Key and Certificate Life Cycle Management
  • Setup or initialization
  • Administration of issued keys and certificates
  • Certificate cancellation and key history
setup and initialization
Setup and Initialization
  • Registration
  • Key pair generation
  • Certificate creation
  • Certificate distribution
  • Certificate dissemination
  • Key backup
  • User requests certificate from CA
  • CA verifies identity and credentials of user
  • Certificate practice statement
    • Published document that explains CA structure to users
  • Certificate policy establishes:
    • Who may serve as CA
    • What types of certificates may be issued
    • How they should be issued and managed
key pair generation
Key Pair Generation
  • Involves creation of one or more key pairs using different algorithms
  • Dual or multiple keys are often utilized to perform different roles to support distinct services
  • Key pair can be restricted by policy to certain roles based on usage factors
  • Multiple key pairs usually require multiple certificates
  • Distinguished name (DN)
    • Unique identifier that is bound to a certificate by a CA
    • Uses a sequence of character(s) that is unique to each user
  • Appropriate certificate policies govern creation and issuance of certificates
certificate dissemination techniques
Certificate Dissemination Techniques
  • Securely make certificate information available to requester without too much difficulty
    • Out-of-band distribution
    • In-band distribution
    • Publication
    • Centralized repositories with controlled access
key backup
Key Backup
  • Addresses lost keys
  • Helps recover encrypted data
  • Essential element of business continuity and disaster recovery planning
key escrow
Key Escrow
  • Key administration process that utilizes a third party
  • Initialization phase involves:
    • Certificate retrieval and validation
    • Key recovery and key update
cancellation procedures
Cancellation Procedures
  • Certificate expiration
  • Certificate revocation
  • Key history
  • Key archive
certificate expiration
Certificate Expiration
  • Occurs when validity period of a certificate expires
  • Options upon expiration
    • Certificate renewal
    • Certificate update
certificate revocation
Certificate Revocation
  • Implies cancellation of a certificate prior to its natural expiration
  • Revocation delay
    • Delay associated with the revocation requirement and subsequent notification
certificate revocation1
Certificate Revocation
  • How notification is accomplished
    • Certificate revocation lists (CRLs)
    • CRL distribution points
    • Certificate revocation trees (CRTs)
    • Redirect/Referral CRLs
  • Notification is unnecessary for:
    • Short certificate lifetimes
    • Single-entity approvals
key history
Key History
  • Deals with secure and reliable storage of expired keys for later retrieval to recover encrypted data
  • Applies more to encryption keys than signing keys
key archive
Key Archive
  • Service undertaken by a CA or third party to store keys and verification certificates
  • Meets audit requirements and handles resolution of disputes when used with other services (eg, time stamping and notarization)
setting up an enterprise pki
Setting up an Enterprise PKI
  • Extremely complex task with enormous demands on financial, human, hardware, and software resources
  • Areas to explore
    • Basic support
    • Training
    • Documentation issues
areas to explore in detail when setting up an enterprise pki
Areas to Explore in Detail When Setting up an Enterprise PKI
  • Support for standards, protocols, and third-party applications
  • Issues related to cross-certification, interoperability, and trust models
  • Multiple key pairs and key pair uses
  • How to PKI-enable applications and client-side software availability


areas to explore in detail when setting up an enterprise pki1
Areas to Explore in Detail When Setting up an Enterprise PKI
  • Impact on end user for key backup, key or certificate update, and nonrepudiation services
  • Performance, scalability, and flexibility issues regarding distribution, retrieval, and revocation systems
  • Physical access control to facilities
chapter summary
Chapter Summary
  • Ways that algorithms and certificate mechanisms are used to encrypt data flows
  • Concepts of cryptography
  • Key and certificate life cycle management