Oct 29, 2014

- 1.

2. 3. Agenda

- Cryptography ?? .

- Encryption .

- Symmetric Encryption .

- Asymmetric Encryption.

- Diffie-hellman.

- Hashing .

- Digital signature .

- Authentication Protocols .

- PKI .

- Cryptosystems .

- Cryptanalysis .

- Demos .

- MISC : Cryptographics .

4. . Cryptography is a framework of methodologies used to ensure the CIA triad for our information ; C for confidentiality , I for Integrity and A for authenticity. . The need for cryptographic techs was as old as the need to keep the critical info secure , safe and authentic . the techs were invented in different forms that can be compatible with their current age , while the concept was the same . . Cryptography was known anciently as Encryption which means : Hiding the information from unauthorized entities . Various methods were used to adopt this purpose , it could be implemented manually , mechanically or even electronically .

- Cryptography ??

5. .SCYTALE, is an example for a really old tech that was used to cipher (encrypt) information . The concept of operation is so simple . Get a long strip of leather and wind it over a rode like the picture , write the clear data on the leather over the rod and then unwind it .. HELP ME I AM UNDER ATTACK will be"HENTEIDTLAEAPMRCMUAK ,and it totally depends on the diameter of the rode , which is the key to decipher the message. 6. . Nowadays are a bit different , as we are not talking about only encryption when dealing with cryptography , hashing shares the place with encryption to form the whole framework(cryptographic framework) ; hashing role is to ensure the integrity of the message . So , back to the CIA triad , encryption is used to insure the confidentiality, hashing is for ensuring the integrity and a combination of encryption & hashing for ensuring the authenticity of the message sender .. Encryption and Hashing can be considered now as systems that need an input to deliver an output , this system is controlled by a set of mathematical equations which is known as an algorithm. 7. 8.

- Encryption

. As we stated before , Encryption is considered as a component of the cryptographic framework . Its role is to offer the confidentiality axis of the CIA triad . . Recalling the systematic view of any cryptographic component , Encryption needs an input (Clear message & key) to deliver the cipher form (output) , this cipher form to be decrypted (converted to the clear form ) we shall need a key and the same algorithm . 9. . Encryption can be implemented symmetrically or asymmetrically . . If we are using symmetric encryption, then we will encrypt the clear message with one key and decrypt it with the same key ; encryptor and decryptor should have the same key . 10. . On the other hand , for Asymmetric encryption , the sender will use a key to encrypt the message and the receiver will use a different key to decrypt the message , in case we have a bidirectional communication , each pair will use two keys one of them is public for others and a privatekey for himself. 11. Symmetric Encryption . To wrap the concept let us discuss a case for three entities that need to communicate securely using symmetric encryption .. From the figure , we can conclude that we will use 9 different private keys for achieving bidirectional communication between xyz and abc . . We can conclude also that we need to define a way by which we can exchange these private keys in a secure manner between distant entities . . We will recall these two conclusions a bit later . 12. . DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the well known symmetric encryption algorithms . . We will go deeply for DESand AESin the Demos section . 13. Asymmetric Encryption . Back to the same case that was assumed when using symmetric encryption.. ABC and XYZ have their public keys distributed over each other , anyone needs to talk to the other will use the others public key to encrypt the traffic and the other will use his own private key to decrypt the traffic , X will use As public key to encrypt clear traffic A will receive the cipher to decrypt it using his own private key . . Less number of keys and simple key distribution . 14. . RSA is the famous asymmetric key encryption algorithm .RonR ivest ## left AdiS hamir ## Middle LeonardA dleman ## Right . RSA operation will be discussed in the Demos section . 15. . Let us now compare them (symmetric and asymmetric) : 1- Symmetric key encryption suffers from scalability issues ; to achieve a secure communication between N points , we will need to generate (N(N-1))/2 different keys . 3- Symmetric key encryption requires out of band secure exchange of keys , because , both the communicating parties needs to know about the keys before proceeding into the communication . 4- Asymmetric key encryption systems are incredibly complex , and that complexity will surely impact the performance . Asymmetric key encryptionis up to 1000 times slower than symmetric key encryption . . Now how can we deal with that problem ?!!! , Diffie and Hellman will answer this question for us . 16. Diffie-hellman

- Diffie-Hellman algorithm will use public key encryption to only distribute symmetric keys for communicating parties , symmetric key encryption will be used to deal with clear data to create the cipher , so we will have no odds :: high performance using symmetric key encryption and simple key distribution process using Diffie-Hellman algorithm , as we will sure see here and the demos section .

17.

- Khaled will generate two (public and private ) keys using his own Diffie-Hellman algorithm , Ali will do the same thing ; both of them will exchange his own public key , khaled will have his own private key and Alis public key , he will use his Diffie-Hellman algorithm to generate a new private key ; Ali will have the same private key if he executed the same operation.

18. 19. Hashing

- Hashing is the second component of the cryptographic framework , its role is to ensure the integrity of a message . The most important aspect of integrity violation is that the target of the attack is not aware about the violation occurrence , simply , if he knew he will request for a retransmission .

- The problem is that I am communicating with my co-workers basing on a false information .

- Hashing is an irreversible process with no keys , the clear message is the only input for the hashing process .

20.

- The message will be delivered as an input to the hashing system , hashing system will create message digest (hash) from the clear message , it will then append the digest to the message and then send them over the media ; The recipient will have the message to create a new digest and then compare the two digests .

21. 22.

- A simple newbie can execute an MITM attack , he will be able to receive the message with the digest from the sender so as to create a new fake message with a new generated hash from the fake message (using the same hashing algorithm) to be sent to the poor receiver .

- HMAC , the solution for this problem .

23.

- MD5 and SHA are the most used hashing algorithms , SHA is more secure than MD5 .

- We will have a demo for HMAC in the demos section .

24. Digital signature

- This is our last step for completing the CIA triad , how can we ensure authenticity using cryptography !!!

- Digital signature is a mechanism by which we can authenticate the message sender on a message basis , each message needs to be authenticated , this needs to be clarified , digital signature is not a connection based authentication mechanism like pap , chap , kerborse , TACACS ...............

- Digital signature uses a combination of encryption and hashing .

25.

- The message will be hashed , the digest will be encrypted by the sender private key and then sent with message to the recipient .

- We have a demo for Digital signature .

26. Authentication Protocols

- As we are taking about connection based authentication mechanism , we will deal with protocols rather than algorithms . This is to briefly list famous authentication protocols :

- 1- PAP

- 2- CHAP

- 3- MS-CHAP

- 4- NTLM

- 5- EAP

- 6- PEAP

- 7- Kerberos

- 8- TACACS+

- 9- Radius

- 10- Diameter

27. PKI

- Public Key Infrastructure is aTrustConnectivity media , I need to trust the sender before beginning a new session with him , how can I know that this public key is the one owned by the real sender; I need someone between us , someone that I can trust and that can trust this remote sender .

- How can I trust you?

- Answer: The CA trusts me.

- How can I know the CA trusts you?

- Answer: You can see my certificate issued by the CA.

- .So , PKI is not for authentication, but it can be considered as a pre-authentication phase .

- .We will have a full PKI course .

28. Cryptosystems

- Cryptosystem is an implemented form of the cryptographic framework , it consists o

Related Documents See more >