PKI and Cryptographic Application
Chapter 6 Cryptography and Symmetric Key Algorithms
Historical Milestones in Cryptography
Caesar Cipher
Substitution
ROT3
American Civil War
Substitution and transposition
Flag signals
Ultra vs. Enigma
Purple Machine
Cryptographic Basics
Goals of Cryptography
Cryptography Concepts
Cryptographic Mathematics
Ciphers
overview
Goals of Cryptography
Confidentiality
Symmetric and asymmetrics
Data at rest
Data in motion
Data in use
Integrity
Authentication
Nonrepudiation
Cryptography Concepts
Plaintext
Encrypt/decrypt
Ciphertext
Keys, cryptovariable
Keyspace, bit size
Kerckhoffs’s Principle
Cryptography, cryptoanalysis, cryptology, cryptosystem
FIPS 140-2
Cryptographic Mathematics
Boolean mathematics/logical operations
AND, OR, NOT, XOR
Modulo function
One-way functions
Nonce
Zero-knowledge proof
Split knowledge
Work function
Ciphers 1/2
Codes vs. ciphers
Transposition ciphers
Substitution ciphers
Ceaser cipher
ROT3
Vigenere cipher
One-time pads
Running key ciphers
Ciphers 2/2
Block ciphers
Stream ciphers
Confusion and diffusion
Modern Cryptography
Cryptographic Keys
Symmetric Key Algorithms
Asymmetric Key Algorithms
Hashing Algorithms
overview
Cryptographic Keys
Security through obscurity
Algorithms
Keys
Longer keys = better security
Symmetric Key Algorithms 1/2
Shared secret
Secret key cryptography/ private key cryptography
Key distribution
Lack of non-repudiation
Not scalable
Keys must be regenerated often
Fast
Symmetric Key Algorithms 2/2
Asymmetric Key Algorithms 1/3
Aka public key algorithms
Key pair sets: public key and private key
Digital signatures
Scalable
# of keys = n(n-1)/2 (sym) vs 2n (asymm)
Key cancellation
Regeneration only required at compromise or expiration
Asymmetric Key Algorithms 2/3
Asymmetric Key Algorithms 3/3
Supports integrity (via hashing in digital signatures), authentication, and nonrepudiation
Simple key generation
No preexisting secure communication link needs to exist for key exchange
Slow
Hashing Algorithms
Message digests
Deriving original from hash is difficult or impossible
Collisions
Chapter 7 includes hashing algorithms
Symmetric Cryptography 1/3
Data Encryption Standard
56-bit key, 64-bit blocks, 16 rounds
Electronic code book
Cipher block chaining
Cipher feedback
Output feedback
Counter mode
Triple DES
168/112-bit key, 64-bit blocks, 48 rounds
Modes: -EEE3, EEE2, EDE3, EDE2
Symmetric Cryptography 2/3
International Data Encryption Algorithm (IDEA)
128-bit key, 64-bit blocks
Blowfish
32 to 448-bit key, 64-bit blocks
Skipjack
80-bit key, 64-bit blocks
RC5
0 to 2040-bit keys, 32/64/128-bit blocks
Symmetric Cryptography 3/3
Advanced Encryption Standard
Rijndael block cipher
128-bit blocks
128-bit key, 10 rounds
192-bit key, 12 rounds
258-bit key, 14 rounds
TwoFish
1 to 256-bit keys, 128-bit blocks
Symmetric Key Management
Creation and distribution
Offline
Public key encryption
Diffie-Hellman
Storage and destruction
Key escrow and recovery
Fair Cryptosystem
Escrowed Encryption Standard
Cryptographic Life Cycle
Limited life span based on Moore’s law
Sufficient to provide sufficient protection for as long as the data is valuable
Governance controls:
Algorithms
Key lengths
Security transaction protocols
Conclusion
Read the Exam Essentials
Review the Chapter
Perform the Written Labs
Answer the Review Questions