CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems

Chapter Outline:

7.0 Introduction
7.1 Cryptographic Services
7.2 Basic Integrity and Authenticity
7.3 Confidentiality
7.4 Public Key Cryptography
7.5 Summary

Section 7.1: Cryptographic Services

Upon completion of this section, you should be able to:

  • Explain the requirements of secure communications including integrity, authentication, and confidentiality.
  • Explain cryptography.
  • Describe cryptoanalysis.
  • Describe cryptology.

Topic 7.1.1: Securing Communications

Authentication, Integrity, and Confidentiality

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 78

Authentication

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 79

Data Integrity

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 80

Data Confidentiality

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 81

Topic 7.1.2: Cryptography

Creating Ciphertext

Ciphertext can be creating using several methods:

  • Transposition
  • Substitution
  • One-time pad

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 82

Transposition Ciphers

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 83

Substitution Ciphers

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 84

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 85

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 86

One-Time Pad Ciphers

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 87

Topic 7.1.3: Cryptanalysis

Cracking Code

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 88

Methods for Cracking Code

Methods used for cryptanalysis:

  • Brute-force method
  • Ciphertext method
  • Known-Plaintext method
  • Chosen-Plaintext method
  • Chosen-Ciphertext method
  • Meet-in-the-Middle method

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 89

Frequency Analysis of the English Alphabet

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 90

Deciphering Using Frequency Analysis

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 91

Topic 7.1.4: Cryptology

Making and Breaking Secret Codes

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 92

Cryptanalysis

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 93

The Secret is in the Keys

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 94

Section 7.2: Basic Integrity and Authenticity

Upon completion of the section, you should be able to:

  • Describe the purpose of cryptographic hashes.
  • Explain how MD5 and SHA-1 are used to secure data communications.
  • Describe authenticity with HMAC.
  • Describe the components of key management.

Topic 7.2.1: Cryptographic Hashes

Cryptographic Hash Function

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 95

Cryptographic Hash Function Properties

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 96

Well-Known Hash Functions

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 97

Topic 7.2.2: Integrity with MD5, SHA-1, and SHA-2

Message Digest 5 Algorithm

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 98

Secure Hash Algorithm

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 99

MD5 Versus SHA

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 100

Topic 7.2.3: Authenticity with HMAC

Keyed-Hash Message Authentication Code

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 101

HMAC Operation

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 102

Hashing in Cisco Products

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 103

Topic 7.2.4: Key Management

Characteristics of Key Management

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 104

Key Length and Keyspace

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 105

The Keyspace

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 106

Types of Cryptographic Keys

Types of cryptographic keys:

  • Symmetric keys
  • Asymmetric keys
  • Digital signatures
  • Hash keys

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 107

Choosing Cryptographic Keys

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 108

Section 7.3: Confidentiality

Upon completion of the section, you should be able to:

  • Explain how encryption algorithms provide confidentiality.
  • Explain the function of the DES, 3DES, and the AES algorithms .
  • Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithms.

Topic 7.3.1: Encryption

Two Classes of Encryption Algorithms

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 109

Symmetric and Asymmetric Encryption

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 110

Symmetric Encryption

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 111

Symmetric Block Ciphers and Stream Ciphers

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 112

Choosing an Encryption Algorithm

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 113

Topic 7.3.2: Data Encryption Standard

DES Symmetric Encryption

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 114

DES Summary

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 115

Improving DES with 3DES

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 116

3DES Operation

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 117

AES Origins

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 118

AES Summary

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 119

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 120

Topic 7.3.3: Alternate Encryption Algorithms

Software-Optimized Encryption Algorithm (SEAL)

SEAL has several restrictions:

  • The Cisco router and the peer must support IPsec.
  • The Cisco router and the other peer must run an IOS image that supports encryption.
  • The router and the peer must not have hardware IPsec encryption.

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 121

RC Algorithms

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 122

Topic 7.3.4: Diffie-Hellman Key Exchange

Diffie-Hellman (DH) Algorithm

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 123

DH Operation

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 124

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 125

Section 7.4: Public Key Cryptography

Upon completion of the section, you should be able to:

  • Explain the differences between symmetric and asymmetric encryptions and their intended applications.
  • Explain the functionality of digital signatures.
  • Explain the principles of a public key infrastructure (PKI).

Topic 7.4.1: Symmetric Versus Asymmetric Encryption

Asymmetric Key Algorithms

Four protocols that use asymmetric key algorithms:

  • Internet Key Exchange (IKE)
  • Secure Socket Layer (SSL)
  • Secure Shell (SSH)
  • Pretty Good Privacy (PGP)

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 126

Public Key + Private Key = Confidentiality

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 127

Private Key + Public Key = Authenticity

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 128

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 129

Asymmetric Algorithms

Alice Encrypts Message Using Bob’s Public Key

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 130

Alice Encrypts A Hash Using Bob’s Public Key

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 131CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 132

 

 

 

 

 

 

 

 

 

 

Bob Uses Alice’s Public Key to Decrypt Hash

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 133

Bob Uses His Public Key to Decrypt Message

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 134

Types of Asymmetric Algorithms

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 135

Topic 7.4.2: Digital Signatures

Using Digital Signatures

Digital Signature Properties:

  • Signature is authentic
  • Signature is unalterable
  • Signature is not reusable
  • Signature cannot be repudiated

Code Signing

Digitally signing code provides several assurances about the code:

  • The code is authentic and is actually sourced by the publisher.
  • The code has not been modified since it left the software publisher.
  • The publisher undeniably published the code.

Digital Certificates

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 136

Using Digital Certificates

Sending a Digital Certificate

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 137

Receiving a Digital Certificate

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 138

Digital Signature Algorithms

DSA Scorecard

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 139

RSA Scorecard

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 140

Topic 7.4.3: Public Key Infrastructure

Public Key Infrastructure Overview

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 141

PKI Framework

Elements of the PKI Framework

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 142

PKI Example

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 143

Certificate Authorities

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 144

Interoperability of Different PKI Vendors

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 145

Public-Key Cryptography Standards

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 146

Simple Certificate Enrollment Protocol

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 147

PKI Topologies

Single-Root PKI Topology

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 148

Cross Certified CA

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 149

Hierarchical CA

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 150

Registration Authority

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 151

Digital Certificates and CAs

Retrieving CA Certificates

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 152

Submitting Certificate Requests to the CA

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 153

Peers Authenticate Each Other

CCNA Security 2.0 Study Material – Chapter 7: Cryptographic Systems 154

Section 7.5: Summary

Chapter Objectives:

  • Explain the areas of cryptology.
  • Explain to two kinds of encryption algorithms.

Download Slide PowerPoint (pptx):

[sociallocker id=”54558″]

Icon

CCNASv2_InstructorPPT_CH7.pptx 6.14 MB 1648 downloads

...
[/sociallocker]


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments