PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)

Introduction to cryptography II.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Hashing basics.

– Additional cryptography topics.

PACE-IT.

Hashing basics.Introduction to cryptography II.

Hashing basics.

The idea behind hashing is to create a method of easily verifying the integrity (or authenticity) of a set of data.

The process involves using an algorithm on the data to create a unique value that can be used to verify the data set. This value is known as the hashed value (or message digest). No matter how many times the data set is run through the hashing algorithm, the same hashed value is derived (as long as the same algorithm is used). The message digest can also be known as a one-way hashed value. This is because it is impossible to take a hashed value and determine what the data is—helping to keep the data secure.


Hashing basics.

– Hashing concepts.» Hashing algorithms do not work on the header of a file.

• No matter how many times the header of the file changes (e.g., changing the name of a file), the hashed value of the data remains the same.

» The hashed value returned is a fixed length that depends on which algorithm is used.

• A specific algorithm will always generate the same size hash.

» It is theoretically possible to recreate a hashed value by running enough data through the hashing algorithm.

• When two hashed values are the same, it is called a collision.

• This is the concept behind a birthday attack.

– HMAC (hash-based message authentication code).

» The process of using a secret key (a data value only known to the communicating parties) combined with the data set to derive the hashed value.

• Provides an authentication check—verifying the identity of the sender—as well as an integrity check of the data.


Hashing basics.

– Common hashing algorithms.» MD (Message Digest): created by Ron Rivest.

• MD5 is the current standard used and always returns a 128-bit hashed value.

» SHA (Secure Hash Algorithm) created by the National Security Agency (NSA).

• SHA-1 is the most popular of the versions of SHA and returns a 160-bit hashed value.

• SHA-256 is a newer version that returns a 256-bit hashed value.

• SHA-512 is also a newer version that returns a 512-bit hashed value.


Additional cryptography topics.Introduction to cryptography II.

Additional cryptography topics.

– Key escrow.» The process of storing or giving encryption keys to a

third party; the third party can then use the keys to decrypt any messages that use those keys (in some cases, governmental agencies have required the turning over of encryption keys to aid in investigations).

• Highly controversial.

– Ephemeral key.» A temporary key that is used to encrypt a single

message within a communication channel.• Reduces the chances that a hacker will acquire a key

set and be able to decrypt the messages.

– Perfect forward secrecy.» A process that generates a random public key

(ephemeral key) for each session, so that the private key exchange can be kept secure.



– Digital signature.» Created to digitally sign messages in order to prove the

integrity of the sender.• A message digest is created from a set of data and

then encrypted with the sender’s private key. The receiver decrypts the hashed value with the sender’s public key and then verifies the hashed values.

• Also provides a means of non-repudiation—the sender can’t deny that he or she is the entity that sent the message.

– Elliptic curve.» A newer asymmetrical encryption algorithm that

employs Diffie-Hellman for the exchange of keys and the Digital Signature Algorithm (DSA) for the digital signature.

– Quantum cryptography.» Encryption standard that is used with fiber optic

communication to determine if the message has been intercepted.

• Relies upon the fact that any interaction with the photons in transit will cause the state of the photons to change.


What was covered.Introduction to cryptography II.

The idea behind hashing is to create a method of easily verifying the integrity (or authenticity) of a set of data. Hashing only works on data, not on file headers. Hashing algorithms always return the same size hashed value. HMAC can be used for both authentication and integrity purposes. Common hashing algorithms include: MD5, SHA-1, SHA-256, and SHA-512.

Topic

Hashing basics.

Summary

Key escrow is where a third party stores the keys used for encryption purposes (a very controversial topic). Ephemeral keys are where a random public key is generated on a single message in a communication session. Perfect forward secrecy is used to aid in the encryption key exchange process by using ephemeral keys. Digital signatures are used to prove the integrity of the sender and can be used for non-repudiation purposes. Elliptic curve is a newer asymmetric encryption standard that uses a combination of DH and DSA. Quantum cryptography is used on fiber optic networks and can be used to determine if the message has been viewed by unauthorized parties.


THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)

Education

Transcript of PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)