Chapter 8 Cryptography Chapter 8 Cryptography Compare and contrast types of attacks Compare and contrast basic concepts of cryptography Explain cryptography algorithms and their basic ID: 911912
Download Presentation The PPT/PDF document "CompTIA Security+ Study Guide (SY0-501)" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
CompTIA Security+ Study Guide (SY0-501)
Chapter 8:
Cryptography
Slide2Chapter 8: Cryptography
Compare and contrast types of
attacks
Compare and contrast basic concepts
of
cryptography
Explain cryptography algorithms and their
basic
characteristics
Given a scenario, install and configure
wireless security
settings
Given a scenario, implement public key
infrastructure
Slide3An Overview of Cryptography
Cryptography is a field almost as old as humankind.
Parts of:
Understanding
nonmathematical cryptography
Substitution
ciphers
A type
of coding or ciphering system that changes one character or symbol into
another
Transposition
ciphers
(transportation code)
Involves
transposing or scrambling the letters in a certain
manner
Slide4Chapter 8: Cryptography
Steganography
The
process of hiding a message in a medium such as a digital image, audio file, or other
file
Hybrid
systems
Best when two
or more of these methods of
nonmathematical cryptography are combined
Mathematical cryptography
Deals
with using mathematical processes on characters or
messages
Hashing
Refers
to performing a calculation on a message and converting it into a numeric hash
value
Slide5Working with Symmetric Algorithms
Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms.
Some
common standards
that use
symmetric algorithms are the following:
Data Encryption Standard (DES)
Triple-DES (3DES)
Advanced Encryption Standard (AES)
CAST
GOST
Slide6Working with Asymmetric Algorithms
Asymmetric algorithms use two keys to encrypt and decrypt data.
Public key
Private key
Slide7Chapter 8: Cryptography
Cryptographic algorithms
Are
used to encode a message from its unencrypted or clear-text state into an encrypted
message
Hashing
The
process of converting a message, or data, into a numeric
value
Secure Hash Algorithm (SHA)
Message Digest Algorithm (MD)
Rainbow
tables
and
salt
Key
stretching
Slide8Code-Breaking
Techniques
Frequency
analysis
Involves
looking at blocks of an encrypted message to determine if any common patterns
exist
Algorithm
errors
A
method or set of instructions used to perform a task or
instruction
Brute-force attacks
Can
be accomplished by applying every possible combination of characters that could be the
key
Exploiting
human error
One
of the major causes of encryption
vulnerabilities
Slide9Chapter 8: Cryptography
Cryptographic system
A cryptographic system is a system, method, or process that is used to provide encryption and decryption.
Confidentiality and
strength
Integrity
Digital
s
ignatures
Authentication
Nonrepudiation
Slide10Origins of Encryption Standards
Early cryptography standards were primarily designed to secure communications for the government and
military.
Government agencies play a role.
National Security Agency (NSA)
National Security Agency/Central Security Service
National Institute of Standards and Technology
National Institute of Standards and Technology (NIST)
Slide11Public-Key
Infrastructure X.509/Public-Key Cryptography Standards
Public-Key Infrastructure X.509 (PKIX)
The
working group formed by the IETF to develop standards and models for the PKI
environment
Public-Key Cryptography Standards (PKCS)
A
set of voluntary standards created by RSA and security
leaders
Slide12Chapter 8: Cryptography
X.509
Defines
the certificate formats and fields for public
keys; also
defines the procedures that should be used to distribute public
keys
SSL and TLS
Secure Sockets Layer (SSL)
Used
to establish a secure communication connection between two TCP-based
machines
Certificate Management Protocol (CMP)
A messaging
protocol used between PKI
entities
Secure Multipurpose Internet Mail Extensions (S/MIME)
A
standard used for encrypting
e-mail
Slide13Chapter 8: Cryptography
Pretty Good Privacy (PGP)
A
freeware e‑mail encryption
system
Hypertext Transport Protocol over SSL (HTTPS)
Secure Hypertext Transport Protocol (S-HTTP)
IP Security (
IPSec
)
Slide14Chapter 8: Cryptography
Tunneling protocols
Adds
a capability to the network
Common
protocols used for
tunneling
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Forwarding (L2F)
Tunneling Protocol (L2TP
)
Federal
Information Processing Standard (FIPS)
A set
of guidelines for the United States federal government information
systems
Slide15Public Key Infrastructure
Public Key Infrastructure (PKI) is intended to provide a means of providing security to messages and transactions on a grand scale.
PKI is a
two-key, asymmetric system
with four main
components.
Certificate
authority (CA)
Registration
authority (RA
RSA (the encryption algorithm)
Digital
certificates
Slide16Chapter 8: Cryptography
Certificate
authority (CA)
An
organization that is responsible for issuing, revoking, and distributing
certificates
Registration
authority (
RA)
Can
distribute keys, accept registrations for the CA, and validate
identities
Local
registration authority (LRA)
Can
be used to identify or establish the identity of an individual for certificate
issuance
Slide17Certificates
provide the primary method of identifying that a given user is valid
can be used to store authorization information
can verify or certify that a system is using the correct software and processes to communicate
Implementing Certificates
Slide18Certificate policies
Define
what certificates do
Certificate
p
ractice statement
(CPS)
A
detailed statement the CA uses to issue certificates and implement its
policies
Chapter 8: Cryptography
Slide19Certificate revocation
The
process of revoking a certificate before it expires
Certificate
revocation list
(CRL)
Online Certificate Status Protocol (OCSP)
Repository
A
database or database server where the certificates are stored
Certificate Revocation
Slide20Four main types of trust models are used with
PKI.
Hierarchical
Bridge
Mesh
Hybrid
Trust Models
Slide21Hierarchical
trust model
Also
known as a
tree; a
root CA at the top provides all the
information
Nridge
trust model
A
peer-to-peer relationship exists between the root CAs
Mesh
trust model
Expands
the concepts of the bridge model by supporting multiple paths and multiple root CAs
Hybrid
trust model
Can
use the capabilities of any or all of the structures discussed in the previous sections
Trust Models