Team 6 Decrypting Encryption

Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily

Encryption

Encryption (!@#$%^&)• Convert data into scramble data (cipher text)

• Information privacyAssurances• Data not modified• Viewed by intended recipient • Received at intended destination

Encryption

KeyEncryption

Key Encryption• Random string of character

Key Encryption

Private and Public Key Encryption

Private Key Encryption Private Key

YoAlice

#dasf^&*

#dasf^&*

YoAlice

Encrypt DecryptBOBBOB ALICE

Private Key Private Key

Private Key Encryption

Public Key EncryptionUse two Keys• Private key• Public Key

Public Key Encryption

Public Key Encryption Public Key

YoAlice

#dasf^&*

#dasf^&*

YoAlice

Encrypt DecryptBOBBOB ALICE

Public Key Private Key

Public Key Encryption

PGP (Pretty Good Privacy)

Raw file Sign file with private key

Encrypt file with public key

Encrypted and signed file

Decrypt file with private key

Verify signature with public key

Email

Pretty Good Privacy

SSL (Secure Sockets Layer)

Secure Socket Layer

SSH (Secure Shell)

Secure Shell

• Commonly used for remote access like VPN

Public keys are placed on the computers that should allow access.

(So its more like a lock)

Private key allows access to computers locked with the public keys

SCP(Secure CoPy)

&

SFTP(Secure File Transfer Protocol)

• Extension of OpenSSH• Replaces insecure FTP• Uses TCP Port 22• Included on UNIX, Linux, and Macintosh OS X operating systems

Below is a conversion between lsu’s server and my MAC Charless-MacBook-Pro:~ csheefel3$ scp csheefel@lsu.edu:geog2250 testThe authenticity of host 'lsu.edu (130.39.253.217)' can't be established.RSA key fingerprint is 52:fd:fa:74:40:a7:c4:03:8f:04:7b:78:c8:ea:e8:68.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'lsu.edu,130.39.253.217' (RSA) to the list of known hosts.\033[H\033[2JNOTICE: This is the Louisiana State University computer system, which may beaccessed and used only by authorized persons. LSU reserves the right to reviewand/or monitor system transactions for compliance with its policies and/orapplicable law. Upon reasonable cause, LSU may disclose such transactions toauthorized persons for official purposes, including criminal and otherinvestigations, and permit the monitoring of system transactions by lawenforcement agencies. Access or use of this computer system by any person,whether authorized or unauthorized, constitutes consent to these terms.csheefel@lsu.edu's password:

SCP (Secure CoPy)

• Using SCP• Ideal for quick transfer of single files. • Syntax is similar to the Unix copy command.

For demonstration purposes, we'll use two computers (Kari’s desktop and CEBALab001) with the usernames Kari and kwaltersscp path/to/file kwalters@remote.computer:path/to/destination

If Kari wanted to transfer the a file called example.txt from Kari’s home directory on Kari’s desktop to Kari’s home directory on CEBALab001, the command might look like this:scp /home/Kari/example.txt kwalters@CEBALab001.lsu.edu:/home/kwalters/

If Kari wanted to transfer a file from CEBALab001 to Kari’s desktop, she could type something like this:scp kwalters@CEBALab001.lsu.edu:/home/kwalters/example.txt /home/Kari/

If Kari needed to copy an entire directory, Kari would need to use the recursive flag, like this:scp -r Karidirectory kwalters@CEBALab001.lsu.edu:/home/kwalters/

SCP (Secure CoPy)

• Uses Propriety SSH• Connects like FTP• Not as widely supported• Five main commands: ls, get, put, cd, and

lcd.• Designed by IETF• Used to transport multiple files• Latest Version 6*

SFTP (Secure File Transfer Protocol)

IPSec(Internet Protocol Security)

• Operates at Network Layer• Adds information to headers of IP packets• Designed by IETF• Works on any TCP/IP Transmission• Native IPv6 Standard• Authentication

1. Phase 1 Key Management: IKE on port 5002. Phase 2 Encryption: AH and ESP

IPSec (Internet Protocol Security)

VPN concentrator• Establish VPN Connection• Authenticates VPN Clients• Location: edge of private network

IPSec (Internet Protocol Security)

• Modes1. Transport Mode- Encapsulated Header Intact 2. Tunnel Mode – New Encapsulated Header

IPSec (Internet Protocol Security)

Any Questions?