SlideShare a Scribd company logo

CISSP Certification Security Engineering-Part2

Download as PPTX, PDF
H
Hamed Moghaddam

Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam. To be CISSP Certified Please Check out the link below: http://asmed.com/cissp-isc2/

Education
1 of 43
CISSP SECURITY ENGINEERING ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge www.asmed.com Phone: (301)984-7400 1
SECURITY ENGINEERING Cryptographic Systems  Encryption systems have become extremely crucial in computing and data protection today.  Detailed discussions and understanding required. 2
3 SECURITY ENGINEERING The purpose of cryptography is to render information unintelligible to all but the intended recipient. The sender enciphers a message into unintelligible form, and the receiver deciphers it into intelligible form. The word “cryptology” is derived from the Greek kryptos (hidden) and logos (word). • Cryptology: The scientific study of cryptography and cryptanalysis • Cryptography: The enciphering and deciphering of messages into secret codes by means of various transformations of the plaintext • Cryptanalysis: The process of deriving the plaintext from the ciphertext (breaking a code) without being in possession of the key or the system (code breaking). • The history of codes and ciphers goes back almost 4,000 years to the early Egyptian civilization.
4 SECURITY ENGINEERING More Definitions: Plaintext – a message (sometimes called cleartext) Encryption – the process of making a message disguised Decryption – the process of turning a disguised message back into plaintext Cryptography – the science of keeping message secure Cryptanalysis – the science of breaking ciphertext Cryptology – mathematics of both cryptography and cryptanalysis
SECURITY ENGINEERING • The History of Cryptography • Cryptographic Definitions & Concepts • Components of a Cryptosystem • Software • Protocols • Algorithms • Key • Kerckhoff’s Principle • Key should be the only secret component in cryptosystems. • Strength of a Cryptosystem • Combination of the algorithm, key secrecy, key length, and the initialization vector. 5
6 SECURITY ENGINEERING Basics - Services of a Cryptosystems - Ensure Confidentiality by preventing unauthorized users to access message/data. - Ensure Integrity - Info cannot be altered in storage or in transit - Non-repudiation - Creator or sender cannot deny (via use of digital signatures) - Authentication - Provide foundation for secure access control by using encrypted passwords and token-based devices. - Make compromise unattractive - too expensive or time consuming to be worth the effort
7 SECURITY ENGINEERING • Governmental Involvement in Crypto
SECURITY ENGINEERING • The History of Cryptography • Cryptographic Definitions & Concepts One-Time Pad: -Considered the most secured encryption scheme - Sender uses each key letter on the pad to encrypt exactly one plaintext character - Pad is used only one time - Pad is as long as the message - Primarily used for ultra-secure low-bandwidth channels - Used by many secret agents • Running Cipher – use common components (a page within a book) • Concealment Cipher – message within a message (i.e. In a sentence) • Steganography – message hidden within a different 8
SECURITY ENGINEERING CIPHERS A cipher (cryptographic algorithm) is a series of transformations that convert plaintext to unreadable text (ciphertext), using the cipher key. Keystream – A set of random or pseudorandom characters that are used to combine plaintext messages during encryption. 9
SECURITY ENGINEERING ATTRIBUTES OF A STRONG CIPHER (Algorithms) • There should be long periods of no repeating patterns, which means that the bits generated by the keystream must be random. • The cipher must be statistically unpredictable, ensuring that the bits generated from the keystream generator cannot be predicted. • The keystream should not be linearly related to the key so that someone who guesses the keystream cannot also guess the key. • The keystream should be statistically unbiased, ensuring that there are the same number of 0’s and 1’s. • The cipher should contain the right level of confusion and diffusion. 10
11 SECURITY ENGINEERING Strong Cipher Concepts Confusion: -A mechanism to hide the relationship of the encryption key, plaintext, and ciphertext. -It reinforces the complexity to increase the work factor of reverse-engineering -The attacker should not be able to predict what changing one or more characters in the plaintext will do to the resulting ciphertext. Diffusion: - A mechanism to obscure redundancy in a plaintext by spreading the effects of the transformation over the ciphertext.
12 SECURITY ENGINEERING Cryptographic Concepts Diffusion cont’d: -It changes the value of at least one bit in a block of plaintext being encrypted and will affect the value of every other bit in the same block. -It does dissipate the redundancy of plaintext by spreading it out over the ciphertext. -It impedes any statistical/frequency analysis based on word or character occurrence. Any well-designed algorithm should utilize properties of both confusion and diffusion.
SECURITY ENGINEERING CIPHER TYPES & MODES • Substitution Ciphers • Transposition Ciphers Methods of Encryption 1. Substitution methods - substituting one bit for another bit - destination has to have the correct key to indicate how to substitute the original bit back in 2. Transposition methods - Bits are moved to new places in bitstream - Bits are scrambled - The destination has to have the correct key to indicate how to unscramble the bits 13
SECURITY ENGINEERING Initialization Vectors Randomly-generated value used by many cryptosystems to ensure that a unique a ciphertext is generated when there are multiple ciphertext generated by the same key. It is simply a continuously changing number used in combination with a secret key to encrypt data. Key: Long string of random values. The key is the element that effects randomness in the work of the algorithm. In other words, the key values are used by the algorithms to indicate which mathematical equations to use and in which order, and also with what values. Key Space: Comprises all the possible values that can facilitate the generation of a key. The large the key size the larger the key space ( 2 64 < 2 128 ). Therefore the larger the key space the more values an attacker has to deal with via brute force. 14
SECURITY ENGINEERING Exclusive-OR (XOR) • Another name for binary addition: an XOR operation results in 0, if both values are the same or 1, if they are different. • Provides simple and efficient method to combine two values. • Used in many stream and block ciphers for substitution operations. • Rules: • If both bits are the same, the result is 0 • 0 XOR 0 = 0 • 1 XOR 1 = 0 • If bits are different, the result is 1 • 1 XOR 0 = 1 • 0 XOR 1 = 1 • Example of XOR in operation: • Assume you have two binary values: 11100101 and 10101111 • If you XOR them, you get 01001010 • In order to get back the original value, you just need to XOR the second value (101001111) back into the result (01001010). 15
SECURITY ENGINEERING Algorithm: An algorithm is a well-defined mathematical/computational procedure that takes a variable input and generates a corresponding output. It performs the actual encryption and decryption process. Work Factor: The amount of effort and resources, such as time, needed by an attacker to break into a system. 16
SECURITY ENGINEERING Methods of Encryption Symmetric vs. Asymmetric Algorithms Block & Stream Ciphers Hybrid Encryption Methods 17
SECURITY ENGINEERING The Mathematics of Encryption 18 ALGORITHMS SYMMETRIC ASYMMETRIC Block Factoring Stream Discrete Logarithms
SECURITY ENGINEERING CIPHERS TYPES & MODES a.Block ciphers Message divided into blocks of bits Each block is encrypted (algorithm applied) separately Whole message is not encrypted as one entity Best used in software implementations Uses diffusion, confusion, and substitution boxes in each step b. Stream ciphers Encrypts (applies mathematical functions) individual bits of the message More complex as compared to block ciphers Best used in hardware implementations 19
20 SECURITY ENGINEERING Block Cipher Modes Electronic Code Book (ECB) ECB is a block cipher mode used primarily to disguise the pattern of a ciphertext. That is when each block of plaintext is also encrypted and in addition mapped to a code. Cipher Block Chaining (CBC) Ciphertext from previously encrypted block is used to encrypt the next block of data Provides more randomness and patterns are not as much of a concern as in ECB code
21 SECURITY ENGINEERING Block Cipher Modes CFB & OFB a.k.a. Stream Cipher Emulation Modes Cipher Feedback (CFB) Mode Previous ciphertext is used to encrypt the next block of data. Basically the same as the CBC mode except the CFB emulates a stream cipher by using a keystream generator. Output Feedback (OFB) Mode Values from a previous keystream are used to encrypt the next block of data Often used to encrypt satellite communications
SECURITY ENGINEERING • Symmetric Systems Uses a shared secret key for encryption and decryption Based on mathematical transposition and substitution functions Faster than asymmetric and hard to break. Examples below: Data Encryption Standard (DES) Triple-DES Advance Encryption Standard (AES) International Data Encryption Algorithm (IDEA) Blowfish RC4 RC5 RC6 22
SECURITY ENGINEERING •Weaknesses of Symmetric Systems Difficulty in distributing secret key securely to recipients Scalability – extremely difficult for large groups to use Does not provide authentication and non-repudiation because sender cannot be established if multiple users have the same key Keys must be regenerated often 23
SECURITY ENGINEERING Asymmetric Systems Uses a pair of keys (private and public) for encryption and decryption Built upon hard-to-resolve mathematical problem using factorization, discreet logarithms, and the elliptic curve theory. Slower than symmetric algorithm. Strengths of Asymmetric Systems Addition of new users may require the generation of only one public-private key pair Users can be removed far more easily via a key revocation mechanism Key regeneration is required only when a user’s private key is compromised Asymmetric encryption key can provide integrity, authentication, and nonrepudiation Key distribution is a simple process No preexisting communication links need to exist. 24
SECURITY ENGINEERING Types of Asymmetric Systems The Diffie-Hellman Algorithm RSA El Gamal Elliptic Curve Cryptosystems LUC Knapsack Zero Knowledge Proof 25
SECURITY ENGINEERING Diffie-Hellman Key Exchange Algorithm (Asymmetric) The Diffie-Hellman Key Exchange Algorithm allows two entities to exchange a secret key over an insecure medium Developed in 1976 by Whitfield Diffie and Martin Hellman It is based on the asymmetric algorithm scheme 26
SECURITY ENGINEERING Message Integrity The One-Way Hash Various Hashing Algorithms Attacks against One-Way hash Functions Digital Signatures Digital Signature Standard 27
SECURITY ENGINEERING Hashing Algorithms Uses a one-way mathematical function. Characteristics: Accepts variable-length string (message) and generates a fixed-length value (hash value) No key is involved No confidentiality is provided because nothing is getting encrypted Similar to a CRC function Creates a “fingerprint” of the message 28
SECURITY ENGINEERING Hashing Algorithms: MD2 (128-bit digest) MD4 (128-bit digest) MD5 (128-bit digest) SHA-1 (160-bit digest : NIST) SHA-256 (256-bit digest : NIST) SHA-512 (512-bit digest : NIST) HAVAL (Variable length message digest) RIPE MD-150, RIPE MD-128 TIGER 29
SECURITY ENGINEERING Security Issues in Hashing Strength Hashing Algorithm: Hash should be computed over entire message Messages cannot be disclosed by MD value Different messages should generate different MD values – ie. Collision free 30
SECURITY ENGINEERING Digital Signatures Providing Authenticity and Non- repudiation After message is put through a hashing algorithm, the MD is encrypted with the sender’s private key Receiver validates the digital signature by decrypting it with the sender’s public key Provides data integrity, authenticity, and non- repudiation 31
SECURITY ENGINEERING Digital Signatures 32
SECURITY ENGINEERING U.S. Government Standard Digital Signature Standard (DSS): Secure Hash Algorithm (SHA) must be used for message digest creation DSA, RSA, and ECDSA asymmetric algorithms can be used for digital signature creation ECDSA – elliptic curve digital signature algorithm 33
SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Authority Certificates The Registration Authority PKI Steps 34
SECURITY ENGINEERING Public Key Infrastructure (PKI) (e.g. Certification Authorities, etc.) Key Components of PKI • CA • RA • Certificate repository • Certificate revocation system 35
SECURITY ENGINEERING Public Key Infrastructure (PKI) (e.g. Certification Authorities, etc.) Certificate Authority (VeriSign, Thawte, GoDaddy.com, DigiCert, etc.) Creates digital certificate Binds customer’s identity to public key Sends certificate directly to user (customer) Maintains certificate throughout its lifetime X.509 v3 is the standard that defines Digital Certificates. 36
SECURITY ENGINEERING Public Key Infrastructure (PKI) (e.g. Certification Authorities, etc.) Registration Authority: Accepts registration requests from buyers Validates user’s identities Passes requests to CA Cannot create certificates 37
SECURITY ENGINEERING Public Key Infrastructure (PKI) Digital Certificates Characteristics Currently using X.509 version 3 Associates public key with owner Digitally signed by CA 38
SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Details Version Serial number Issuer name Validity period Subject (user) name etc 39
SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Repository Storage of certificates Usually publicly accessible Each certificate is digitally signed, therefore, eliminating the possibility of being modified 40
DOMAIN #3 – SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Revocation List (CRL) Certificates can be revoked CRL is a list of certificates that have been revoked Method to inform the public about status of certificates Online Certificate Status Protocol (OCSP) 41
SECURITY ENGINEERING Key Management Key Management Principles Key must not be in cleartext. There should be recovery options for keys Rules for Keys & Key Management Key length must be long enough to provide the necessary protection Key should be stored and transmitted by secure means Keys should be extremely random, and the algorithm should use the full spectrum of keyspace. The keys lifetime should correspond to the sensitivity of the data it is protecting The more the key is used the shorter its lifetime should be Keys should be backed up or escrowed for emergencies Keys should be properly destroyed at the end of their lifetimes 42
GOOD LUCK! ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge www.asmed.com Phone: (301)984-7400 43

Recommended

Cryptography
CryptographyCryptography
CryptographyJohnsonDaniel JohnsonDaniel
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Cryptography
CryptographyCryptography
CryptographyMuhammad Shoaib Saleem
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumCNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumSam Bowne
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 

Recommended

Cryptography
CryptographyCryptography
CryptographyJohnsonDaniel JohnsonDaniel
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Cryptography
CryptographyCryptography
CryptographyMuhammad Shoaib Saleem
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumCNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumSam Bowne
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman Sam Bowne
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecuritySam Bowne
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersSam Bowne
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141 6. Hash Functions
CNIT 141 6. Hash FunctionsCNIT 141 6. Hash Functions
CNIT 141 6. Hash FunctionsSam Bowne
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1Alfred Ouyang
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
Network security
Network securityNetwork security
Network securityABHISHEK KUMAR
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanSam Bowne
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - WorkshopSamant Khajuria
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum Sam Bowne
 
Information System Security.pptx
Information System Security.pptxInformation System Security.pptx
Information System Security.pptxGIT
 
Computer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxComputer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxmagoigamtatiro1
 

More Related Content

What's hot

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman Sam Bowne
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecuritySam Bowne
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersSam Bowne
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141 6. Hash Functions
CNIT 141 6. Hash FunctionsCNIT 141 6. Hash Functions
CNIT 141 6. Hash FunctionsSam Bowne
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1Alfred Ouyang
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanSam Bowne
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum Sam Bowne
 

What's hot (20)

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic Security
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream Ciphers
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
CNIT 141 6. Hash Functions
CNIT 141 6. Hash FunctionsCNIT 141 6. Hash Functions
CNIT 141 6. Hash Functions
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed Hashing
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed Hashing
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
Network security
Network securityNetwork security
Network security
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-Hellman
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - Workshop
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic Curves
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum
 

Similar to CISSP Certification Security Engineering-Part2

Information System Security.pptx
Information System Security.pptxInformation System Security.pptx
Information System Security.pptxGIT
 
Computer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxComputer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxmagoigamtatiro1
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security EncryptionJoel Briza
 
Php text processing by softroniics
Php text processing by softroniicsPhp text processing by softroniics
Php text processing by softroniicsaswin tbbc
 
crypto-105058445051058480051448005540405
crypto-105058445051058480051448005540405crypto-105058445051058480051448005540405
crypto-105058445051058480051448005540405ukd789555
 
Cryptography 1
Cryptography 1Cryptography 1
Cryptography 1bhanu7161
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingSumit Satam
 

Similar to CISSP Certification Security Engineering-Part2 (20)

Information System Security.pptx
Information System Security.pptxInformation System Security.pptx
Information System Security.pptx
 
Computer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptxComputer Cryptography and Encryption [by: Magoiga].pptx
Computer Cryptography and Encryption [by: Magoiga].pptx
 
Network security Encryption
Network security EncryptionNetwork security Encryption
Network security Encryption
 
Php text processing by softroniics
Php text processing by softroniicsPhp text processing by softroniics
Php text processing by softroniics
 
Cryptography
CryptographyCryptography
Cryptography
 
Pavan
PavanPavan
Pavan
 
Cryptography
CryptographyCryptography
Cryptography
 
crypto-105058445051058480051448005540405
crypto-105058445051058480051448005540405crypto-105058445051058480051448005540405
crypto-105058445051058480051448005540405
 
Cryptography 1
Cryptography 1Cryptography 1
Cryptography 1
 
Encryption
EncryptionEncryption
Encryption
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
Group 6
Group 6Group 6
Group 6
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 
Unit 2
Unit 2Unit 2
Unit 2
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured Messaging
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
 
Crpto ppt
Crpto pptCrpto ppt
Crpto ppt
 

More from Hamed Moghaddam

Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationHamed Moghaddam
 
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationJuniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationHamed Moghaddam
 
Cisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationCisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationHamed Moghaddam
 
Juniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationJuniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationHamed Moghaddam
 
Juniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationJuniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationHamed Moghaddam
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationHamed Moghaddam
 
Cisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationCisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationHamed Moghaddam
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port SecurityHamed Moghaddam
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationHamed Moghaddam
 
Cisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel ConfigurationCisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel ConfigurationHamed Moghaddam
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationHamed Moghaddam
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationHamed Moghaddam
 
Cisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationCisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationHamed Moghaddam
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchHamed Moghaddam
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on StickHamed Moghaddam
 
Cisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListCisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListHamed Moghaddam
 
Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!Hamed Moghaddam
 

More from Hamed Moghaddam (20)

Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configurationCisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA with tracking configuration
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA Configuration
 
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route ConfigurationJuniper JNCIA – Juniper RIP and OSPF Route Configuration
Juniper JNCIA – Juniper RIP and OSPF Route Configuration
 
Cisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL ConfigurationCisco CCNA CCNP VACL Configuration
Cisco CCNA CCNP VACL Configuration
 
Juniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route ConfigurationJuniper JNCIA – Juniper RIP Route Configuration
Juniper JNCIA – Juniper RIP Route Configuration
 
Juniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route ConfigurationJuniper JNCIA – Juniper OSPF Route Configuration
Juniper JNCIA – Juniper OSPF Route Configuration
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route Configuration
 
Cisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationCisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static Configuration
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
 
Cisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel ConfigurationCisco CCNA GRE Tunnel Configuration
Cisco CCNA GRE Tunnel Configuration
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 Configuration
 
Cisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationCisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 Configuration
 
Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
 
Cisco CCNA-Standard Access List
Cisco CCNA-Standard Access ListCisco CCNA-Standard Access List
Cisco CCNA-Standard Access List
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
 
Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!Microsoft MCSA- Joining Client Machines To The Domain!
Microsoft MCSA- Joining Client Machines To The Domain!
 

Recently uploaded

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 

Recently uploaded (20)

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 

CISSP Certification Security Engineering-Part2

  • 1. CISSP SECURITY ENGINEERING ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge www.asmed.com Phone: (301)984-7400 1
  • 2. SECURITY ENGINEERING Cryptographic Systems  Encryption systems have become extremely crucial in computing and data protection today.  Detailed discussions and understanding required. 2
  • 3. 3 SECURITY ENGINEERING The purpose of cryptography is to render information unintelligible to all but the intended recipient. The sender enciphers a message into unintelligible form, and the receiver deciphers it into intelligible form. The word “cryptology” is derived from the Greek kryptos (hidden) and logos (word). • Cryptology: The scientific study of cryptography and cryptanalysis • Cryptography: The enciphering and deciphering of messages into secret codes by means of various transformations of the plaintext • Cryptanalysis: The process of deriving the plaintext from the ciphertext (breaking a code) without being in possession of the key or the system (code breaking). • The history of codes and ciphers goes back almost 4,000 years to the early Egyptian civilization.
  • 4. 4 SECURITY ENGINEERING More Definitions: Plaintext – a message (sometimes called cleartext) Encryption – the process of making a message disguised Decryption – the process of turning a disguised message back into plaintext Cryptography – the science of keeping message secure Cryptanalysis – the science of breaking ciphertext Cryptology – mathematics of both cryptography and cryptanalysis
  • 5. SECURITY ENGINEERING • The History of Cryptography • Cryptographic Definitions & Concepts • Components of a Cryptosystem • Software • Protocols • Algorithms • Key • Kerckhoff’s Principle • Key should be the only secret component in cryptosystems. • Strength of a Cryptosystem • Combination of the algorithm, key secrecy, key length, and the initialization vector. 5
  • 6. 6 SECURITY ENGINEERING Basics - Services of a Cryptosystems - Ensure Confidentiality by preventing unauthorized users to access message/data. - Ensure Integrity - Info cannot be altered in storage or in transit - Non-repudiation - Creator or sender cannot deny (via use of digital signatures) - Authentication - Provide foundation for secure access control by using encrypted passwords and token-based devices. - Make compromise unattractive - too expensive or time consuming to be worth the effort
  • 8. SECURITY ENGINEERING • The History of Cryptography • Cryptographic Definitions & Concepts One-Time Pad: -Considered the most secured encryption scheme - Sender uses each key letter on the pad to encrypt exactly one plaintext character - Pad is used only one time - Pad is as long as the message - Primarily used for ultra-secure low-bandwidth channels - Used by many secret agents • Running Cipher – use common components (a page within a book) • Concealment Cipher – message within a message (i.e. In a sentence) • Steganography – message hidden within a different 8
  • 9. SECURITY ENGINEERING CIPHERS A cipher (cryptographic algorithm) is a series of transformations that convert plaintext to unreadable text (ciphertext), using the cipher key. Keystream – A set of random or pseudorandom characters that are used to combine plaintext messages during encryption. 9
  • 10. SECURITY ENGINEERING ATTRIBUTES OF A STRONG CIPHER (Algorithms) • There should be long periods of no repeating patterns, which means that the bits generated by the keystream must be random. • The cipher must be statistically unpredictable, ensuring that the bits generated from the keystream generator cannot be predicted. • The keystream should not be linearly related to the key so that someone who guesses the keystream cannot also guess the key. • The keystream should be statistically unbiased, ensuring that there are the same number of 0’s and 1’s. • The cipher should contain the right level of confusion and diffusion. 10
  • 11. 11 SECURITY ENGINEERING Strong Cipher Concepts Confusion: -A mechanism to hide the relationship of the encryption key, plaintext, and ciphertext. -It reinforces the complexity to increase the work factor of reverse-engineering -The attacker should not be able to predict what changing one or more characters in the plaintext will do to the resulting ciphertext. Diffusion: - A mechanism to obscure redundancy in a plaintext by spreading the effects of the transformation over the ciphertext.
  • 12. 12 SECURITY ENGINEERING Cryptographic Concepts Diffusion cont’d: -It changes the value of at least one bit in a block of plaintext being encrypted and will affect the value of every other bit in the same block. -It does dissipate the redundancy of plaintext by spreading it out over the ciphertext. -It impedes any statistical/frequency analysis based on word or character occurrence. Any well-designed algorithm should utilize properties of both confusion and diffusion.
  • 13. SECURITY ENGINEERING CIPHER TYPES & MODES • Substitution Ciphers • Transposition Ciphers Methods of Encryption 1. Substitution methods - substituting one bit for another bit - destination has to have the correct key to indicate how to substitute the original bit back in 2. Transposition methods - Bits are moved to new places in bitstream - Bits are scrambled - The destination has to have the correct key to indicate how to unscramble the bits 13
  • 14. SECURITY ENGINEERING Initialization Vectors Randomly-generated value used by many cryptosystems to ensure that a unique a ciphertext is generated when there are multiple ciphertext generated by the same key. It is simply a continuously changing number used in combination with a secret key to encrypt data. Key: Long string of random values. The key is the element that effects randomness in the work of the algorithm. In other words, the key values are used by the algorithms to indicate which mathematical equations to use and in which order, and also with what values. Key Space: Comprises all the possible values that can facilitate the generation of a key. The large the key size the larger the key space ( 2 64 < 2 128 ). Therefore the larger the key space the more values an attacker has to deal with via brute force. 14
  • 15. SECURITY ENGINEERING Exclusive-OR (XOR) • Another name for binary addition: an XOR operation results in 0, if both values are the same or 1, if they are different. • Provides simple and efficient method to combine two values. • Used in many stream and block ciphers for substitution operations. • Rules: • If both bits are the same, the result is 0 • 0 XOR 0 = 0 • 1 XOR 1 = 0 • If bits are different, the result is 1 • 1 XOR 0 = 1 • 0 XOR 1 = 1 • Example of XOR in operation: • Assume you have two binary values: 11100101 and 10101111 • If you XOR them, you get 01001010 • In order to get back the original value, you just need to XOR the second value (101001111) back into the result (01001010). 15
  • 16. SECURITY ENGINEERING Algorithm: An algorithm is a well-defined mathematical/computational procedure that takes a variable input and generates a corresponding output. It performs the actual encryption and decryption process. Work Factor: The amount of effort and resources, such as time, needed by an attacker to break into a system. 16
  • 17. SECURITY ENGINEERING Methods of Encryption Symmetric vs. Asymmetric Algorithms Block & Stream Ciphers Hybrid Encryption Methods 17
  • 18. SECURITY ENGINEERING The Mathematics of Encryption 18 ALGORITHMS SYMMETRIC ASYMMETRIC Block Factoring Stream Discrete Logarithms
  • 19. SECURITY ENGINEERING CIPHERS TYPES & MODES a.Block ciphers Message divided into blocks of bits Each block is encrypted (algorithm applied) separately Whole message is not encrypted as one entity Best used in software implementations Uses diffusion, confusion, and substitution boxes in each step b. Stream ciphers Encrypts (applies mathematical functions) individual bits of the message More complex as compared to block ciphers Best used in hardware implementations 19
  • 20. 20 SECURITY ENGINEERING Block Cipher Modes Electronic Code Book (ECB) ECB is a block cipher mode used primarily to disguise the pattern of a ciphertext. That is when each block of plaintext is also encrypted and in addition mapped to a code. Cipher Block Chaining (CBC) Ciphertext from previously encrypted block is used to encrypt the next block of data Provides more randomness and patterns are not as much of a concern as in ECB code
  • 21. 21 SECURITY ENGINEERING Block Cipher Modes CFB & OFB a.k.a. Stream Cipher Emulation Modes Cipher Feedback (CFB) Mode Previous ciphertext is used to encrypt the next block of data. Basically the same as the CBC mode except the CFB emulates a stream cipher by using a keystream generator. Output Feedback (OFB) Mode Values from a previous keystream are used to encrypt the next block of data Often used to encrypt satellite communications
  • 22. SECURITY ENGINEERING • Symmetric Systems Uses a shared secret key for encryption and decryption Based on mathematical transposition and substitution functions Faster than asymmetric and hard to break. Examples below: Data Encryption Standard (DES) Triple-DES Advance Encryption Standard (AES) International Data Encryption Algorithm (IDEA) Blowfish RC4 RC5 RC6 22
  • 23. SECURITY ENGINEERING •Weaknesses of Symmetric Systems Difficulty in distributing secret key securely to recipients Scalability – extremely difficult for large groups to use Does not provide authentication and non-repudiation because sender cannot be established if multiple users have the same key Keys must be regenerated often 23
  • 24. SECURITY ENGINEERING Asymmetric Systems Uses a pair of keys (private and public) for encryption and decryption Built upon hard-to-resolve mathematical problem using factorization, discreet logarithms, and the elliptic curve theory. Slower than symmetric algorithm. Strengths of Asymmetric Systems Addition of new users may require the generation of only one public-private key pair Users can be removed far more easily via a key revocation mechanism Key regeneration is required only when a user’s private key is compromised Asymmetric encryption key can provide integrity, authentication, and nonrepudiation Key distribution is a simple process No preexisting communication links need to exist. 24
  • 25. SECURITY ENGINEERING Types of Asymmetric Systems The Diffie-Hellman Algorithm RSA El Gamal Elliptic Curve Cryptosystems LUC Knapsack Zero Knowledge Proof 25
  • 26. SECURITY ENGINEERING Diffie-Hellman Key Exchange Algorithm (Asymmetric) The Diffie-Hellman Key Exchange Algorithm allows two entities to exchange a secret key over an insecure medium Developed in 1976 by Whitfield Diffie and Martin Hellman It is based on the asymmetric algorithm scheme 26
  • 27. SECURITY ENGINEERING Message Integrity The One-Way Hash Various Hashing Algorithms Attacks against One-Way hash Functions Digital Signatures Digital Signature Standard 27
  • 28. SECURITY ENGINEERING Hashing Algorithms Uses a one-way mathematical function. Characteristics: Accepts variable-length string (message) and generates a fixed-length value (hash value) No key is involved No confidentiality is provided because nothing is getting encrypted Similar to a CRC function Creates a “fingerprint” of the message 28
  • 29. SECURITY ENGINEERING Hashing Algorithms: MD2 (128-bit digest) MD4 (128-bit digest) MD5 (128-bit digest) SHA-1 (160-bit digest : NIST) SHA-256 (256-bit digest : NIST) SHA-512 (512-bit digest : NIST) HAVAL (Variable length message digest) RIPE MD-150, RIPE MD-128 TIGER 29
  • 30. SECURITY ENGINEERING Security Issues in Hashing Strength Hashing Algorithm: Hash should be computed over entire message Messages cannot be disclosed by MD value Different messages should generate different MD values – ie. Collision free 30
  • 31. SECURITY ENGINEERING Digital Signatures Providing Authenticity and Non- repudiation After message is put through a hashing algorithm, the MD is encrypted with the sender’s private key Receiver validates the digital signature by decrypting it with the sender’s public key Provides data integrity, authenticity, and non- repudiation 31
  • 33. SECURITY ENGINEERING U.S. Government Standard Digital Signature Standard (DSS): Secure Hash Algorithm (SHA) must be used for message digest creation DSA, RSA, and ECDSA asymmetric algorithms can be used for digital signature creation ECDSA – elliptic curve digital signature algorithm 33
  • 34. SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Authority Certificates The Registration Authority PKI Steps 34
  • 35. SECURITY ENGINEERING Public Key Infrastructure (PKI) (e.g. Certification Authorities, etc.) Key Components of PKI • CA • RA • Certificate repository • Certificate revocation system 35
  • 36. SECURITY ENGINEERING Public Key Infrastructure (PKI) (e.g. Certification Authorities, etc.) Certificate Authority (VeriSign, Thawte, GoDaddy.com, DigiCert, etc.) Creates digital certificate Binds customer’s identity to public key Sends certificate directly to user (customer) Maintains certificate throughout its lifetime X.509 v3 is the standard that defines Digital Certificates. 36
  • 37. SECURITY ENGINEERING Public Key Infrastructure (PKI) (e.g. Certification Authorities, etc.) Registration Authority: Accepts registration requests from buyers Validates user’s identities Passes requests to CA Cannot create certificates 37
  • 38. SECURITY ENGINEERING Public Key Infrastructure (PKI) Digital Certificates Characteristics Currently using X.509 version 3 Associates public key with owner Digitally signed by CA 38
  • 39. SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Details Version Serial number Issuer name Validity period Subject (user) name etc 39
  • 40. SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Repository Storage of certificates Usually publicly accessible Each certificate is digitally signed, therefore, eliminating the possibility of being modified 40
  • 41. DOMAIN #3 – SECURITY ENGINEERING Public Key Infrastructure (PKI) Certificate Revocation List (CRL) Certificates can be revoked CRL is a list of certificates that have been revoked Method to inform the public about status of certificates Online Certificate Status Protocol (OCSP) 41
  • 42. SECURITY ENGINEERING Key Management Key Management Principles Key must not be in cleartext. There should be recovery options for keys Rules for Keys & Key Management Key length must be long enough to provide the necessary protection Key should be stored and transmitted by secure means Keys should be extremely random, and the algorithm should use the full spectrum of keyspace. The keys lifetime should correspond to the sensitivity of the data it is protecting The more the key is used the shorter its lifetime should be Keys should be backed up or escrowed for emergencies Keys should be properly destroyed at the end of their lifetimes 42
  • 43. GOOD LUCK! ASM Educational Center Inc. (ASM) Where Training, Technology & Service Converge www.asmed.com Phone: (301)984-7400 43