Your SlideShare is downloading. ×
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
CISSP Week 21
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CISSP Week 21

374

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
374
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
88
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Crypto IV p. 862 - 888
  • 2. Digital Signature -a digital signature is intended to be comparable to a handwritten signature -provide assurance that the message does indeed come from the person who claims to have sent it, it has not been altered, both parties have a copy of the same document
  • 3. Digital Signature Standard (DSS) -FIPS 186 -uses 2 methods for created a signature. The RSA method and the DSS method -It will be appended to the message -Both methods begin by hashing the message
  • 4. RSA -RSA will then encrypt the hash with the sender’s private key, thus creating the signature DSS -DSS approach is to sign the hash using DSA. The DSA uses a random num to create a private & public key, then encrypts the hash value
  • 5. Non-Repudiation -service that ensures the sender cannot deny a message was sent and the integrity of the message is intact -NIST SP800-57
  • 6. Methods of Cryptanalytic Attacks Chosen Plain-Text -attacker knows the algorithm and is trying to determine the key -attacker will put in multiple known inputs and use the output to determine the key Social Engineering for Key Discovery -use of coercion, bribery, befriending people in positions of powers
  • 7. Brute Force -trying all possible keys until one is found that decrypt the ciphertext, this is why length is important Linear Cryptanalysis -is a known plaintext attack that uses linear approximations to describe the behavior of the block cipher
  • 8. Differential Cryptanalysis (Side Channel Attack) -complex attack is executed by measuring the exact execution times and power required by the crypto device to perform the en/decryption. -Measuring power consumption, clock cycles, etc makes it possible to determine the value of the key and algorithm used
  • 9. Algebraic -class of techniques that rely for their success on block ciphers exhibiting a high degree of mathematical structure Ciphertext-Only Attack -attacker only has ciphertext and tries to work backwards -the more examples the better chance of success
  • 10. Randow Table -to determine a given plaintext from its hash one of these are done: 1) Hash each plaintext until matching hash is found 2) Do 1 but store each generated hash in a table that can be used for future attacks
  • 11. Known Plaintext -attack has access to plain and cipher text of the message Frequency Analysis -especially useful when attacking a substitution cipher where statistics of the plaintext language are known
  • 12. Chosen Cipher-Text -when attacker has access to the decryption device/software and decrypts chosen ciphertexts to discover the key -RSA gets whooped by this Birthday Attack -since a hash is a short representation of a message there are two messages that will give the same hash
  • 13. Dictionary Attack -use dictionary words against a password file Replay Attack -meant to disrupt and damage processing by the attacker sending repeated files to the host Reverse Engineering
  • 14. Factoring Attacks -aimed at RSA algorithms -since that algorithm uses the product of prime numbers to generate the public and private keys, this attack attempts to find the keys through solving the factoring of these numbers
  • 15. Attacking the Random Number Generators -ability to guess nonces will greatly improve the attack success rate Temporary Files -most cryptosystems use temporary files to perform their calculations if the files are not cleared it may lead to it being broken
  • 16. Implementation Attacks ☻Side Channel Analysis: rely on physical attributes of implementation ☻Fault Analysis: attempts to force the system into an error state ☻Probing Attacks: watch the circuitry surrounding the crypto module in hopes that the complementing components will disclose info
  • 17. Network Sec an Cryptography Virtual Private Networks -goal of VPN is to provide confidentiality & data integrity of data transmission -site to site: deploys 2+ VPN servers or appliances that securely connect private networks together -remove access: securely connects a user’s computer to another user’s computer or VPN server -each VPN member must be configured to use the same cryptoparamerters
  • 18. E-Commerce -crypto continues to enable trust between businesses and consumers IPSec -developed to provide security over Internet connections and prevent IP spoofing, eavesdropping, and misuse of IP based authentication -operates with IPv4 and IPv6
  • 19. SSL/TLS -encrypts messages using symmetric algorithms, also calculates MAC
  • 20. Application Security and Crypto -Email is the most common business communication, so it is important to secure Email protocols and standards ☻Privacy Enhanced Mail (PEM) RFC 1421-1424 -provides message integrity; message origin & authentication; confidentiality, has a sweet encapsulating boundry
  • 21. ☻Pretty Good Privacy (PGP) -gives the user a choice of which encryption algorithm to use i.e. CAST, 3DES -establishes trust based on relationships ☻Secure/Multipurpose Internet Mail Extension S/MIME -provides signed & encrypted mail messages -similar to IPSec & SSL as it uses hash functions & as/symetric crypto
  • 22. Public Key Infrastructure PKI -PKI is a set of system, software, and communication protocols required to use, manage, and control public key crypto. It has 3 primary purposes 1. Publish keys/Certs 2. Certify that a key is tied to an individual/entity 3. Provide Verification of the validity of a public key
  • 23. -The CA “signs” an entities digital certificate to certify that the certificate accurately represents the certificate owner -Functions of a CA may be spread among several servers -CA can revoke certs & provide an update service to the other members of the PKI via a certificate revocation list (CRL), a list of non-valid certs that should not be accepted by any member of the PKI
  • 24. -Set up a trusted public directory of keys, each user must register with the directory service, it could delete & add keys automatically -use public key certs, this can be done directly or thru a CA which would act as a trusted 3rd party
  • 25. Certificate Related Issues -users may/will have to communicate with users from another CA, so CAs must have a method of crosscertifying one another -Business agreements & PKI policies are negotiated, then each CA signs the others public key, or root cert, thus establishing a cert chain -3 Basic Ways of constraining trust between CAs
  • 26. 1. Path Length: Orgs can control whether their CA should trust any cross-cert relationships that have been established by CAs with orgs have cross-certed 2. Name: In peer-to-peer cross-cert, name constraints are used to limit trust to a subgroup of cross-certed CAs based on their distinguished name (DN) 3. Policy: can be used to limit trust only to those users in another CA who have certain policy values in their certs
  • 27. Information Hiding Alternatives Steganography -hiding a message inside of another medium Watermarking -the addition of identifiable info into a file or document, this is often done to detect the improper copying or theft of info
  • 28. Summary & Conclusion Crypto, use it or lose it.

×