Security+ guide to network security fundamentals fourth edition answers

Security+ Guide to Network Security Fundamentals, Fourth Edition

Chapter 11

Basic Cryptography

1

Defining Cryptography

What is cryptography?

Scrambling information so it appears unreadable to attackers

Transforms information into secure form

Stenography

Hides the existence of data

Image, audio, or video files containing hidden message embedded in the file

Achieved by dividing data and hiding in unused portions of the file

Security+ Guide to Network Security Fundamentals, Fourth Edition

2

2

Security+ Guide to Network Security Fundamentals, Fourth Edition

3

Figure 11-1 Data hidden by stenography

© Cengage Learning 2012

3

Security+ Guide to Network Security Fundamentals, Fourth Edition

4

Cryptography Process

4

Cryptographic Algorithms

Three categories of cryptographic algorithms

Hash algorithms

Symmetric encryption algorithms

Asymmetric encryption algorithms

Hash algorithms

Most basic type of cryptographic algorithm

Process for creating a unique digital fingerprint for a set of data

Contents cannot be used to reveal original data set

Primarily used for comparison purposes

Security+ Guide to Network Security Fundamentals, Fourth Edition

5

5

Cryptographic Algorithms (cont’d.)

Example of hashing (ATMs)

Bank customer has PIN of 93542

Number is hashed and result stored on card’s magnetic stripe

User inserts card in ATM and enters PIN

ATM hashes the pin using the same algorithm that was used to store PIN on the card

If two values match, user may access ATM

Security+ Guide to Network Security Fundamentals, Fourth Edition

6

6

Security+ Guide to Network Security Fundamentals, Fourth Edition

7

Defeating “Man in the Middle”

7

Cryptographic Algorithms (cont’d.)

Most common hash algorithms

Message Digest

Secure Hash Algorithm

Whirlpool

RIPEMD

Password hashes

Security+ Guide to Network Security Fundamentals, Fourth Edition

8

8

Cryptographic Algorithms (cont’d.)

Message Digest (MD)

Three versions

Message Digest 2

Takes plaintext of any length and creates 128 bit hash

Padding added to make short messages 128 bits

Considered too slow today and rarely used

Message Digest 4

Has flaws and was not widely accepted

Security+ Guide to Network Security Fundamentals, Fourth Edition

9

9

Cryptographic Algorithms (cont’d.)

Message Digest 5

Designed to address MD4’s weaknesses

Message length padded to 512 bits

Weaknesses in compression function could lead to collisions

Some security experts recommend using a more secure hash algorithm

Secure Hash Algorithm (SHA)

More secure than MD

No weaknesses identified

Example of HIT certification requirement

Security+ Guide to Network Security Fundamentals, Fourth Edition

10

10

Cryptographic Algorithms (cont’d.)

Whirlpool

Recent cryptographic hash

Adopted by standards organizations

Creates hash of 512 bits

Race Integrity Primitives Evaluation Message Digest (RIPEMD)

Two different and parallel chains of computation

Results are combined at end of process

Security+ Guide to Network Security Fundamentals, Fourth Edition

11

11

Cryptographic Algorithms (cont’d.)

Password hashes

Used by Microsoft Windows operating systems

LAN Manager hash

New Technology LAN Manager (NTLM) hash

Linux and Apple Mac strengthen password hashes by including random bit sequences

Known as a salt

Make password attacks more difficult

Security+ Guide to Network Security Fundamentals, Fourth Edition

12

12

Symmetric Cryptographic Algorithms

Original cryptographic algorithms

Stream, Monalphabetic Substitute, Transposition, Combine (cipher with plain text) – all fairly simple to crack

OTP (One Time Pad) fairly secure if not reused

Block Cipher (8-16) bytes encrypted independently

All cycle intensive

Security+ Guide to Network Security Fundamentals, Fourth Edition

13

13

Symmetric Cryptographic Algorithms

Data Encryption Standard

Triple Data Encryption Standard

Advanced Encryption Standard

Several other algorithms

Understanding symmetric algorithms

Same shared single key used to encrypt and decrypt document

Security+ Guide to Network Security Fundamentals, Fourth Edition

14

14

Symmetric Cryptographic Algorithms

Data Encryption Standard (DES)

Based on product originally designed in early 1970s

Adopted as a standard by the U.S. government

Triple Data Encryption standard (3DES)

Designed to replace DES

Uses three rounds of encryption

Ciphertext of first round becomes input for second iteration

Most secure versions use different keys used for each round

Security+ Guide to Network Security Fundamentals, Fourth Edition

15

15

Security+ Guide to Network Security Fundamentals, Fourth Edition

16

Figure 11-11 3DES

© Cengage Learning 2012

16

Symmetric Cryptographic Algorithms (cont’d.)

Advanced Encryption Standard (AES)

Symmetric cipher approved by NIST in 2000 as replacement for DES

Official encryption standard used by the U.S. government

Performs three steps on every block of plaintext

Designed to be secure well into the future

Adopted as a certification requirement for HIT in 2008

Security+ Guide to Network Security Fundamentals, Fourth E