Академический Документы
Профессиональный Документы
Культура Документы
Cryptographic Systems
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 7.1:
Cryptographic Services
Upon completion of this section, you should be able to:
• Explain the requirements of secure communications including integrity,
authentication, and confidentiality.
• Explain cryptography.
• Describe cryptoanalysis.
• Describe cryptology.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 7.1.1:
Securing Communications
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Authentication, Integrity, and Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Data Integrity
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Data Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Topic 7.1.2:
Cryptography
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Creating Ciphertext
Ciphertext can be creating using several methods:
• Transposition
• Substitution
• One-time pad
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Transposition Ciphers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Substitution Ciphers
xxxx
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
One-Time Pad Ciphers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Topic 7.1.3:
Cryptanalysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Cracking Code
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Methods for Cracking Code
Methods used for cryptanalysis:
• Brute-force method
• Ciphertext method
• Known-Plaintext method
• Chosen-Plaintext method
• Chosen-Ciphertext method
• Meet-in-the-Middle method
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Methods for Cracking Code
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Topic 7.1.4:
Cryptology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Making and Breaking Secret Codes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Cryptanalysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
The Secret is in the Keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Section 7.2:
Basic Integrity and Authenticity
Upon completion of the section, you should be able to:
• Describe the purpose of cryptographic hashes.
• Explain how MD5 and SHA-1 are used to secure data communications.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Topic 7.2.1:
Cryptographic Hashes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Cryptographic Hash Function
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cryptographic Hash Function Properties
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Well-Known Hash Functions
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Topic 7.2.2:
Integrity with MD5, SHA-1, and SHA-2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Message Digest 5 Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Secure Hash Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
MD5 Versus SHA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Topic 7.2.3:
Authenticity with HMAC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Keyed-Hash Message Authentication Code
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
HMAC Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Hashing in Cisco Products
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Topic 7.2.4:
Key Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Characteristics of Key Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Key Length and Keyspace
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
The Keyspace
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Types of Cryptographic Keys
Types of cryptographic keys:
• Symmetric keys
• Asymmetric keys
• Digital signatures
• Hash keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Choosing Cryptographic Keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Section 7.3:
Confidentiality
Upon completion of the section, you should be able to:
• Explain how encryption algorithms provide confidentiality.
• Explain the function of the DES, 3DES, and the AES algorithms .
• Describe the function of the Software Encrypted Algorithm (SEAL) and the
Rivest ciphers (RC) algorithms.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Topic 7.3.1:
Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Two Classes of Encryption Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Symmetric and Asymmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Symmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Symmetric Block Ciphers and Stream Ciphers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Choosing an Encryption Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Topic 7.3.2:
Data Encryption Standard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
DES Symmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
DES Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Improving DES with 3DES
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
3DES Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
AES Origins
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
AES Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Topic 7.3.3:
Alternate Encryption Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Software-Optimized Encryption Algorithm
(SEAL)
SEAL has several restrictions:
• The Cisco router and the peer must support IPsec.
• The Cisco router and the other peer must run an IOS image that supports
encryption.
• The router and the peer must not have hardware IPsec encryption.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
RC Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Topic 7.3.4:
Diffie-Hellman Key Exchange
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Diffie-Hellman (DH) Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
DH Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Section 7.4:
Public Key Cryptography
Upon completion of the section, you should be able to:
• Explain the differences between symmetric and asymmetric encryptions and
their intended applications.
• Explain the functionality of digital signatures.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Topic 7.4.1:
Symmetric Versus Asymmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Asymmetric Key Algorithms
Four protocols that use asymmetric key algorithms:
• Internet Key Exchange (IKE)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Public Key + Private Key = Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Private Key + Public Key = Authenticity
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
P
F
Asymmetric Algorithms G
st
Alice Encrypts Message Using Bob’s Alice Encrypts A Hash Using Bob’s
Public Key Public Key
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Asymmetric Algorithms
Bob Uses Alice’s Public Key to Bob Uses His Public Key to Decrypt
Decrypt Hash Message
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Types of Asymmetric Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Topic 7.4.2:
Digital Signatures
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Using Digital Signatures
Digital Signature Properties:
• Signature is authentic
• Signature is unalterable
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Code Signing
Digitally signing code provides several assurances about the code:
• The code is authentic and is actually sourced by the publisher.
• The code has not been modified since it left the software publisher.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Digital Certificates
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Using Digital Certificates
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Digital Signature Algorithms
DSA Scorecard
RSA Scorecard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Topic 7.4.3:
Public Key Infrastructure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Public Key Infrastructure Overview
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
PKI Framework
Elements of the
PKI Framework
PKI Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Certificate Authorities
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Interoperability of Different PKI Vendors
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Public-Key Cryptography Standards
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Simple Certificate Enrollment Protocol
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
PKI Topologies
Cross Certified CA
Hierarchical CA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Registration Authority
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Digital Certificates and CAs
Retrieving CA Certificates
Submitting Certificate
Requests to the CA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Digital Certificates and CAs
Peers Authenticate Each Other
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Section 7.5:
Summary
Chapter Objectives:
• Explain the areas of cryptology.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Thank you.
Instructor Resources
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 88