![Page 1: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/1.jpg)
1
ITNS and CERIAS CISSP Luncheon Series: Cryptography
Presented by
Addam Schroll, CISSP
![Page 2: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/2.jpg)
Outline
History
Terms & Definitions
Symmetric and Asymmetric Algorithms
Hashing
PKI Concepts
Attacks on Cryptosystems
2
![Page 3: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/3.jpg)
Introduction
“Hidden writing”
Increasingly used to protect information
Can ensure confidentiality• Integrity and Authenticity too
3
![Page 4: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/4.jpg)
History – The Manual Era
Dates back to at least 2000 B.C.
Pen and Paper Cryptography
Examples• Scytale• Atbash• Caesar• Vigenère
4
![Page 5: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/5.jpg)
History – The Mechanical Era
Invention of cipher machines
Examples• Confederate Army’s Cipher Disk• Japanese Red and Purple Machines• German Enigma
5
![Page 6: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/6.jpg)
History – The Modern Era
Computers!
Examples• Lucifer• Rijndael• RSA• ElGamal
6
![Page 7: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/7.jpg)
Speak Like a Crypto Geek
Plaintext – A message in its natural format readable by an attacker
Ciphertext – Message altered to be unreadable by anyone except the intended recipients
Key – Sequence that controls the operation and behavior of the cryptographic algorithm
Keyspace – Total number of possible values of keys in a crypto algorithm
7
![Page 8: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/8.jpg)
Speak Like a Crypto Geek (2)
Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption
Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations
8
![Page 9: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/9.jpg)
Cryptosystem Services
Confidentiality
Integrity
Authenticity
Nonrepudiation
Access Control
9
![Page 10: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/10.jpg)
Types of Cryptography
Stream-based Ciphers• One at a time, please• Mixes plaintext with key stream• Good for real-time services
Block Ciphers• Amusement Park Ride• Substitution and transposition
10
![Page 11: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/11.jpg)
Encryption Systems
Substitution Cipher• Convert one letter to another• Cryptoquip
Transposition Cipher• Change position of letter in text• Word Jumble
Monoalphabetic Cipher• Caesar
11
![Page 12: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/12.jpg)
Encryption Systems
Polyalphabetic Cipher• Vigenère
Modular Mathematics• Running Key Cipher
One-time Pads• Randomly generated keys
12
![Page 13: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/13.jpg)
Steganography
Hiding a message within another medium, such as an image
No key is required
Example• Modify color map of JPEG image
13
![Page 14: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/14.jpg)
Cryptographic Methods
Symmetric• Same key for encryption and
decryption• Key distribution problem
Asymmetric• Mathematically related key pairs for
encryption and decryption• Public and private keys
14
![Page 15: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/15.jpg)
Cryptographic Methods
Hybrid• Combines strengths of both methods• Asymmetric distributes symmetric key
» Also known as a session key
• Symmetric provides bulk encryption• Example:
» SSL negotiates a hybrid method
15
![Page 16: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/16.jpg)
Attributes of Strong Encryption
Confusion• Change key values each round• Performed through substitution• Complicates plaintext/key relationship
Diffusion• Change location of plaintext in
ciphertext• Done through transposition
16
![Page 17: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/17.jpg)
Symmetric Algorithms
DES• Modes: ECB, CBC, CFB, OFB, CM
3DES
AES
IDEA
Blowfish
17
![Page 18: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/18.jpg)
Symmetric Algorithms
RC4
RC5
CAST
SAFER
Twofish
18
![Page 19: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/19.jpg)
Asymmetric Algorithms
Diffie-Hellman
RSA
El Gamal
Elliptic Curve Cryptography (ECC)
19
![Page 20: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/20.jpg)
Hashing Algorithms
MD5• Computes 128-bit hash value• Widely used for file integrity checking
SHA-1• Computes 160-bit hash value• NIST approved message digest
algorithm
20
![Page 21: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/21.jpg)
Hashing Algorithms
HAVAL• Computes between 128 and 256 bit
hash• Between 3 and 5 rounds
RIPEMD-160• Developed in Europe published in
1996• Patent-free
21
![Page 22: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/22.jpg)
Birthday Attack
Collisions• Two messages with the same hash
value
Based on the “birthday paradox”
Hash algorithms should be resistant to this attack
22
![Page 23: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/23.jpg)
Message Authentication Codes
Small block of data generated with a secret key and appended to a message
HMAC (RFC 2104)• Uses hash instead of cipher for speed• Used in SSL/TLS and IPSec
23
![Page 24: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/24.jpg)
Digital Signatures
Hash of message encrypted with private key
Digital Signature Standard (DSS)• DSA/RSA/ECD-SA plus SHA
DSS provides• Sender authentication• Verification of message integrity• Nonrepudiation
24
![Page 25: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/25.jpg)
Encryption Management
Key Distribution Center (KDC)• Uses master keys to issue session
keys• Example: Kerberos
ANSI X9.17• Used by financial institutions• Hierarchical set of keys• Higher levels used to distribute lower
25
![Page 26: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/26.jpg)
Public Key Infrastructure
All components needed to enable secure communication• Policies and Procedures• Keys and Algorithms• Software and Data Formats
Assures identity to users
Provides key management features
26
![Page 27: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/27.jpg)
PKI Components
Digital Certificates• Contains identity and verification info
Certificate Authorities• Trusted entity that issues certificates
Registration Authorities• Verifies identity for certificate requests
Certificate Revocation List (CRL)
27
![Page 28: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/28.jpg)
PKI Cross Certification
Process to establish a trust relationship between CAs
Allows each CA to validate certificates issued by the other CA
Used in large organizations or business partnerships
28
![Page 29: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/29.jpg)
Cryptanalysis
The study of methods to break cryptosystems
Often targeted at obtaining a key
Attacks may be passive or active
29
![Page 30: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/30.jpg)
Cryptanalysis
Kerckhoff’s Principle• The only secrecy involved with a
cryptosystem should be the key
Cryptosystem Strength• How hard is it to determine the secret
associated with the system?
30
![Page 31: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/31.jpg)
Cryptanalysis Attacks
Brute force• Trying all key values in the keyspace
Frequency Analysis• Guess values based on frequency of
occurrence
Dictionary Attack• Find plaintext based on common words
31
![Page 32: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/32.jpg)
Cryptanalysis Attacks
Replay Attack• Repeating previous known values
Factoring Attacks• Find keys through prime factorization
Ciphertext-Only
Known Plaintext• Format or content of plaintext available
32
![Page 33: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/33.jpg)
Cryptanalysis Attacks
Chosen Plaintext• Attack can encrypt chosen plaintext
Chosen Ciphertext• Decrypt known ciphertext to discover
key
Differential Power Analysis• Side Channel Attack• Identify algorithm and key length
33
![Page 34: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/34.jpg)
Cryptanalysis Attacks
Social Engineering• Humans are the weakest link
RNG Attack• Predict IV used by an algorithm
Temporary Files• May contain plaintext
34
![Page 35: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/35.jpg)
E-mail Security Protocols
Privacy Enhanced Email (PEM)
Pretty Good Privacy (PGP)• Based on a distributed trust model• Each user generates a key pair
S/MIME• Requires public key infrastructure• Supported by most e-mail clients
35
![Page 36: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/36.jpg)
Network Security
Link Encryption• Encrypt traffic headers + data• Transparent to users
End-to-End Encryption• Encrypts application layer data only• Network devices need not be aware
36
![Page 37: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/37.jpg)
Network Security
SSL/TLS• Supports mutual authentication• Secures a number of popular network
services
IPSec• Security extensions for TCP/IP protocols• Supports encryption and authentication• Used for VPNs
37
![Page 38: 1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP](https://reader036.vdocument.in/reader036/viewer/2022062300/56649ce55503460f949b3052/html5/thumbnails/38.jpg)
Questions?
38