CCNA Security 1.1 Instructional Resource

Similar documents
Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Cryptography MIS

Cryptography (Overview)

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

APNIC elearning: Cryptography Basics

Cryptographic Concepts

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Cryptography and Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Authentication CHAPTER 17

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Chapter 8 Information Technology

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

EEC-484/584 Computer Networks

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

CSC 474/574 Information Systems Security

Public-key Cryptography: Theory and Practice

Garantía y Seguridad en Sistemas y Redes

Cipher Suite Configuration Mode Commands

Computer Security: Principles and Practice

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Security. Communication security. System Security

Some Stuff About Crypto

CRYPTOGRAPHY & DIGITAL SIGNATURE

Introduction to Cryptography. Vasil Slavov William Jewell College

CSE 127: Computer Security Cryptography. Kirill Levchenko

Computers and Security

2.1 Basic Cryptography Concepts

PROTECTING CONVERSATIONS

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Cryptography Introduction

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Encryption. INST 346, Section 0201 April 3, 2018

EEC-682/782 Computer Networks I

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

(2½ hours) Total Marks: 75

Traditional Symmetric-Key Ciphers. A Biswas, IT, BESU Shibpur

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Cryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice

Network Security Chapter 8

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Cryptography Introduction to Computer Security. Chapter 8

Kurose & Ross, Chapters (5 th ed.)

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Network Security Issues and Cryptography

Cryptography. Cryptography is everywhere. German Lorenz cipher machine

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

CSC 774 Network Security

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Ref:

CRYPTOGRAPHY. BY, Ayesha Farhin

Public Key Infrastructure. What can it do for you?

Classical Cryptography. Thierry Sans

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Network Security. Chapter 8. MYcsvtu Notes.

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

UNIT - IV Cryptographic Hash Function 31.1

L13. Reviews. Rocky K. C. Chang, April 10, 2015

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Key Exchange. Secure Software Systems

Security: Cryptography

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

CS Computer Networks 1: Authentication

Lecture 6: Overview of Public-Key Cryptography and RSA

LECTURE 4: Cryptography

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

1.264 Lecture 28. Cryptography: Asymmetric keys

Cryptography. Cryptography is much more than. What is Cryptography, exactly? Why Cryptography? (cont d) Straight encoding and decoding

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Introduction to Symmetric Cryptography

Public Key Cryptography

6 Cryptographic Techniques A Brief Introduction

Shared Secret = Trust

Public Key Algorithms

Classical Encryption Techniques. CSS 322 Security and Cryptography

A simple approach of Peer-to-Peer E-Cash system

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

The Design of an Anonymous and a Fair Novel E-cash System

COMM1003. Information Theory. Dr. Wassim Alexan Spring Lecture 4

CERN Certification Authority

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Module 13 Network Security. Version 1 ECE, IIT Kharagpur

Digital Certificates Demystified

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Symmetric, Asymmetric, and One Way Technologies

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Transcription:

CCNA Security 1.1 Instructional Resource Chapter 7 Cryptographic Systems 2012 Cisco and/or its affiliates. All rights reserved. 1

Explain how cryptology consists of cryptography (encoding messages) and cryptanalysis (decoding messages) and how these concepts apply to modern day cryptography. Explain how securing communications by various cryptographic methods, including encryption, hashing and digital signatures, ensures confidentiality, integrity, authentication and non-repudiation. Describe the use and purpose of hashes and digital signatures in providing authentication and integrity. Explain how authentication is ensured. Explain how integrity is ensured. Explain how data confidentiality is ensured using symmetric encryption algorithms and pre-shared keys. Explain how data confidentiality is ensured using asymmetric algorithms in a public key infrastructure to provide and guarantee digital certificates. 2012 Cisco and/or its affiliates. All rights reserved. 2

9.0 Implement VPN Technologies 9.1 Describe the different methods used in cryptology 9.1.1 symmetric 9.1.2 asymmetric 9.1.3 HMAC 9.1.4 message digest 9.1.5 PKI 2012 Cisco and/or its affiliates. All rights reserved. 3

Secure communication requires integrity, authentication, and confidentiality. Cryptographic services consists of cryptology and cryptanalysis. Integrity and authenticity is provided by using cryptographic hashes Integrity is accomplished using MD-5 and SHA-1. Authenticity is accomplished using HMAC. Confidentiality is accomplished using encryption algorithms such as DES, 3DES, and AES. Public key cryptography is used mostly in asymmetric encryption using digital signatures and certificate authorities. 2012 Cisco and/or its affiliates. All rights reserved. 4

Chapter 7 Lab A: Exploring Encryption Methods Part 1: Optional) Build the Network and Configure the PCs Part 2: Decipher a Pre-encrypted Message Using the Vigenère Cipher Part 3: Create a Vigenère Cipher Encrypted Message and Decrypt It Part 4: Use Steganography to Embed a Secret Message in a Graphic 2012 Cisco and/or its affiliates. All rights reserved. 5

Cryptology Cryptography Cryptanalysis Vigenère Cipher Cryptographic Hashing MD5 SHA The science of making and breaking secret codes. The practice and the study of hiding information. The practice and study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key. Cryptography method that encrypts text by using a different polyalphabetic key shift for every plaintext letter. The different key shift is identified using a shared key between sender and receiver. The plaintext message can be encrypted and decrypted using the Vigenere Cipher Table. Function designed to verify and ensure data integrity and can also be used to verify authentication. Message Digest 5 is a one-way hashing algorithm that was developed by Ron Rivest and is used in a variety of Internet applications today. Secure Hash Algorithm (SHA) was developed by the U.S. National Institute of Standards and Technology (NIST) that is similar to MD5 but is more secure. 2012 Cisco and/or its affiliates. All rights reserved. 6

HMAC Symmetric encryption Asymmetric encryption DES 3DES AES SEAL A keyed-hash message authentication code (HMAC or KHMAC) is a type of message authentication code (MAC) that combines a cryptographic hash function (MD5 or SHA) with a secret key. Algorithms use the same key, sometimes called a secret key, to encrypt and decrypt data. The key must be pre-shared. Algorithms use different keys to encrypt and decrypt data enabling secure messages to be exchanged without having to have a pre-shared key. Data Encryption Standard (DES) is a symmetric encryption algorithm designed by IBM and no longer considered very secure. Triple DES is a symmetric encryption algorithm that encrypts data three times and is therefore considered much stronger than DES. Advanced Encryption Standard released by the U.S. National Institute of Standards and Technology (NIST) that is stronger and more efficient than 3DES. The Software-optimized Encryption Algorithm (SEAL) is a stream cipher that encrypts data continuously and is faster than DES, 3DES and AES. 2012 Cisco and/or its affiliates. All rights reserved. 7

Diffie-Hellman Key Exchange Digital signatures Nonrepudiation RSA DSA PKI CA Is a mathematical algorithm used to securely exchange the keys that encrypt data, without having communicated before. Enables entity authentication and data integrity. The sending / signing party cannot repudiate (deny) that it has sent / signed the data. A very popular asymmetric public-key algorithm developed by Ron Rivest, Adi Shamir, and Len Adleman and is based on a public key and a secret private key. It is mainly used to ensure confidentiality of data by performing encryption, and to perform authentication of data or nonrepudiation of data, or both, by generating digital signatures. Digital Signature Algorithm (DSA) asymmetric algorithm used to perform digital signing. Public Key Infrastructure is a framework that consists of the hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. Certificate authority is a trusted third-party entity that issues / signs certificates. Every CA also has a certificate containing its public key, signed by itself which is called a CA certificate or a self-signed CA certificate. 2012 Cisco and/or its affiliates. All rights reserved. 8

PKIX X.509 PKCS Workgroup formed by the IETF to create PKI standards. Standard developed by PKIX which details common formats and PKI related protocols to be used by different PKI vendors. Public-Key Cryptography Standards (PKCS) published by RSA Laboratories that provides basic interoperability of applications that use public-key cryptography. 2012 Cisco and/or its affiliates. All rights reserved. 9

There is very little change from the previous version. 2012 Cisco and/or its affiliates. All rights reserved. 10

Chapter 7 is mostly theory based and its goal is to introduce students to cryptographic systems used to secure data in networks. The lab is designed to introduce students to the Vigenère cipher and the use of steganography. An alternative would be to use the Terms and Acronyms table with only the first column listing the terms and acronyms and then have students add the descriptions to each. 2012 Cisco and/or its affiliates. All rights reserved. 11

Have the students research other encryption methods and write a short one paragraph describing it. Example of other ciphers include: ADFGVX, Affine, Alberti, Atbash, Autokey, Bifid, Book, Caesar, Dvorak, Four-square, Great, Hill, Keyword, Nihilist, Onetime pad, Permutation, Pigpen, Playfair, Polyalphabetic, Polybius, Rail Fence, Reihenschieber, Reservehandverfahren, ROT13, Running key, Scytale, Smithy code, Solitaire, Straddling checkerboard, Substitution, Tap code, Transposition, Trifid, Two-square, and VIC cipher. Groups students in pairs and have them encrypt and then decrypt each others message using first the Caesar cipher and then the Vigenère cipher. 2012 Cisco and/or its affiliates. All rights reserved. 12

To explain symmetric encryption, assume Alice and Bob exchange messages on a regular basis. Alice first puts the secret message in a box, and locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice's key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and reads the message. Bob can then use the same padlock to send his secret reply. The advantage of asymmetric encryption is that Alice and Bob never need to send a copy of their keys to each other. 2012 Cisco and/or its affiliates. All rights reserved. 13

To explain asymmetric encryption, assume Alice and Bob exchange messages on a regular basis. Bob and Alice have separate padlocks. First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and reads the message from Alice. To reply, Bob must similarly get Alice's open padlock to lock the box before sending it back to her. 2012 Cisco and/or its affiliates. All rights reserved. 14

To explain public-key encryption use the analogy of a locked mailbox with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is in essence the public key. Anyone knowing the street address can go to the door and drop a written message through the slot; however, only the person who possesses the key can open the mailbox and read the message 2012 Cisco and/or its affiliates. All rights reserved. 15

To explain digital signatures, an analogy is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the seal authenticates the sender. 2012 Cisco and/or its affiliates. All rights reserved. 16

To explain PKI, we could use someone coming in from an international flight and going through customs and immigration. The arriving passenger cannot simply verbally claims to be John Doe. The customs office doesn't know the person he has no way of knowing whether he is trustworthy. Instead, the customs officer relies on a trusted third party in the form of a government passport issuing office. The passport office goes through the process of confirming a person's identity before issuing a passport. The passenger then uses this passport to confirm to the customs officer that they are who they say they are. Because the person has a passport, and the customs officer trusts the passport office the person is permitted into the country. 2012 Cisco and/or its affiliates. All rights reserved. 17

There are many areas of classroom discussion in this chapter. Discussion can include and are not limited to the following: Is there such a thing as an unbreakable encryption algorithm. Do you record your passwords somewhere? How do you keep them safe? 2012 Cisco and/or its affiliates. All rights reserved. 18

There are many movies that include cryptography in them. Have students research some of these movies. Examples of movies with encryption in them include National Treasure, DaVinci Code, Angels and Demons, A Beautiful Mind, Clear and Present Danger, Runaway Jury, Live Free or Die Hard, U-571, Sneakers, Swordfish, Windtalkers, The Mummy, Examples of TV shows with encryption in them include: 24, Criminal Minds, NCIS, The X Files, Star Trek, Stargate, Alias, 2012 Cisco and/or its affiliates. All rights reserved. 19

http://en.wikipedia.org/wiki/cryptography http://en.wikipedia.org/wiki/encryption http://www.rsa.com/ http://datatracker.ietf.org/wg/pkix/charter/ http://datatracker.ietf.org/wg/pkix/ http://www.nist.gov/computer-security-portal.cfm 2012 Cisco and/or its affiliates. All rights reserved. 20

2011 Cisco and/or its affiliates. All rights reserved. 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback