Cryptography

1
Learning Objectives
 Understand the basics of algorithms and
how they are used in modern cryptography
 Identify the differences between
asymmetric and symmetric algorithms
 Have a basic understanding of the
concepts of cryptography and how they
relate to network security

2
continued…
Learning Objectives
 Discuss characteristics of PKI certificates
and the policies and procedures
surrounding them
 Understand the implications of key
management and a certificate’s lifecycle

3
Cryptography
 Study of complex mathematical formulas
and algorithms used for encryption and
decryption
 Allows users to transmit sensitive
information over unsecured networks
 Can be either strong or weak

4
Cryptography Terminology
 Plaintext
 Data that can be read without any manipulation
 Encryption
 Method of disguising plaintext to hide its substance
 Ciphertext
 Plaintext that has been encrypted and is an unreadable
series of symbols and numbers

5
How Encryption and Decryption Work

6
Algorithms
 Mathematical functions that work in
tandem with a key
 Same plaintext data encrypts into different
ciphertext with different keys
 Security of data relies on:
 Strengthof the algorithm
 Secrecy of the key

7
Hashing
 Method used for verifying data integrity
 Uses variable-length input that is converted to a fixed-
length output string (hash value)
 Checksum: the receiving end use same hash function to
check integrity

8
Quantum Cryptography
 Depends on a model called Heisenberg Uncertainty
Principle for security
 Process that measuring the results, the result are
change

9
The Myth of Unbreakable codes
 Frequency analysis
 Algorithm error
 Brute force attack
 Human error

10
Symmetric versus Asymmetric
Algorithms
Type of Advantages Disadvantages
Algorithm
Symmetric Single key Requires sender and
receiver to agree on a key
before transmission of data
Security lies only with the
key
High cost
Asymmetric Encryption and Security of keys can be
decryption keys are compromised when
different malicious users post phony
Decryption key keys
cannot be calculated
from encryption key 11
Symmetric Algorithms
 Usually use same key for encryption and
decryption
 Encryption key can be calculated from
decryption key and vice versa
 Require sender and receiver to agree on a key
before they communicate securely
 Security lies with the key
 Also called secret key algorithms, single-key
algorithms, or one-key algorithms

12
Encryption Using a
Symmetric Algorithm

13
Categories of Algorithms
 Stream algorithms
 Operate on the plaintext one bit at a time
 Block algorithms
 Encrypt and decrypt data in groups of bits,
typically 64 bits in size

14
Asymmetric Algorithms
 Use different keys for encryption and
decryption
 Decryption key cannot be calculated from
the encryption key
 Anyone can use the key to encrypt data
and send it to the host; only the host can
decrypt the data
 Also known as public key algorithms

15
Common Encryption Algorithms
 Lucifer (1974)  Triple DES (1998)
 Diffie-Hellman  AES (Rijndael)
(1976)  IDEA (1992)
 RSA (1977)  Blowfish (1993)
 DES (1977)  RC5 (1995)

17
Primary Functions of Cryptography
 Confidentiality
 Integrity
 Authentication
 No repudiation

18
Digital Signatures
 Based on asymmetric algorithms, allow
the recipient to verify whether a public key
belongs to its owner

19
 Message
Message

Hash Function
Hash Function Message Signature
Public
Key
Decrypt
Digest

Private
Key Encrypt Expected Actual
Digest Digest

Signature

Kalau ini sama maka

21
Certificates
 Credentials that allow a recipient to verify
whether a public key belongs to its owner
 Verifysenders’ information with identity
information that is bound to the public key
 Components
 Public key
 One or more digital signatures
 Certificate information (eg, user’s name, ID)

22
23
Public Key Infrastructure (PKI)
Certificates
 Certificate storage facility that provides
certification management functionality (eg, ability
to issue, revoke, store, retrieve, and trust
certificates)
 Certification authority (CA)
 Primary feature of PKI
 Trusted person or group responsible for issuing
certificates to authorized users on a system
 Creates certificates and digitally signs them using a
private key

24
PKI Policies and Practices
 Validity establishes that a public key
certificate belongs to its owner
 CA issues certificates to users by binding
a public key to identification information of
the requester
 User can manually check certificate’s
fingerprint

25
Registration
 User requests certificate from CA
 CA verifies identity and credentials of user
 Certificate practice statement
 Published document that explains CA structure to users
 Certificate policy establishes:
 Who may serve as CA
 What types of certificates may be issued
 How they should be issued and managed

26
Origins of Encryption Standards
 Governmental Organization
 NSA (National Security Agency)
 NSA/CSS
 Standardize DoD activities
 NIST (National Institute of Standard Organization)
 Industry Association
 ABA (American Banker Association)
 IETF (Internet Engineering Task Force)
 ISOC (Internet Society)
 W3C
 ITU
 IEEE
27
Public Domain Cryptography
 PGP
 PKIX (Public Key Infrastructure X.509)
 SSL (Secure Socket Layer)

28
 SET (Secure Electronic Transaction)

29
 SSH (Secure Shell)

30
 HTTPS (Hypertext Transport Protocol
Secure)
 IPSec
 Standard for encrypting VPN

31
 TLS

 S/MIME
 Providesencryption, integrity, and
authentication when used in conjunction with
PKI
32