Академический Документы
Профессиональный Документы
Культура Документы
Class 3:
Cryptography
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
CISSP Essentials:
Mastering the Common Body of Knowledge
CISSP Essentials Library:
www.searchsecurity.com/CISSPessentials
Class 3 Quiz:
www.searchsecurity.com/Class3quiz
Class 3 Spotlight:
www.searchsecurity.com/Class3spotlight
Cryptography objectives
Historical uses of cryptography
Foundational pieces of
cryptography
Symmetric and Asymmetric
Algorithms
Public Key Infrastructure
E-mail client encryption
procedures
Protocols that use cryptography
Attacks on cryptography
Today
Still used for confidentiality
Also used for:
Data integrity
Source authentication
Non-repudiation
Used together
Strength of a cryptosystem
Determining strength in cryptography
Strength of a cryptosystem depends upon
Block ciphers
Stream ciphers
Asymmetric ciphers
Asymmetric cryptography
Asymmetric key systems characteristics
Also called public key cryptography
Two different keys are used = public and private
keys
Public key can be given to anyone
Private key is possessed by only one owner
RSA
Diffie-Hellman
Agreement on the symmetric session key that will be used for encryption
purposes
field
Vulnerable to man-in-the-middle attacks lack of
authentication
Does not provide data encryption or digital signature
capabilities
Evolution of DES
Triple DES
DES was broken and we needed a solution before AES was created
and implemented
This can take place with two or three different keys, depending on the mode
DES-EEE3 uses three keys for encryption
DES-EDE3 uses 3 different keys, encrypts, decrypts and encrypts data
DES-EEE2 and DES-EDE2 are the same as the previous mode, but the first and third
operations use the same key
Rijndael algorithm
Key sizes of 128, 192, 256
MD2
(128-bit digest)
MD4
(128-bit digest)
MD5
(128-bit digest)
SHA-1
SHA-256
SHA-512
HAVAL
Symmetric cryptography
+
Hash Algorithm
Secret Key
Asymmetric cryptography
Private Key
Digital certificates
Characteristics
Currently using X.509 version 3
Associates public key with owner
Digitally signed by CA
Secure protocols
Secure Hypertext Transport Protocol (S-HTTP)
Protects each message not communication channel
Older, less-used technology
HTTPS
HTTP runs on top of SSL
authenticate to server
Client creates session key and sends to server
Works at transport layer
Integrated in IPv6
CISSP Essentials:
Mastering the Common Body of Knowledge
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
www.LogicalSecurity.com
ShonHarris@LogicalSecurity.com
Coming next: Class 4: Security architecture and
models
Register at the CISSP Essentials Library:
www.searchsecurity.com/CISSPessentials