information security & cryptographic principles. infosec and cryptography subjects / topics : 1....
TRANSCRIPT
![Page 1: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/1.jpg)
Information Security&
Cryptographic Principles
![Page 2: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/2.jpg)
Infosec and Cryptography
Subjects / Topics :
1. Introduction to computer cryptography 2. Single key cryptographic algorithms 3. Public key cryptographic algorithms 4. Crypto Applications 5. Business Continuity
![Page 3: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/3.jpg)
Intranet
Extranet
InternetAliceBob
There are Confidence and Trust Issues …
Basic Problem
![Page 4: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/4.jpg)
Multiple Security Issues
Privacy
Integrity
Authentication
Non-repudiation
Not sent not received
Interception Spoofing
Modification Proof of parties involved
Claims
![Page 5: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/5.jpg)
Information Security
Integrity Availability
Confidentiality
![Page 6: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/6.jpg)
Security Services
IntegrityInformation has not been altered
ConfidentialityContent hidden during transport
AuthenticationIdentity of originator confirmed
Non-RepudiationOriginator cannot repudiate transaction
![Page 7: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/7.jpg)
Some confidential text (message) in clear (readable) form
Data Confidentiality
![Page 8: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/8.jpg)
Some confidential text (message) in clear (readable) form
Someconfid entialtext essage) in clear
E n c r y p t i o n E n c r y p t i o n
Cryptography
![Page 9: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/9.jpg)
Some confidential text (message) in clear (readable) form
D e c r y p t i o n D e c r y p t i o n
Someconfid entialtext essage) in clear
Cryptography
![Page 10: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/10.jpg)
Some confidential text (message) in clear (readable) form
SomeconfiEntialteessage)in clear
Crypto Transformations
![Page 11: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/11.jpg)
Some confidential text (message) in clear (readable) form
Crypto Transformations
SomeconfiEntialteessage)in clear
![Page 12: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/12.jpg)
Some confidential text (message) in clear (readable) form
Crypto key
Parameterization
Someconfid entialtext essage) in clear
Someconfid entialtext essage) in clear
Someconfid entialtext essage) in clear
Someconfid entialtext essage) in clear
Someconfid entialtext essage) in clear
Someconfid entialtext essage) in clear
Someconfid entialtext essage) in clear
SomeconfiEntialteessage)in clear
![Page 13: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/13.jpg)
Infosec and Cryptography
Subjects / Topics :
1. Introduction to computer cryptography 2. Single key cryptographic algorithms 3. Public key cryptographic algorithms 4. Crypto Applications 5. Business Continuity
![Page 14: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/14.jpg)
Some confidential text (message) in clear (readable) form
SomeconfidEntialtext essage) in clear
E n c r y p t i o n E n c r y p t i o n
D e c r y p t i o n D e c r y p t i o n
Crypto key
Single Key Crypto
![Page 15: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/15.jpg)
How to design good cryptographic systems ?
What does it mean good crypto system ?
Design . . . ?
![Page 16: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/16.jpg)
1. Simple for users 2. Complicated for intruders 3. Public algorithm 4. Secret key 5. Large number of combinations 6. Special properties
Principles
![Page 17: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/17.jpg)
1. AES 2. IDEA 3. Triple - DES 4. RC-2 5. RC-4 6. Blowfish
Other Symmetric Algorithms
![Page 18: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/18.jpg)
Infosec and Cryptography
Subjects / Topics :
1. Introduction to computer cryptography 2. Single key cryptographic algorithms 3. Public key cryptographic algorithms 4. Crypto Applications 5. Business Continuity
![Page 19: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/19.jpg)
Some confidential text (message) in clear (readable) form
Someconfi entialtext essage) in clear
E n c r y p t i o n E n c r y p t i o n
D e c r y p t i o n D e c r y p t i o n
Crypto key
Secret Key Systems
![Page 20: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/20.jpg)
?
Key Exchange
![Page 21: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/21.jpg)
Public Key Cryptography
Some confidential text (message) in clear (readable) form
EncryptionEncryption
Key 1
Key 2Someconfi entialtext essage) in clear
DecryptionDecryption
![Page 22: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/22.jpg)
Public Key Cryptography
MSG EncryptionEncryption
Bob Public
Bob
tia DecryptionDecryption MSG
Alice
Alice Public
Bob Private Alice Private
Digital Signature … Authentication … Non-Repudiation
![Page 23: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/23.jpg)
Public Key Cryptography
MSG EncryptionEncryption
Bob Public
Bob
tia DecryptionDecryption MSG
Alice
Alice Public
Bob Private Alice Private
Confidentiality
![Page 24: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/24.jpg)
Symmetric: Faster than asymmetric, hard to break with large key, hard to distribute keys, too many keys required, cannot authenticate or provide non-repudiation.
Includes: DES, Triple DES, Blowfish, IDEA, RC4,
RC5, RC6, AES
Symmetric and Asymmetric Encryption
![Page 25: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/25.jpg)
Asymmetric cryptography: Better at key distribution, better scalability for large systems, can provide authentication and non-repudiation, slow, math intensive
Includes: RSA, ECC, Diffie Hellman, El Gamal, DSA, Knapsack, PGP
Symmetric and Asymmetric Encryption
![Page 26: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/26.jpg)
Infosec and Cryptography
Subjects / Topics :
1. Introduction to computer cryptography 2. Single key cryptographic algorithms 3. Public key cryptographic algorithms 4. Crypto Applications 5. Business Continuity
![Page 27: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/27.jpg)
1. Digital signature
2. Digital enveloping
3. Digital certificates
4. Secret key exchange
Crypto Applications
![Page 28: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/28.jpg)
A Digital Signature is a data item that vouches for the origin and the integrity of a Message
Intranet
ExtranetInternet
AliceBob
Digital Signature
![Page 29: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/29.jpg)
Hash Function
Message
Signature
Private Key Encryption
Digest
Message
Decryption
Public Key
Expected
Digest
Actual
Digest
Hash Function
Signer ReceiverChannel
DigestAlgorithm Digest
Algorithm
Digital Signature
![Page 30: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/30.jpg)
“Real Identity” of the Signer.
Why should I trust what the Sender claims to
be ?
Moving towards PKI …
Digital Signature
![Page 31: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/31.jpg)
A Digital Certificate is a binding
between an entity’s Public Key
and one or more Attributes related to its Identity.
The entity can be a Person, an Hardware Component, a Service,
etc.
A Digital Certificate is issued (and signed) by someone :
Usually the issuer is a Trusted Third Party
Digital Certificate
![Page 32: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/32.jpg)
CERTIFICATE
Issuer
Subject
Issuer Digital Signature
Subject Public Key
Digital Certificate
![Page 33: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/33.jpg)
How are Digital Certificates Issued?
Who is issuing them?
Why should I Trust the Certificate Issuer?
How can I check if a Certificate is valid?
How can I revoke a Certificate?
Who is revoking Certificates?Moving towards PKI …
Digital Certificate
![Page 34: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/34.jpg)
Infosec and Cryptography
Subjects / Topics :
1. Introduction to computer cryptography 2. Single key cryptographic algorithms 3. Public key cryptographic algorithms 4. Crypto Applications 5. Business Continuity
![Page 35: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/35.jpg)
Business Continuity and Disaster Recovery
Businesses are more susceptible to failure after a disaster
Goal• To minimize disaster aftermath and ensure resources,
personnel, and business processes resume
By• Planning measures• Backing up data and hardware• Getting the right people in place
Requirements• Management support• Driving the project, top-down approach• Must understand value of investing in BCP
– Returns can be priceless
![Page 36: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/36.jpg)
Business Continuity Steps
Steps• Develop the continuity planning policy statement• Conduct the business impact analysis (BIA)• Identify preventive controls• Develop recovery strategies• Develop the contingency plan• Test the plan and conduct training and exercises• Maintain the plan
Understanding the Organization
![Page 37: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/37.jpg)
Business Continuity Plan
![Page 38: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/38.jpg)
Business Impact AnalysisBIA
• Considered a functional analysis• Team collects data in variety of ways• Maps out following characteristics:
– Maximum tolerable downtime– Operational disruption and productivity– Financial considerations– Regulatory responsibilities– Reputation
• Understand the variety of possible threats• Must go through all possible scenarios
![Page 39: Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction](https://reader036.vdocuments.us/reader036/viewer/2022062313/56649cc95503460f9499139b/html5/thumbnails/39.jpg)
Questions