SlideShare a Scribd company logo

CompTIASecPLUS-Part6 - UnlimitedEdited.pptx

Download as PPTX, PDF
M
mohedkhadar60

Comptia Plus

Technology
1 of 40
Cryptography www.ine.com
Introduction to Cryptography Copyright © www.ine.com »Changes plain text to cipher text through the use of an algorithm »Protects the confidentiality and integrity of data »What type of data need protecting? • Data-at-rest • Data-in-use • Data-in-motion
Introduction to Cryptography Copyright © www.ine.com »Encryption and decryption »What is a cipher? • Cesar Cipher • Numerical shift • Generate the key; for example, 3 • “Cesar” becomes “Fhvdu” • Can be broken with cryptanalysis
Introduction to Cryptography Copyright © www.ine.com »What is an encryption key? • Determines the output of the cipher • Length determines strength • Key exchange is needed for asymmetric encryption • Public keys • Freely distributed • Private keys • Always a secret
Introduction to Cryptography Copyright © www.ine.com »Symmetric key cryptography »Symmetric algorithms • Stream cipher • Block cipher »Can be used for non-repudiation • Message authentication code • Verifies the integrity of the message
Introduction to Cryptography Copyright © www.ine.com »Asymmetric key cryptography • Uses different keys – the public/private key pair • Keys are mathematically related but otherwise have no relation • The longer the key the stronger the encryption • What one key encrypts the other decrypts • Public encrypts, private decrypts (confidentiality) • Private encrypts, public decrypts (non-repudiation, integrity)
Introduction to Cryptography Copyright © www.ine.com »Uses of asymmetric key cryptography • Digital signatures • Signing the message – Create a message digest of the message – Sign the message digest with sender’s private key – Protects integrity – Provides authentication and non-repudiation • Encrypt the message
Introduction to Cryptography Copyright © www.ine.com »Uses of asymmetric key cryptography • Digital certificates • Utilizes a public key infrastructure • Provides identity information • Resistant to forgery • Verified by a third party • Trusted third party (COMODO, Symantec, Verisign) • Used in SSL/TLS sessions
Symmetric Cryptographic Algorithms Copyright © www.ine.com »DES/3DES • Digital Encryption Standard • 64-bit blocks • 56-bit key size with 8 bits for parity • Triple DES • Feistel cipher • 64-bit blocks • 168-bit key
Symmetric Cryptographic Algorithms Copyright © www.ine.com »AES (Rijndael) • Advanced Encryption Standard • Adopted in 2002 • 128-, 192- and 256-bit • Fast and uses minimal resources • Multiple platform usage • Wireless • Data-in-transit • Whole disk encryption
Symmetric Cryptographic Algorithms Copyright © www.ine.com »Rivest’s Cipher (RC) • Stream and block ciphers • Used in WEP, SSL, RDP • RC4, RC5, and RC6 variants »Schneier Ciphers • Twofish • Threefish • Blowfish
Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Diffie-Hellman-Merkle • First practical shared key cryptosystem • Utilizes modular arithmetic and factorization of large prime numbers • Vulnerable to specific attacks • Man-in-the-middle (MITM) • Mitigation through authentication • Perfect Forward Secrecy (PFS)
Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Rivest-Shamir-Adleman (RSA) • Used in e-commerce • Works with SSL/TLS • Can be used for digital signatures as well as cryptography • Slower than symmetric cryptography • Longer key lengths • Utilizes integer factorization • What one key encrypts the other decrypts
Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Rivest-Shamir-Adleman (RSA) • Used in security tokens • Trusted platform modules (TPM) • Cryptoprocessor that integrates encryption keys • Hardware security modules (HSM) • External key management module • Vulnerable to specific attacks • Timing attacks • Man-in-the-middle (MITM) • Mitigation through padding
Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Eliptic Curve Cryptography (ECC) • Based on the structure of an elliptic curve • Uses smaller keys • Faster • Used in mobile devices, smart cards, wireless • Can be used with other algorithms • Diffie-Hellman (ECDH) • Digital Signature Algorithm (ECDSA)
Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Elliptic Curve Cryptography (ECC) • Vulnerabilities • Side-channel attacks – Leaked information from physical implementations • Algorithm backdoors • Quantum cryptanalysis – Theoretical attack based on quantum physics
Other Cryptographic Algorithms Copyright © www.ine.com »One-Time Pad or Vernam Cipher • Stream cipher • Key is the same length as the plaintext • The keystream is generated at random • Keystream combined with the plaintext using a bitwise XOR operation • The only cryptosystem with theoretically perfect secrecy • Provides no information to the analyst
Other Cryptographic Algorithms Copyright © www.ine.com »One-Time Pad or Vernam Cipher • Problems with the one-time pad • Requires perfect randomness • Cryptosystems will only be able to implement pseudo- randomness
Other Cryptographic Algorithms Copyright © www.ine.com »Pretty Good Privacy (PGP) • Uses • Signing, encrypting, and decrypting emails • Whole disk encryption • File and instant message encryption • Symmetric session key (PSK) • Can use asymmetric encryption (RSA) for digital signatures and encryption • Supports openPGP and S/MIME • Security is based on key size
Steganography – Hiding in Plain Sight Copyright © www.ine.com »Security through obscurity »Modify the least significant bit • Image • Audio • Video »LACK »HICCUPS
Hashing Copyright © www.ine.com »Generated through the use of a one-way function • Mathematical operation that converts a variable-sized block of data into a fixed-length block of data • A hash of a file, email, or other message can be generated at the source • This hash value is made public and can be compared by anyone who views the file to ensure that no alterations have been made • Significant change in the hash value will result upon the slightest change in the message
Hashing Copyright © www.ine.com »Types of cryptographic hash functions • Message Digest 5 • Created by Ron Rivest • 32-character output • More susceptible to collisions • Secure Hashing Algorithm • Version 1 – 160-bit hash • Version 2 – 256- to 512-bit block size
Hashing Copyright © www.ine.com »Types of cryptographic hash functions • RIPEMD • RACE Integrity Primitives Evaluation Message Digest • 128-bit • 160-bit • HMAC • Hash-based Message Authentication Code • Uses MD5 or SHA for message authentication
Hashing Copyright © www.ine.com »Microsoft domain password hashing algorithms • LANMAN • Used before Windows NT • Based on DES • Maximum of 14 characters • NTLM • Based on RC4 • NTLMv2 • Based on MD5
Hashing Copyright © www.ine.com »Vulnerabilities • Happy Birthday • Collision »Defenses • Key stretching • Salting • Nonce • Complexity and length
Public Key Infrastructure Copyright © www.ine.com »Functions of the PKI • Create, distribute, store, and revoke digital certificates • System of users, hardware, encryption, policies, and procedures • Secure websites over SSL/TLS • Email • Securing remote connections • Computers • Networks
Public Key Infrastructure Copyright © www.ine.com »Not the same as asymmetric cryptography »Components • Users • Computers • Servers • Encryption • Policies • Procedures
Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • Digital certificates • Binds the user key to an identity for verification • X509 Standard • What does the X509 include? • Certificate owner and their public key • Certificate authorities – Name – Digital signature – Serial number, issue date, expiration date
Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • What is the certificate authority? • Issuing authority (trusted third party) • Verifies the identity of the certificate recipient • Maps the public key of the party to the identity • Types of certificates • One-to-one mapping • One-to-many mapping
Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • Registration authority • Verifies the request for the digital certificate • Gives the “OK” for the CA to issue the certificate • Certificate revocation list • Updated every 24 hours • Used to verify the validity of a digital certificate • Online certificate status protocol (OCSP)
Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • Key escrow • Used when data loss in unacceptable • Key recovery agent • Allows for the recovery of corrupted or lost keys • Single and dual-sided certificates • Best for smaller environments with limited sessions
Public Key Infrastructure Copyright © www.ine.com »Web of trust • Decentralized model of trust • Peer to peer • No root certificate authority • Certificates are self signed • Users decide which certificates to trust • Used by PGP
Secure Connection Types Copyright © www.ine.com » Email/communications • PGP • S/MIME • IPSec • SSH » Website logins and e-commerce • SSL/TLS » Direct connections to other workstations »Virtual connections to remote networks • VPNs (PPTP/L2TP)
Secure Connection Protocols Copyright © www.ine.com »S/MIME • Secure/Multi-purpose Internet Mail Extensions • Developed by RSA • Authentication/integrity/non-repudiation • Uses unique session keys • Relies on PKI • Relies on certificate authorities
Secure Connection Protocols Copyright © www.ine.com »SSH • Creates an encrypted channel between two workstations or network devices • Designed as a replacement for telnet • Utilizes asymmetric key cryptography • SSH Daemon and SSH Client • Runs on port 22
Secure Connection Protocols Copyright © www.ine.com »SSL/TLS • Uses • IM • Email • Web browsing • VoIP • Relies on PKI • Two keys required • Public and session
Secure Connection Protocols Copyright © www.ine.com »Virtual Private Networks (VPNs) • Enables secure remote connections »PPTP • Point-to-point tunneling protocol • Encapsulates PPP packets • Uses port 1723
Secure Connection Protocols Copyright © www.ine.com »Virtual Private Networks (VPNs) • L2TP • Layer 2 tunneling protocol • No inherent security • Uses port 1701 • Uses PKI
Secure Connection Protocols Copyright © www.ine.com »IPSec • Native to IPv6 • Security association • Sub-protocols • Internet Key Exchange (IKE) • Authentication Header (AH) • Encapsulating security payload (ESP) • IP Payload Compression Protocol (IPComp)
Copyright © www.ine.com All rights reserved. Questions?

Recommended

Cryptography
CryptographyCryptography
CryptographyJohnsonDaniel JohnsonDaniel
 
Cryptography
CryptographyCryptography
Cryptographysuresh0506
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyKarthikeyan Dhayalan
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
Cryptography
CryptographyCryptography
CryptographyTêjäçhoudhary Maddineni
 
Cryptography
CryptographyCryptography
CryptographyPragun Shah
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptographyPerfect Training Center
 
Cryptography
CryptographyCryptography
CryptographyMuhammad Shoaib Saleem
 

Recommended

Cryptography
CryptographyCryptography
CryptographyJohnsonDaniel JohnsonDaniel
 
Cryptography
CryptographyCryptography
Cryptographysuresh0506
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyKarthikeyan Dhayalan
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
Cryptography
CryptographyCryptography
CryptographyTêjäçhoudhary Maddineni
 
Cryptography
CryptographyCryptography
CryptographyPragun Shah
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptographyPerfect Training Center
 
Cryptography
CryptographyCryptography
CryptographyMuhammad Shoaib Saleem
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdfSetiya Nugroho
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key ManagementNCC Group
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
501 ch 10 cryptography
501 ch 10 cryptography501 ch 10 cryptography
501 ch 10 cryptographyToyeeb Onimole
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - WorkshopSamant Khajuria
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationBitcoin Association of Australia
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithmstrilokchandra prakash
 
Cryptography
CryptographyCryptography
CryptographyPPT4U
 
Crypto academy
Crypto academyCrypto academy
Crypto academyPaul Gillingwater, MBA
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-uploadSetia Juli Irzal Ismail
 
Network security
Network securityNetwork security
Network securityABHISHEK KUMAR
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

More Related Content

Similar to CompTIASecPLUS-Part6 - UnlimitedEdited.pptx

CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdfSetiya Nugroho
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key ManagementNCC Group
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
501 ch 10 cryptography
501 ch 10 cryptography501 ch 10 cryptography
501 ch 10 cryptographyToyeeb Onimole
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
 
Cryptography
CryptographyCryptography
CryptographyPPT4U
 

Similar to CompTIASecPLUS-Part6 - UnlimitedEdited.pptx (20)

CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key Management
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
 
501 ch 10 cryptography
501 ch 10 cryptography501 ch 10 cryptography
501 ch 10 cryptography
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - Workshop
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Cryptography
CryptographyCryptography
Cryptography
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-upload
 
Network security
Network securityNetwork security
Network security
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

CompTIASecPLUS-Part6 - UnlimitedEdited.pptx

  • 2. Introduction to Cryptography Copyright © www.ine.com »Changes plain text to cipher text through the use of an algorithm »Protects the confidentiality and integrity of data »What type of data need protecting? • Data-at-rest • Data-in-use • Data-in-motion
  • 3. Introduction to Cryptography Copyright © www.ine.com »Encryption and decryption »What is a cipher? • Cesar Cipher • Numerical shift • Generate the key; for example, 3 • “Cesar” becomes “Fhvdu” • Can be broken with cryptanalysis
  • 4. Introduction to Cryptography Copyright © www.ine.com »What is an encryption key? • Determines the output of the cipher • Length determines strength • Key exchange is needed for asymmetric encryption • Public keys • Freely distributed • Private keys • Always a secret
  • 5. Introduction to Cryptography Copyright © www.ine.com »Symmetric key cryptography »Symmetric algorithms • Stream cipher • Block cipher »Can be used for non-repudiation • Message authentication code • Verifies the integrity of the message
  • 6. Introduction to Cryptography Copyright © www.ine.com »Asymmetric key cryptography • Uses different keys – the public/private key pair • Keys are mathematically related but otherwise have no relation • The longer the key the stronger the encryption • What one key encrypts the other decrypts • Public encrypts, private decrypts (confidentiality) • Private encrypts, public decrypts (non-repudiation, integrity)
  • 7. Introduction to Cryptography Copyright © www.ine.com »Uses of asymmetric key cryptography • Digital signatures • Signing the message – Create a message digest of the message – Sign the message digest with sender’s private key – Protects integrity – Provides authentication and non-repudiation • Encrypt the message
  • 8. Introduction to Cryptography Copyright © www.ine.com »Uses of asymmetric key cryptography • Digital certificates • Utilizes a public key infrastructure • Provides identity information • Resistant to forgery • Verified by a third party • Trusted third party (COMODO, Symantec, Verisign) • Used in SSL/TLS sessions
  • 9. Symmetric Cryptographic Algorithms Copyright © www.ine.com »DES/3DES • Digital Encryption Standard • 64-bit blocks • 56-bit key size with 8 bits for parity • Triple DES • Feistel cipher • 64-bit blocks • 168-bit key
  • 10. Symmetric Cryptographic Algorithms Copyright © www.ine.com »AES (Rijndael) • Advanced Encryption Standard • Adopted in 2002 • 128-, 192- and 256-bit • Fast and uses minimal resources • Multiple platform usage • Wireless • Data-in-transit • Whole disk encryption
  • 11. Symmetric Cryptographic Algorithms Copyright © www.ine.com »Rivest’s Cipher (RC) • Stream and block ciphers • Used in WEP, SSL, RDP • RC4, RC5, and RC6 variants »Schneier Ciphers • Twofish • Threefish • Blowfish
  • 12. Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Diffie-Hellman-Merkle • First practical shared key cryptosystem • Utilizes modular arithmetic and factorization of large prime numbers • Vulnerable to specific attacks • Man-in-the-middle (MITM) • Mitigation through authentication • Perfect Forward Secrecy (PFS)
  • 13. Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Rivest-Shamir-Adleman (RSA) • Used in e-commerce • Works with SSL/TLS • Can be used for digital signatures as well as cryptography • Slower than symmetric cryptography • Longer key lengths • Utilizes integer factorization • What one key encrypts the other decrypts
  • 14. Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Rivest-Shamir-Adleman (RSA) • Used in security tokens • Trusted platform modules (TPM) • Cryptoprocessor that integrates encryption keys • Hardware security modules (HSM) • External key management module • Vulnerable to specific attacks • Timing attacks • Man-in-the-middle (MITM) • Mitigation through padding
  • 15. Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Eliptic Curve Cryptography (ECC) • Based on the structure of an elliptic curve • Uses smaller keys • Faster • Used in mobile devices, smart cards, wireless • Can be used with other algorithms • Diffie-Hellman (ECDH) • Digital Signature Algorithm (ECDSA)
  • 16. Asymmetric Cryptographic Algorithms Copyright © www.ine.com »Elliptic Curve Cryptography (ECC) • Vulnerabilities • Side-channel attacks – Leaked information from physical implementations • Algorithm backdoors • Quantum cryptanalysis – Theoretical attack based on quantum physics
  • 17. Other Cryptographic Algorithms Copyright © www.ine.com »One-Time Pad or Vernam Cipher • Stream cipher • Key is the same length as the plaintext • The keystream is generated at random • Keystream combined with the plaintext using a bitwise XOR operation • The only cryptosystem with theoretically perfect secrecy • Provides no information to the analyst
  • 18. Other Cryptographic Algorithms Copyright © www.ine.com »One-Time Pad or Vernam Cipher • Problems with the one-time pad • Requires perfect randomness • Cryptosystems will only be able to implement pseudo- randomness
  • 19. Other Cryptographic Algorithms Copyright © www.ine.com »Pretty Good Privacy (PGP) • Uses • Signing, encrypting, and decrypting emails • Whole disk encryption • File and instant message encryption • Symmetric session key (PSK) • Can use asymmetric encryption (RSA) for digital signatures and encryption • Supports openPGP and S/MIME • Security is based on key size
  • 20. Steganography – Hiding in Plain Sight Copyright © www.ine.com »Security through obscurity »Modify the least significant bit • Image • Audio • Video »LACK »HICCUPS
  • 21. Hashing Copyright © www.ine.com »Generated through the use of a one-way function • Mathematical operation that converts a variable-sized block of data into a fixed-length block of data • A hash of a file, email, or other message can be generated at the source • This hash value is made public and can be compared by anyone who views the file to ensure that no alterations have been made • Significant change in the hash value will result upon the slightest change in the message
  • 22. Hashing Copyright © www.ine.com »Types of cryptographic hash functions • Message Digest 5 • Created by Ron Rivest • 32-character output • More susceptible to collisions • Secure Hashing Algorithm • Version 1 – 160-bit hash • Version 2 – 256- to 512-bit block size
  • 23. Hashing Copyright © www.ine.com »Types of cryptographic hash functions • RIPEMD • RACE Integrity Primitives Evaluation Message Digest • 128-bit • 160-bit • HMAC • Hash-based Message Authentication Code • Uses MD5 or SHA for message authentication
  • 24. Hashing Copyright © www.ine.com »Microsoft domain password hashing algorithms • LANMAN • Used before Windows NT • Based on DES • Maximum of 14 characters • NTLM • Based on RC4 • NTLMv2 • Based on MD5
  • 25. Hashing Copyright © www.ine.com »Vulnerabilities • Happy Birthday • Collision »Defenses • Key stretching • Salting • Nonce • Complexity and length
  • 26. Public Key Infrastructure Copyright © www.ine.com »Functions of the PKI • Create, distribute, store, and revoke digital certificates • System of users, hardware, encryption, policies, and procedures • Secure websites over SSL/TLS • Email • Securing remote connections • Computers • Networks
  • 27. Public Key Infrastructure Copyright © www.ine.com »Not the same as asymmetric cryptography »Components • Users • Computers • Servers • Encryption • Policies • Procedures
  • 28. Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • Digital certificates • Binds the user key to an identity for verification • X509 Standard • What does the X509 include? • Certificate owner and their public key • Certificate authorities – Name – Digital signature – Serial number, issue date, expiration date
  • 29. Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • What is the certificate authority? • Issuing authority (trusted third party) • Verifies the identity of the certificate recipient • Maps the public key of the party to the identity • Types of certificates • One-to-one mapping • One-to-many mapping
  • 30. Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • Registration authority • Verifies the request for the digital certificate • Gives the “OK” for the CA to issue the certificate • Certificate revocation list • Updated every 24 hours • Used to verify the validity of a digital certificate • Online certificate status protocol (OCSP)
  • 31. Public Key Infrastructure Copyright © www.ine.com »Components of the PKI • Key escrow • Used when data loss in unacceptable • Key recovery agent • Allows for the recovery of corrupted or lost keys • Single and dual-sided certificates • Best for smaller environments with limited sessions
  • 32. Public Key Infrastructure Copyright © www.ine.com »Web of trust • Decentralized model of trust • Peer to peer • No root certificate authority • Certificates are self signed • Users decide which certificates to trust • Used by PGP
  • 33. Secure Connection Types Copyright © www.ine.com » Email/communications • PGP • S/MIME • IPSec • SSH » Website logins and e-commerce • SSL/TLS » Direct connections to other workstations »Virtual connections to remote networks • VPNs (PPTP/L2TP)
  • 34. Secure Connection Protocols Copyright © www.ine.com »S/MIME • Secure/Multi-purpose Internet Mail Extensions • Developed by RSA • Authentication/integrity/non-repudiation • Uses unique session keys • Relies on PKI • Relies on certificate authorities
  • 35. Secure Connection Protocols Copyright © www.ine.com »SSH • Creates an encrypted channel between two workstations or network devices • Designed as a replacement for telnet • Utilizes asymmetric key cryptography • SSH Daemon and SSH Client • Runs on port 22
  • 36. Secure Connection Protocols Copyright © www.ine.com »SSL/TLS • Uses • IM • Email • Web browsing • VoIP • Relies on PKI • Two keys required • Public and session
  • 37. Secure Connection Protocols Copyright © www.ine.com »Virtual Private Networks (VPNs) • Enables secure remote connections »PPTP • Point-to-point tunneling protocol • Encapsulates PPP packets • Uses port 1723
  • 38. Secure Connection Protocols Copyright © www.ine.com »Virtual Private Networks (VPNs) • L2TP • Layer 2 tunneling protocol • No inherent security • Uses port 1701 • Uses PKI
  • 39. Secure Connection Protocols Copyright © www.ine.com »IPSec • Native to IPv6 • Security association • Sub-protocols • Internet Key Exchange (IKE) • Authentication Header (AH) • Encapsulating security payload (ESP) • IP Payload Compression Protocol (IPComp)
  • 40. Copyright © www.ine.com All rights reserved. Questions?