information security management p rotection m echanisms - c ryptography
TRANSCRIPT
![Page 1: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/1.jpg)
INFORMATION SECURITY MANAGEMENT
PROTECTION MECHANISMS - CRYPTOGRAPHY
![Page 2: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/2.jpg)
Cryptography
• Encryption– The process of converting an original
message into a form that cannot be understood by unauthorized individuals
• Cryptology– The science of encryption– Composed of two disciplines:
– cryptography – cryptanalysis
![Page 3: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/3.jpg)
Cryptography (cont’d.)
• Algorithm• Key• Keyspace
Encipher
Cryptosystem
Decipher
![Page 4: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/4.jpg)
Common Ciphers
Most commonly used algorithms include:
Substitution
Transposition Plaintext: 0010…Key: 1 > 3, 2 > 4, 3 > 2, 4 > 1, …
Example: FROM -> MOFR
![Page 5: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/5.jpg)
Common Ciphers
• XOR • ‘0’ XOR’ed with ‘0’ results in a ‘0’. (0 0 = 0)• ‘0’ XOR’ed with ‘1’ results in a ‘1’. (0 1 = 1)• ‘1’ XOR’ed with ‘0’ results in a ‘1’. (1 0 = 1)• ‘1’ XOR’ed with ‘1’ results in a ‘0’. (1 1 = 0)• If the two values are the same, you get “0”; if not, you get “1”• Process is reversible; if you XOR the ciphertext with the key
stream, you get the plaintext
01010111 01101001 01101011 01101001
11110011 11110011 11110011 11110011
= 10100100 10011010 10011000 10011010
10100100 10011010 10011000 10011010
11110011 11110011 11110011 11110011
= 01010111 01101001 01101011 01101001
![Page 6: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/6.jpg)
Common Ciphers
• Book or running key cipher– Uses text in a book as the algorithm to decrypt
a message
– The key relies on two components: Knowing which book to use A list of codes representing the page number, line
number, and word number of the plaintext word
![Page 7: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/7.jpg)
Symmetric Encryption
– Known as private key encryption
– Same key used to encrypt/decrypt the message
![Page 8: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/8.jpg)
Symmetric Encryption Cryptosystem
• Data Encryption Standard (DES) – Based on the Data Encryption Algorithm which
uses a 64-bit block size and a 56-bit key– Cracked in 1997– Triple DES (3DES) improved version
• Advanced Encryption Standard (AES)– Based on the Rinjndael Block Cipher
Variable block length and a key length of either 128, 192, or 256 bits
![Page 9: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/9.jpg)
Asymmetric encryption
Uses two different, but related keys Either key used to encrypt/decrypt message However, if Key A is used to encrypt the message,
then only Key B can decrypt it; conversely, if Key B is used to encrypt a message, then only Key A can decrypt it
Most valuable when one of the keys is private and the other is public
![Page 10: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/10.jpg)
Figure 10-12 Public key encryption
Source: Course Technology/Cengage Learning
Asymmetric encryption
![Page 11: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/11.jpg)
Digital Signatures
– Asymmetric process is reversed The fact that the message was sent by the organization that
owns the private key cannot be refuted This nonrepudiation is the foundation of digital signatures
• Based on:• Digital certificate• A certificate authority (CA)
![Page 12: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/12.jpg)
Public key infrastructure (PKI)
• The entire set of hardware, software, and cryptosystems necessary to implement public key encryption
• PKI systems are based on public key cryptosystems and include digital certificates and certificate authorities
![Page 13: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/13.jpg)
Encryption Operations (cont’d.)
• PKI provides the following services– Authentication– Integrity– Confidentiality– Authorization– Nonrepudiation
![Page 14: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/14.jpg)
Using Cryptographic Controls
• Modern cryptosystems can generate unbreakable ciphertext
• Cryptographic controls used for:– e-mail and its attachments– e-commerce transactions– remote access through VPN connections
![Page 15: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/15.jpg)
Email Cryptographic Controls
• Secure Multipurpose Internet Mail Extensions (S/MIME)
• Privacy Enhanced Mail (PEM)
![Page 16: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/16.jpg)
Email Cryptographic Controls
• Pretty Good Privacy (PGP)
– Uses the IDEA Cipher A 128-bit symmetric key block encryption
algorithm with 64-bit blocks for message encoding
– Like PEM, it uses RSA for symmetric key exchange and to support digital signatures
![Page 17: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/17.jpg)
Securing the Web
• IP Security (IPSec)– The primary and dominant cryptographic
authentication and encryption product of the IETF’s IP Protocol Security Working Group
– Combines several different cryptosystems: Diffie-Hellman key exchange Public key cryptography Bulk encryption algorithms Digital certificates
![Page 18: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/18.jpg)
Securing the Web
• IPSec works in two modes of operation:– Transport
Only the IP data is encrypted, not the IP headers themselves
Allows intermediate nodes to read the source and destination addresses
– Tunnel The entire IP packet is encrypted and inserted as
the payload in another IP packet
– Often used to support a virtual private network
![Page 19: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/19.jpg)
Securing the Web
• Secure Electronic Transactions (SET)– Encrypts credit card transfers with DES for
encryption and RSA for key exchange
• Secure Sockets Layer (SSL)– Uses RSA for key transfer
On IDEA, DES, or 3DES for encrypted symmetric key-based data transfer
HTTPS
![Page 20: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/20.jpg)
Securing the Web - SSL
![Page 21: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/21.jpg)
Securing the Web
• Secure Shell (SSH)– Provides security for remote access connections over
public networks by using tunneling, authentication services between a client and a server
– Used to secure replacement tools for terminal emulation, remote management, and file transfer applications
![Page 22: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/22.jpg)
Hacking Cryptography
Known plaintext attack Ciphertext-only attack Replay attack
![Page 23: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/23.jpg)
Managing Cryptographic Controls
• Don’t lose your keys• Know who you are communicating with• It may be illegal to use a specific encryption
technique when communicating to some nations• Every cryptosystem has weaknesses• Give access only to those with a business need• When placing trust into a certificate authority, ask
“Who watches the watchers?”
![Page 24: INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY](https://reader035.vdocuments.mx/reader035/viewer/2022062519/5697bfe31a28abf838cb5012/html5/thumbnails/24.jpg)
Managing Cryptographic Controls (cont’d.)• There is no security in obscurity• Security protocols and the cryptosystems
they use are installed and configured by humans– They are only as good as their installers
• Make sure that your organization’s use of cryptography is based on well-constructed policy and supported with sound management procedures