Revealed
Agenda
•
Cryptography ?? .
•
Encryption .
•
Symmetric Encryption .
•
Asymmetric Encryption.
•
Diffie

hellman.
•
Hashing .
•
Digital signature .
•
Authentication Protocols .
•
PKI .
•
Cryptosystems .
•
Cryptanalysis .
•
Quantum Cryptography.
. Cryptography is a framework of methodologies used to ensure the CIA
triad for our information ; C for confidentiality , I for Integrity and A for
authenticity.
. The need for cryptographic techs was as old as the need to keep the
critical info secure , safe and authentic . the techs were invented in
different forms that can be compatible with their current age , while the
concept was the same .
. Cryptography was known anciently as Encryption which means : Hiding the
information from unauthorized entities . Various methods were used to
adopt this purpose , it could be implemented manually , mechanically or
even electronically .
Cryptography ??
.
SCYTALE
, is an example for a really old tech that was used to cipher
(encrypt) information . The concept of operation is so simple . Get a long
strip of leather and wind it over a rode like the picture , write the clear
data on the leather over the rod and then unwind it .
. “ HELP ME I AM UNDER ATTACK “ will be
"HENTEIDTLAEAPMRCMUAK“ ,
and it totally depends on the diameter of the rode , which is the key to
decipher the message .
. Nowadays are a bit different , as we are not talking about only encryption
when dealing with cryptography , hashing shares the place with encryption
to form the whole framework (cryptographic framework) ; hashing role is
to ensure the integrity of the message . So , back to the CIA triad ,
encryption is used to insure the confidentiality, hashing is for ensuring the
integrity and a combination of encryption & hashing for ensuring the
authenticity of the message sender .
. Encryption and Hashing can be
considered now as systems that need an
input to deliver an output , this system is
controlled by a set of mathematical
equations which is known as an algorithm.
Encryption
. As we stated before , Encryption is considered as a component of the
cryptographic framework . It’s role is to offer the confidentiality axis of
the CIA triad .
. Recalling the systematic view of
any cryptographic component ,
Encryption needs an input (Clear
message & key) to deliver the
cipher form (output) , this cipher
form to be decrypted (converted to
the clear form ) we shall need a key
and the same algorithm .
. Encryption can be implemented symmetrically or asymmetrically .
. If we are using symmetric encryption , then we will encrypt the clear
message with one key and decrypt it with the same key ; encryptor and
decryptor should have the same key .
. On the other hand , for Asymmetric encryption , the sender will use a key
to encrypt the message and the receiver will use a different key to
decrypt the message , in case we have a bidirectional communication , each
pair will use two keys one of them is public for others and a private key
for himself.
Symmetric Encryption
. To wrap the concept let us discuss a case for three entities that need to
communicate securely using symmetric encryption .
. From the figure , we can conclude
that we will use 9 different private
keys for achieving bidirectional
communication between xyz and
abc .
. We can conclude also that we
need to define a way by which we
can exchange these private keys in
a secure manner between distant
entities .
. We will recall these two
conclusions a bit later .
. DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the
well known symmetric encryption algorithms .
. We will go deeply for DES
and AES
in the Demos section .
Asymmetric Encryption
. Back to the same case that was assumed when using symmetric
encryption.
. ABC and XYZ have their public
keys distributed over each other ,
anyone needs to talk to the other
will use the other’s public key to
encrypt the traffic and the other
will use his own private key to
decrypt the traffic , X will use A’s
public key to encrypt clear traffic
A will receive the cipher to decrypt
it using his own private key .
. Less number of keys and simple
key distribution .
. RSA is the famous asymmetric key encryption algorithm .
Ron
R
ivest ## left
Adi
S
hamir ## Middle
Leonard
A
dleman ## Right
. RSA operation will be discussed
in the Demos section .
. Let us now compare them (symmetric and asymmetric) :
1

Symmetric key encryption suffers from scalability issues ; to achieve a
secure communication between N points , we will need to generate (N(N

1))/2
different keys .
3

Symmetric key encryption requires “ out of band “ secure exchange of keys ,
because , both the communicating parties needs to know about the keys before
proceeding into the communication .
4

Asymmetric key encryption systems are incredibly complex , and that
complexity will surely impact the performance . Asymmetric key encryption is
up to 1000 times slower than symmetric key encryption .
. Now how can we deal with that problem ?!!! , Diffie and Hellman will
answer this question for us .
Diffie

hellman
•
Diffie

Hellman algorithm will use
public key encryption to only
distribute symmetric keys for
communicating parties , symmetric
key encryption will be used to deal
with clear data to create the cipher ,
so we will have no odds :: high
performance using symmetric key
encryption and simple key distribution
process using Diffie

Hellman
algorithm , as we will sure see here
and the demos section .
•
Khaled will generate two (public and private ) keys using his own Diffie

Hellman algorithm , Ali will do the same thing ; both of them will exchange
his own public key , khaled will have his own private key and Ali’s public key
, he will use his Diffie

Hellman algorithm to generate a new private key ;
Ali will have the same private key if he executed the same operation.
Hashing
•
Hashing is the second component of the cryptographic framework , its
role is to ensure the integrity of a message . The most important aspect
of integrity violation is that the target of the attack is not aware about
the violation occurrence , simply , if he knew he will request for a
retransmission .
•
The problem is that I am
communicating with my co

workers basing on a false
information .
•
Hashing is an irreversible
process with no keys , the clear
message is the only input for
the hashing process .
•
The message will be delivered as an input to the hashing system , hashing
system will create message digest (hash) from the clear message , it will
then append the digest to the message and then send them over the
media ; The recipient will have the message to create a new digest and
then compare the two digests .
•
A simple newbie can execute an MITM attack , he will be able to receive
the message with the digest from the sender so as to create a new fake
message with a new generated hash from the fake message (using the
same hashing algorithm) to be sent to the poor receiver .
•
HMAC , the solution for this problem .
•
MD5 and SHA are the most used hashing algorithms , SHA is more secure
than MD5 .
•
We will have a demo for HMAC in the demos section .
Digital signature
•
This is our last step for completing the CIA triad , how can we ensure
authenticity using cryptography !!!
•
Digital signature is a mechanism by which we can authenticate the
message sender on a message basis , each message needs to be
authenticated , this needs to be clarified , digital signature is not a
connection based authentication mechanism like pap , chap , kerborse ,
TACACS ...............
•
Digital signature uses a combination of
encryption and hashing .
•
The message will be hashed , the digest will be encrypted by the
sender private key and then sent with message to the recipient .
•
We have a demo for Digital signature .
Authentication Protocols
•
As we are taking about connection based authentication mechanism ,
we will deal with protocols rather than algorithms . This is to briefly
list famous authentication protocols :
1

PAP
2

CHAP
3

MS

CHAP
4

NTLM
5

EAP
6

PEAP
7

Kerberos
8

TACACS+
9

Radius
10

Diameter
PKI
•
Public Key Infrastructure is a
Trust
Connectivity media , I need to
trust the sender before beginning a new session with him , how can I
know that this public key is the one owned by the real sender; I need
someone between us , someone that I can trust and that can trust this
remote sender .
•
How can I trust you?
Answer: The CA trusts me.
•
How can I know the CA trusts you?
Answer: You can see my certificate
issued by the CA.
.So , PKI is not for authentication,
but it can be considered as a pre

authentication phase .
.We will have a full PKI course .
Cryptosystems
•
Cryptosystem is an implemented form of the cryptographic framework ,
it consists of three components :
1

algorithms : cryptographic engines for doing encryption and hashing .
2

protocols : for establishing connections and negotiating parameters
between the communicating parties .
3

keys : for encryption algorithms .
•
IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are cryptosystems
, some of them provide the full CIA tirade . The only factor that
differentiate between these cryptosystems is the protocol used to
establish the connection and negotiate the parameters .
•
These cryptosystems will be discussed deeply in the VPN course .
Cryptanalysis
•
“ Breaking a cipher doesn't
necessarily mean finding a practical
way for an eavesdropper to recover
the plaintext from just the
ciphertext. In academic
cryptography, the rules are relaxed
considerably. Breaking a cipher
simply means finding a weakness in
the cipher that can be exploited
with a complexity less than brute

force ”
Bruce Schneier
.
Quantum Cryptography
•
“While I like the science of
quantum cryptography

my
undergraduate degree was in
physics

I don't see any
commercial value in it. I don't
believe it solves any security
problem that needs solving. I don't
believe that it's worth paying for,
and I can't imagine anyone but a
few technophiles buying and
deploying it. Systems that use it
don't magically become
unbreakable, because the quantum
part doesn't address the weak
points of the system.
•
”
Bruce Schneier
.
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο