Motivation and Study Techniques to help Cisco

you learn, remember, and pass your

CISSP
X.509 technical exams!
S/MIME CEH
More coming soon...
IDEA Confidentiality

RSA PGP Visit us www.mindcert.com

Key Exchange

Web of Trust not PKI

Between application and transport layers

Uses digital certs Art relating to encrypting and decrypting information
SSL/TLS Cryptography
Hidden to the user
Browser support Cryptanalysis Art relating to converting Ciphertext into plaintext without the secret key

AH IPSec
IPSec Encrypting data on the network
ESP Link Encryption L2TP
WAP
Wireless SSL
WTLS Security Layer Misc Security Applications End-to-end Encryption Encryption from source to system/Client to Server

Definitions
Uses SKIPJACK Denial of sending a message Non-repudiation
An embedded chip Repudiation

Escrow Key stored in two places Clipper Traffic Analysis Inference of information from analysis of traffic

For government to spy on you! Generation of spurious data units

Traffic Padding
Two identical pads/keys
Work Factor Effort/Time needed to overcome a protective measure
Unbreakable
Pads can only be used once One time Pad
relies on physical storage of the pads Replace one letter with another one
Substitution Ciphers
Distribution a NIGHTMARE Monoalphabetic

Hiding text in a .JPG Uses more than one method

Hiding data in another format
Steganography History Transposition Ciphers Transposes the keys
Does not follow a common pattern
Issuing CA CA
Symmetric
SSL Server Encryption Categories Asymmetric
Types of Certificates Hash
For e-mail Personal
Older
Algorithmic
ActiveX Controls Software Publishers Secret algorithm

Systems Newer
The authenticating agency CA Fundamentals Keyed Systems Secrecy is provided by the key
The end user or device listed in the subject field of the X.509 certificate End Entity PKI Known algorithm
Strength of the algorithm
A public document containing the rules of the CA Certificate Policy Statement
Encryption Strength Secrecy of the keys
Terminology
The traceable history of parties who have vouched for this certificate Length of the key
Certification Path

A trusted body that can verify the authenticity of a person or host RA Uses the same key to encrypt and decrypt
Where clients store the Certificate Certificate Repository
CISSP Encrypts data in discrete blocks
Cryptography Data is padded if required
Block Block size usually 64 or 128 bytes long
An answer to the symmetric Key Distribution problem Verification
Ciphers Most popular method
Based on Public Keys and Private Key pairs
Plain text is encrypted with the Encrypts data bit by bit
Only receiver can decrypt it receivers public key
Confidentiality Stream Fastest
Cannot verify stream so not considered as secure as block mode
Authentication
56 bit Key
Hash provides integrity Then encrypted with private key to
create a Digital Signature Industry standard
Encryption with the Private signature
provides Authentication Provided by hashing Integrity Block Cipher
Combats MITM Attacks Diffusion and Confusion
NIST
160 Bits Uses SHA DSS Fast and simple
Single key distribution is problematic
Uses a shared secret to combine with the hash Problems
Faster than using asymmetric with the hash Can be cracked
Hashed Message Authentication Code (HMAC)
SHA HMAC Asymmetric/Public DES Cipher Block Chaining
Variants
MD5 HMAC Key Fundamentals Electronic Code Book
Operating Modes
S/MIME is used for secure emails Symmetric/Private Cipher Feedback
Faster than using the public/private key pair S/MIME Key Fundamentals Output Feedback
S/MIME uses session keys to encrypt the message
Provides confidentiality Spread the influence of a plain text character
Confusion
160 bit P Box
SHA
HASH
Symmetric Algorithms Conceals the statistical connection
128 bit between cipher and plain texts
MD5 Diffusion
HASH S Box

Based on Factoring two large prime numbers Algorithms 112 or 168 bit
RSA 3DES
DES but with two or three keys
Based on elliptic curve discreet logarithms
IDEA 128 bit
Faster than RSA ECC
movianVPN Great for PDAs Variable length
RC4

Blowfish 1-448 bit

Repeated use of a key makes it easier to crack
Both sender and receiver must have the same key Up to 256 bit
Key Distribution and Two Fish
Based on modular arithmetic Key Distribution
Can use DH Management Issues 128, 192, or 256 bit
Rijndael
AES
Supports smart cards and 32, 64 bit processors
NIST competition winner

CISSP Cryptography.mmap - 01/05/2008 - Andrew Mason