Chapter 7:

Sistemas criptográficos

CCNA Security v2.0

Raul Bareño Gutierrez
UCC
 7.0 Introducción
7.1 Servicios criptográficos
7.2 Integridad y autenticidad
básicas
7.3 Confidencialidad
7.4 Criptografía de clave pública
7.5 Resumen

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Al completar esta sección, debería poder:
Explique los requisitos de las comunicaciones seguras, incluida la integridad, la
autenticación y la confidencialidad.

Explica la criptografía.

Describe el criptoanálisis.

Describe la criptología.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 • El texto cifrado se puede crear utilizando varios
métodos:
• Transposición

• Sustitución

• De bloc de una sola vez o un solo uso

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 xxxx

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Un cifrado de teletipo en el que se
guardaba en cinta de papel una clave
preparada que consistía en una
secuencia de números arbitrariamente
larga y no repetida.

Luego se combinó carácter por

carácter con el mensaje de texto plano
para producir el texto cifrado.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Métodos utilizados para el criptoanálisis:
Método de fuerza bruta
Método de texto cifrado
Método de texto sin formato conocido
Método de texto sin formato elegido
Método de texto con cifrado elegido
Método de encuentro en el medio

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
 Con frecuencia se hace usos
del Análisis del alfabeto inglés

Descifrar mediante análisis de

frecuencia

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
 Una vez completada la sección, debería poder:
Describe el propósito de los hash criptográficos.
Explique cómo se utilizan MD5 y SHA-1 para proteger las comunicaciones de
datos.
Describe la autenticidad con HMAC.
Describe los componentes de la gestión de claves.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
 Tipos de claves criptográficas:
Llaves simétricas
Llaves asimétricas
Firmas digitales
Llaves de hash

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
 Una vez completada la sección, debería poder:

Explique cómo los algoritmos de cifrado brindan confidencialidad.

Explique la función de los algoritmos DES, 3DES y AES.

Describir la función del algoritmo cifrado por software (SEAL) y los algoritmos de
cifrado Rivest (RC).

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
 SEAL tiene varias restricciones:
El router Cisco y el par deben admitir IPsec.
El router Cisco y el par deben ejecutar una imagen IOS que admita cifrado.
El router y el par no deben tener cifrado IPsec de hardware.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
 Una vez completada la sección, debería poder:

Explique las diferencias entre encriptaciones simétricas y asimétricas y sus

aplicaciones previstas.

Explique la funcionalidad de las firmas digitales.

Explicar los principios de una infraestructura de clave pública (PKI).

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Cuatro protocolos que utilizan algoritmos de clave asimétrica:
Intercambio de claves de Internet (IKE)
Capa de conexión segura (SSL)
Shell seguro (SSH)
Privacidad bastante buena (PGP)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
 Alice cifra el mensaje con la clave Alice cifra un hash con la clave
pública de Bob pública de Bob

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
 Bob usa la clave pública de Bob usa su clave pública para
Alice para descifrar hash descifrar el mensaje

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Propiedades de la firma digital:
La firma es auténtica

La firma es inalterable

La firma no es reutilizable

La firma no puede ser repudiada

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
El código de firma digital proporciona varias garantías sobre el código:

El código es auténtico y en realidad lo obtiene el editor.

El código no se ha modificado desde que salió del editor del software.

Sin lugar a dudas, el editor publicó el código.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
 Envío de un certificado digital

Recibir un certificado digital

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Características de RSA

Características de DSA

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
 Elementos del marco PKI

Ejemplo de PKI

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
 Topología PKI de raíz única

CA con certificación cruzada

CA jerárquica

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
 Recuperación de certificados de CA

Envío de solicitudes de certificado a la CA

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
 Los pares se autentican entre sí

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
 Objetivos del capítulo:

Explica las áreas de la criptología.

Explique dos tipos de algoritmos de cifrado.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Thank you.