Security+ guide to network security fundamentals fourth edition answers

Security+ Guide to Network Security Fundamentals, Fourth Edition

Chapter 11

Basic Cryptography

1

Defining Cryptography

What is cryptography?

Scrambling information so it appears unreadable to attackers

Transforms information into secure form

Stenography

Hides the existence of data

Image, audio, or video files containing hidden message embedded in the file

Achieved by dividing data and hiding in unused portions of the file

Security+ Guide to Network Security Fundamentals, Fourth Edition

2

2

Security+ Guide to Network Security Fundamentals, Fourth Edition

3

Figure 11-1 Data hidden by stenography

© Cengage Learning 2012

3

Security+ Guide to Network Security Fundamentals, Fourth Edition

4

Cryptography Process

4

Cryptographic Algorithms

Three categories of cryptographic algorithms

Hash algorithms

Symmetric encryption algorithms

Asymmetric encryption algorithms

Hash algorithms

Most basic type of cryptographic algorithm

Process for creating a unique digital fingerprint for a set of data

Contents cannot be used to reveal original data set

Primarily used for comparison purposes

Security+ Guide to Network Security Fundamentals, Fourth Edition

5

5

Cryptographic Algorithms (cont’d.)

Example of hashing (ATMs)

Bank customer has PIN of 93542

Number is hashed and result stored on card’s magnetic stripe

User inserts card in ATM and enters PIN

ATM hashes the pin using the same algorithm that was used to store PIN on the card

If two values match, user may access ATM

Security+ Guide to Network Security Fundamentals, Fourth Edition

6

6

Security+ Guide to Network Security Fundamentals, Fourth Edition

7

Defeating “Man in the Middle”

7

Cryptographic Algorithms (cont’d.)

Most common hash algorithms

Message Digest

Secure Hash Algorithm

Whirlpool

RIPEMD

Password hashes

Security+ Guide to Network Security Fundamentals, Fourth Edition

8

8

Cryptographic Algorithms (cont’d.)

Message Digest (MD)

Three versions

Message Digest 2

Takes plaintext of any length and creates 128 bit hash

Padding added to make short messages 128 bits

Considered too slow today and rarely used

Message Digest 4

Has flaws and was not widely accepted

Security+ Guide to Network Security Fundamentals, Fourth Edition

9

9

Cryptographic Algorithms (cont’d.)

Message Digest 5

Designed to address MD4’s weaknesses

Message length padded to 512 bits

Weaknesses in compression function could lead to collisions

Some security experts recommend using a more secure hash algorithm

Secure Hash Algorithm (SHA)

More secure than MD

No weaknesses identified

Example of HIT certification requirement

Security+ Guide to Network Security Fundamentals, Fourth Edition

10

10

Cryptographic Algorithms (cont’d.)

Whirlpool

Recent cryptographic hash

Adopted by standards organizations

Creates hash of 512 bits

Race Integrity Primitives Evaluation Message Digest (RIPEMD)

Two different and parallel chains of computation

Results are combined at end of process

Security+ Guide to Network Security Fundamentals, Fourth Edition

11

11

Cryptographic Algorithms (cont’d.)

Password hashes

Used by Microsoft Windows operating systems

LAN Manager hash

New Technology LAN Manager (NTLM) hash

Linux and Apple Mac strengthen password hashes by including random bit sequences

Known as a salt

Make password attacks more difficult

Security+ Guide to Network Security Fundamentals, Fourth Edition

12

12

Symmetric Cryptographic Algorithms

Original cryptographic algorithms

Stream, Monalphabetic Substitute, Transposition, Combine (cipher with plain text) – all fairly simple to crack

OTP (One Time Pad) fairly secure if not reused

Block Cipher (8-16) bytes encrypted independently

All cycle intensive

Security+ Guide to Network Security Fundamentals, Fourth Edition

13

13

Symmetric Cryptographic Algorithms

Data Encryption Standard

Triple Data Encryption Standard

Advanced Encryption Standard

Several other algorithms

Understanding symmetric algorithms

Same shared single key used to encrypt and decrypt document

Security+ Guide to Network Security Fundamentals, Fourth Edition

14

14

Symmetric Cryptographic Algorithms

Data Encryption Standard (DES)

Based on product originally designed in early 1970s

Adopted as a standard by the U.S. government

Triple Data Encryption standard (3DES)

Designed to replace DES

Uses three rounds of encryption

Ciphertext of first round becomes input for second iteration

Most secure versions use different keys used for each round

Security+ Guide to Network Security Fundamentals, Fourth Edition

15

15

Security+ Guide to Network Security Fundamentals, Fourth Edition

16

Figure 11-11 3DES

© Cengage Learning 2012

16

Symmetric Cryptographic Algorithms (cont’d.)

Advanced Encryption Standard (AES)

Symmetric cipher approved by NIST in 2000 as replacement for DES

Official encryption standard used by the U.S. government

Performs three steps on every block of plaintext

Designed to be secure well into the future

Adopted as a certification requirement for HIT in 2008

Security+ Guide to Network Security Fundamentals, Fourth Edition

17

17

Other Algorithms

Rivest Cipher (RC)

Family of cipher algorithms designed by Ron Rivest

International Data Encryption Algorithm (IDEA)

Used in European nations

Block cipher processing 64 bits with a 128-bit key with 8 rounds

Blowfish

Block cipher operating on 64-bit blocks with key lengths from 32-448 bits

No significant weaknesses have been identified

Security+ Guide to Network Security Fundamentals, Fourth Edition

18

18

Asymmetric Cryptographic Algorithms

Weakness of symmetric algorithms

Distributing and maintaining a secure single key among multiple users distributed geographically

Asymmetric cryptographic algorithms

Also known as public key cryptography

Uses two mathematically related keys

Public key available to everyone and freely distributed

Private key known only to individual to whom it belongs

Security+ Guide to Network Security Fundamentals, Fourth Edition

19

19

Asymmetric Cryptographic Algorithms (cont’d.)

Important principles

Key pairs

Public key

Private key

Both directions

Digital signature

Verifies the sender

Prevents sender from disowning the message

Proves message integrity

Security+ Guide to Network Security Fundamentals, Fourth Edition

20

20

Security+ Guide to Network Security Fundamentals, Fourth Edition

21

Figure 11-13 Digital signature

© Cengage Learning 2012

21

Asymmetric Cryptographic Algorithms (cont’d.)

RSA

Published in 1977 and patented by MIT in 1983

Most common asymmetric cryptography algorithm

Uses two large prime numbers

Elliptic curve cryptography (ECC)

Users share one elliptic curve and one point on the curve

Uses less computing power than prime number-based asymmetric cryptography

Key sizes are smaller

Security+ Guide to Network Security Fundamentals, Fourth Edition

22

22

Asymmetric Cryptographic Algorithms

Quantum cryptography

Exploits the properties of microscopic objects such as photons

Does not depend on difficult mathematical problems

Any interruption is noticed see video here

NTRUEncypt

New, only been in existence since 1996

Uses lattice-based cryptography

Relies on a set of points in space

Faster than RSA and ECC

More resistant to quantum computing attacks

Still being vetted

Security+ Guide to Network Security Fundamentals, Fourth Edition

23

23

Using Cryptography

Cryptography

Should be used to secure data that needs to be protected

Can be applied through either software or hardware

Security+ Guide to Network Security Fundamentals, Fourth Edition

24

24

Encryption Through Software

File and file system cryptography

Encryption software can be applied to one or many files

Protecting groups of files

Based on operating system’s file system

Pretty Good Privacy (PGP)

Widely used asymmetric cryptography system

Used for files and e-mails on Windows systems

GNU Privacy Guard (GPG)

Runs on Windows, UNIX, and Linux

Security+ Guide to Network Security Fundamentals, Fourth Edition

25

25

Encryption Through Software (cont’d.)

PGP and GPG use both asymmetric and symmetric cryptography

Microsoft Windows Encrypting File System (EFS)

Cryptography system for Windows

Uses NTFS file system

Tightly integrated with the file system

Encryption and decryption transparent to the user

Users can set encryption attribute for a file in the Advanced Attributes dialog box

Security+ Guide to Network Security Fundamentals, Fourth Edition

26

26

Encryption Through Software (cont’d.)

Whole disk encryption

Protects all data on a hard drive

Example: BitLocker drive encryption software

Not perfect but one more step

Video he erfre

https://www.youtube.com/watch?v=Tr5SgShepME

Security+ Guide to Network Security Fundamentals, Fourth Edition

27

27

Hardware Encryption

Software encryption can be subject to attacks to exploit its vulnerabilities

Cryptography can be embedded in hardware

Provides higher degree of security

Can be applied to USB devices and standard hard drives

Trusted platform module

Hardware security model

Security+ Guide to Network Security Fundamentals, Fourth Edition

28

28

Hardware Encryption (cont’d.)

USB device encryption

Encrypted hardware-based flash drives

Will not connect a computer until correct password has been provided

All data copied to the drive is automatically encrypted

Tamper-resistant external cases

Administrators can remotely control and track activity on the devices

Stolen drives can be remotely disabled

Security+ Guide to Network Security Fundamentals, Fourth Edition

29

29

Hardware Encryption (cont’d.)

Trusted Platform Module (TPM)

Chip on computer’s motherboard that provides cryptographic services

Includes a true random number generator

Entirely done in hardware so cannot be subject to software attack

Prevents computer from booting if files or data have been altered

Prompts for password if hard drive moved to a new computer

Security+ Guide to Network Security Fundamentals, Fourth Edition

30

30

Hardware Encryption (cont’d.)

Hardware Security Module (HSM)

Secure cryptographic processor

Includes onboard key generator and key storage facility

Performs accelerated symmetric and asymmetric encryption

Can provide services to multiple devices over a LAN

One more movie

https://zybersafe.com/video-hardware-based-encryption/

Security+ Guide to Network Security Fundamentals, Fourth Edition

31