ccna security v2.0 chapter 7: cryptographic systems
Post on 13-Jan-2016
463 Views
Preview:
TRANSCRIPT
CCNA Security v2.0
Chapter 7:
Cryptographic Systems
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Chapter Outline
7.0 Introduction
7.1 Cryptographic Services
7.2 Basic Integrity and Authenticity
7.3 Confidentiality
7.4 Public Key Cryptography
7.5 Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Section 7.1:Cryptographic Services
Upon completion of this section, you should be able to:
• Explain the requirements of secure communications including integrity, authentication, and confidentiality.
• Explain cryptography.
• Describe cryptoanalysis.
• Describe cryptology.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 4
Topic 7.1.1:Securing Communications
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Authentication, Integrity, and Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Data Integrity
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Data Confidentiality
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 9
Topic 7.1.2:Cryptography
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Creating Ciphertext
Ciphertext can be creating using several methods:
• Transposition
• Substitution
• One-time pad
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Transposition Ciphers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Substitution Ciphers
xxxx
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
One-Time Pad Ciphers
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 14
Topic 7.1.3:Cryptanalysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Cracking Code
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Methods for Cracking Code
Methods used for cryptanalysis:
• Brute-force method
• Ciphertext method
• Known-Plaintext method
• Chosen-Plaintext method
• Chosen-Ciphertext method
• Meet-in-the-Middle method
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Methods for Cracking Code
Frequency Analysis of the English Alphabet
Deciphering Using Frequency Analysis
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 18
Topic 7.1.4:Cryptology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Making and Breaking Secret Codes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Cryptanalysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
The Secret is in the Keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Section 7.2:Basic Integrity and Authenticity
Upon completion of the section, you should be able to:
• Describe the purpose of cryptographic hashes.
• Explain how MD5 and SHA-1 are used to secure data communications.
• Describe authenticity with HMAC.
• Describe the components of key management.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 23
Topic 7.2.1:Cryptographic Hashes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cryptographic Hash Function
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Cryptographic Hash Function Properties
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Well-Known Hash Functions
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 27
Topic 7.2.2:Integrity with MD5, SHA-1, and SHA-2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Message Digest 5 Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Secure Hash Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
MD5 Versus SHA
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 31
Topic 7.2.3:Authenticity with HMAC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Keyed-Hash Message Authentication Code
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
HMAC Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Hashing in Cisco Products
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 35
Topic 7.2.4:Key Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Characteristics of Key Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Key Length and Keyspace
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
The Keyspace
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Types of Cryptographic Keys
Types of cryptographic keys:
• Symmetric keys
• Asymmetric keys
• Digital signatures
• Hash keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Choosing Cryptographic Keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Section 7.3:Confidentiality
Upon completion of the section, you should be able to:
• Explain how encryption algorithms provide confidentiality.
• Explain the function of the DES, 3DES, and the AES algorithms .
• Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithms.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 42
Topic 7.3.1:Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Two Classes of Encryption Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Symmetric and Asymmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Symmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Symmetric Block Ciphers and Stream Ciphers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Choosing an Encryption Algorithm
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 48
Topic 7.3.2:Data Encryption Standard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
DES Symmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
DES Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Improving DES with 3DES
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
3DES Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
AES Origins
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
AES Summary
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 55
Topic 7.3.3:Alternate Encryption Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Software-Optimized Encryption Algorithm (SEAL)
SEAL has several restrictions:
• The Cisco router and the peer must support IPsec.
• The Cisco router and the other peer must run an IOS image that supports encryption.
• The router and the peer must not have hardware IPsec encryption.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
RC Algorithms
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 58
Topic 7.3.4:Diffie-Hellman Key Exchange
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Diffie-Hellman (DH) Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
DH Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Section 7.4:Public Key Cryptography
Upon completion of the section, you should be able to:
• Explain the differences between symmetric and asymmetric encryptions and their intended applications.
• Explain the functionality of digital signatures.
• Explain the principles of a public key infrastructure (PKI).
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 62
Topic 7.4.1:Symmetric Versus Asymmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Asymmetric Key Algorithms
Four protocols that use asymmetric key algorithms:
• Internet Key Exchange (IKE)
• Secure Socket Layer (SSL)
• Secure Shell (SSH)
• Pretty Good Privacy (PGP)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Public Key + Private Key = Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Private Key + Public Key = Authenticity
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Asymmetric AlgorithmsPlease use all 4Figs from this page with the Graphic titles as they tell a story. It may require 2 slides.
Alice Encrypts Message Using Bob’s Public Key
Alice Encrypts A Hash Using Bob’s Public Key
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Asymmetric AlgorithmsBob Uses Alice’s Public Key to Decrypt Hash
Bob Uses His Public Key to Decrypt Message
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Types of Asymmetric Algorithms
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 69
Topic 7.4.2:Digital Signatures
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Using Digital Signatures
Digital Signature Properties:
• Signature is authentic
• Signature is unalterable
• Signature is not reusable
• Signature cannot be repudiated
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Code Signing
Digitally signing code provides several assurances about the code:
• The code is authentic and is actually sourced by the publisher.
• The code has not been modified since it left the software publisher.
• The publisher undeniably published the code.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Digital Certificates
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Using Digital Certificates
Sending a Digital Certificate
Receiving a Digital Certificate
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Digital Signature Algorithms
DSA Scorecard
RSA Scorecard
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 75
Topic 7.4.3:Public Key Infrastructure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Public Key Infrastructure Overview
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
PKI Framework
PKI Example
Elements of the PKI Framework
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Certificate Authorities
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Interoperability of Different PKI Vendors
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Public-Key Cryptography Standards
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Simple Certificate Enrollment Protocol
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
PKI Topologies
Hierarchical CA
Cross Certified CA
Single-Root PKI Topology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Registration Authority
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Digital Certificates and CAs
Retrieving CA Certificates
Submitting Certificate Requests to the CA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Digital Certificates and CAs
Peers Authenticate Each Other
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Section 7.5:Summary
Chapter Objectives:
• Explain the areas of cryptology.
• Explain to two kinds of encryption algorithms.
Thank you.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Instructor Resources
• Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com)
• These resources cover a variety of topics including navigation, assessments, and assignments.
• A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes.
1
2
top related