SlideShare a Scribd company logo

Cryptographic lifecycle security training

EnterpriseGRC Solutions, Inc.
EnterpriseGRC Solutions, Inc.

Paying forward, this deck summarizes key concepts we need to be successful in IT Operations and security, focus is cryptographic controls and their relationship to cryptographic exploits. Please refer to the Networking and Security deck to better understand reference to layers and their associated protocols.

Technology
1 of 42
Download to read offline
http://www.enterprisegrc.com CISSP Study Concepts for Security Engineering and Cryptographic Lifecycle Robin Basham, using materials from SANS, ISC2,
Data classification Operational activities Safeguard selection Separation of duties Management security responsibilities Guidelines and procedures Risk assessment Policies and standards Security awareness Effective security management practices
Bell-LaPadula – Confidentiality model  Only deals with confidentiality does not deal with integrity or availability  (NO “I” or “EYE” is CONFIDENTIAL – can’t write to my boss’ level, subordinates who are down can’t read my level)  Based on Government Classification – Unclassified, Sensitive But Unclassified (SBU), Confidential, Secret, Top Secret  A Trusted Subject can violate the *property  Bell-LaPadula Security State Defined by three properties:  Simple Security Property (ss Property) – no reading from lower subject to higher object (No Read Up) I don’t see above my class  The * (star) security Property – No writing from higher subject to lower object (No write Down) I don’t author to a lower level of security  Trusted Subject can violate the star property but not its intent  Strong * property – no reading or writing to another level  Discretionary Security Property – Uses Access Matrix to specify discretionary access control  Remember the hyphen “-” is separation of duties
Writing and Reading Orders - Confidentiality  No read up – its confidential so I can’t see a command sent to my boss  No write down – I only need to read what my boss sends me. A lower rank can’t see my orders. I can’t change classification to allow them that access. We are segregated.
Biba Integrity Model defined by three goals 1. Integrity Data protected from modification by unauthorized users 2. Data protected from unauthorized modification by authorized users 3. Data is internally and externally consistent. Biba Integrity Model add on to BLP  Lattice Based uses less than or equal to relation  A lattice structure is a set with a least upper bound (LUB) and a greatest lower bound (GLB)  Lattice represents a set of integrity classes (IC) and an ordered relationship  Lattice = (IC, LUB, GUB)
Integrity – who created this order – who classified this order? Integrity Axioms  The Simple Integrity Axiom - no reading of lower object from higher subject (No Read Down)  The * (star) Integrity Axiom – No writing from lower subject to higher object (No write Up)  A subject at a lower level of integrity can not invoke a subject at a higher level of integrity
Clark-Wilson Integrity Model (Integrity for Commercial Environments) Two elements: well formed transaction and separation of duties.  Developed in 1987 for use in real- world commercial environment  Addresses the three integrity goals  Constrained Data Item (CDI) – A data Item whose integrity is to be preserved  Integrity Verification Procedure (IVP) – confirms that all CDIs have integrity  Transformation Procedure (TP) – transforms a CDI from one integrity state to another integrity state  Unconstrained Data Item – data items outside of the control area of the modeled environment  Requires Integrity Labels
Clark-Wilson Integrity Model Information Flow Models  Each object and subject is assigned security class and value; info is constrained to flow in directions that are permitted by the security policy.  Based on state machine and consists of objects, state transitions and lattice (flow policy) states.  Object can be a user  Each object is assigned a security class and value  Information is constrained to flow in the directions permitted by the policy Non-interference Model  Actions of group A using commands C are not seen by users in Group B using commands D
Cryptographic limitations Algorithm selection Protocol governance Key management CISSP Study Concepts for Cryptographic Lifecycle
(Selection) Approved cryptographic algorithms key sizes Transition plans for weakened compromised algorithms and keys Process crypto systems, standards what / how organization use cryptography Key Management Generation Escrow and Destruction Incident reporting for key loss or compromised cryptographic systems Algorithm Protocol Governance
Needed Component Parts to an Encryption Strategy Symmetric for confidentiality (DES, 3DES, IDEA, RC4, AES) Hashing for integrity (MD4, MD5, RIPEMD, SHA-1, SHA-2) Asymmetric for authentication (RSA, El Gamal, ECC elliptic curve crypto) Non Repudiation is Asymmetric plus Hashing – condition where a message is hash encrypted with the sender’s private key
Relationship of Encryption to Incidents and Threats Threats Consequences Countermeasures Integrity  Modification of user data  Trojan horse browser  Modification of memory  Modification of message traffic in transit  Loss of information  Compromise of machine  Vulnerability to all other threats  Cryptographic  checksums Confidentiality  Eavesdropping on the net  Theft of info from server  Theft of data from client  Info about network configuration  Info about which client talks to server  Loss of information  Loss of privacy  Encryption  Web  proxies Denial of Service  Killing of user threads  Flooding machine with bogus requests  Filling up disk or memory  Isolating machine via DNS attacks  Disruptive ($$$)  Annoying  Prevent user from getting work done  Rate limiter  IPS and rate based IPS  Blackholing/ Sinkholing  Clean Pipes  Bogon Filtering  WAN Link Failover Authentication  Impersonation of legitimate users  Data forgery  Misrepresentation of user  Belief that false  information is valid  Cryptographic  techniques
Symmetric - Confidentiality • Secret Key • Single or one key • Requires secure channel • Pre-shared key • Asymmetric mode or • Diffie Hellman Key exchange Asymmetric - Authentication • Public key crypto • Dual or two key encryption Hash - Integrity • One way transformation • No key • Collision is when 2 inputs get same output Non Repudiation • Digital Signatures • Hash + Asymmetric • Message hash encrypted with sender’s private key Elements needed for Encryption and Encryption Methods
Symmetric Encryption Systems DES (Data Encryption Standard)  DES is a block encryption algorithm using 64-bit blocks. It uses a 64 bit key 56 bits of true key and 8 for parity. Characters are put through 16 rounds of transposition and substitution.  Devised in 1972 as a derivation of the “Lucifer” system  DES Describes the DEA (Data Encryption Algorithm)  FIPS PUB 46-1 (1977) and ANSI X3.92 (1981)  64bit blocks, 56 bit key and  16 rounds of transformation  Uses confusion and diffusion for encrypting plain text.  Confusion Conceals statistical connection between ciphertext and plain text. Uses non-linear substitution boxes (S-Boxes)  Diffusion Spreads the influence of a plain text character over many ciphertext characters.
DES has 4 distinct modes of operation Electronic Code Book (ECB) It is a block cipher Native encryption method for DES. Electronic codebook literally operates like a code book. For a given block of plaintext and a given key, the same set of ciphertext is always produced. ECB uses padding to round up to a 64 bit block boundary. ECB is used for small amounts of data such as challenge-response or key management. Not good for large amounts of data as patterns would eventually show. Cipher Block Chaining (CBC) In Cipher Block Chaining, the value of the previous block processed is a part of the algorithm and key for the next block, so, patterns are not revealed. This chaining effect means that a particular ciphertext block is dependent on all the blocks that came before it, not just the current block. Cipher Feedback Mode (CFB) It is a stream cipher. Previously generated ciphertext is used as feedback into the key generation source to develop the next keystream. This mode is used when encrypting individual characters is required. Output Feedback Mode (OFB) Similar to CFB, but stream cipher functions by generating a random stream of bits to be combined with the plaintext to create ciphertext. Requires initialization vector. Ciphertext is fed back to the algorithm to form a portion of the next input to encrypt the stream of bits. DES 4 Distinct modes
Key Terms Symmetric algorithm Encryption method where the sender and receiver use an instance of the same key for encryption and decryption purposes. Out-of-band method Sending data through an alternate communication channel. Asymmetric algorithm Encryption method that uses two different key types, public and private. Also called public key cryptography. Public key Value used in public key cryptography that is used for encryption and signature validation that can be known by all parties. Private key Value used in public key cryptography that is used for decryption and signature creation and known to only key owner. Public key cryptography Asymmetric cryptography, which uses public and private key values for cryptographic functions. Block cipher Symmetric algorithm type that encrypts chunks (blocks) of data at a time. Diffusion Transposition processes used in encryption functions to increase randomness. Confusion Substitution processes used in encryption functions to increase randomness. Avalanche effect Algorithm design requirement so that slight changes to the input result in drastic changes to the output. Stream cipher Algorithm type that generates a keystream (random values), which is XORd with plaintext for encryption purposes. Keystream generator Component of a stream algorithm that creates random values for encryption purposes. Initialization vectors (IVs) Values that are used with algorithms to increase randomness for cryptographic functions.
Triple DES (3DES) Encrypting plaintext with one DES key and then encrypting it with a second DES key is no more secure than using a single DES key, therefore, Triple DES is used to obtain stronger encryption DES-EDE2 2 keys are used. Encrypt with 1, decrypt with 2 and then encrypt with 1 again. DES-EEE2 2 keys used. Encrypt with 1, encrypt with 2, encrypt with 1. DES-EEE3 3 keys used. Encrypt with 1, encrypt with 2, encrypt with 3. Most secure, but requires 3 keys.
Advanced Encryption Standard (AES) Uses Rjindael block cipher, specifies three key sizes; 128, 192 or 256 bit. Choice of key determines encryption level. AES is the government standard for encrypting SBU information. Best suited for hardware encryption. The number of rounds of transformation is a function of the key size used 256 bit – 14 rounds. 192 bit – 12 rounds. 128 bit – 10 rounds.
Symmetric Algorithms that provide bulk (data) Encryption services only DES and 3DES TwoFish  128 bit blocks in 16 rounds. Key lengths can be up to 256 bits. BlowFish  A block cipher operating on 64 bit blocks with a key length of up to 448 bits. The blocks go through 16 rounds of crypto functions. IDEA  Ideas stands for International Data Encryption Algorithm. It operates on 64 bit blocks and uses a 128 bit key. (cont)
Symmetric Algorithms that provide bulk (data) Encryption services only IDEA (cont)  Performs 8 rounds on 16 bit sub- blocks. Each 64 bit block is divided into 16 smaller blocks and each block has 8 rounds of mathematical functions performed on it.  IDEA is harder to crack than DES for the same keysize and is used in PGP. RC5  Block cipher of variable block length. Key can be 0-2048 bits, blocks can be 32, 64 or 128 bits and the number of rounds can be 0 – 255. Created by Ron Rivest and patented by RSA data.
. Asymmetric Encryption Algorithms – Authentication and Public Key Crypto RSA  Defacto standard for public encryption. Invented by Ron Rivest, Adi Shamir and Leonard Adleman. Developed at MIT. Security comes from the difficulty of factoring large numbers. Public and private key are functions of a pair of large prime numbers. RSA is used in many web browsers with SSL. El-Gamal  Extends Diffie-Hellman to apply to encryption to digital signatures. Based on calculating discrete logarithms in a finite field. Elliptical Curve Cryptosystem (ECC)  Provides much of the same functionality as RSA Digital signatures, secure key distribution and encryption. ECC is very resource efficient – ideal for smaller devices. ECC providers higher protection with smaller keys than RSA. An ECC key of 160 bits is equivalent to a 1024- bit RSA key.
. Asymmetric Encryption Algorithms Public Key Cryptography  Public key cryptography uses asymmetric encryption for key encryption and secret key encryption for data. We use an asymmetric algorithm to encrypt the secret key. Diffie-Hellman  Used for key distribution, NOT encryption and decryption. Subjects can exchange session keys over a non-secure medium without exposing the keys. Session-Key  “Secret” key used for one data exchange only. Usually randomly generated then encrypted using public cryptography
Public Key Infrastructure (PKI) – X.509  PKI is an ISO authentication framework that uses public key cryptography and X.509 standard protocols.  PKI provides authentication, confidentiality, non-repudiation and message integrity.  The PKI infrastructure contains the pieces that will identify the user, distribute and maintain keys, distribute and maintain certificates and allow certificate revocation.  Each individual taking part in PKI needs a digital signature signed by a CA.  Some well-known Certification Authorities are Entrust and VeriSign. The old method of revocation is handled by the certification revocation list (CRL).  New revocation is via Online Certificate Status Protocol OCSP
PKI is made up of the following entities and functions Certification Authorities Registration Authorities Certificate Repository Certificate Revocation System Key backup and recovery system Automatic key update Management of key histories Cross- certification with other CAs Time stamping Client side software
Uses for PKI (Public Key Infrastructure) IPSec & VPN Authentication General User Authentication Code & Driver Signing Wireless Authentication Network Access Control Protection (NAC/NAP) Digital Signatures
LDAP, ISAKMP, IKE  LDAP is the standard format for accessing certification repositories. Availability and Integrity of LDAP servers is a concern.  ISAKMP Internet Security Association and Key Management Protocol.  IKE ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley, combined. In general  ISAKMP defined the phases for establishing a secure relationship  SKEME describes a secure exchange mechanism  Oakley defined the modes of operation needed to establish a secure connection.
http://www.enterprisegrc.com Bad Poodle
Can you match the exploit name to exploited protocol? Exploit Vulnerability A. RC4 - does not require MITM, passive sniffing or eavesdropping, also vulnerable to MITM B. SSL 3.0 enables MITM - must be disabled, was already replaced by TLS 1.0, only works while victim is online and attacker is near C. OpenSSL - missing bound check during TLS heartbeat, eavesdrop web, email, IM, VPN, reads system memory to get secret keys used to encrypt traffic, names, passwords, content. D. *NIX OS, exploited via CGI, attacker can tack-on malicious code to the environment variable E. Factoring Attack on RSA-EXPORT - weak cipher suite SSLv3 F. TLS 1.0 browser reveals session id;java script compares block cipher msg hash and deduces IV out of CBC-steal first block before XOR G. TLS 1.0 and SPDY Compression Ratio Info-Leak Mass Exploitation H. Schannel - remote code execution vulnerability D Bash Bug ShellShock H WinShock C Heartbleed B POODLE (Padding Oracle On Downgraded Legacy Encryption) E Freak G Crime F Beast A Bar Mitzvah
Denial-of-Service Attacks Prevents a systems from processing or responding to legitimate traffic Transmits data packets Exploits a known fault in an OS, service or application Results in system crash or CPU at 100%
Distributed reflective denial of service DRDoS Reflected approach, rather than direct to victim, manipulates traffic so that attack is reflected back to victim from other sources Example: DNS Poisoning and SMURF
Smurf and Fraggle Attacks A smurf attack is another type of flood attack, but it floods the victim with Internet Control Message Protocol (ICMP) echo packets instead of with TCP SYN packets. More specifically, it is a spoofed broadcast ping request using the IP address of the victim as the source IP address. Ping uses ICMP to check connectivity with remote systems. Normally, ping sends an echo request to a single system, and the system responds with an echo reply. However, in a smurf attack the attacker sends the echo request out as a broadcast to all systems on the network and spoofs the source IP address. All these systems respond with echo replies to the spoofed IP address, flooding the victim with traffic.
Smurf amplifier  Smurf attacks take advantage of an amplifying network (also called a smurf amplifier) by sending a directed broadcast through a router. All systems on the amplifying network then attack the victim. However, RFC 2644, released in 1999, changed the standard default for routers so that they do not forward directed broadcast traffic. When administrators correctly configure routers in compliance with RFC 2644, a network cannot be an amplifying network. This limits smurf attacks to a single network. Additionally, it’s becoming common to disable ICMP on firewalls, routers, and even many servers to prevent any type of attacks using ICMP. When standard security practices are used, smurf attacks are rarely a problem today.
Fraggle Fraggle attacks are similar to smurf attacks. However, instead of using ICMP, a fraggle attack uses UDP packets over UDP ports 7 and 19. The fraggle attack will broadcast a UDP packet using the spoofed IP address of the victim. All systems on the network will then send traffic to the victim, just as with a smurf attack. La la, lala lah la, la la la ladi dah (smurf song)
Botnets Robots or Zombies, introduced through malware, often browser based Allows a herder to send instructions to the computer Examples Gamover Zues GOZ, CrytoLocker ransomware Simda Esthost DNS Changer
Ping of Death – Teardrop and Land Attacks POD Oversized packets, changes size of packets to over 64KB Results crash, buffer overflow Rarely successful today Teardrop Fragments traffic so data can’t be put back together Land Attacks Sends spoofed SYN packets as both source and destination
SSLv3 is broken What is SSLv3 Performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.
What is SSL and how did it get here? Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network.
Security protocol (cryptographic protocol or encryption protocol) Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects: Key agreement or establishment Entity authentication Symmetric encryption and message authentication material construction Secured application-level data transport
Security protocol (cryptographic protocol or encryption protocol)  Non-repudiation methods  Secret sharing methods  Secure multi-party computation  For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP/HTTPS) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non- repudiation support.
Encrypted messages are exchanged SSL client “finished” SSL Server “finished” Server decrypts the session key If required, SSL Server verifies client certificate Session key exchange SSL Client sends certificate Client encrypts session key SSL client sends secret key information (encrypted with server public key) Client validates certificate and crypto SSL Client verifies server certificate Checks cryptographic parameters Server Responds SSL Server sends “Hello” Sends Server certificate & optional “client certificate request” Client Web Request SSL Client sends “Hello” SSL Client to SSL Server Encryption and Key Exchange
Ring Layer Protection in Computing Systems

Recommended

A Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesA Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesIRJET Journal
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
Cryptography and network security
Cryptography and network security Cryptography and network security
Cryptography and network security Mathan Gopal
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityshraddha mane
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Data security in data communication
Data security in data communicationData security in data communication
Data security in data communicationMohd Arif
 

Recommended

A Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesA Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesIRJET Journal
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
Cryptography and network security
Cryptography and network security Cryptography and network security
Cryptography and network security Mathan Gopal
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityshraddha mane
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Data security in data communication
Data security in data communicationData security in data communication
Data security in data communicationMohd Arif
 
Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and NetworkingZahidul Hossain
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Security and Cryptography
Security and CryptographySecurity and Cryptography
Security and CryptographyPresentaionslive.blogspot.com
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & SteganographyAnimesh Shaw
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithmstrilokchandra prakash
 
Data Encryption and Decryption using Hill Cipher
Data Encryption and Decryption using Hill CipherData Encryption and Decryption using Hill Cipher
Data Encryption and Decryption using Hill CipherAashirwad Kashyap
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Unit 4
Unit 4Unit 4
Unit 4Vinod Kumar Gorrepati
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comphanleson
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
Network Security
Network SecurityNetwork Security
Network SecurityFederal Urdu University
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptographyVaibhav Khanna
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmIjcem Journal
 
An Enhanced Encryption Technique using BCD and Bit Complementation
An Enhanced Encryption Technique using BCD and Bit ComplementationAn Enhanced Encryption Technique using BCD and Bit Complementation
An Enhanced Encryption Technique using BCD and Bit ComplementationIRJET Journal
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And DecryptionNA
 
Unit 2
Unit 2Unit 2
Unit 2Vinod Kumar Gorrepati
 
Advanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaAdvanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaSunil Kumar R
 
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...caijjournal
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterpriseGRC Solutions, Inc.
 

More Related Content

What's hot

Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and NetworkingZahidul Hossain
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & SteganographyAnimesh Shaw
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Data Encryption and Decryption using Hill Cipher
Data Encryption and Decryption using Hill CipherData Encryption and Decryption using Hill Cipher
Data Encryption and Decryption using Hill CipherAashirwad Kashyap
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comphanleson
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptographyVaibhav Khanna
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmIjcem Journal
 
An Enhanced Encryption Technique using BCD and Bit Complementation
An Enhanced Encryption Technique using BCD and Bit ComplementationAn Enhanced Encryption Technique using BCD and Bit Complementation
An Enhanced Encryption Technique using BCD and Bit ComplementationIRJET Journal
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And DecryptionNA
 
Advanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaAdvanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaSunil Kumar R
 
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...caijjournal
 

What's hot (20)

Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and Networking
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Security and Cryptography
Security and CryptographySecurity and Cryptography
Security and Cryptography
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Data Encryption and Decryption using Hill Cipher
Data Encryption and Decryption using Hill CipherData Encryption and Decryption using Hill Cipher
Data Encryption and Decryption using Hill Cipher
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
Unit 4
Unit 4Unit 4
Unit 4
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 
Cryptography
CryptographyCryptography
Cryptography
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cryptography
CryptographyCryptography
Cryptography
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithm
 
An Enhanced Encryption Technique using BCD and Bit Complementation
An Enhanced Encryption Technique using BCD and Bit ComplementationAn Enhanced Encryption Technique using BCD and Bit Complementation
An Enhanced Encryption Technique using BCD and Bit Complementation
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And Decryption
 
Unit 2
Unit 2Unit 2
Unit 2
 
Advanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaAdvanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using Java
 
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
 

Viewers also liked

Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2infosecedu
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]SISA Information Security Pvt.Ltd
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementationsedukull
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesEnterpriseGRC Solutions, Inc.
 
Startupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisStartupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisELMODIS Inc.
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 

Viewers also liked (20)

Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2Cissp d5-cryptography v2012-mini coursev2
Cissp d5-cryptography v2012-mini coursev2
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementation
 
Key management
Key managementKey management
Key management
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
ISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference Brochure
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
 
Startupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisStartupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja Elmodis
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
 
ELMODIS na INFERENCE
ELMODIS na INFERENCEELMODIS na INFERENCE
ELMODIS na INFERENCE
 

Similar to Cryptographic lifecycle security training

A study of cryptography for satellite applications
A study of cryptography for satellite applicationsA study of cryptography for satellite applications
A study of cryptography for satellite applicationsRajesh Ishida
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
IRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption TechniquesIRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption TechniquesIRJET Journal
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...Kimberly Thomas
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfKailasS9
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysIJORCS
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysIJORCS
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfAdiseshaK
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfAdiseshaK
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Hybrid Encryption for Database Security
Hybrid Encryption for Database SecurityHybrid Encryption for Database Security
Hybrid Encryption for Database SecurityIRJET Journal
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questionssandi4204
 
PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...
PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...
PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...ijistjournal
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communicationijsrd.com
 

Similar to Cryptographic lifecycle security training (20)

A study of cryptography for satellite applications
A study of cryptography for satellite applicationsA study of cryptography for satellite applications
A study of cryptography for satellite applications
 
Cryptography
CryptographyCryptography
Cryptography
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
IRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption TechniquesIRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption Techniques
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated Keys
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated Keys
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdf
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Hybrid Encryption for Database Security
Hybrid Encryption for Database SecurityHybrid Encryption for Database Security
Hybrid Encryption for Database Security
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questions
 
PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...
PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...
PERFORMANCE ANALYSIS OF PARALLEL IMPLEMENTATION OF ADVANCED ENCRYPTION STANDA...
 
security issue
security issuesecurity issue
security issue
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communication
 

More from EnterpriseGRC Solutions, Inc.

Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 

More from EnterpriseGRC Solutions, Inc. (7)

2012 Summer Conference Brochure
2012 Summer Conference Brochure2012 Summer Conference Brochure
2012 Summer Conference Brochure
 
2011 Summer Conference Brochure
2011 Summer Conference Brochure2011 Summer Conference Brochure
2011 Summer Conference Brochure
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 
Green Tech
Green TechGreen Tech
Green Tech
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Cryptographic lifecycle security training

  • 1. http://www.enterprisegrc.com CISSP Study Concepts for Security Engineering and Cryptographic Lifecycle Robin Basham, using materials from SANS, ISC2,
  • 3. Bell-LaPadula – Confidentiality model  Only deals with confidentiality does not deal with integrity or availability  (NO “I” or “EYE” is CONFIDENTIAL – can’t write to my boss’ level, subordinates who are down can’t read my level)  Based on Government Classification – Unclassified, Sensitive But Unclassified (SBU), Confidential, Secret, Top Secret  A Trusted Subject can violate the *property  Bell-LaPadula Security State Defined by three properties:  Simple Security Property (ss Property) – no reading from lower subject to higher object (No Read Up) I don’t see above my class  The * (star) security Property – No writing from higher subject to lower object (No write Down) I don’t author to a lower level of security  Trusted Subject can violate the star property but not its intent  Strong * property – no reading or writing to another level  Discretionary Security Property – Uses Access Matrix to specify discretionary access control  Remember the hyphen “-” is separation of duties
  • 4. Writing and Reading Orders - Confidentiality  No read up – its confidential so I can’t see a command sent to my boss  No write down – I only need to read what my boss sends me. A lower rank can’t see my orders. I can’t change classification to allow them that access. We are segregated.
  • 5. Biba Integrity Model defined by three goals 1. Integrity Data protected from modification by unauthorized users 2. Data protected from unauthorized modification by authorized users 3. Data is internally and externally consistent. Biba Integrity Model add on to BLP  Lattice Based uses less than or equal to relation  A lattice structure is a set with a least upper bound (LUB) and a greatest lower bound (GLB)  Lattice represents a set of integrity classes (IC) and an ordered relationship  Lattice = (IC, LUB, GUB)
  • 6. Integrity – who created this order – who classified this order? Integrity Axioms  The Simple Integrity Axiom - no reading of lower object from higher subject (No Read Down)  The * (star) Integrity Axiom – No writing from lower subject to higher object (No write Up)  A subject at a lower level of integrity can not invoke a subject at a higher level of integrity
  • 7. Clark-Wilson Integrity Model (Integrity for Commercial Environments) Two elements: well formed transaction and separation of duties.  Developed in 1987 for use in real- world commercial environment  Addresses the three integrity goals  Constrained Data Item (CDI) – A data Item whose integrity is to be preserved  Integrity Verification Procedure (IVP) – confirms that all CDIs have integrity  Transformation Procedure (TP) – transforms a CDI from one integrity state to another integrity state  Unconstrained Data Item – data items outside of the control area of the modeled environment  Requires Integrity Labels
  • 8. Clark-Wilson Integrity Model Information Flow Models  Each object and subject is assigned security class and value; info is constrained to flow in directions that are permitted by the security policy.  Based on state machine and consists of objects, state transitions and lattice (flow policy) states.  Object can be a user  Each object is assigned a security class and value  Information is constrained to flow in the directions permitted by the policy Non-interference Model  Actions of group A using commands C are not seen by users in Group B using commands D
  • 10. (Selection) Approved cryptographic algorithms key sizes Transition plans for weakened compromised algorithms and keys Process crypto systems, standards what / how organization use cryptography Key Management Generation Escrow and Destruction Incident reporting for key loss or compromised cryptographic systems Algorithm Protocol Governance
  • 11. Needed Component Parts to an Encryption Strategy Symmetric for confidentiality (DES, 3DES, IDEA, RC4, AES) Hashing for integrity (MD4, MD5, RIPEMD, SHA-1, SHA-2) Asymmetric for authentication (RSA, El Gamal, ECC elliptic curve crypto) Non Repudiation is Asymmetric plus Hashing – condition where a message is hash encrypted with the sender’s private key
  • 12. Relationship of Encryption to Incidents and Threats Threats Consequences Countermeasures Integrity  Modification of user data  Trojan horse browser  Modification of memory  Modification of message traffic in transit  Loss of information  Compromise of machine  Vulnerability to all other threats  Cryptographic  checksums Confidentiality  Eavesdropping on the net  Theft of info from server  Theft of data from client  Info about network configuration  Info about which client talks to server  Loss of information  Loss of privacy  Encryption  Web  proxies Denial of Service  Killing of user threads  Flooding machine with bogus requests  Filling up disk or memory  Isolating machine via DNS attacks  Disruptive ($$$)  Annoying  Prevent user from getting work done  Rate limiter  IPS and rate based IPS  Blackholing/ Sinkholing  Clean Pipes  Bogon Filtering  WAN Link Failover Authentication  Impersonation of legitimate users  Data forgery  Misrepresentation of user  Belief that false  information is valid  Cryptographic  techniques
  • 13. Symmetric - Confidentiality • Secret Key • Single or one key • Requires secure channel • Pre-shared key • Asymmetric mode or • Diffie Hellman Key exchange Asymmetric - Authentication • Public key crypto • Dual or two key encryption Hash - Integrity • One way transformation • No key • Collision is when 2 inputs get same output Non Repudiation • Digital Signatures • Hash + Asymmetric • Message hash encrypted with sender’s private key Elements needed for Encryption and Encryption Methods
  • 14. Symmetric Encryption Systems DES (Data Encryption Standard)  DES is a block encryption algorithm using 64-bit blocks. It uses a 64 bit key 56 bits of true key and 8 for parity. Characters are put through 16 rounds of transposition and substitution.  Devised in 1972 as a derivation of the “Lucifer” system  DES Describes the DEA (Data Encryption Algorithm)  FIPS PUB 46-1 (1977) and ANSI X3.92 (1981)  64bit blocks, 56 bit key and  16 rounds of transformation  Uses confusion and diffusion for encrypting plain text.  Confusion Conceals statistical connection between ciphertext and plain text. Uses non-linear substitution boxes (S-Boxes)  Diffusion Spreads the influence of a plain text character over many ciphertext characters.
  • 15. DES has 4 distinct modes of operation Electronic Code Book (ECB) It is a block cipher Native encryption method for DES. Electronic codebook literally operates like a code book. For a given block of plaintext and a given key, the same set of ciphertext is always produced. ECB uses padding to round up to a 64 bit block boundary. ECB is used for small amounts of data such as challenge-response or key management. Not good for large amounts of data as patterns would eventually show. Cipher Block Chaining (CBC) In Cipher Block Chaining, the value of the previous block processed is a part of the algorithm and key for the next block, so, patterns are not revealed. This chaining effect means that a particular ciphertext block is dependent on all the blocks that came before it, not just the current block. Cipher Feedback Mode (CFB) It is a stream cipher. Previously generated ciphertext is used as feedback into the key generation source to develop the next keystream. This mode is used when encrypting individual characters is required. Output Feedback Mode (OFB) Similar to CFB, but stream cipher functions by generating a random stream of bits to be combined with the plaintext to create ciphertext. Requires initialization vector. Ciphertext is fed back to the algorithm to form a portion of the next input to encrypt the stream of bits. DES 4 Distinct modes
  • 16. Key Terms Symmetric algorithm Encryption method where the sender and receiver use an instance of the same key for encryption and decryption purposes. Out-of-band method Sending data through an alternate communication channel. Asymmetric algorithm Encryption method that uses two different key types, public and private. Also called public key cryptography. Public key Value used in public key cryptography that is used for encryption and signature validation that can be known by all parties. Private key Value used in public key cryptography that is used for decryption and signature creation and known to only key owner. Public key cryptography Asymmetric cryptography, which uses public and private key values for cryptographic functions. Block cipher Symmetric algorithm type that encrypts chunks (blocks) of data at a time. Diffusion Transposition processes used in encryption functions to increase randomness. Confusion Substitution processes used in encryption functions to increase randomness. Avalanche effect Algorithm design requirement so that slight changes to the input result in drastic changes to the output. Stream cipher Algorithm type that generates a keystream (random values), which is XORd with plaintext for encryption purposes. Keystream generator Component of a stream algorithm that creates random values for encryption purposes. Initialization vectors (IVs) Values that are used with algorithms to increase randomness for cryptographic functions.
  • 17. Triple DES (3DES) Encrypting plaintext with one DES key and then encrypting it with a second DES key is no more secure than using a single DES key, therefore, Triple DES is used to obtain stronger encryption DES-EDE2 2 keys are used. Encrypt with 1, decrypt with 2 and then encrypt with 1 again. DES-EEE2 2 keys used. Encrypt with 1, encrypt with 2, encrypt with 1. DES-EEE3 3 keys used. Encrypt with 1, encrypt with 2, encrypt with 3. Most secure, but requires 3 keys.
  • 18. Advanced Encryption Standard (AES) Uses Rjindael block cipher, specifies three key sizes; 128, 192 or 256 bit. Choice of key determines encryption level. AES is the government standard for encrypting SBU information. Best suited for hardware encryption. The number of rounds of transformation is a function of the key size used 256 bit – 14 rounds. 192 bit – 12 rounds. 128 bit – 10 rounds.
  • 19. Symmetric Algorithms that provide bulk (data) Encryption services only DES and 3DES TwoFish  128 bit blocks in 16 rounds. Key lengths can be up to 256 bits. BlowFish  A block cipher operating on 64 bit blocks with a key length of up to 448 bits. The blocks go through 16 rounds of crypto functions. IDEA  Ideas stands for International Data Encryption Algorithm. It operates on 64 bit blocks and uses a 128 bit key. (cont)
  • 20. Symmetric Algorithms that provide bulk (data) Encryption services only IDEA (cont)  Performs 8 rounds on 16 bit sub- blocks. Each 64 bit block is divided into 16 smaller blocks and each block has 8 rounds of mathematical functions performed on it.  IDEA is harder to crack than DES for the same keysize and is used in PGP. RC5  Block cipher of variable block length. Key can be 0-2048 bits, blocks can be 32, 64 or 128 bits and the number of rounds can be 0 – 255. Created by Ron Rivest and patented by RSA data.
  • 21. . Asymmetric Encryption Algorithms – Authentication and Public Key Crypto RSA  Defacto standard for public encryption. Invented by Ron Rivest, Adi Shamir and Leonard Adleman. Developed at MIT. Security comes from the difficulty of factoring large numbers. Public and private key are functions of a pair of large prime numbers. RSA is used in many web browsers with SSL. El-Gamal  Extends Diffie-Hellman to apply to encryption to digital signatures. Based on calculating discrete logarithms in a finite field. Elliptical Curve Cryptosystem (ECC)  Provides much of the same functionality as RSA Digital signatures, secure key distribution and encryption. ECC is very resource efficient – ideal for smaller devices. ECC providers higher protection with smaller keys than RSA. An ECC key of 160 bits is equivalent to a 1024- bit RSA key.
  • 22. . Asymmetric Encryption Algorithms Public Key Cryptography  Public key cryptography uses asymmetric encryption for key encryption and secret key encryption for data. We use an asymmetric algorithm to encrypt the secret key. Diffie-Hellman  Used for key distribution, NOT encryption and decryption. Subjects can exchange session keys over a non-secure medium without exposing the keys. Session-Key  “Secret” key used for one data exchange only. Usually randomly generated then encrypted using public cryptography
  • 23. Public Key Infrastructure (PKI) – X.509  PKI is an ISO authentication framework that uses public key cryptography and X.509 standard protocols.  PKI provides authentication, confidentiality, non-repudiation and message integrity.  The PKI infrastructure contains the pieces that will identify the user, distribute and maintain keys, distribute and maintain certificates and allow certificate revocation.  Each individual taking part in PKI needs a digital signature signed by a CA.  Some well-known Certification Authorities are Entrust and VeriSign. The old method of revocation is handled by the certification revocation list (CRL).  New revocation is via Online Certificate Status Protocol OCSP
  • 24. PKI is made up of the following entities and functions Certification Authorities Registration Authorities Certificate Repository Certificate Revocation System Key backup and recovery system Automatic key update Management of key histories Cross- certification with other CAs Time stamping Client side software
  • 25. Uses for PKI (Public Key Infrastructure) IPSec & VPN Authentication General User Authentication Code & Driver Signing Wireless Authentication Network Access Control Protection (NAC/NAP) Digital Signatures
  • 26. LDAP, ISAKMP, IKE  LDAP is the standard format for accessing certification repositories. Availability and Integrity of LDAP servers is a concern.  ISAKMP Internet Security Association and Key Management Protocol.  IKE ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley, combined. In general  ISAKMP defined the phases for establishing a secure relationship  SKEME describes a secure exchange mechanism  Oakley defined the modes of operation needed to establish a secure connection.
  • 28. Can you match the exploit name to exploited protocol? Exploit Vulnerability A. RC4 - does not require MITM, passive sniffing or eavesdropping, also vulnerable to MITM B. SSL 3.0 enables MITM - must be disabled, was already replaced by TLS 1.0, only works while victim is online and attacker is near C. OpenSSL - missing bound check during TLS heartbeat, eavesdrop web, email, IM, VPN, reads system memory to get secret keys used to encrypt traffic, names, passwords, content. D. *NIX OS, exploited via CGI, attacker can tack-on malicious code to the environment variable E. Factoring Attack on RSA-EXPORT - weak cipher suite SSLv3 F. TLS 1.0 browser reveals session id;java script compares block cipher msg hash and deduces IV out of CBC-steal first block before XOR G. TLS 1.0 and SPDY Compression Ratio Info-Leak Mass Exploitation H. Schannel - remote code execution vulnerability D Bash Bug ShellShock H WinShock C Heartbleed B POODLE (Padding Oracle On Downgraded Legacy Encryption) E Freak G Crime F Beast A Bar Mitzvah
  • 29.
  • 30. Denial-of-Service Attacks Prevents a systems from processing or responding to legitimate traffic Transmits data packets Exploits a known fault in an OS, service or application Results in system crash or CPU at 100%
  • 31. Distributed reflective denial of service DRDoS Reflected approach, rather than direct to victim, manipulates traffic so that attack is reflected back to victim from other sources Example: DNS Poisoning and SMURF
  • 32. Smurf and Fraggle Attacks A smurf attack is another type of flood attack, but it floods the victim with Internet Control Message Protocol (ICMP) echo packets instead of with TCP SYN packets. More specifically, it is a spoofed broadcast ping request using the IP address of the victim as the source IP address. Ping uses ICMP to check connectivity with remote systems. Normally, ping sends an echo request to a single system, and the system responds with an echo reply. However, in a smurf attack the attacker sends the echo request out as a broadcast to all systems on the network and spoofs the source IP address. All these systems respond with echo replies to the spoofed IP address, flooding the victim with traffic.
  • 33. Smurf amplifier  Smurf attacks take advantage of an amplifying network (also called a smurf amplifier) by sending a directed broadcast through a router. All systems on the amplifying network then attack the victim. However, RFC 2644, released in 1999, changed the standard default for routers so that they do not forward directed broadcast traffic. When administrators correctly configure routers in compliance with RFC 2644, a network cannot be an amplifying network. This limits smurf attacks to a single network. Additionally, it’s becoming common to disable ICMP on firewalls, routers, and even many servers to prevent any type of attacks using ICMP. When standard security practices are used, smurf attacks are rarely a problem today.
  • 34. Fraggle Fraggle attacks are similar to smurf attacks. However, instead of using ICMP, a fraggle attack uses UDP packets over UDP ports 7 and 19. The fraggle attack will broadcast a UDP packet using the spoofed IP address of the victim. All systems on the network will then send traffic to the victim, just as with a smurf attack. La la, lala lah la, la la la ladi dah (smurf song)
  • 35. Botnets Robots or Zombies, introduced through malware, often browser based Allows a herder to send instructions to the computer Examples Gamover Zues GOZ, CrytoLocker ransomware Simda Esthost DNS Changer
  • 36. Ping of Death – Teardrop and Land Attacks POD Oversized packets, changes size of packets to over 64KB Results crash, buffer overflow Rarely successful today Teardrop Fragments traffic so data can’t be put back together Land Attacks Sends spoofed SYN packets as both source and destination
  • 37. SSLv3 is broken What is SSLv3 Performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.
  • 38. What is SSL and how did it get here? Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network.
  • 39. Security protocol (cryptographic protocol or encryption protocol) Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects: Key agreement or establishment Entity authentication Symmetric encryption and message authentication material construction Secured application-level data transport
  • 40. Security protocol (cryptographic protocol or encryption protocol)  Non-repudiation methods  Secret sharing methods  Secure multi-party computation  For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP/HTTPS) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non- repudiation support.
  • 41. Encrypted messages are exchanged SSL client “finished” SSL Server “finished” Server decrypts the session key If required, SSL Server verifies client certificate Session key exchange SSL Client sends certificate Client encrypts session key SSL client sends secret key information (encrypted with server public key) Client validates certificate and crypto SSL Client verifies server certificate Checks cryptographic parameters Server Responds SSL Server sends “Hello” Sends Server certificate & optional “client certificate request” Client Web Request SSL Client sends “Hello” SSL Client to SSL Server Encryption and Key Exchange
  • 42. Ring Layer Protection in Computing Systems