1 Motivation and Study Techniques to help Cisco you learn, remember, and pass your CISSP . technical exams! S/MIME CEH. More coming IDEA Confidentiality RSA PGP Visit us Key Exchange Web of Trust not PKI. Between application and transport layers Uses digital certs Art relating to encrypting and decrypting information SSL/TLS Cryptography Hidden to the user Browser support Cryptanalysis Art relating to converting Ciphertext into plaintext without the secret key AH IPSec IPSec Encrypting data on the network ESP Link Encryption L2TP. WAP. Wireless SSL. WTLS Security Layer Misc Security Applications End-to-end Encryption Encryption from source to system/Client to Server Definitions Uses SKIPJACK Denial of sending a message Non-repudiation An embedded chip Repudiation Escrow Key stored in two places Clipper Traffic Analysis Inference of information from analysis of traffic For government to spy on you!
2 Generation of spurious data units Traffic Padding Two identical pads/keys Work Factor Effort/Time needed to overcome a protective measure Unbreakable Pads can only be used once One time Pad relies on physical storage of the pads Replace one letter with another one Substitution Ciphers Distribution a NIGHTMARE Monoalphabetic Hiding text in a .JPG Uses more than one method Hiding data in another format Steganography History Transposition Ciphers Transposes the keys Does not follow a common pattern Issuing CA CA. Symmetric SSL Server Encryption Categories Asymmetric Types of Certificates Hash For e-mail Personal Older Algorithmic ActiveX Controls Software Publishers Secret algorithm Systems Newer The authenticating agency CA Fundamentals Keyed Systems Secrecy is provided by the key The end user or device listed in the subject field of the certificate End Entity PKI Known algorithm Strength of the algorithm A public document containing the rules of the CA Certificate Policy Statement Terminology CISSP Encryption Strength Secrecy of the keys The traceable history
3 Of parties who have vouched for this certificate Certification Path Cryptography Length of the key A trusted body that can verify the authenticity of a person or host RA Uses the same key to encrypt and decrypt Encrypts data in discrete blocks Where clients store the Certificate Certificate Repository Data is padded if required Block Block size usually 64 or 128 bytes long An answer to the symmetric Key Distribution problem Verification Ciphers Most popular method Based on Public Keys and Private Key pairs Plain text is encrypted with the Encrypts data bit by bit Only receiver can decrypt it receivers public key Confidentiality Stream Fastest Cannot verify stream so not considered as secure as block mode Authentication 56 bit Key Hash provides integrity Then encrypted with private key to create a Digital Signature Industry standard Encryption with the Private signature provides Authentication Provided by hashing Integrity Block Cipher Combats MITM Attacks Diffusion and Confusion NIST.
4 160 Bits Uses SHA DSS Fast and simple Single key distribution is problematic Uses a shared secret to combine with the hash Problems Faster than using asymmetric with the hash Can be cracked Hashed Message Authentication Code (HMAC). SHA HMAC Asymmetric/Public DES Cipher Block Chaining Variants MD5 HMAC Key Fundamentals Electronic Code Book Operating Modes S/MIME is used for secure emails Symmetric/Private Cipher Feedback Faster than using the public/private key pair S/MIME Key Fundamentals Output Feedback S/MIME uses session keys to encrypt the message Provides confidentiality Spread the influence of a plain text character Confusion 160 bit P Box SHA.
5 HASH. Symmetric Algorithms Conceals the statistical connection 128 bit between cipher and plain texts MD5 Diffusion HASH S Box Based on Factoring two large prime numbers Algorithms 112 or 168 bit RSA 3 DES. DES but with two or three keys Based on elliptic curve discreet logarithms IDEA 128 bit Faster than RSA ECC. movianVPN Great for PDAs Variable length RC4. Blowfish 1-448 bit Repeated use of a key makes it easier to crack Both sender and receiver must have the same key Up to 256 bit Key Distribution and Two Fish Based on modular arithmetic Key Distribution Can use DH Management Issues 128, 192, or 256 bit Rijndael AES.
6 Supports smart cards and 32, 64 bit processors NIST competition winner CISSP - 15/05/2009 - Andrew Maso