Professional Documents
Culture Documents
Cryptographic Systems
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 7.1:
Cryptographic Services
Upon completion of this section, you should be able to:
• Explain the requirements of secure communications including integrity,
authentication, and confidentiality.
• Explain cryptography.
• Describe cryptoanalysis.
• Describe cryptology.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 7.1.1:
Securing Communications
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Authentication, Integrity, and Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Data Integrity
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Data Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Topic 7.1.2:
Cryptography
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Creating Ciphertext
Ciphertext can be creating using several methods:
• Transposition
• Substitution
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Transposition Ciphers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Substitution Ciphers
xxxx
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Topic 7.1.3:
Cryptanalysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Cracking Code
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Methods for Cracking Code
Methods used for cryptanalysis:
• Brute-force method
• Ciphertext-Only Attack
• Chosen-Plaintext method
• Meet-in-the-Middle method
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Topic 7.1.4:
Cryptology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Making and Breaking Secret Codes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Cryptanalysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
The Secret is in the Keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Section 7.2:
Basic Integrity and Authenticity
Upon completion of the section, you should be able to:
• Describe the purpose of cryptographic hashes.
• Explain how MD5 and SHA-1 are used to secure data communications.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Topic 7.2.1:
Cryptographic Hashes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Cryptographic Hash Function
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Cryptographic Hash Function Properties
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
b
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Topic 7.2.2:
Integrity with MD5, SHA-1, and SHA-2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Message Digest 5 Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Secure Hash Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
MD5 Versus SHA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Topic 7.2.3:
Authenticity with HMAC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Keyed-Hash Message Authentication Code
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
HMAC Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Hashing in Cisco Products
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Topic 7.2.4:
Key Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Characteristics of Key Management
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Key Length and Keyspace
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
The Keyspace
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Types of Cryptographic Keys
Types of cryptographic keys:
• Symmetric keys
• Asymmetric keys
• Digital signatures
• Hash keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Choosing Cryptographic Keys
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Section 7.3:
Confidentiality
Upon completion of the section, you should be able to:
• Explain how encryption algorithms provide confidentiality.
• Explain the function of the DES, 3DES, and the AES algorithms .
• Describe the function of the Software Encrypted Algorithm (SEAL) and the
Rivest ciphers (RC) algorithms.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Topic 7.3.1:
Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Two Classes of Encryption Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Symmetric and Asymmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Symmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Symmetric Block Ciphers and Stream Ciphers
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Choosing an Encryption Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Topic 7.3.2:
Data Encryption Standard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
DES Symmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
DES Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Improving DES with 3DES
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
3DES Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
AES Origins
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
AES Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Topic 7.3.3:
Alternate Encryption Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Software-Optimized Encryption Algorithm
(SEAL)
SEAL has several restrictions:
• The Cisco router and the peer must support IPsec.
• The Cisco router and the other peer must run an IOS image that supports
encryption.
• The router and the peer must not have hardware IPsec encryption.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
RC Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Topic 7.3.4:
Diffie-Hellman Key Exchange
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Diffie-Hellman (DH) Algorithm
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
DH Operation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Section 7.4:
Public Key Cryptography
Upon completion of the section, you should be able to:
• Explain the differences between symmetric and asymmetric encryptions and
their intended applications.
• Explain the functionality of digital signatures.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Topic 7.4.1:
Symmetric Versus Asymmetric Encryption
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Asymmetric Key Algorithms
Four protocols that use asymmetric key algorithms:
• Internet Key Exchange (IKE)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Public Key + Private Key = Confidentiality
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Private Key + Public Key = Authenticity
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
P
F
Asymmetric Algorithms G
st
Alice Encrypts Message Using Bob’s Alice Encrypts A Hash Using Bob’s
Public Key Public Key
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Asymmetric Algorithms
Bob Uses Alice’s Public Key to Bob Uses His Public Key to Decrypt
Decrypt Hash Message
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Types of Asymmetric Algorithms
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Topic 7.4.2:
Digital Signatures
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Using Digital Signatures
Digital Signature Properties:
• Signature is authentic
• Signature is unalterable
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Code Signing
Digitally signing code provides several assurances about the code:
• The code is authentic and is actually sourced by the publisher.
• The code has not been modified since it left the software publisher.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Digital Certificates
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Using Digital Certificates
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Digital Signature Algorithms
DSA Scorecard
RSA Scorecard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Topic 7.4.3:
Public Key Infrastructure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Public Key Infrastructure Overview
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
PKI Framework
Elements of the
PKI Framework
PKI Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Certificate Authorities
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Interoperability of Different PKI Vendors
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Public-Key Cryptography Standards
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Simple Certificate Enrollment Protocol
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
PKI Topologies
Cross Certified CA
Hierarchical CA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Registration Authority
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Digital Certificates and CAs
Retrieving CA Certificates
Submitting Certificate
Requests to the CA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Digital Certificates and CAs
Peers Authenticate Each Other
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Section 7.5:
Summary
Chapter Objectives:
• Explain the areas of cryptology.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Thank you.
Instructor Resources
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86