CCNA Security v2.0 Chapter 7: Cryptographic Systems.

CCNA Security v2.0

Chapter 7:

Cryptographic Systems

Chapter Outline

7.0 Introduction

7.1 Cryptographic Services

7.2 Basic Integrity and Authenticity

7.3 Confidentiality

7.4 Public Key Cryptography

7.5 Summary

Section 7.1:Cryptographic Services

Upon completion of this section, you should be able to:

• Explain the requirements of secure communications including integrity, authentication, and confidentiality.

• Explain cryptography.

• Describe cryptoanalysis.

• Describe cryptology.

Topic 7.1.1:Securing Communications

Authentication, Integrity, and Confidentiality

Authentication

Data Integrity

Data Confidentiality

Topic 7.1.2:Cryptography

Creating Ciphertext

Ciphertext can be creating using several methods:

• Transposition

• Substitution

• One-time pad

Transposition Ciphers

Substitution Ciphers

One-Time Pad Ciphers

Topic 7.1.3:Cryptanalysis

Cracking Code

Methods for Cracking Code

Methods used for cryptanalysis:

• Brute-force method

• Ciphertext method

• Known-Plaintext method

• Chosen-Plaintext method

• Chosen-Ciphertext method

• Meet-in-the-Middle method

Methods for Cracking Code

Frequency Analysis of the English Alphabet

Deciphering Using Frequency Analysis

Topic 7.1.4:Cryptology

Making and Breaking Secret Codes

Cryptanalysis

The Secret is in the Keys

Section 7.2:Basic Integrity and Authenticity

Upon completion of the section, you should be able to:

• Describe the purpose of cryptographic hashes.

• Explain how MD5 and SHA-1 are used to secure data communications.

• Describe authenticity with HMAC.

• Describe the components of key management.

Topic 7.2.1:Cryptographic Hashes

Cryptographic Hash Function

Cryptographic Hash Function Properties

Well-Known Hash Functions

Topic 7.2.2:Integrity with MD5, SHA-1, and SHA-2

Message Digest 5 Algorithm

Secure Hash Algorithm

MD5 Versus SHA

Topic 7.2.3:Authenticity with HMAC

Keyed-Hash Message Authentication Code

HMAC Operation

Hashing in Cisco Products

Topic 7.2.4:Key Management

Characteristics of Key Management

Key Length and Keyspace

The Keyspace

Types of Cryptographic Keys

Types of cryptographic keys:

• Symmetric keys

• Asymmetric keys

• Digital signatures

• Hash keys

Choosing Cryptographic Keys

Section 7.3:Confidentiality

• Explain how encryption algorithms provide confidentiality.

• Explain the function of the DES, 3DES, and the AES algorithms .

• Describe the function of the Software Encrypted Algorithm (SEAL) and the Rivest ciphers (RC) algorithms.

Topic 7.3.1:Encryption

Two Classes of Encryption Algorithms

Symmetric and Asymmetric Encryption

Symmetric Encryption

Symmetric Block Ciphers and Stream Ciphers

Choosing an Encryption Algorithm

Topic 7.3.2:Data Encryption Standard

DES Symmetric Encryption

DES Summary

Improving DES with 3DES

3DES Operation

AES Origins

AES Summary

Topic 7.3.3:Alternate Encryption Algorithms

Software-Optimized Encryption Algorithm (SEAL)

SEAL has several restrictions:

• The Cisco router and the peer must support IPsec.

• The Cisco router and the other peer must run an IOS image that supports encryption.

• The router and the peer must not have hardware IPsec encryption.

RC Algorithms

Topic 7.3.4:Diffie-Hellman Key Exchange

Diffie-Hellman (DH) Algorithm

DH Operation

Section 7.4:Public Key Cryptography

• Explain the differences between symmetric and asymmetric encryptions and their intended applications.

• Explain the functionality of digital signatures.

• Explain the principles of a public key infrastructure (PKI).

Topic 7.4.1:Symmetric Versus Asymmetric Encryption

Asymmetric Key Algorithms

Four protocols that use asymmetric key algorithms:

• Internet Key Exchange (IKE)

• Secure Socket Layer (SSL)

• Secure Shell (SSH)

• Pretty Good Privacy (PGP)

Public Key + Private Key = Confidentiality

Private Key + Public Key = Authenticity

Asymmetric AlgorithmsPlease use all 4Figs from this page with the Graphic titles as they tell a story. It may require 2 slides.

Alice Encrypts Message Using Bob’s Public Key

Alice Encrypts A Hash Using Bob’s Public Key

Asymmetric AlgorithmsBob Uses Alice’s Public Key to Decrypt Hash

Bob Uses His Public Key to Decrypt Message

Types of Asymmetric Algorithms

Topic 7.4.2:Digital Signatures

Using Digital Signatures

Digital Signature Properties:

• Signature is authentic

• Signature is unalterable

• Signature is not reusable

• Signature cannot be repudiated

Code Signing

Digitally signing code provides several assurances about the code:

• The code is authentic and is actually sourced by the publisher.

• The code has not been modified since it left the software publisher.

• The publisher undeniably published the code.

Digital Certificates

Using Digital Certificates

Sending a Digital Certificate

Receiving a Digital Certificate

Digital Signature Algorithms

DSA Scorecard

RSA Scorecard

Topic 7.4.3:Public Key Infrastructure

Public Key Infrastructure Overview

PKI Framework

PKI Example

Elements of the PKI Framework

Certificate Authorities

Interoperability of Different PKI Vendors

Public-Key Cryptography Standards

Simple Certificate Enrollment Protocol

PKI Topologies

Hierarchical CA

Cross Certified CA

Single-Root PKI Topology

Registration Authority

Digital Certificates and CAs

Retrieving CA Certificates

Submitting Certificate Requests to the CA

Digital Certificates and CAs

Peers Authenticate Each Other

Section 7.5:Summary

Chapter Objectives:

• Explain the areas of cryptology.

• Explain to two kinds of encryption algorithms.

Thank you.

Instructor Resources

• Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com)

• These resources cover a variety of topics including navigation, assessments, and assignments.

• A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes.

CCNA Security v2.0 Chapter 7: Cryptographic Systems.

Documents

Transcript of CCNA Security v2.0 Chapter 7: Cryptographic Systems.

CCNA Security 012- cryptographic systems

PKCS #15 v1.0: Cryptographic Token Information Format Standard · 2000. 3. 6. · • RSA Laboratories PKCS #5 v2.0: Password-Based Cryptography Standard. • RSA Laboratories PKCS

Cryptographic Sboxes - Šibenik, Croatiasummerschool-croatia.cs.ru.nl/2014/slides/Cryptographic S-Boxes.pdf · Cryptographic Sboxes Anne Canteaut Anne.Canteaut@inria.fr Summer School,

Samsung Kernel Cryptographic Module - CSRC · The Samsung Kernel Cryptographic Module is a software only security level 1 cryptographic module that provides general-purpose cryptographic

Cryptographic Techniques

Cryptographic Algorithm

CCNA portable command guide (CCNA learners)

CCNA Training » CCNA Access List Sim.pdf

Specialist Training· CCNA Security CCNA Voice CCNA · PDF fileCCNA Security, CCNA Voice, CCNA Wireless. CCNA ... Secure ACS; Secure Management ... † Cisco Unity Express Introduction

cryptographic security

ccna training | ccna training videos | ccna online training | ccna training course

CCNA 2 Final Exam V4.0 Answers - CCNA Answers - CCNA Exam - CCNA Exams

CCNA Security Notes - informatique-gratuit.com reseau/CISCO/livres... · Cisco CCNA Security Notes (640-553) ... Ethernet II (DIX v2.0) Ethernet (with Frame type field) 802.3 Ethernet

Cryptographic Future

Barracuda Cryptographic Software Module - NIST · 2015. 2. 19. · The Barracuda Cryptographic Software Module is a cryptographic software library that provides fundamental cryptographic

CCNA Self-Study CCNA Portable Command Guideshinrainc.wikispaces.com/file/view/CCNA+Portable... · 800 East 96th Street Indianapolis, IN 46240 USA Cisco Press CCNA Self-Study CCNA

Cisco Certified Network Associate CCNA - JuanEstrellajuanestrella.com/ccna/CCNA_Course_Presentation.pdf · Cisco Certified Network Associate (CCNA) ... CCNA certification expires

CCNA Trainingcc» New CCNA – Frame Relay

Cryptographic Engine

CCNA Security v2.0 Chapter 11: Managing a Secure Network.