SlideShare a Scribd company logo

CCNA Security 012- cryptographic systems

ā€¢Download as PPT, PDFā€¢
ā€¢
Ahmed Habib
Ahmed Habib

CCNA Security 640-554 By Eng-Ahmed Sultan

Education
1 of 32
11- Cryptographic Systems Ahmed Sultan CCNA | CCNA Security | CCNP Security | JNCIA-Junos | CEH Ā© 2009 Cisco Learning Institute. 1
Secure Communications MARS CSA Remote Branch VPN VPN Iron Port Firewall IPS Web Server CSA Email Server DNS CSA CSA CSA CSA CSA CSA ā€¢ Traffic between sites must be secure ā€¢ Measures must be taken to ensure it cannot be altered, forged, or deciphered if intercepted Ā© 2009 Cisco Learning Institute. 2
Authentication ā€¢ An ATM Personal Information Number (PIN) is required for authentication. ā€¢ The PIN is a shared secret between a bank account holder and the financial institution. Ā© 2009 Cisco Learning Institute. 3
Integrity ā€¢ An unbroken wax seal on an envelop ensures integrity. ā€¢ The unique unbroken seal ensures no one has read the contents. Ā© 2009 Cisco Learning Institute. 4
Confidentiality ā€¢ Julius Caesar would send encrypted messages to his generals in the battlefield. ā€¢ Even if intercepted, his enemies usually could not read, let alone decipher, the messages. I O D Q N H D V W D W W D F N D W G D Z Q Ā© 2009 Cisco Learning Institute. 5
Transposition Ciphers FLANK EAST ATTACK AT DAWN Clear Text F...K...T...T...A...W. .L.N.E.S.A.T.A.K.T.A.N ..A...A...T...C...D... FKTTAW LNESATAKTAN AATCD Ciphered Text 1 2 3 The clear text message would be encoded using a key of 3. Use a rail fence cipher and a key of 3. The clear text message would appear as follows. Ā© 2009 Cisco Learning Institute. 6
Substitution Ciphers Caesar Cipher The clear text message would be encoded using a key of 3. FLANK EAST ATTACK AT DAWN Clear text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C IODQN HDVW DWWDFN DW GDZQ Cipherered text 1 2 3 Shift the top scroll over by three characters (key of 3), an A becomes D, B becomes E, and so on. The clear text message would be encrypted as follows using a key of 3. Ā© 2009 Cisco Learning Institute. 7
Cipher Wheel FLANK EAST ATTACK AT DAWN Clear text IODQN HDVW DWWDFN DW GDZQ Cipherered text 1 2 3 The clear text message would be encoded using a key of 3. Shifting the inner wheel by 3, then the A becomes D, B becomes E, and so on. The clear text message would appear as follows using a key of 3. Ā© 2009 Cisco Learning Institute. 8
Cryptanalysis Methods Brute Force Attack Known Ciphertext Successfully Unencrypted Key found With a Brute Force attack, the attacker has some portion of ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys. Ā© 2009 Cisco Learning Institute. 9
Mat-in-the-Middle Attack Known Ciphertext Known Plaintext Use every possible decryption key until a result is found matching the corresponding plaintext. Use every possible encryption key until a result is found matching the corresponding ciphertext. MATCH of Ciphertext! Key found With a Man-in-the-Middle attack, the attacker has some portion of text in both plaintext and ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys while at the same time encrypt the plaintext with another set of possible keys until one match is found. Ā© 2009 Cisco Learning Institute. 10
Defining Cryptology Cryptology Cryptography + Cryptanalysis Ā© 2009 Cisco Learning Institute. 11
Cryptanalysis Ā© 2009 Cisco Learning Institute. 12
Cryptographic Hashes, Protocols, and Algorithm Examples IInntteeggrriittyy AAuutthheennttiiccaattiioonn CCoonnffiiddeennttiiaalliittyy MD5 SHA HMAC-MD5 HMAC-SHA-1 RSA and DSA DES 3DES AES SEAL RC (RC2, RC4, RC5, and RC6) HASH HASH w/Key Encryption Ā© 2009 Cisco Learning Institute. 13
Hashing Basics ā€¢ Hashes are used for integrity assurance. ā€¢ Hashes are based on one-way functions. ā€¢ The hash function hashes arbitrary data into a fixed-length digest known as the hash value, message digest, digest, or fingerprint. Data of Arbitrary Length Fixed-Length Hash Value e883aa0b24c09f Ā© 2009 Cisco Learning Institute. 14
Hashing Properties XW hy is x not in Parens? (H) Why is H in Parens? h e883aa0b24c09f h = H (x) Arbitrary length text Hash Function Hash Value Ā© 2009 Cisco Learning Institute. 15
Hashing in Action ā€¢ Vulnerable to man-in-the-middle attacks - Hashing does not provide security to transmission. ā€¢ Well-known hash functions - MD5 with 128-bit hashes - SHA-1 with 160-bit hashes Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars Internet I would like to cash this Pay to Alex Jones $1000.00 One Thousand and xx/100 Dollars 4ehIDx67NMop9 12ehqPx67NMoX Match = No changes No match = Alterations check. Ā© 2009 Cisco Learning Institute. 16
MD5 ā€¢ MD5 is a ubiquitous hashing algorithm ā€¢ Hashing properties - One-way functionā€”easy to compute hash and infeasible to compute data given a hash - Complex sequence of simple binary operations (XORs, rotations, etc.) which finally produces a 128-bit hash. MD5 Ā© 2009 Cisco Learning Institute. 17
SHA ā€¢ SHA is similar in design to the MD4 and MD5 family of hash functions - Takes an input message of no more than 264 bits - Produces a 160-bit message digest ā€¢ The algorithm is slightly slower than MD5. ā€¢ SHA-1 is a revision that corrected an unpublished flaw in the original SHA. ā€¢ SHA-224, SHA-256, SHA-384, and SHA- 512 are newer and more secure versions of SHA and are collectively known as SHA-2. SHA Ā© 2009 Cisco Learning Institute. 18
Hashing Example In this example the clear text entered is displaying hashed results using MD5, SHA-1, and SHA256. Notice the difference in key lengths between the various algorithm. The longer the key, the more secure the hash function. Ā© 2009 Cisco Learning Institute. 19
Features of HMAC ā€¢ Uses an additional secret key as input to the hash function ā€¢ The secret key is known to the sender and receiver - Adds authentication to integrity assurance - Defeats man-in-the-middle attacks ā€¢ Based on existing hash functions, such as MD5 and SHA-1. Data of Arbitrary Length Fixed Length Authenticated Hash Value + Secret Key e883aa0b24c09f The same procedure is used for generation and verification of secure fingerprints Ā© 2009 Cisco Learning Institute. 20
HMAC Example Data Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars HMAC (Authenticated Fingerprint) Secret Key 4ehIDx67NMop9 Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars 4ehIDx67NMop9 Received Data Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars HMAC (Authenticated Fingerprint) Secret Key 4ehIDx67NMop9 If the generated HMAC matches the sent HMAC, then integrity and authenticity have been verified. If they donā€™t match, discard the message. Ā© 2009 Cisco Learning Institute. 21
Using Hashing e883aa0b24c09f Fixed-Length Hash Value Data Integrity Entity Authentication Data Authenticity ā€¢ Routers use hashing with secret keys ā€¢ IPSec gateways and clients use hashing algorithms ā€¢ Software images downloaded from the website have checksums ā€¢ Sessions can be encrypted Ā© 2009 Cisco Learning Institute. 22
Keyspace DES Key Keyspace # of Possible Keys 56-bit 256 11111111 11111111 11111111 11111111 11111111 11111111 11111111 72,000,000,000,000,000 57-bit 257 11111111 11111111 11111111 11111111 11111111 11111111 11111111 1 144,000,000,000,000,000 58-bit 258 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11 288,000,000,000,000,000 59-bit 259 11111111 11111111 11111111 11111111 11111111 11111111 11111111 111 576,000,000,000,000,000 Twice as much time Four time as much time With 60-bit DES an attacker would require sixteen more time than 56-bit DES ļƒ¼For each 60-bit added to the DES key, the attacker 1w,1o5u2l,d0 0re0,q0u0i0re,0 0tw0,i0c0e0 t,h00e0 amount of time to search the keyspace. ļƒ¼Longer keys are more secure but are also more resource intensive and can affect throughput. 260 11111111 11111111 11111111 11111111 11111111 11111111 11111111 1111 Ā© 2009 Cisco Learning Institute. 23
Types of Keys Digital Hash Signature Asymmetric Key Symmetric Key Protection up 80 1248 160 160 to 3 years Protection up 96 1776 192 192 to 10 years Protection up 112 2432 224 224 to 20 years Protection up 128 3248 256 256 to 30 years Protection against 256 15424 512 512 quantum computers ļƒ¼Calculations are based on the fact that computing power will continue to grow at its present rate and the ability to perform brute-force attacks will grow at the same rate. ļƒ¼Note the comparatively short symmetric key lengths illustrating that symmetric algorithms are the strongest type of algorithm. Ā© 2009 Cisco Learning Institute. 24
Shorter keys = faster processing, but less secure Longer keys = slower processing, but more secure Key Properties Ā© 2009 Cisco Learning Institute. 25
Symmetric Encryption Pre-shared key Key Key Encrypt Decrypt $1000 $!@#IQ $1000 ā€¢ Best known as shared-secret key algorithms ā€¢ The usual key length is 80 - 256 bits ā€¢ A sender and receiver must share a secret key ā€¢ Faster processing because they use simple mathematical operations. ā€¢ Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. Ā© 2009 Cisco Learning Institute. 26
Symmetric Algorithms Symmetric Encryption Algorithm Key length (in bits) Description DES 56 Designed at IBM during the 1970s and was the NIST standard until 1997. Although considered outdated, DES remains widely in use. Designed to be implemented only in hardware, and is therefore extremely slow in software. 3DES 112 and 168 Based on using DES three times which means that the input data is encrypted three times and therefore considered much stronger than DES. However, it is rather slow compared to some new block ciphers such as AES. AES 128, 192, and 256 Fast in both software and hardware, is relatively easy to implement, and requires little memory. As a new encryption standard, it is currently being deployed on a large scale. Software Encryption Algorithm (SEAL) 160 SEAL is an alternative algorithm to DES, 3DES, and AES. It uses a 160-bit encryption key and has a lower impact to the CPU when compared to other software-based algorithms. The RC series RC2 (40 and 64) RC4 (1 to 256) RC5 (0 to 2040) RC6 (128, 192, and 256) A set of symmetric-key encryption algorithms invented by Ron Rivest. RC1 was never published and RC3 was broken before ever being used. RC4 is the world's most widely used stream cipher. RC6, a 128-bit block cipher based heavily on RC5, was an AES finalist developed in 1997. Ā© 2009 Cisco Learning Institute. 27
Asymmetric Encryption Two separate keys which are not shared Encryption Key Decryption Key Encrypt Decrypt $1000 %3f7&4 $1000 ā€¢ Also known as public key algorithms ā€¢ The usual key length is 512ā€“4096 bits ā€¢ A sender and receiver do not share a secret key ā€¢ Relatively slow because they are based on difficult computational algorithms ā€¢ Examples include RSA, ElGamal and DH. Ā© 2009 Cisco Learning Institute. 28
How Asymmetric Encryption works ? Computer A acquires Computer Bā€™s public key A Private Key Computer A B Private Key Can I get your Public Key please? Here is my Public Key. Computer B Public Key Computer A Public Key Computer B Computer A transmits The encrypted message to Computer B Computer A uses Computer Bā€™s public key to encrypt a message using an agreed-upon algorithm Computer B uses its private key to decrypt and reveal the message Ā© 2009 Cisco Learning Institute. 29
Asymmetric Key Algorithms Key length (in bits) Description DH 512, 1024, 2048 Invented in 1976 by Whitfield Diffie and Martin Hellman. Two parties to agree on a key that they can use to encrypt messages The assumption is that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome. Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA) 512 - 1024 Created by NIST and specifies DSA as the algorithm for digital signatures. A public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar with RSA, but is slower for verification. RSA encryption algorithms 512 to 2048 Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977 Based on the current difficulty of factoring very large numbers Suitable for signing as well as encryption Widely used in electronic commerce protocols EIGamal 512 - 1024 Based on the Diffie-Hellman key agreement. Described by Taher Elgamal in 1984and is used in GNU Privacy Guard software, PGP, and other cryptosystems. The encrypted message becomes about twice the size of the original message and for this reason it is only used for small messages such as secret keys Ā© 2009 Cisco Learning Institute. 30
Digital Signatures ā€¢ The signature is authentic and not forgeable: The signature is proof that the signer, and no one else, signed the document. ā€¢ The signature is not reusable: The signature is a part of the document and cannot be moved to a different document. ā€¢ The signature is unalterable: After a document is signed, it cannot be altered. ā€¢ The signature cannot be repudiated: For legal purposes, the signature and the document are considered to be physical things. The signer cannot claim later that they did not sign it. Ā© 2009 Cisco Learning Institute. 31
CCNA Security 012- cryptographic systems

Recommended

CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeAhmed Habib
Ā 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoĆ ng Hįŗ£i Nguyį»…n
Ā 
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice ExamCisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice ExamJysmeen
Ā 
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsAhmed Habib
Ā 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
Ā 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
Ā 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
Ā 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
Ā 

Recommended

CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeAhmed Habib
Ā 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoĆ ng Hįŗ£i Nguyį»…n
Ā 
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice ExamCisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice ExamJysmeen
Ā 
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsAhmed Habib
Ā 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
Ā 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
Ā 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
Ā 
CCNA Security - Chapter 2
CCNA Security - Chapter 2CCNA Security - Chapter 2
CCNA Security - Chapter 2Irsandi Hasan
Ā 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
Ā 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
Ā 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
Ā 
CCNA Security - Chapter 4
CCNA Security - Chapter 4CCNA Security - Chapter 4
CCNA Security - Chapter 4Irsandi Hasan
Ā 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
Ā 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
Ā 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPNmohannadalhanahnah
Ā 
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Solomon Abavire Kobina,
Ā 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
Ā 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
Ā 
CCA security answers chapter 2 test
CCA security answers chapter 2 testCCA security answers chapter 2 test
CCA security answers chapter 2 testSoporte Yottatec
Ā 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
Ā 
Ccna security
Ccna securityCcna security
Ccna securitydkaya
Ā 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewallmohannadalhanahnah
Ā 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
Ā 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLETariq Sheikh
Ā 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
Ā 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overviewali raza
Ā 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
Ā 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
Ā 
CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8Irsandi Hasan
Ā 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
Ā 

More Related Content

What's hot

CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
Ā 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
Ā 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
Ā 
CCNA Security - Chapter 4
CCNA Security - Chapter 4CCNA Security - Chapter 4
CCNA Security - Chapter 4Irsandi Hasan
Ā 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
Ā 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
Ā 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
Ā 
CCA security answers chapter 2 test
CCA security answers chapter 2 testCCA security answers chapter 2 test
CCA security answers chapter 2 testSoporte Yottatec
Ā 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
Ā 
Ccna security
Ccna securityCcna security
Ccna securitydkaya
Ā 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
Ā 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLETariq Sheikh
Ā 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
Ā 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overviewali raza
Ā 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
Ā 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
Ā 

What's hot (20)

CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3
Ā 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overview
Ā 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context Training
Ā 
CCNA Security - Chapter 4
CCNA Security - Chapter 4CCNA Security - Chapter 4
CCNA Security - Chapter 4
Ā 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6
Ā 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Ā 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPN
Ā 
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2
Ā 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewall
Ā 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewall
Ā 
CCA security answers chapter 2 test
CCA security answers chapter 2 testCCA security answers chapter 2 test
CCA security answers chapter 2 test
Ā 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Ā 
Ccna security
Ccna securityCcna security
Ccna security
Ā 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
Ā 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
Ā 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLE
Ā 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
Ā 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overview
Ā 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
Ā 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
Ā 

Viewers also liked

CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8Irsandi Hasan
Ā 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
Ā 
CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8Irsandi Hasan
Ā 
CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7Irsandi Hasan
Ā 
CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4Irsandi Hasan
Ā 
CCNA Security - Chapter 9
CCNA Security - Chapter 9CCNA Security - Chapter 9
CCNA Security - Chapter 9Irsandi Hasan
Ā 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5Irsandi Hasan
Ā 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7Irsandi Hasan
Ā 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8Irsandi Hasan
Ā 
ITE - Chapter 9
ITE - Chapter 9ITE - Chapter 9
ITE - Chapter 9Irsandi Hasan
Ā 
ITE - Chapter 7
ITE - Chapter 7ITE - Chapter 7
ITE - Chapter 7Irsandi Hasan
Ā 
ITE - Chapter 2
ITE - Chapter 2ITE - Chapter 2
ITE - Chapter 2Irsandi Hasan
Ā 
CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1Irsandi Hasan
Ā 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4Irsandi Hasan
Ā 
CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6Irsandi Hasan
Ā 
CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11Irsandi Hasan
Ā 
CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2Irsandi Hasan
Ā 
CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3Irsandi Hasan
Ā 
CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1Irsandi Hasan
Ā 

Viewers also liked (20)

CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8CCNA Exploration 4 - Chapter 8
CCNA Exploration 4 - Chapter 8
Ā 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
Ā 
CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8CCNA RS_NB - Chapter 8
CCNA RS_NB - Chapter 8
Ā 
CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7CCNA Exploration 4 - Chapter 7
CCNA Exploration 4 - Chapter 7
Ā 
CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4CCNA Discovery 1 - Chapter 4
CCNA Discovery 1 - Chapter 4
Ā 
CCNA Security - Chapter 9
CCNA Security - Chapter 9CCNA Security - Chapter 9
CCNA Security - Chapter 9
Ā 
CCNA Security - Chapter 5
CCNA Security - Chapter 5CCNA Security - Chapter 5
CCNA Security - Chapter 5
Ā 
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
Ā 
CCNA Security - Chapter 8
CCNA Security - Chapter 8CCNA Security - Chapter 8
CCNA Security - Chapter 8
Ā 
ITE - Chapter 9
ITE - Chapter 9ITE - Chapter 9
ITE - Chapter 9
Ā 
OSPF v3
OSPF v3OSPF v3
OSPF v3
Ā 
ITE - Chapter 7
ITE - Chapter 7ITE - Chapter 7
ITE - Chapter 7
Ā 
ITE - Chapter 2
ITE - Chapter 2ITE - Chapter 2
ITE - Chapter 2
Ā 
CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1CCNA Discovery 1 - Chapter 1
CCNA Discovery 1 - Chapter 1
Ā 
CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4CCNA RS_ITN - Chapter 4
CCNA RS_ITN - Chapter 4
Ā 
CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6CCNA Exploration 4 - Chapter 6
CCNA Exploration 4 - Chapter 6
Ā 
CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11CCNA Exploration 2 - Chapter 11
CCNA Exploration 2 - Chapter 11
Ā 
CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2CCNA Discovery 3 - Chapter 2
CCNA Discovery 3 - Chapter 2
Ā 
CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3CCNA Discovery 3 - Chapter 3
CCNA Discovery 3 - Chapter 3
Ā 
CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1CCNA Discovery 3 - Chapter 1
CCNA Discovery 3 - Chapter 1
Ā 

Similar to CCNA Security 012- cryptographic systems

Cryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationCryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationPriyanka Aash
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoHarry Potter
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoJames Wong
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoYoung Alista
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoDavid Hoen
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoTony Nguyen
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoLuis Goldster
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoFraboni Ec
Ā 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesKernel TLV
Ā 
CH02-CompSec4e.pptx
CH02-CompSec4e.pptxCH02-CompSec4e.pptx
CH02-CompSec4e.pptxams1ams11
Ā 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developersKai Koenig
Ā 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
Ā 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
Ā 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
Ā 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsAFRINIC
Ā 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
Ā 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
Ā 
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxTM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxMohammedYusuf609377
Ā 
Cryptography
CryptographyCryptography
CryptographyRohan04
Ā 

Similar to CCNA Security 012- cryptographic systems (20)

Cryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationCryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotation
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Ā 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Ā 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
Ā 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Ā 
CH02-CompSec4e.pptx
CH02-CompSec4e.pptxCH02-CompSec4e.pptx
CH02-CompSec4e.pptx
Ā 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Ā 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
Ā 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
Ā 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
Ā 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
Ā 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
Ā 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
Ā 
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxTM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptx
Ā 
Cryptography
CryptographyCryptography
Cryptography
Ā 

Recently uploaded

Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
Ā 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
Ā 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
Ā 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
Ā 
call girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļø
call girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļøcall girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļø
call girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļø9953056974 Low Rate Call Girls In Saket, Delhi NCR
Ā 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
Ā 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
Ā 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
Ā 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
Ā 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
Ā 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
Ā 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
Ā 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
Ā 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
Ā 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
Ā 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
Ā 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
Ā 

Recently uploaded (20)

Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
Ā 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
Ā 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
Ā 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
Ā 
call girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļø
call girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļøcall girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļø
call girls in Kamla Market (DELHI) šŸ” >ą¼’9953330565šŸ” genuine Escort Service šŸ”āœ”ļøāœ”ļø
Ā 
Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”
Ā 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
Ā 
CĆ³digo Creativo y Arte de Software | Unidad 1
CĆ³digo Creativo y Arte de Software | Unidad 1CĆ³digo Creativo y Arte de Software | Unidad 1
CĆ³digo Creativo y Arte de Software | Unidad 1
Ā 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
Ā 
Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Bikash Puri Delhi reach out to us at šŸ”9953056974šŸ”
Ā 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Ā 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
Ā 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Ā 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
Ā 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Ā 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Ā 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
Ā 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Ā 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
Ā 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
Ā 

CCNA Security 012- cryptographic systems

  • 1. 11- Cryptographic Systems Ahmed Sultan CCNA | CCNA Security | CCNP Security | JNCIA-Junos | CEH Ā© 2009 Cisco Learning Institute. 1
  • 2. Secure Communications MARS CSA Remote Branch VPN VPN Iron Port Firewall IPS Web Server CSA Email Server DNS CSA CSA CSA CSA CSA CSA ā€¢ Traffic between sites must be secure ā€¢ Measures must be taken to ensure it cannot be altered, forged, or deciphered if intercepted Ā© 2009 Cisco Learning Institute. 2
  • 3. Authentication ā€¢ An ATM Personal Information Number (PIN) is required for authentication. ā€¢ The PIN is a shared secret between a bank account holder and the financial institution. Ā© 2009 Cisco Learning Institute. 3
  • 4. Integrity ā€¢ An unbroken wax seal on an envelop ensures integrity. ā€¢ The unique unbroken seal ensures no one has read the contents. Ā© 2009 Cisco Learning Institute. 4
  • 5. Confidentiality ā€¢ Julius Caesar would send encrypted messages to his generals in the battlefield. ā€¢ Even if intercepted, his enemies usually could not read, let alone decipher, the messages. I O D Q N H D V W D W W D F N D W G D Z Q Ā© 2009 Cisco Learning Institute. 5
  • 6. Transposition Ciphers FLANK EAST ATTACK AT DAWN Clear Text F...K...T...T...A...W. .L.N.E.S.A.T.A.K.T.A.N ..A...A...T...C...D... FKTTAW LNESATAKTAN AATCD Ciphered Text 1 2 3 The clear text message would be encoded using a key of 3. Use a rail fence cipher and a key of 3. The clear text message would appear as follows. Ā© 2009 Cisco Learning Institute. 6
  • 7. Substitution Ciphers Caesar Cipher The clear text message would be encoded using a key of 3. FLANK EAST ATTACK AT DAWN Clear text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C IODQN HDVW DWWDFN DW GDZQ Cipherered text 1 2 3 Shift the top scroll over by three characters (key of 3), an A becomes D, B becomes E, and so on. The clear text message would be encrypted as follows using a key of 3. Ā© 2009 Cisco Learning Institute. 7
  • 8. Cipher Wheel FLANK EAST ATTACK AT DAWN Clear text IODQN HDVW DWWDFN DW GDZQ Cipherered text 1 2 3 The clear text message would be encoded using a key of 3. Shifting the inner wheel by 3, then the A becomes D, B becomes E, and so on. The clear text message would appear as follows using a key of 3. Ā© 2009 Cisco Learning Institute. 8
  • 9. Cryptanalysis Methods Brute Force Attack Known Ciphertext Successfully Unencrypted Key found With a Brute Force attack, the attacker has some portion of ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys. Ā© 2009 Cisco Learning Institute. 9
  • 10. Mat-in-the-Middle Attack Known Ciphertext Known Plaintext Use every possible decryption key until a result is found matching the corresponding plaintext. Use every possible encryption key until a result is found matching the corresponding ciphertext. MATCH of Ciphertext! Key found With a Man-in-the-Middle attack, the attacker has some portion of text in both plaintext and ciphertext. The attacker attempts to unencrypt the ciphertext with all possible keys while at the same time encrypt the plaintext with another set of possible keys until one match is found. Ā© 2009 Cisco Learning Institute. 10
  • 11. Defining Cryptology Cryptology Cryptography + Cryptanalysis Ā© 2009 Cisco Learning Institute. 11
  • 12. Cryptanalysis Ā© 2009 Cisco Learning Institute. 12
  • 13. Cryptographic Hashes, Protocols, and Algorithm Examples IInntteeggrriittyy AAuutthheennttiiccaattiioonn CCoonnffiiddeennttiiaalliittyy MD5 SHA HMAC-MD5 HMAC-SHA-1 RSA and DSA DES 3DES AES SEAL RC (RC2, RC4, RC5, and RC6) HASH HASH w/Key Encryption Ā© 2009 Cisco Learning Institute. 13
  • 14. Hashing Basics ā€¢ Hashes are used for integrity assurance. ā€¢ Hashes are based on one-way functions. ā€¢ The hash function hashes arbitrary data into a fixed-length digest known as the hash value, message digest, digest, or fingerprint. Data of Arbitrary Length Fixed-Length Hash Value e883aa0b24c09f Ā© 2009 Cisco Learning Institute. 14
  • 15. Hashing Properties XW hy is x not in Parens? (H) Why is H in Parens? h e883aa0b24c09f h = H (x) Arbitrary length text Hash Function Hash Value Ā© 2009 Cisco Learning Institute. 15
  • 16. Hashing in Action ā€¢ Vulnerable to man-in-the-middle attacks - Hashing does not provide security to transmission. ā€¢ Well-known hash functions - MD5 with 128-bit hashes - SHA-1 with 160-bit hashes Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars Internet I would like to cash this Pay to Alex Jones $1000.00 One Thousand and xx/100 Dollars 4ehIDx67NMop9 12ehqPx67NMoX Match = No changes No match = Alterations check. Ā© 2009 Cisco Learning Institute. 16
  • 17. MD5 ā€¢ MD5 is a ubiquitous hashing algorithm ā€¢ Hashing properties - One-way functionā€”easy to compute hash and infeasible to compute data given a hash - Complex sequence of simple binary operations (XORs, rotations, etc.) which finally produces a 128-bit hash. MD5 Ā© 2009 Cisco Learning Institute. 17
  • 18. SHA ā€¢ SHA is similar in design to the MD4 and MD5 family of hash functions - Takes an input message of no more than 264 bits - Produces a 160-bit message digest ā€¢ The algorithm is slightly slower than MD5. ā€¢ SHA-1 is a revision that corrected an unpublished flaw in the original SHA. ā€¢ SHA-224, SHA-256, SHA-384, and SHA- 512 are newer and more secure versions of SHA and are collectively known as SHA-2. SHA Ā© 2009 Cisco Learning Institute. 18
  • 19. Hashing Example In this example the clear text entered is displaying hashed results using MD5, SHA-1, and SHA256. Notice the difference in key lengths between the various algorithm. The longer the key, the more secure the hash function. Ā© 2009 Cisco Learning Institute. 19
  • 20. Features of HMAC ā€¢ Uses an additional secret key as input to the hash function ā€¢ The secret key is known to the sender and receiver - Adds authentication to integrity assurance - Defeats man-in-the-middle attacks ā€¢ Based on existing hash functions, such as MD5 and SHA-1. Data of Arbitrary Length Fixed Length Authenticated Hash Value + Secret Key e883aa0b24c09f The same procedure is used for generation and verification of secure fingerprints Ā© 2009 Cisco Learning Institute. 20
  • 21. HMAC Example Data Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars HMAC (Authenticated Fingerprint) Secret Key 4ehIDx67NMop9 Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars 4ehIDx67NMop9 Received Data Pay to Terry Smith $100.00 One Hundred and xx/100 Dollars HMAC (Authenticated Fingerprint) Secret Key 4ehIDx67NMop9 If the generated HMAC matches the sent HMAC, then integrity and authenticity have been verified. If they donā€™t match, discard the message. Ā© 2009 Cisco Learning Institute. 21
  • 22. Using Hashing e883aa0b24c09f Fixed-Length Hash Value Data Integrity Entity Authentication Data Authenticity ā€¢ Routers use hashing with secret keys ā€¢ IPSec gateways and clients use hashing algorithms ā€¢ Software images downloaded from the website have checksums ā€¢ Sessions can be encrypted Ā© 2009 Cisco Learning Institute. 22
  • 23. Keyspace DES Key Keyspace # of Possible Keys 56-bit 256 11111111 11111111 11111111 11111111 11111111 11111111 11111111 72,000,000,000,000,000 57-bit 257 11111111 11111111 11111111 11111111 11111111 11111111 11111111 1 144,000,000,000,000,000 58-bit 258 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11 288,000,000,000,000,000 59-bit 259 11111111 11111111 11111111 11111111 11111111 11111111 11111111 111 576,000,000,000,000,000 Twice as much time Four time as much time With 60-bit DES an attacker would require sixteen more time than 56-bit DES ļƒ¼For each 60-bit added to the DES key, the attacker 1w,1o5u2l,d0 0re0,q0u0i0re,0 0tw0,i0c0e0 t,h00e0 amount of time to search the keyspace. ļƒ¼Longer keys are more secure but are also more resource intensive and can affect throughput. 260 11111111 11111111 11111111 11111111 11111111 11111111 11111111 1111 Ā© 2009 Cisco Learning Institute. 23
  • 24. Types of Keys Digital Hash Signature Asymmetric Key Symmetric Key Protection up 80 1248 160 160 to 3 years Protection up 96 1776 192 192 to 10 years Protection up 112 2432 224 224 to 20 years Protection up 128 3248 256 256 to 30 years Protection against 256 15424 512 512 quantum computers ļƒ¼Calculations are based on the fact that computing power will continue to grow at its present rate and the ability to perform brute-force attacks will grow at the same rate. ļƒ¼Note the comparatively short symmetric key lengths illustrating that symmetric algorithms are the strongest type of algorithm. Ā© 2009 Cisco Learning Institute. 24
  • 25. Shorter keys = faster processing, but less secure Longer keys = slower processing, but more secure Key Properties Ā© 2009 Cisco Learning Institute. 25
  • 26. Symmetric Encryption Pre-shared key Key Key Encrypt Decrypt $1000 $!@#IQ $1000 ā€¢ Best known as shared-secret key algorithms ā€¢ The usual key length is 80 - 256 bits ā€¢ A sender and receiver must share a secret key ā€¢ Faster processing because they use simple mathematical operations. ā€¢ Examples include DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish. Ā© 2009 Cisco Learning Institute. 26
  • 27. Symmetric Algorithms Symmetric Encryption Algorithm Key length (in bits) Description DES 56 Designed at IBM during the 1970s and was the NIST standard until 1997. Although considered outdated, DES remains widely in use. Designed to be implemented only in hardware, and is therefore extremely slow in software. 3DES 112 and 168 Based on using DES three times which means that the input data is encrypted three times and therefore considered much stronger than DES. However, it is rather slow compared to some new block ciphers such as AES. AES 128, 192, and 256 Fast in both software and hardware, is relatively easy to implement, and requires little memory. As a new encryption standard, it is currently being deployed on a large scale. Software Encryption Algorithm (SEAL) 160 SEAL is an alternative algorithm to DES, 3DES, and AES. It uses a 160-bit encryption key and has a lower impact to the CPU when compared to other software-based algorithms. The RC series RC2 (40 and 64) RC4 (1 to 256) RC5 (0 to 2040) RC6 (128, 192, and 256) A set of symmetric-key encryption algorithms invented by Ron Rivest. RC1 was never published and RC3 was broken before ever being used. RC4 is the world's most widely used stream cipher. RC6, a 128-bit block cipher based heavily on RC5, was an AES finalist developed in 1997. Ā© 2009 Cisco Learning Institute. 27
  • 28. Asymmetric Encryption Two separate keys which are not shared Encryption Key Decryption Key Encrypt Decrypt $1000 %3f7&4 $1000 ā€¢ Also known as public key algorithms ā€¢ The usual key length is 512ā€“4096 bits ā€¢ A sender and receiver do not share a secret key ā€¢ Relatively slow because they are based on difficult computational algorithms ā€¢ Examples include RSA, ElGamal and DH. Ā© 2009 Cisco Learning Institute. 28
  • 29. How Asymmetric Encryption works ? Computer A acquires Computer Bā€™s public key A Private Key Computer A B Private Key Can I get your Public Key please? Here is my Public Key. Computer B Public Key Computer A Public Key Computer B Computer A transmits The encrypted message to Computer B Computer A uses Computer Bā€™s public key to encrypt a message using an agreed-upon algorithm Computer B uses its private key to decrypt and reveal the message Ā© 2009 Cisco Learning Institute. 29
  • 30. Asymmetric Key Algorithms Key length (in bits) Description DH 512, 1024, 2048 Invented in 1976 by Whitfield Diffie and Martin Hellman. Two parties to agree on a key that they can use to encrypt messages The assumption is that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome. Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA) 512 - 1024 Created by NIST and specifies DSA as the algorithm for digital signatures. A public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar with RSA, but is slower for verification. RSA encryption algorithms 512 to 2048 Developed by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT in 1977 Based on the current difficulty of factoring very large numbers Suitable for signing as well as encryption Widely used in electronic commerce protocols EIGamal 512 - 1024 Based on the Diffie-Hellman key agreement. Described by Taher Elgamal in 1984and is used in GNU Privacy Guard software, PGP, and other cryptosystems. The encrypted message becomes about twice the size of the original message and for this reason it is only used for small messages such as secret keys Ā© 2009 Cisco Learning Institute. 30
  • 31. Digital Signatures ā€¢ The signature is authentic and not forgeable: The signature is proof that the signer, and no one else, signed the document. ā€¢ The signature is not reusable: The signature is a part of the document and cannot be moved to a different document. ā€¢ The signature is unalterable: After a document is signed, it cannot be altered. ā€¢ The signature cannot be repudiated: For legal purposes, the signature and the document are considered to be physical things. The signer cannot claim later that they did not sign it. Ā© 2009 Cisco Learning Institute. 31

Editor's Notes

  1. Media Notes:
  2. More Information: The terms message digest and hash value are often used interchangeably to describe the output of a hash function. The terms digest or fingerprint may also be used.
  3. More Information: In 2005, security flaws were identified in MD5 and SHA-1 indicating that a stronger hash function would be desirable. SHA-2 is the recommended hash functions. There is also a contest sponsored by the National Institute of Standards and Technology to design a hash function which will be given the name SHA-3 by 2012. For more detail, refer to http://www.itl.nist.gov/lab/bulletns/B-05-08.pdf.
  4. TIP: To try an online HASH converter, refer to http://hash-it.net/.
  5. More Information: Refer to the National Institute of Standards and Technology (NIST) website at http://www.keylength.com/en/4/ to see updated key length recommendations