Encryption
Matches Domain 4.0 Basics of Cryptography
(15 percent of Security +)
Network Security Class
Dr. Kleist
Note: Most material from Harris, Shon. (2003). All-In-One CISSP Certification Exam
Guide. New York: McGraw-Hill/Osborne.
Security + Exam and Cryptography





4.1 Identify and explain hashing, symmetric, asymmetric (chpt.
5)
4.2 Understand cryptography and confidentiality, integrity
(digital signatures), authentication, non-repudiation (digital
signatures), access control (Chpt. 5)
4.3 PKI: certificates, certificate policies, revocation, trust
models (Chpt. 5)
4.4 Crypto standards and protocols (Chpt. 5)
4.5 Key Management and Certificate Lifecycles (centralized v.
decentralized, storage, escrow, expiration, revocation, suspension,
recovery, renewal, destruction, key usage (Chpt. 6)
Sources of Lecture




Slides are drawn from several sources.
Some research from Conklin, W. A., G. White, C.
Cothren, D. Williams, R. Davis. (2004). Principles of
Computer Security. Boston: McGraw-Hill Technology
Education.
Also material from Schneier, B. (2000, 2004). Secrets &
Lies: Digital Security in a Networked
World. Indianapolis: Wiley Publishing, Inc.
Most of this material from Harris, Shon. (2003). AllIn-One CISSP Certification Exam Guide. New York:
McGraw-Hill/Osborne.
Exam 1



Real exam is 90 minutes for 100 questions, you
must get a score of 764, and your points are
normalized from 100 to 900 points (i.e., changed
in scale
Our exam 1 will be from real Security + exams,
and will cover sections that are matched to the
chapters in our text, our lectures and the
Schneier book.
First exam will have 60 multiple choice
questions.
Outline of Crypto Section









History of Cryptography
Common elements of all cryptographic systems
Cryptographic systems strength
Types of ciphers
Government involvement
Symmetric and asymmetric encryption
Digital signatures and certificate authorities
Cryptography in real networks
PKI
Outline, cont’d.










Key escrow
Methods of Encryption
Symmetric cryptography in Networks
Asymmetric cryptography in Networks
Hybrid systems
PKI
CA
Message Integrity and Hashes
Digital Signature
One time pad
Outline, cont’d





Key management
Hardware vs. software key management
Email standards, MIME, S/MIME, PEM,
MSP
Standard cryptography used in networks of
interest
Attacks on crypto systems
History of Crypto











The Code Book
Substitution cipher
Transposition cipher
Monoalphabetic substitution
Scytale cipher
Caesar cipher
Mary Queen of Scots
Benedict Arnold
Enigma and Turing
Windtalkers
Lucifer
Common Elements of All Crypto

Cryptanalysis. Trying to figure out the message without the key.
Algorithm. Set of mathematical rules that dictate enciphering and

Key.

Keyspace: Possible values to construct keys
Plaintext. The original data.
Ciphertext. Message after key is used following the algorithm to the



deciphering. Not part of the encryption process, widely known.
The key is the secret part of the process. An algorithm contains a
keyspace, which is a range of values that can be used to construct a key. Key
is random values within the keyspace range. The larger the key space, the
more values can be used, and some think the safer the key, although Schneier
disagrees.
message, transforming it so eavesdroppers cannot figure it out.
Common Elements of All Crypto



Encipher: Transform data into unreadable
format
Decipher: Transform data into readable format
Work factor: Definition of the amount of
time, effort and resources necessary to break a
crypto system.
Cryptographic Systems Strength




Strength of encryption comes from: Algorithm,
secrecy of key, length of key, initialization vectors, and
how they all work together.
Improper protection of the key can seriously
weaken crypto. (2600 discussion)
Goals of Crypto systems: confidentiality, authenticity,
integrity, nonrepudiation
Crypto system: The hardware and software that
implement the crypto transformations
Types of Ciphers





Substitution cipher
Transposition cipher
Running and concealment cipher
Stream and Block Ciphers
A little bit different: Steganography
Government Involvement



NSA
Clipper Chip
FBI and Wiretapping
Symmetric and Asymmetric
Encryption


Symmetric: Faster than asymmetric, hard to
break with large key, hard to distribute keys, too
many keys required, cannot authenticate or
provide non-repudiation.
Includes: DES, Triple DES, Blowfish, IDEA,
RC4, RC5, RC6, AES
Symmetric and Asymmetric
Encryption


Asymmetric cryptography: Better at key
distribution, better scalability for large systems,
can provide authentication and non-repudiation,
slow, math intensive
Includes: RSA, ECC, Diffie Hellman, El
Gamal, DSA, Knapsack, PGP
Hybrid Asymmetric and Symmetric
Systems






Called Public Key Cryptography
Use asymmetric algorithm for protecting
symmetric encryption keys
Use asymmetric for protecting key distribution
Use secret key for bulk encryption requirements
Just don’t let the secret key travel unless it was
asymmetrically encrypted!
Uses best advantages of each approach
Public Key Infrastructure





Comprehensive approach to establishing a level
of security
PKI as an amalgam of approaches
Infrastructure
Provides authentication, confidentiality,
nonrepudiation, integrity
Specific protocols are not PKI, but an
overarching architecture
Certificate Authority








Public Key Certificate
Registration Authority
Structure of Certificates
Trusted Organization
Can be internal or external to the organization
Entrust, Verisign
Certification Revocation Lists
Can be provided by browser
Message Integrity and Hashes






Has message been altered?
Hash, hash function
One way hash
Message digest
Create a fingerprint of a message
Message can be altered either intentionally or
unintentionally
Digital Signature





Hash value encrypted with the sender’s private
key
Act of signing means encrypting message’s hash
value with private key
Ensures that message was not altered and also
came from Bob
Ensures integrity, authentication, and nonrepudiation
DSS
Algorithms

Asymmetric






RSA
ECC
Diffie Hellman
El Gamal
Digital Signature
Symmetric





DES, 3DES
Blowfish
IDEA
RC4
SAFER
Hashing Algorithms






MD2
MD4
MD5
SHA
HAVAL
What does a good cryptographic hash function
have?
One Time Pad






What is a one time pad?
Perfect encryption
Random
Integrated into some applications
High security
But, have to distribute pad (like German High
Command with submarines and Enigma codes)
Issues of Key Management







Principles
Key length
Storage
Random
More used, shorter its lifetime
Escrow
Destroy at end of lifetime
Hardware v. Software






Software less expensive
Hardware more expensive
Software slower throughput
Hardware faster throughput
Software more easily modified
High end solutions will be hardware
Email Standards




MIME
S/MIME
PEM
MSP
What do Networks Use for Real?
PGP







Phil Zimmerman
Free
Download
Implement
Use on email
Print message encoded and decoded
Web of Trust
Internet Security







HTTP
S-HTTP
HTTPS
SSL
SET
SSH
IPSec
Attacks on Crypto Systems






Ciphertext Only Attack
Know Plaintext Attack
Chosen Plaintext Attack
Man In the Middle Attack
Dictionary Attack
Side Channel