Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Like this presentation? Why not share!

- Diffiehellman by chenlahero 2335 views
- Computer security module 3 by Deepak John 228 views
- Quan nguyen symmetric versus asym... by Information Secur... 1466 views
- Diffie hellman by alagumani1984 943 views
- Digital Signature Recognition using... by Vinayak Raja 945 views
- Symmetric and asymmetric key by Triad Square InfoSec 5307 views

4,771 views

4,620 views

4,620 views

Published on

No Downloads

Total views

4,771

On SlideShare

0

From Embeds

0

Number of Embeds

1

Shares

0

Downloads

137

Comments

0

Likes

3

No embeds

No notes for slide

- 3. Agenda <ul><li>Cryptography ?? . </li></ul><ul><li>Encryption . </li></ul><ul><ul><li>Symmetric Encryption . </li></ul></ul><ul><ul><li>Asymmetric Encryption. </li></ul></ul><ul><ul><li>Diffie-hellman. </li></ul></ul><ul><li>Hashing . </li></ul><ul><li>Digital signature . </li></ul><ul><li>Authentication Protocols . </li></ul><ul><li>PKI . </li></ul><ul><li>Cryptosystems . </li></ul><ul><li>Cryptanalysis . </li></ul><ul><li>Demos . </li></ul><ul><li>MISC : Cryptographics . </li></ul>
- 4. . Cryptography is a framework of methodologies used to ensure the CIA triad for our information ; C for confidentiality , I for Integrity and A for authenticity. . The need for cryptographic techs was as old as the need to keep the critical info secure , safe and authentic . the techs were invented in different forms that can be compatible with their current age , while the concept is the same . . Cryptography was known anciently as Encryption which means : Hiding the information from unauthorized entities . Various methods were used to adopt this purpose , it could be implemented manually , mechanically or even electronically . <ul><ul><li>Cryptography ?? </li></ul></ul>
- 5. . SCYTALE , is an example for a really old tech that was used to cipher (encrypt) information . The concept of operation is so simple . Get a long strip of leather and wind it over a rode like the picture , write the clear data on the leather over the rod and then unwind it . . “ HELP ME I AM UNDER ATTACK “ will be "HENTEIDTLAEAPMRCMUAK“ , and it totally depends on the diameter of the rode , which is the key to decipher the message .
- 6. . Nowadays are a bit different , as we are not talking about only encryption when dealing with cryptography , hashing shares the place with encryption to form the whole framework (cryptographic framework) ; hashing role is to ensure the integrity of the message . So , back to the CIA triad , encryption is used to insure the confidentiality, hashing is for ensuring the integrity and a combination of encryption & hashing for ensuring the authenticity of the message sender . . Encryption and Hashing can be considered now as systems that need an input to deliver an output , this system is controlled by a set of mathematical equations which is known as an algorithm.
- 8. <ul><ul><li>Encryption </li></ul></ul>. As we stated before , Encryption is considered as a component of the cryptographic framework . It’s role is to offer the confidentiality axis of the CIA triad . . Recalling the systematic view of any cryptographic component , Encryption needs an input (Clear message & key) to deliver the cipher form (output) , this cipher form to be decrypted (converted to the clear form ) we shall need a key and the same algorithm .
- 9. . Encryption can be implemented symmetrically or asymmetrically . . If we are using symmetric encryption , then we will encrypt the clear message with one key and decrypt it with the same key ; encryptor and decryptor should have the same key .
- 10. . On the other hand , for Asymmetric encryption , the sender will use a key to encrypt the message and the receiver will use a different key to decrypt the message , in case we have a bidirectional communication , each pair will use two keys one of them is public for others and a private key for himself.
- 11. Symmetric Encryption . To wrap the concept let us discuss a case for three entities that need to communicate securely using symmetric encryption . . From the figure , we can conclude that we will use 9 different private keys for achieving bidirectional communication between xyz and abc . . We can conclude also that we need to define a way by which we can exchange these private keys in a secure manner between distant entities . . We will recall these two conclusions a bit later .
- 12. . DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the well known symmetric encryption algorithms .
- 13. Asymmetric Encryption . Back to the same case that was assumed when using symmetric encryption. . ABC and XYZ have their public keys distributed over each other , anyone needs to talk to the other will use the other’s public key to encrypt the traffic and the other will use his own private key to decrypt the traffic , X will use A’s public key to encrypt clear traffic A will receive the cipher to decrypt it using his own private key . . Less number of keys and simple key distribution .
- 14. . RSA is a famous asymmetric key encryption algorithm . Ron R ivest ## left Adi S hamir ## Middle Leonard A dleman ## Right
- 15. . Let us now compare them (symmetric and asymmetric) : 1- Symmetric key encryption suffers from scalability issues ; to achieve a secure communication between N points , we will need to generate (N(N-1))/2 different keys . 3- Symmetric key encryption requires “ out of band “ secure exchange of keys , because , both the communicating parties needs to know about the keys before proceeding into the communication . 4- Asymmetric key encryption systems are incredibly complex , and that complexity will surely impact the performance . Asymmetric key encryption is up to 1000 times slower than symmetric key encryption . . Now how can we deal with that problem ?!!! , Diffie and Hellman will answer this question for us .
- 16. Diffie-hellman <ul><li>Diffie-Hellman algorithm will use public key encryption to only distribute symmetric keys for communicating parties , symmetric key encryption will be used to deal with clear data to create the cipher , so we will have no odds :: high performance using symmetric key encryption and simple key distribution process using Diffie-Hellman algorithm , as we will sure see here and the demos section . </li></ul>
- 17. <ul><li>Khaled will generate two (public and private ) keys using his own Diffie-Hellman algorithm , Ali will do the same thing ; both of them will exchange his own public key , khaled will have his own private key and Ali’s public key , he will use his Diffie-Hellman algorithm to generate a new private key ; Ali will have the same private key if he executed the same operation. </li></ul>
- 19. Hashing <ul><li>Hashing is the second component of the cryptographic framework , its role is to ensure the integrity of a message . The most important aspect of integrity violation is that the target of the attack is not aware about the violation occurrence , simply , if he knew he will request for a retransmission . </li></ul><ul><li>The problem is that I am communicating with my co-workers basing on a false information . </li></ul><ul><li>Hashing is an irreversible process with no keys , the clear message is the only input for the hashing process . </li></ul>
- 20. <ul><li>The message will be delivered as an input to the hashing system , hashing system will create message digest (hash) from the clear message , it will then append the digest to the message and then send them over the media ; The recipient will have the message to create a new digest and then compare the two digests . </li></ul>
- 22. <ul><li>A simple newbie can execute an MITM attack , he will be able to receive the message with the digest from the sender so as to create a new fake message with a new generated hash from the fake message (using the same hashing algorithm) to be sent to the poor receiver . </li></ul><ul><li>HMAC , the solution for this problem . </li></ul>
- 23. <ul><li>MD5 and SHA are the most used hashing algorithms , SHA is more secure than MD5 . </li></ul>
- 24. Digital signature <ul><li>This is our last step for completing the CIA triad , how can we ensure authenticity using cryptography !!! </li></ul><ul><li>Digital signature is a mechanism by which we can authenticate the message sender on a message basis , each message needs to be authenticated , this needs to be clarified , digital signature is not a connection based authentication mechanism like pap , chap , kerborse , TACACS ............... </li></ul><ul><li>Digital signature uses a combination of encryption and hashing . </li></ul>
- 25. <ul><li>The message will be hashed , the digest will be encrypted by the sender private key and then sent with message to the recipient . </li></ul><ul><li>We have a demo for Digital signature . </li></ul>
- 26. Authentication Protocols <ul><li>As we are taking about connection based authentication mechanism , we will deal with protocols rather than algorithms . This is to briefly list famous authentication protocols : </li></ul><ul><li>1- PAP </li></ul><ul><li>2- CHAP </li></ul><ul><li>3- MS-CHAP </li></ul><ul><li>4- NTLM </li></ul><ul><li>5- EAP </li></ul><ul><li>6- PEAP </li></ul><ul><li>7- Kerberos </li></ul><ul><li>8- TACACS+ </li></ul><ul><li>9- Radius </li></ul><ul><li>10- Diameter </li></ul>
- 27. PKI <ul><li>Public Key Infrastructure is a Trust Connectivity media , I need to trust the sender before beginning a new session with him , how can I know that this public key is the one owned by the real sender; I need someone between us , someone that I can trust and that can trust this remote sender . </li></ul><ul><li>How can I trust you? </li></ul><ul><li>Answer: The CA trusts me. </li></ul><ul><li>How can I know the CA trusts you? </li></ul><ul><li>Answer: You can see my certificate issued by the CA. </li></ul><ul><li>.So , PKI is not for authentication, but it can be considered as a pre-authentication phase . </li></ul><ul><li>.We will have a full PKI course . </li></ul>
- 28. Cryptosystems <ul><li>Cryptosystem is an implemented form of the cryptographic framework , it consists of three components : </li></ul><ul><li>1- algorithms : cryptographic engines for doing encryption and hashing . </li></ul><ul><li>2- protocols : for establishing connections and negotiating parameters between the communicating parties . </li></ul><ul><li>3- keys : for encryption algorithms . </li></ul><ul><li>IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are cryptosystems , some of them provide the full CIA tirade . The only factor that differentiate between these cryptosystems is the protocol used to establish the connection and negotiate the parameters . </li></ul>
- 29. Cryptanalysis <ul><li>“ Breaking a cipher doesn't necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext. In academic cryptography, the rules are relaxed considerably. Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute-force ” Bruce Schneier . </li></ul>

No public clipboards found for this slide

Be the first to comment