1 / 23

Cryptography CBK

Cryptography CBK. Defense Point Security CISSP Study Group 2014. Cryptology 101. Cryptography – the science of writing hidden messages Cryptanalysis – the science of analyzing secret messages (decipher) Cryptographers hide vs. cryptanalyst find weaknesses Encrypting:

kirestin-adkins
Download Presentation

Cryptography CBK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography CBK Defense Point Security CISSP Study Group 2014

  2. Cryptology 101 Cryptography – the science of writing hidden messages Cryptanalysis – the science of analyzing secret messages (decipher) Cryptographers hide vs. cryptanalyst find weaknesses Encrypting: Plain Text > Encryption Algorithm (Cipher) > Cipher Text Decrypting: Cipher Text > Encryption Algorithm > Plain Text The Goal is to provide: Confidentiality (prevent eavesdropping) Integrity (unaltered) Non-Repudiation (cannot deny)

  3. Stream Cipher vs Block Cipher • Stream Ciphers modify one plaintext character at a time (popular example is RC4, used in WEP and TLS). • Hardware encryption • Voice • Wireless • Block Ciphers work on a fix-length block of plaintext at a time. • File encryption • VPN http://en.wikipedia.org/wiki/Block_cipher

  4. Substitution Substitution = Replacing Early example is Caesar Cipher Common examples are ‘secret decoder rings’ http://en.wikipedia.org/wiki/Substitution_cipher

  5. Transposition Transposition = Permutations, changing the order, scramble Sample #1: Hello >> lolhe Sample #2 Defnese Point Security (with key Order) >> DfPSieeoetodsnureetrrnicy 3 4 1 2 5 OR D E R D E F E N S E P O I N T S E C U R I T Y http://en.wikipedia.org/wiki/Transposition_cipher

  6. Defeating Simple Ciphers Frequency Distribution = Some letters naturally appear more often White space, null values, punctuation Brute Force / Guessing Birthday Attack http://en.wikipedia.org/wiki/Letter_frequency

  7. Diffusion Diffusion = Substitution + Transposition

  8. Encryption Algorithms 3 Main Types: Symmetric Asymmetric Secure Hash Algorithms

  9. Symmetric Key is the same on both sides (known by both partys) Private key cryptography Both devices use the same key to encrypt and decrypt the data Sample encryption standards: AES DES, 3DES LOKI Blowfish IDEA RC5, RC6 Longer key, often means more security

  10. Symmetric Cryptography A.K.A: Single Key Cryptography Secret Key Cryptography Session Key Cryptography Shared Key Cryptography Early Examples: Caesar Cipher Vigenere’s Cipher (1500’s-ish, unbreakable for hundreds of years)

  11. Symmetric Cryptography Benefits Quick to set up Lower overhead than asymmetric No public key cryptography infrastructure required Strength is typically proportional to size

  12. Hard to manage with large number of devices How do you share keys over an untrusted network? Symmetric Cryptography Concerns

  13. Public-Key Cryptology Common Algorithms Diffie-Hellman Key Exchange- 1976 RSA Asymmetric Algorithms (Ron Rivest, Adi Shamir, and Leonard Adleman) -1977 DSA Elliptical Curve Cryptography (ECC) – lower overhead, El Gamal

  14. Public-Key Cryptology Diffie-Hellman Key Exchange Whitefield Diffie Martin Helman Ralph Merkle – Invented first example of early pubkey cryptography disclosed a secret UK government project had discovered in 1973, similar claims from NSA Key Pairs, Public and Private Key Keys are mathematically related Cannot derive private key from public key Public Key used to encrypt plaintext or verify digital signature Private key is used to decrypt ciphertext or create digital signature

  15. Public-Key Cryptology http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

  16. Diffie-Hellman Math A Peek at Diffie-Hellman Math 2 prime numbers Prime Number #1 = g (primitive root) Prime Number #2 = p (large, at least 512 bits) Alice Large Random number = a Bob’s Large Random Number = b Alice computes A = ga (mod p) Bob computes B = gb(mod p) Shared Key For Alice = K = Bb(mod p) = (ga)b(mod p) Shared Key For Bob = K = Ab(mod p) = (ga) b (mod p) References: http://mathworld.wolfram.com/Diffie-HellmanProtocol.html

  17. Attacks on Public Key Crypto Replay Attack Man In The Middle Future Computing (added) References: Crpytography Decrypted

  18. Certificate Authority (CA) – Trusted Authority • “Web of Trust” • Registration Authority • PKI Key Pairs • Encrypting • Signing • X.509 defines certificate schema • PKCS (Public Key Cryptography Standards, defined by RSA) • #1: RSA • #3: DH • #11: API for tokens, single sign on • #12: standard for storage of private keys and public certs Public Key Infrastructure References: http://en.wikipedia.org/wiki/PKCS

  19. AES FIPS 140-2 Established by NIST in 2001 Based on Rihandel Cipher Block size of 128 bits 3 key lengths: 128, 192, 256 AES supersedes DES (1977) From wikipedia: InitialRound AddRoundKey—each byte of the state is combined with a block of the round key using bitwise xor. Rounds SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table. ShiftRows—a transposition step where the last three rows of the state are shifted cyclically a certain number of steps. MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column. AddRoundKey Final Round (no MixColumns) SubBytes ShiftRows AddRoundKey. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

  20. Hashes Variable length input results in fixed sized output One-way functions Example hashing algorithms: MD5 – 128 bit / 16-byte / 32 digit hash SHA-1 – 160 bit / 20-byte / 40 digit hash Way Over Simplification (for illustration): 1034579812345 >> 1+0+3+4+5+7+9+8+1+2+3+4+5=52 >> 5+2 = 7 Could be collisions www.defpoint.com

  21. Digital Signatures • AUTHENTICITY • VALID SIG PROVES: • INTEGRITY • NON-REPUDIATION • AUTHENTICAITON http://en.wikipedia.org/wiki/Digital_signatures

  22. What for? …guarantees integrity / UNALTERED …guarantees non-repudiation / CANNOT DENY …guarantees identity / KNOWN SENDER

  23. Want more? Bruce Schneier’s Self-Study Cryptanalysis Course: https://www.schneier.com/paper-self-study.pdf Applied Cryptography, Bruce Schneier Cryptography Decrypted, H.X. Mell, Doris Baker CBT Nuggets Videos and MP3 downloads (you have this already): CISSP CBK-5 Symmetric Cryptography CISSP CBK-5 Asymmetric Cryptography Sec+ General Cryptography Concepts Sec+ Cryptography Algorithms and Protocols Sec+ Public Key Infrastructure Sec+ Cryptography Domain Update References for additional learning on cryptography

More Related