Professional Documents
Culture Documents
Objectives
Define cryptography Describe hash, symmetric, and asymmetric cryptographic algorithms List the various ways in which cryptography is used
Introduction
Multilevel approach to information security
Firewalls Network intrusion detection systems All-in-one network security appliances
Defining Cryptography
Cryptography scrambles data
The science of transforming information into an unintelligible secure form while it is being transmitted or stored so that unauthorized users cannot access it. Simply put - scrambles data
Decryption
Changing a secret message back to its original form
Cleartext data
Data stored or transmitted without encryption
Key
Mathematical value entered into the algorithm to produce ciphertext (scrambled text) Reverse process uses the key to decrypt the message
Integrity
Insures information is correct and unaltered
Availability
Authorized users can access it
11
Cryptographic Algorithms
Three categories of cryptographic algorithms
Hash algorithms Symmetric encryption algorithms Asymmetric encryption algorithms
12
Hashing Algorithms
Hashing is a one-way process Converting a hash back to the original data is difficult or impossible A hash is a unique signature for a set of data This signature, called a hash or digest, represents the contents Hashing is used only for integrity to ensure that: Information is in its original form (Comparison Purposes) No unauthorized person or malicious software has altered the data Common hash algorithms MD5, SHA-1
14
15
Link Ch 11a
Unique
Two different data sets cannot produce the same hash, which is known as a collision
Original
Dataset cannot be created to have a desired or predefined hash
Secure
Resulting hash cannot be reversed to determine original data
17
18
19
20
21
22
23
Three versions
Message Digest 2 (MD2)
Takes plaintext of any length and creates 128 bit hash Padding added to make short messages 128 bits Considered too slow today and rarely used
25
SHA-1 Patterned after MD4, but creates a hash that is 160 bits in length instead of 128 bits SHA-2 Comprised of four variations, known as SHA-224, SHA-256, SHA-384, and SHA-512 Considered to be a secure hash
Security+ Guide to Network Security Fundamentals, Fourth Edition 26
Link Ch 11d
Whirlpool Algorithm
Whirlpool
Recent cryptographic hash Has received international recognition and adoption by standards organizations Creates hash of 512 bits
28
RIPEMD Algorithm
Race Integrity Primitives Evaluation Message Digest (RIPEMD)
Two different and parallel chains of computation Results are combined at end of process
29
Password Hashes
Another use for hashes is in storing passwords When a password for an account is created, the password is hashed and stored The Microsoft NT family of Windows operating systems hashes passwords in two different forms
LAN Manager hash New Technology LAN Manager (NTLM) hash
Linux and Apple Mac strengthen password hashes by including random bit sequences
Known as a salt Make password attacks more difficult Apple Mac OS X uses SHA-1 hashes Most Linux Systems use MD5 hashes
30
32
Stream cipher
Takes one character and replaces it with one character Simplest type: substitution cipher WEP (Wired Equivalent Protocol) is a stream cipher
33
34
35
36
37
38
39
40
Block ciphers are considered more secure than Stream Ciphers because output is more random
41
42
44
45
Link Ch 11e
Other Algorithms
Rivest Cipher (RC) Family (RC1 to RC6)
Family of cipher algorithms designed by Ron Rivest
Blowfish
Block cipher operating on 64-bit blocks with key lengths from 32-448 bits No significant weaknesses have been identified
47
Also known as public key cryptography Uses two mathematically related keys
The public key is known to everyone and can be freely distributed The private key is known only to the recipient of the message
Public key available to everyone and freely distributed Private key known only to individual to whom it belongs
Security+ Guide to Network Security Fundamentals, Fourth Edition 48
49
50
51
56
NTRUEncypt
Uses lattice-based cryptography Relies on a set of points in space Faster than RSA and ECC More resistant to quantum computing attacks
58
59
Using Cryptography
Cryptography
Should be used to secure data that needs to be protected Can be applied through either software or hardware
60
61
62
TrueCrypt http://www.truecrypt.org/
Open-source, free, and can encrypt folders or files
64
Hardware Encryption
Software encryption can be subject to attacks to exploit its vulnerabilities Cryptography can be embedded in hardware
Provides higher degree of security Can be applied to USB devices and standard hard drives Trusted platform module (TPM) Hardware security model
66
67
68
69
70
Summary
Cryptography is science of transforming information into a secure form while being transmitted or stored Hashing creates a unique digital fingerprint that represents contents of original material
Used only for comparison
71
Summary (contd.)
Asymmetric cryptography
Public key cryptography Uses two keys: public key and private key Can be used to create a digital signature
Cryptography can be applied through hardware or software Hardware encryption cannot be exploited like software cryptography
72