; IS 3423 – Secure Network Design
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

IS 3423 – Secure Network Design

VIEWS: 1 PAGES: 29

  • pg 1
									IS 3423 – Secure Network Design



Chapter One
Basic Cryptography




                     UTSA         1
Cryptography

• Science of reading or writing coded
  messages
• Basis for secure communications
• Two major parts – algorithm and key
• Algorithm usually well known, key is
  secret
• The longer the key, the harder to break
                    UTSA                    2
Cryptography

• Enables authentication, integrity, and
  confidentiality




                     UTSA                  3
Authentication

• Establishes the identity of the sender,
  receiver, or both
• May not have to authenticate both
  parties




                     UTSA                   4
Integrity

• Ensures that the data has not changed
  while being transmitted from sender to
  receiver




                    UTSA                   5
Confidentiality

• Ensures that no one except the sender
  and receiver of the data can actually
  understand the data (perpetrator may be
  able to capture the data, but if it is
  encrypted, cannot read it)



                   UTSA                 6
Major Classifications of
Cryptography

• Symmetric Key Encryption
• Asymmetric Key Encryption
• One-way Hash Functions




                  UTSA        7
Symmetric Key Encryption

• One key, one algorithm
• Sender and receiver agree on same
  algorithm to encrypt and decrypt
• Also agree on common key
• Cannot read the message without the
  secret key

                   UTSA                 8
Symmetric Key Encryption

• Most often used for data confidentiality
• Major challenges
  – Need to change secret key often to avoid
    risk of compromise
  – Need secure method of generating secret
    keys
  – Need secure method of distributing secret
    key
                     UTSA                       9
Brute Force Attack

• Method of trying to break encryption by
  applying every possible key to
  determine whether plain text is
  meaningful




                    UTSA                    10
Examples of symmetric key
encryption

• Data Encryption Standard (DES)
• 3DES
• Advanced Encryption Standard (AES)




                  UTSA                 11
DES

• Most common symmetric encryption
  method, but being phased out
• Broken in 1998




                  UTSA               12
3DES

• Longer key
• Can have one, two or three keys
• More reliable with more keys, but slower




                    UTSA                 13
AES

• NIST new endorsement
• Gaining adoption
• Long keys, high performance




                   UTSA         14
Asymmetric Encryption

• Also known as public key encryption
• Can use the same algorithm, or different, but
  complimentary, algorithms to encrypt and
  decrypt
• Both sender and receiver have a public and
  private key.
• Publics keys can be known to everyone
• Private keys must be kept private

                      UTSA                    15
Common Uses of
Asymmetric Encryption

• Data integrity – need receiver’s private key to
  decrypt and alter message
• Data confidentiality – need receiver’s private
  key to decrypt and read message
• Sender non-repudiation – cannot later deny
  sending the message
• Sender authentication – only sender and
  receiver have access to their private keys
                       UTSA                     16
Most Common Use of
Asymmetric Encryption

• Authentication – sending of digital
  signatures and key management
• If send digital signature, encrypt with
  sender’s private key, decrypt with
  sender’s public key
• RSA

                     UTSA                   17
Hash Functions

• Takes an input message of arbitrary
  length and outputs fixed-length code
• Fixed length output is called the hash (or
  message digest)
• Common use – ensuring integrity of data
  from A to B

                     UTSA                  18
Properties of a Secure Hash
Algorithm

• Same input always creates same output
• One way function (e.g. cannot take hash
  and create input value)
• Output function appears random
• Hash is unique to a given input


                   UTSA                 19
Common Hash Functions

• Message Digest 4 (MD4) older model
• Message Digest 5 (MD5) – new – 128
  bit hash
• Secure Hash Algorithm (SHA) 160 bit
  message



                   UTSA                 20
How Do You Choose?

• Symmetric great for message encryption
• Public key best for key exchanges for
  symmetric systems (slower than
  symmetric systems)
• Hash function well designed for ensuring
  data integrity

                    UTSA                 21
Digital Signature

• Encrypted message digest appended to
  a document
• Also known a digital fingerprint
• Based on combination of public key
  encryption and one-way hash (message
  encrypted with sender’s private key,
  decrypted with sender’s public key)
                  UTSA               22
Authentication Vs.
Authorization

• Authentication – establishes identity of
  sender or receiver
• Authorization – establishes what you are
  allowed to do after you have identified
  yourself
  – Also called access control, capabilities,
    and permissions

                       UTSA                     23
Methods of Authentication

• What you know – password
• What you have – smartcard
• What you are – biometrics (fingerprint,
  retina scan, etc.)
• Strong authentication uses at least two
  of these methods

                    UTSA                    24
Trust Models

• Firm belief or confidence in the honesty,
  integrity, reliability, justice, etc.
• If something is difficult to obtain
  dishonestly, we have inherent trust
• Delegation of Trust – giving someone
  permission to act on your behalf
• Trust, but verify
                    UTSA                  25
Digital Certificate

• Prove the validity of someone’s public
  key
• May assist in providing single login
  capability




                    UTSA                   26
Certificate Authorities

• Trusted 3rd party that vouches for the
  validity of the certificate
• CA enrolls certificates, distributes
  certificates, and revokes certificates (in
  case key compromised)



                      UTSA                     27
Key Escrow

• Placing secret or private key in case of
  the 3rd party
• Helpful if forget private key




                     UTSA                    28
 Chapter One Review Questions

• Define cryptography. Discuss its two major parts
• Compare and contrast confidentiality, integrity, and authentication
• What are the 3 major classifications of cryptography? Describe
  each. Provide examples of each. Provide examples of when to use
  each.
• Why is DES being phased out?
• Provide an example of brute force.
• What is a digital signature? Provide an example.
• Discuss the relationship between authentication and authorization.
  Discuss three primary methods of authentication
• What is trust? What is its relation to cryptography?
• Explain the relationships between a digital certificate and certificate
  authorities.
• What is key escrow?
• How can a key become compromised??
                                    UTSA                                    29

								
To top