Information about Security Training: #2 Cryptography Basics

Presentation Path Introduction Symmetric Cryptography Asymmetric Cryptography Certificates and Key Management Email Security Network Protocols Security Technical Choices Questions Appendix 2

Introduction

Introduction>Cryptography for Security Confidentiality Encryption/Decryption Integrity Hashing Keyed Hashing or MAC (Message Authentication Code) Digital Signatures Authentication Keyed Hashing or MAC (Message Authentication Code) Digital Signatures Hashing Non-Repudiation Digital Signatures 4

Introduction>Basic Terms Encryption/Decryption Plain Text Cipher Text Cipher Key 5

Introduction>Cryptography Flavors Symmetric Cryptography Synonyms: Private Key, Secret Key, Shared Key, One Key, Single Key Asymmetric Cryptography Synonyms: Public Key 6

Symmetric Cryptography

Symmetric Cryptography Block ciphers Stream ciphers Other Cryptographic hash functions (Hashing) MAC - Message Authentication Codes (Keyed Hashing) 8

Symmetric Cryptography>Block Ciphers 9

Symmetric Cryptography>Block Ciphers DES (Data Encryption Standard) 56 bit key size Secure? NO! 3DES (Triple DES) 56-bit key size. 1 or 2 or 3 keys used. Max: 168 bits Secure? ALMOST (using 3 different keys) AES (Advanced Encryption Standard) or Rijndael [rɛindal] 128/192/256 bit key size Secure? 128 bit – for dynamic data, 192 bit – ALMOST, 256 – YES (Currently) 6 times faster than 3DES !!! RC2 Variable key size Secure? Vulnerable to related key attack using 2^34 chosen plaintexts 10

Symmetric Cryptography>Stream Ciphers RC4 Variable key size (typically 40-256 bit) eSTREAM Portfolio HC-256 (256 bit key size) Rabbit (128 bit key size) Salsa20 (256 bit key size) SOSEMANUK (128-256 bit key size, use 128) 11

Symmetric Cryptography>Hash Functions The ideal hash function properties: easy to compute the hash for any given data extremely difficult to construct a text that has a given hash extremely difficult to modify a given text without changing its hash extremely unlikely that two different messages will have the same hash SHA-1 (160 bit) MD5 (128 bit) SHA-2 (SHA-256/224, SHA-512/384) SHA-3 (In development) SHA-1 fox: the quick red fox: the quick red box: ff0f0a8b656f0b44c26933acd2e367b6c1211290 0fa561fd7e9cf714d5f94c422106ec8979c0c147 a6b613310c301411300cc742ac5bf205728b78cb 12

Symmetric Cryptography>MAC Algorithms MAC – Message Authentication Code UMAC (AES) HMAC (MD5 or SHA-1) CMAC (AES) 13

Symmetric Cryptography>Pros and Cons Speed Key Management 14

Symmetric Cryptography>Dev Choices Encryption/Decryption – AES 192 bit key – volatile data 256 bit key – sensitive data Hashing MD5 – integrity checks SHA-256 – password hashing MAC HMAC, UMAC CHANGE PRIVATE KEYS REGULARLY!!! 15

Asymmetric Cryptography

Asymmetric Cryptography Public Key Encryption Digital Signatures Public Key Certificates 17

Asymmetric Cryptography>Encryption RSA Diffie-Hellman key exchange ECC (Elliptic Curve Cryptography) (Elliptic curve: y2 = x3 + ax + b ) 18

Asymmetric Cryptography>Digital Signing DSA (Digital Signature Algorithm) RSA ECDSA (Elliptic Curve DSA) 19

Asymmetric Cryptography>Pros and Cons No Shared Secret Speed 20

Asymmetric Cryptography>Dev Choices Encryption - RSA 1024 bit key – volatile data 2048 bit key - sensitive data Digital Signing – DSA 2048 bit key – beyond 2010 3072 bit key – beyond 2030 MANDATORY PUBLIC KEY INFRASTRUCTURE!!! 21

Certificates and Key Management

Key Management Key Management generation exchange storage safeguarding use vetting replacement Flavors PKI (Public Key Infrastructure) X.509 Web Of Trust PGP 23

Key Management>Digital Certificate X.509 PGP (Pretty Good Privacy) 24

Key Management>PKI 25

Asymmetric Cryptography>Web Of Trust 26

Email Security

Email Security ESMTP S/MIME OpenPGP 28

Email Security>Extended SMTP SMTP security extensions SMTP-AUTH STARTTLS 29

Email Security>S/MIME and OpenPGP Mandatory features S/MIME v3 OpenPGP Message format Binary, based on CMS Binary, based on previous PGP Certificate format Binary, based on X.509v3 Binary, based on previous PGP Symmetric encryption algorithm TripleDES (DES EDE3 CBC) TripleDES (DES EDE3 Eccentric CFB) Signature algorithm Diffie-Hellman (X9.42) with DSS or RSA ElGamal with DSS Hash algorithm SHA-1 SHA-1 MIME encapsulation of signed data Choice of multipart/signed or CMS format multipart/signed with ASCII armor MIME encapsulation of encrypted data application/pkcs7-mime multipart/encrypted 30

Network Cryptographic Protocols

Cryptographic Protocols IPSec Kerberos NTLM TLS/SSL SSH 32

Cryptography Technical Choices

Cryptography Technical Choices Use a hash when you want a way of verifying that data has not been tampered with in transit. Use a keyed hash when you want to prove that an entity knows a secret without sending the secret back and forth, or you want to defend against interception during transit by using a simple hash. Use encryption when you want to hide data when being sent across an insecure medium or when making the data persistent. Use a certificate when you want to verify the person claiming to be the owner of the public key. Use symmetric encryption for speed and when both parties share the key in advance. Use asymmetric encryption when you want to safely exchange data across an insecure medium. Use a digital signature when you want authentication and non-repudiation. Use a salt value (a cryptographically generated random number) to defend against dictionary attacks. 34

Questions…

Appendix

Appendix>Cryptography Map 37

Appendix>References and Resources Wikipedia Information Security Network Security Cryptography SANS Software Security Institute Application Security Resources Research Library Microsoft Patterns & Practices Security Guidance Michael Howard's Web Log J.D. Meier's Blog OWASP 38

The first training session is on Cryptography Basics. ... A Microsoft Premier Field Engineer's blog on Cloud and Security ... (2) All of 2015 (4 ...

Read more

Learn about encryption and cryptography basics as well as different types of ... Information Security Careers, Training and ... (see Figure 2).

Read more

Covers Symmetric Cryptography, ... PKI Training: Cryptography Basics Part 2 ... Information Security—Before & After Public-Key ...

Read more

Cryptography Training Basics. ... They hold security conferences that offer comprehensive skill training. 2. Cryptography ... 2. Information Security ...

Read more

... we will try to learn the basics of cryptography. ... 2. Authentication. ... hardware, security and web.

Read more

Network Security Basics ... Layer 2 and BGP Security ... 2 Cryptography Plaintext ENCRYPTION ALGORITHM

Read more

Cryptography Basics Contact: training@apnic.net eSEC02_v1.0 . ... information security ... K2 (E K1 (P i)))

Read more

... Intro to Information Security. ... Introduction to Information Security training course is for you. ... SEC301.2: Computer Numbers and Cryptography.

Read more

## Add a comment