CCNA Security

640-554
Chapter 7: Cryptographic Systems
2

A network LAN can be secured through:

Device hardening
AAA access control
Firewall features
IPS i!leentations

"ow is network traffic !rotected when traversing the !ublic

Internet#
$sing cr%!togra!hic ethods
&anaging Adinistrative Access
3
Secure 'ounications (e)uires *
Authentication
Integrity
Confidentiality
4

Authentication guarantees that the essage:

Is not a forger%+
Does actuall% coe fro who it states it coes fro+

Authentication is siilar to a secure PIN for banking at an A,&+

,he PIN should onl% be known to the user and the financial institution+
,he PIN is a shared secret that hel!s !rotect against forgeries+
Authentication
5

Data nonre!udiation is a siilar service that allows the sender of

a essage to be uni)uel% identified+

,his eans that a sender - device cannot den% having been the
source of that essage+
It cannot re!udiate. or refute. the validit% of a essage sent+
Authentication
6

Data integrit% ensures that essages are not altered in transit+

,he receiver can verif% that the received essage is identical to the sent
essage and that no ani!ulation occurred+

/uro!ean nobilit% ensured the data integrit% b% creating a wa0

seal to close an envelo!e+
,he seal was often created using a signet ring+
An unbroken seal on an envelo!e guaranteed the integrit% of its contents+
It also guaranteed authenticit% based on the uni)ue signet ring i!ression+
Integrit%
7

Data confidentialit% ensures !rivac% so that onl% the receiver can

read the essage+

/ncr%!tion is the !rocess of scrabling data so that it cannot be

read b% unauthori1ed !arties+
(eadable data is called !lainte0t. or clearte0t+
/ncr%!ted data is called ci!herte0t+

A ke% is re)uired to encr%!t and decr%!t a essage+

,he ke% is the link between the !lainte0t and ci!herte0t+
'onfidentialit%
8

Authentication. integrit%. and confidentialit% are co!onents of

cr%!togra!h%+

'r%!togra!h% is both the !ractice and the stud% of hiding

inforation+

It has been used for centuries to !rotect secret docuents+

,oda%. odern da% cr%!togra!hic ethods are used in ulti!le wa%s to
ensure secure counications+
&anaging Adinistrative Access
History of
Cryptography
10

/arliest cr%!togra!h% ethod+

$sed b% the S!artans in ancient 2reece+
Sc%tale
11

It is a rod used as an aid for a trans!osition ci!her+

,he sender and receiver had identical rods 3sc%tale4 on which to wra! a
trans!osed essaged+
Sc%tale
12

5hen 6ulius 'aesar sent essages

to his generals. he didn7t trust his
essengers+

"e encr%!ted his essages b%

re!lacing ever% letter:
A with a D
8 with an /
and so on

"is generals knew the 9shift b% :9

rule and could deci!her his
essages+
'aesar 'i!her
13

In ;<=>. Frenchan 8laise de

?igen@re described a !ol%
al!habetic s%ste of encr%!tion+
It becae known as the ?igen@re 'i!her+

8ased on the 'aesar ci!her. it

encr%!ted !lainte0t using a ultiA
letter ke%+
It is also referred to as an autoke% ci!her+
?igen@re 'i!her
14

It took :BB %ears for the

?igen@re 'i!her to be broken b%
/nglishan 'harles 8abbage+
Father of odern co!uters

8abbage created the first

echanical co!uter called the
difference engine to calculate
nuerical tables+
"e then designed a ore co!le0
version called the anal%tical
engine that could use !unch
cards+
"e also invented the !ilot 3cowA
catcher4+
Note of interest *
15

,hoas 6efferson. the third

!resident of the $nited States.
invented an encr%!tion s%ste that
was believed to have been used
when he served as secretar% of
state fro ;CDB to ;CD:+
'onfederate 'i!her Disk
16

Arthur Scherbius invented the

/niga in ;D;= and sold it to
2eran%+
It served as a te!late for the achines
that all the aEor !artici!ants in 5orld 5ar
II used+

It was estiated that if ;.BBB

cr%!tanal%sts tested four ke%s !er
inute. all da%. ever% da%. it would
take ;+= billion %ears to tr% the all+
2eran% knew their ci!hered essages
could be interce!ted b% the allies. but
never thought the% could be deci!hered+
2eran /niga &achine
http://userstelenet!e/dri"#enants/en/enig#aht#
17

During 5orld 5ar II. 6a!an was deci!hering ever% code the
Aericans cae u! with+
A ore elaborate coding s%ste was needed+
,he answer cae in the for of the NavaEo code talkers+

'ode talkers were bilingual NavaEo s!eakers s!eciall% recruited

during 5orld 5ar II b% the &arines+

Fther Native Aerican code talkers were 'herokee. 'hoctaw and

'oanche soldiers+
'ode ,alkers
18

Not onl% were there no words in the

NavaEo language for ilitar% ters.
the language was unwritten and less
than :B !eo!le outside of the
NavaEo reservations could s!eak it.
and not one of the was 6a!anese+
8% the end of the war. ore than GBB
NavaEo Indians were working as code
talkers+
'ode ,alkers
Cipher Text
20

A ci!her is a series of wellAdefined ste!s that can be followed as a

!rocedure when encr%!ting and decr%!ting essages+

/ach encr%!tion ethod uses a s!ecific algorith. called a

ci!her. to encr%!t and decr%!t essages+

,here are several ethods of creating ci!her te0t:

,rans!osition
Substitution
?erna
'i!her ,e0t
21

In trans!osition ci!hers. no letters are re!lacedH the% are si!l%

rearranged+

For e0a!le:
S!ell it backwards+

&odern encr%!tion algoriths. such as the D/S 3Data /ncr%!tion

Standard4 and :D/S. still use trans!osition as !art of the
algorith+
,rans!osition 'i!hers
22
F...K...T...T...A...W.
.L.N.E.S.A.T.A.K.T.A.N
..A...A...T...C...D...
3
Ciphered te%t
FKTTAW
LNESATAKTAN
AATCD
,he clear te0t essage+
1
$se a rail fence ci!her and a ke% of :+
2
Solve the ci!herte0t+
FLANK EAST
ATTACK AT DAWN
Clear te%t
,rans!osition (ail Fence 'i!her
23

Substitution ci!hers substitute one letter for another+

In their si!lest for. substitution ci!hers retain the letter fre)uenc% of the
original essage+

/0a!les include:
'aesar 'i!her
?igen@re 'i!her
Substitution 'i!her
24
3
Clear te%t
FLANK EAST
ATTACK AT DAWN
,he encr%!ted essage becoes *
1
/ncode using a ke% of :+ ,herefore. A becoes a D. 8 an /. * 2
,he clearte0t essage+
IODQN HDVW
DWWDFN DW GDZQ
Ciphered te%t
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
LetIs /ncode using the 'aesar 'i!herJ
25
3
Ciphered te%t
OZ OY IUUR
,he clear te0t essage+
1
$se a shift of > 3(F,>4+ 2
Solve the ci!herte0t+
IT is cool
Clear te%t
LetIs Decode
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M
26
Ciphered te%t
3
IODQN HDVW
DWWDFN DW GDZQ
,he clear te0t essage would be encoded using
a ke% of :+
1
FLANK EAST
ATTACK AT DAWN
Shifting the inner
wheel b% :. then
the A becoes D.
8 becoes /. and
so on+
2
,he clear te0t essage would a!!ear as
follows using a ke% of :+
Clear te%t
'aesar 'i!her Disk
27

,he ?igen@re ci!her is based on the 'aesar ci!her. e0ce!t that it

encr%!ts te0t b% using a different !ol%al!habetic ke% shift for ever%
!lainte0t letter+
,he different ke% shift is identified using a shared ke% between sender and
receiver+
,he !lainte0t essage can be encr%!ted and decr%!ted using the ?igenere
'i!her ,able+

For e0a!le:
A sender and receiver have a shared secret ke%: S/'(/,K/L+
Sender uses the ke% to encode: FLANK /AS, A,,A'K A, DA5N+
?igen@re 'i!her
28

In ;D;C. 2ilbert ?erna. an A,M, 8ell Labs engineer invented

and !atented the strea ci!her and later coAinvented the oneA
tie !ad ci!her+
?erna !ro!osed a telet%!e ci!her in which a !re!ared ke% consisting of an
arbitraril% long. nonAre!eating se)uence of nubers was ke!t on !a!er ta!e+
It was then cobined character b% character with the !lainte0t essage to
!roduce the ci!herte0t+
,o deci!her the ci!herte0t. the sae !a!er ta!e ke% was again cobined
character b% character. !roducing the !lainte0t+

/ach ta!e was used onl% once. hence the nae oneAtie !ad+
As long as the ke% ta!e does not re!eat or is not reused. this t%!e of ci!her is
iune to cr%!tanal%tic attack because the available ci!herte0t does not
dis!la% the !attern of the ke%+
?erna 'i!her
2&

Several difficulties are inherent in using oneAtie !ads in the real

world+
Ke% distribution is challenging+
'reating rando data is challenging and if a ke% is used ore than once. it
becoes easier to break+

'o!uters. because the% have a atheatical foundation. are

inca!able of creating true rando data+

('G is a oneAtie !ad ci!her that is widel% used on the Internet+

"owever. because the ke% is generated b% a co!uter. it is not trul% rando+
?erna 'i!her
Cryptanalysis
31

,he !ractice and stud% of

deterining the eaning of
encr%!ted inforation 3cracking the
code4. without access to the shared
secret ke%+

8een around since cr%!togra!h%+

'r%!tanal%sis
32

8ruteAForce &ethod

'i!herte0tAFnl% &ethod

KnownAPlainte0t &ethod

'hosenAPlainte0t &ethod

'hosenA'i!herte0t &ethod

&eetAinAtheA&iddle &ethod
'r%!tanal%sis &ethods
33

An attacker tries ever% !ossible ke% with the decr%!tion algorith

knowing that eventuall% one of the will work+
All encr%!tion algoriths are vulnerable to this attack+

,he obEective of odern cr%!togra!hers is to have a ke%s!ace

large enough that it takes too uch tie 3one%4 to acco!lish a
bruteAforce attack+

For e0a!le: ,he best wa% to crack 'aesar ci!her encr%!ted

code is to use brute force+
,here are onl% N< !ossible rotations+
,herefore. it is not a big effort to tr% all !ossible rotations and see which one
returns soething that akes sense+
8ruteAForce &ethod
34

Fn average. a bruteAforce attack succeeds about <B !ercent of

the wa% through the ke%s!ace. which is the set of all !ossible
ke%s+
A D/S cracking achine recovered a <>Abit D/S ke% in NN hours using brute
force+
It is estiated it would take ;GD trillion %ears to crack an A/S ke% using the
sae ethod+
8ruteAForce &ethod
35

,he /nglish al!habet is used ore

often than others+
/. ,. and A are the ost !o!ular letters+
6. O. P. and Q are the least !o!ular+

'aesar ci!hered essage:

,he letter D a!!ears > ties+
,he letter 5 a!!ears G ties+
,herefore it is !robable that the% re!resent
the ore !o!ular letters+

In this case. the D re!resents the

letter A. and the 5 re!resents the
letter ,+
Fre)uenc% Anal%sis &ethod
IODQN HDVW
DWWDFN DW GDZQ
Ciphered te%t
Clear te%t
FLANK EAST
ATTACK AT DAWN
36

An attacker has:
,he ci!herte0t of several essages. all of which have been encr%!ted using
the sae encr%!tion algorith. but the attacker has no knowledge of the
underl%ing !lainte0t+
,he attacker could use statistical anal%sis to deduce the ke%+

,hese kinds of attacks are no longer !ractical. because odern

algoriths !roduce !seudorando out!ut that is resistant to
statistical anal%sis+
'i!herte0tAFnl% &ethod
37

An attacker has:
Access to the ci!herte0t of several essages+
Knowledge 3underl%ing !rotocol. file t%!e. or soe characteristic strings4
about the !lainte0t underl%ing that ci!herte0t+

,he attacker uses a bruteAforce attack to tr% ke%s until decr%!tion

with the correct ke% !roduces a eaningful result+

&odern algoriths with enorous ke%s!aces ake it unlikel% for

this attack to succeed because. on average. an attacker ust
search through at least half of the ke%s!ace to be successful+
KnownAPlainte0t &ethod
38

,he eetAinAtheAiddle attack is a known !lainte0t attack+

,he attacker knows:

A !ortion of the !lainte0t and the corres!onding ci!herte0t+

,he !lainte0t is encr%!ted with ever% !ossible ke%. and the results
are stored+
,he ci!herte0t is then decr%!ted using ever% ke%. until one of the results
atches one of the stored values+
&eetAinAtheA&iddle &ethod
3&

An attacker chooses which data the encr%!tion device encr%!ts

and observes the ci!herte0t out!ut+
A chosenA!lainte0t attack is ore !owerful than a knownA!lainte0t attack
because the chosen !lainte0t ight %ield ore inforation about the ke%+

,his attack is not ver% !ractical because it is often difficult or

i!ossible to ca!ture both the ci!herte0t and !lainte0t+
'hosenAPlainte0t &ethod
40

An attacker chooses different ci!herte0t to be decr%!ted and has

access to the decr%!ted !lainte0t+
5ith the !air. the attacker can search through the ke%s!ace and deterine
which ke% decr%!ts the chosen ci!herte0t in the ca!tured !lainte0t+

,his attack is analogous to the chosenA!lainte0t attack+

Like the chosenA!lainte0t attack. this attack is not ver% !ractical+
Again. it is difficult or i!ossible for the attacker to ca!ture both the ci!herte0t
and !lainte0t+
'hosenA'i!herte0t &ethod
Cryptology
42
After a brilliant but
asocial
atheatician
acce!ts secret work
in cr%!togra!h%. his
life takes a turn to
the nightarish+
'r%!tolog% in &ovies
A treasure hunter is
in hot !ursuit of a
%thical treasure
that has been
!assed down for
centuries. while his
e!lo%er turned
ene% is onto the
sae !ath that he7s
on+
A #urder inside the
'ou(re and clues in
)a *inci paintings
lead to the disco(ery
of a religious
#ystery protected !y
a secret society for
t+o thousand years
,, +hich could sha-e
the foundations of
Christianity
43

'r%!tolog% is the science of aking and breaking secret codes+

It cobines cr%!togra!h% 3develo!ent and use of codes4. and cr%!tanal%sis.
3breaking of those codes4+

,here is a s%biotic relationshi! between the two disci!lines.

because each akes the other one better+
National securit% organi1ations e!lo% ebers of both disci!lines and !ut
the to work against each other+

,here have been ties when one of the disci!lines has been
ahead of the other+
'urrentl%. it is believed that cr%!togra!hers have the edge+
'r%!tolog% R 'r%!togra!h% S 'r%!tanal%sis
44

Ironicall%. it is i!ossible to !rove an algorith secure+

It can onl% be !roven that it is not vulnerable to known cr%!tanal%tic attacks+

,here is a need for atheaticians. scholars. and securit%

forensic e0!erts to kee! tr%ing to break the encr%!tion ethods+

'r%!tanal%sis are ost used e!lo%ed b%:

2overnents in ilitar% and di!loatic surveillance+
/nter!rises in testing the strength of securit% !rocedures+
6obs in 'r%!tolog%
45

,here are two kinds of cr%!togra!h% in the world:

'r%!togra!h% that will sto! soeone %ou know fro reading %our files+
'r%!togra!h% that will sto! aEor governents fro reading %our files+

,his is about the latter+

'r%!tolog% R 'r%!togra!h% S 'r%!tanal%sis
46

Authentication. integrit%. and data confidentialit% are i!leented

in an% wa%s using various !rotocols and algoriths+
'hoice de!ends on the securit% level re)uired in the securit% !olic%+
'r%!tolog% in Networking
&D< 3weaker4
S"A 3stronger4
Integrit%
"&A'A&D<
"&A'AS"AA;
(SA and DSA
Authentication
D/S 3weaker4
:D/S
A/S 3stronger4
'oon
cr%!togra!hic hashes.
!rotocols. and
algoriths
'onfidentialit%
47

Securit% of encr%!tion lies in the secrec% of the ke%s. not the

algorith+

Fld encr%!tion algoriths were based on the secrec% of the

algorith to achieve confidentialit%+

5ith odern technolog%. algorith secrec% no longer atters

since reverse engineering is often si!le therefore !ublicAdoain
algoriths are often used+
Now. successful decr%!tion re)uires knowledge of the ke%s+

"ow can the ke%s be ke!t secret#

'r%!tolog% in Networking
Cryptographic Hashes
4&

A hash function takes binar% data 3essage4. and !roduces a

condensed re!resentation. called a hash+
,he hash is also coonl% called a "ash value. &essage digest. or Digital
finger!rint+

"ashing is based on a oneAwa% atheatical function that is

relativel% eas% to co!ute. but significantl% harder to reverse+

"ashing is designed to verif% and ensure:

Data integrit%
Authentication
'r%!togra!hic "ashes
50

,o !rovide !roof of authenticit% when it is used with a s%etric

secret authentication ke%. such as IP Securit% 3IPsec4 or routing
!rotocol authentication+

,o !rovide authentication b% generating oneAtie and oneAwa%

res!onses to challenges in authentication !rotocols such as the
PPP '"AP+

,o !rovide a essage integrit% check !roof such as those

acce!ted when accessing a secure site using a browser+

,o confir that a downloaded file 3e+g+. 'isco IFS iages4 has

not been altered+
"ashes are used *
51

"ashing is collision free which eans that two different in!ut

values will result in different hash results+
'ollision Free
52

,ake an arbitraril% length of clear

te0t data to be hashed+

Put it through a hash function+

It !roduces a fi0ed length essage

digest 3hash value4+

"304 is:
(elativel% eas% to co!uter for an% given
0+
Fne wa% and not reversible+

If a hash function is hard to invert. it

is considered a oneAwa% hash+
'r%!togra!hic "ash &ath
.)5
/0A,1
Hashing for
Integrity
54

"ash functions 3&D< and S"AA;4 can ensure essage integrit%

but not confidentialit%+
For instance. the sender wants to ensure that the essage is not altered on
its wa% to the receiver+
"ash for Integrit%
55
"ash for Integrit%
.)5
/0A,1
.)5
/0A,1
,he sending device in!uts the
essage into a hashing
algorith and co!utes its
fi0edAlength digest or
finger!rint+
,he receiving device reoves the
finger!rint fro the essage and
in!uts the essage into the sae
hashing algorith+
,he finger!rint is attached to
the essage and both are sent
to the receiver in !lainte0t+
If the resulting hash is e)ual to
the one that is attached to the
essage. the essage has not
been altered during transit+
56

"ashing onl% !revents the essage fro being changed

accidentall%. such as b% a counication error+

ItIs still susce!tible to anAinAtheAiddle attacks+

A !otential attacker could interce!t the essage. change it. recalculate the
hash. and a!!end it to the essage+
,here is nothing uni)ue to the sender in the hashing !rocedure. so an%one
can co!ute a hash for an% data. as long as the% have the correct hash
function+

,hese are two wellAknown hash functions:

&essage Digest < 3&D<4 with ;N=Abit digests
Secure "ash Algorith ; 3S"AA;4 with ;>BAbit digests
"ash for Integrit%
57

,he &D< algorith was develo!ed

b% (on (ivest and is used in a
variet% of Internet a!!lications toda%+
It is a oneAwa% function+
It is also collision resistant+

&D< is essentiall% a co!le0

se)uence of si!le binar%
o!erations. such as e0clusive F(
3PF(s4 and rotations. that are
!erfored on in!ut data and
!roduce a ;N=Abit digest+
&essage Digest < 3&D<4
58

,he $+S+ National Institute of Standards and ,echnolog% 3NIS,4

develo!ed the Secure "ash Algorith 3S"A4+
S"AA;. !ublished in ;DDG. corrected an un!ublished flaw in S"A+
ItIs ver% siilar to the &DG and &D< hash functions+

,he S"AA; algorith takes a essage of less than N>G bits in

length and !roduces a ;>BAbit essage digest+

,his akes S"AA; slightl% slower than &D<. but the larger
essage digest akes it ore secure against bruteAforce
collision and inversion attacks+
Secure "ash Algorith 3S"A4
5&
&D< versus S"AA;
.ore secure
'ess /ecure
/lo+er 1aster
Algorith# #ust process a 160,!it
!uffer
Algorith# #ust process a 128,!it
!uffer
Co#putation in(ol(es 80 steps Co#putation in(ol(es 64 steps
2ased on .)4 2ased on .)4
/0A,1 .)5
60

NIS, !ublished four additional hash functions collectivel% known

as S"AAN with longer digests:
S"AANNG 3NNG bit4
S"AAN<> 3N<> bit4
S"AA:=G 3:=G bit4
S"AA<;N 3<;N bit4

In res!onse to a S"AA; vulnerabilit% announced in NBB<. NIS,

recoends a transition fro S"AA; to the a!!roved S"AAN
fail%+

A newer ore secure cr%!togra!hic hashing algorith called

S"AA: has been develo!ed b% NIS,+ S"AA: will eventuall%
re!lace S"AA; and S"AAN and it should be used if available+
Secure "ash Algorith 3S"A4
61

S"AA; and S"AAN are ore resistant to bruteAforce attacks

because their digest is at least :N bits longer than the &D<
digest+
Secure "ash Algorith 3S"A4
Hashing for
Authenticity
63

"&A' 3or K"&A'4 is a essage authentication code 3&A'4 that

is calculated using a hash function and a secret ke%+
"ash functions are the basis of the !rotection echanis of "&A's+
,he out!ut of the hash function now de!ends on the in!ut data and the secret
ke%+

Authenticit% is guaranteed because onl% the sender and the

receiver know the secret ke%+
Fnl% the% can co!ute the digest of an "&A' function+
,his characteristic defeats anAinAtheAiddle attacks and !rovides
authentication of the data origin+
Ke%edA"ash &essage Authentication 'ode
64

,he cr%!togra!hic strength of the "&A' de!ends on the:

'r%!togra!hic strength of the underl%ing hash function+
Si1e and )ualit% of the ke%+
Si1e of the hash out!ut length in bits+

'isco technologies use two wellAknown "&A' functions:

Ke%ed &D< or "&A'A&D< is based on the &D< hashing algorith+
Ke%ed S"AA; or "&A'AS"AA; is based on the S"AA; hashing algorith+
Ke%edA"ash &essage Authentication 'ode
65
"&A' in Action
/ecret
3ey
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
4ehIDx!NM"#$
/ecret
3ey
0.AC
4Authenticated
1ingerprint5
4ehIDx!NM"#$
If the generated 0.AC #atches the
sent 0.AC6 then integrity and
authenticity ha(e !een (erified
If they don7t #atch6 discard the
#essage
)ata
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
8ecei(ed )ata
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
0.AC
4Authenticated
1ingerprint5
4ehIDx!NM"#$
66

'isco !roducts use hashing for entit% authentication. data

integrit%. and data authenticit% !ur!oses+

For e0a!le:
Authenticating routing !rotocol u!dates+
IPsec ?PNs use &D< and S"AA; in "&A' ode. to !rovide !acket integrit%
and authenticit%+
IFS iages downloaded fro 'isco+co have an &D<Abased checksu to
check the integrit% of downloaded iages+
,A'A'SS uses an &D< hash as the ke% to encr%!t the session+
"&A' and 'isco Products
Key anage!ent
68

Fften considered the ost difficult !art of designing a

cr%!tos%ste+

,here are several essential characteristics of ke% anageent to

consider:
Ke% 2eneration
Ke% ?erification
Ke% Storage
Ke% /0change
Ke% (evocation and destruction
Ke% &anageent
6&

Ke% 2eneration:
'aesar to choose the ke% of his ci!her and the Sender-(eceiver chose a
shared secret ke% for the ?igen@re ci!her+
&odern cr%!togra!hic s%ste ke% generation is usuall% autoated+

Ke% ?erification:
Alost all cr%!togra!hic algoriths have soe weak ke%s that should not be
used 3e+g+. 'aesar ci!her (F, B or (F, N<4+
5ith the hel! of ke% verification !rocedures. these ke%s can be regenerated if
the% occur+

Ke% Storage:
&odern cr%!togra!hic s%ste store ke%s in eor%+
Ke% &anageent
70

Ke% /0change:
Ke% anageent !rocedures should !rovide a secure ke% e0change
echanis over an untrusted ediu+

Ke% (evocation and Destruction:

(evocation notifies all interested !arties that a certain ke% has been
co!roised and should no longer be used+
Destruction erases old ke%s in a anner that !revents alicious attackers
fro recovering the+
Ke% &anageent
71

,he ke% length is the easure in bits and the ke%s!ace is the
nuber of !ossibilities that can be generated b% a s!ecific ke%
length+

As ke% lengths increase. ke%s!ace increases e0!onentiall%:

NN ke% R a ke%s!ace of G
N: ke% R a ke%s!ace of =
NG ke% R a ke%s!ace of ;>
NGB ke% R a ke%s!ace of 160&&651166276776
Ke% Length and Ke%s!ace
72

Adding one bit to a ke% doubles the ke%s!ace+

For each bit added to the D/S ke%. the attacker would re)uire
twice the aount of tie to search the ke%s!ace+

Longer ke%s are ore secure but are also ore resource
intensive and can affect through!ut+
Ke%s!ace
)9/ 3ey
'ength
3eyspac
e
: of ;ossi!le 3eys
56 !it 256 72600060006000600060
00
57 !it 257 14460006000600060006
000
58 !it 258 28860006000600060006
000
5& !it 25& 57660006000600060006
000
73

S%etric ke%s which can be e0changed between two routers

su!!orting a ?PN+

As%etric ke%s which are used in secure ",,PS a!!lications+

Digital signatures which are used when connecting to a secure

website+

"ash ke%s which are used in s%etric and as%etric ke%

generation. digital signatures. and other t%!es of a!!lications+
,%!es of 'r%!togra!hic Ke%s
74
Protection Provided b% Ke% ,%!e
224 224 2432 112
;rotection up to
20 years
1&2 1&2 1776 &6
;rotection up to
10 years
160 160 1248 80
;rotection up to 3
years
0ash
)igital
/ignature
Asy##etric
3ey
/y##etric 3ey
256 256 3248 128
;rotection up to
30 years
512 512 15424 256
;rotection against
<uantu#
co#puters
"ncryption #
Confi$entiality
76

S%etric encr%!tion algoriths. also called shared secretAke%

algoriths. use the sae !reAshared secret ke% to encr%!t and
decr%!t data+
,he !reAshared ke% is known b% the sender and receiver before an% encr%!ted
counications begins+

8ecause both !arties are guarding a shared secret. the

encr%!tion algoriths used can have shorter ke% lengths+
Shorter ke% lengths ean faster e0ecution+

For this reason s%etric algoriths are generall% uch less

co!utationall% intensive than as%etric algoriths+
S%etric /ncr%!tion
77
S%etric /ncr%!tion
78

As%etric encr%!tion algoriths. also called !ublic ke%

algoriths. use different ke%s to encr%!t and decr%!t data+

Secure essages can be e0changed without having to have a

!reAshared ke%+

8ecause both !arties do not have a shared secret. ver% long ke%
lengths ust be used to thwart attackers+
,hese algoriths are resource intensive and slower to e0ecute+

In !ractice. as%etric algoriths are t%!icall% ;BB to ;.BBB

ties slower than s%etric algoriths+
As%etric /ncr%!tion
7&
As%etric /ncr%!tion
Sy!!etric Algorith!s
81

S%etric. or secret ke%. encr%!tion is the ost coonl% used

for of cr%!togra!h%. because the shorter ke% length increases
the s!eed of e0ecution+
S%etric ke% algoriths are based on si!le atheatical o!erations that
can easil% be accelerated b% hardware+
S%etric encr%!tion is often used for wireAs!eed encr%!tion in data networks
and to !rovide bulk encr%!tion when data !rivac% is re)uired. such as to
!rotect a ?PN+
S%etric /ncr%!tion
82

Ke% anageent can be a challenge since the encr%!tion and

decr%!tion ke%s are the sae+

,he securit% of a s%etric algorith rests in the secrec% of the

s%etric ke%+
8% obtaining the ke%. an%one can encr%!t and decr%!t essages+
Sender and receiver ust e0change the secret ke% using a secure channel
before an% encr%!tion can occur+
S%etric Ke% &anageent
83

5ellAknown encr%!tion algoriths that use s%etric ke%s

including:
D/S
:D/S
A/S
Software /ncr%!tion Algorith 3S/AL4
(ivest ci!hers 3('4 series 3('N. ('G. ('<. and ('>4

Fther s%etric encr%!tion algoriths include 8lowfish. ,wofish.

,hreefish. and Ser!ent+
"owever. these !rotocols are either not su!!orted on 'isco !latfors or have
%et to gain wide acce!tance+
S%etric Ke% &anageent
84
S%etric /ncr%!tion Algoriths
/y##etric
9ncryption
Algorith#
3ey length
4in !its5
)escription
)9/ 56
)esigned at I2. during the 1&70s and adopted as the =I/> standard until
1&&7
Although considered outdated6 )9/ re#ains +idely in use
)9/ +as designed to !e i#ple#ented only in hard+are6 and is therefore
e%tre#ely slo+ in soft+are
3)9/ 112 and 168
2ased on using )9/ three ti#es +hich #eans that the input data is
encrypted three ti#es and therefore considered #uch stronger than )9/
0o+e(er6 it is rather slo+ co#pared to so#e ne+ !loc- ciphers such as
A9/
A9/ 1286 1&26 and 256
A9/ is fast in !oth soft+are and hard+are6 is relati(ely easy to i#ple#ent6
and re<uires little #e#ory
As a ne+ encryption standard6 it is currently !eing deployed on a large
scale
/oft+are
9ncryption
Algorith# 4/9A'5
160
/9A' is an alternati(e algorith# to )9/6 3)9/6 and A9/
It uses a 160,!it encryption -ey and has a lo+er i#pact to the C;? +hen
co#pared to other soft+are,!ased algorith#s
>he 8C series
8C2 440 and 645
8C4 41 to 2565
8C5 40 to 20405
8C6 41286 1&26 and
2565
8C algorith#s are a set of sy##etric,-ey encryption algorith#s in(ented
!y 8on 8i(est
8C1 +as ne(er pu!lished and 8C3 +as !ro-en !efore e(er !eing used
8C4 is the +orld@s #ost +idely used strea# cipher
8C66 a 128,!it !loc- cipher !ased hea(ily on 8C56 +as an A9/ finalist
de(eloped in 1&&7
85

,here are two t%!es of encr%!tion ethod used:

8lock 'i!hers
Strea 'i!hers
S%etric /ncr%!tion ,echni)ues
86

8lock ci!hers transfor a fi0edAlength block of !lainte0t into a

coon block of ci!herte0t of >G or ;N= bits+
8lock si1e refers to how uch data is encr%!ted at an% one tie+
,he ke% length refers to the si1e of the encr%!tion ke% that is used+
,his ci!herte0t is decr%!ted b% a!!l%ing the reverse transforation to the
ci!herte0t block. using the sae secret ke%+

'oon block ci!hers include:

D/S with a >GAbit block si1e
A/S with a ;N=Abit block si1e
(SA with a variable block si1e
8lock 'i!hers
87

Strea ci!hers encr%!t !lainte0t one b%te or one bit at a tie+

,hink of it like a block ci!her with a block si1e of one bit+
,he ?igen@re ci!her is an e0a!le of a strea ci!her+
'an be uch faster than block ci!hers. and generall% do not increase the
essage si1e+

'oon strea ci!hers include:

A< used to encr%!t 2S& cell !hone counications+
('G ci!her+
D/S can also be used in strea ci!her ode+
Strea 'i!hers
88

Is the algorith trusted b% the cr%!togra!hic counit%#

Algoriths that have been resisting attacks for a nuber of %ears are
!referred+

Does the algorith ade)uatel% !rotects against bruteAforce

attacks#
5ith the a!!ro!riate ke% lengths. these attacks are usuall% considered
unfeasible+

Does the algorith su!!ort variable and long ke% lengths#

Does the algorith have e0!ort or i!ort restrictions#

"ow to 'hoose an /ncr%!tion Algorith#
8&
"ow to 'hoose an /ncr%!tion Algorith#
Aes Aes =o
)oes the algorith# ade<uately
protect against !rute,force
attac-sB
*erdict is still out Aes
2een replaced !y
3)9/
Is the algorith# trusted !y the
cryptographic co##unityB
A9/ 3)9/ )9/
&0

,he ost !o!ular s%etric encr%!tion standards+

Develo!ed b% I8&
,hought to be unbreakable in the ;DCBs
Shared ke%s enable the encr%!tion and decr%!tion

D/S converts blocks of >GAbits of clear te0t into ci!herte0t b%

using an encr%!tion algorith+
,he decr%!tion algorith on the reote end restores ci!herte0t to clear te0t+
Data /ncr%!tion Standard 3D/S4
&1
D/S Scorecard
.ediu# 8esource Consu#ption
)ays 464 days !y the CC;ACA2A=A #achine6 a specialiDed crac-ing de(ice5
>i#e to crac-
4Assu#ing a co#puter could try 255
-eys per second5
.ediu# /peed
56 !its 3ey siDe 4in !its5
/y##etric >ype of Algorith#
/tandardiDed 1&76 >i#eline
)ata 9ncryption /tandard )escription
&2

8ecause of its short ke% length. D/S is considered a good

!rotocol to !rotect data for a ver% short tie+
:D/S is a better choice to !rotect data because it has an algorith that is
ver% trusted and has higher securit% strength+

(ecoendations:
'hange ke%s fre)uentl% to hel! !revent bruteAforce attacks+
$se a secure channel to counicate the D/S ke% fro the sender to the
receiver+
D/S Securit% (ating
&3

:D/S is N<> ties stronger than D/S+

It takes a >GAbit block of data and !erfors three D/S o!erations

in se)uence:
/ncr%!ts. decr%!ts. and encr%!ts+
(e)uires additional !rocessing tie+
'an use ;. N. or : different ke%s 3when used with onl% one ke%. it is the sae
as D/S4+

:D/S software is subEect to $S e0!ort laws+

,ri!le D/S 3:D/S or ,D/S4
&4
:D/S Scorecard
.ediu# 8esource Consu#ption
46 2illion years +ith current technology
>i#e to crac-
4Assu#ing a co#puter could try 255
-eys per second5
'o+ /peed
112 and 168 !its 3ey siDe 4in !its5
/y##etric >ype of Algorith#
/tandardiDed 1&77 >i#eline
>riple )ata 9ncryption /tandard )escription
&5
:D/S
3)9/ /corecard
&6

Although :D/S is ver% secure. it is also ver% resource intensive

and for this reason the A/S encr%!tion algorith was develo!ed+
A/S has !roven to be as secure as :D/S. but with uch faster results+
:D/S Securit% (ating
&7

A/S is an e0treel% secure Federal Inforation Processing

Standard 3FIPS4Aa!!roved cr%!togra!hic algorith+
8ased on the (iEndael 3T(hine dahlU4 algorith+
It use ke%s with a length of ;N=. ;DN. or N<> bits to encr%!t blocks with a
length of ;N=. ;DN. or N<> bits+
All D cobinations of ke% length and block length are !ossible+

A/S is now available in the latest 'isco router iages that have
IPsec D/S-:D/S functionalit%+
Advanced /ncr%!tion Standard 3A/S4
&8
A/S Scorecard
'o+ 8esource Consu#ption
14& >rillion years
>i#e to crac-
4Assu#ing a co#puter could try 255
-eys per second5
0igh /peed
1286 1&26 and 256 3ey siDe 4in !its5
/y##etric >ype of Algorith#
Cfficial /tandard since 2001 >i#eline
Ad(anced 9ncryption /tandard )escription
&&
A/S /0a!le
In this e0a!le. the
S/'(/,K/L ke% and
!lainte0t are entered+
,he% are now encr%!ted using
;N= A/S+
An atte!t at deci!hering the
te0t using a lowercase. and
incorrect ke%+
A second atte!t at
deci!hering the te0t using the
correct ke% dis!la%s the
original !lainte0t+
100

A/S was chosen to re!lace D/S for a nuber of reasons:

,he ke% length of A/S akes the ke% uch stronger than D/S+
A/S runs faster than :D/S on co!arable hardware+
A/S is ore efficient than D/S and :D/S on co!arable hardware. usuall%
b% a factor of five when it is co!ared with D/S+
A/S is ore suitable for highAthrough!ut. lowAlatenc% environents.
es!eciall% if !ure software encr%!tion is used+

"owever. A/S is a relativel% %oung algorith and the golden rule

of cr%!togra!h% states that a ature algorith is alwa%s ore
trusted+

:D/S is therefore a ore trusted choice in ters of strength.

because it has been tested and anal%1ed for :< %ears+
A/S
101

,he SoftwareAo!tii1ed /ncr%!tion Algorith 3S/AL4 is an

alternative algorith to softwareAbased D/S. :D/S. and A/S+
Designed in ;DD:. it is a strea ci!her that uses a ;>BAbit encr%!tion ke%+
8ecause it is a strea ci!her. data to be encr%!ted is continuousl% encr%!ted
and. therefore. uch faster than block ci!hers+
"owever. it has a longer initiali1ation !hase during which a large set of tables
is created using S"A+

S/AL has a lower i!act on the 'P$ co!ared to other

softwareAbased algoriths+
S/AL su!!ort was added to 'isco IFS Software (elease ;N+:3C4,+
SoftwareAo!tii1ed /ncr%!tion Algorith 3S/AL4
102
S/AL Scorecard
'o+ 8esource Consu#ption
?n-no+n !ut considered (ery safe
>i#e to crac-
4Assu#ing a co#puter could try 255 -eys
per second5
0igh /peed
160 3ey siDe 4in !its5
/y##etric >ype of Algorith#
1irst pu!lished in 1&&4 Current (ersion is 30 41&&75 >i#eline
/oft+are,Cpti#iDed 9ncryption Algorith# )escription
103

,he (' algoriths were designed all or in !art b% (onald (ivest.

who also invented &D<+

,he (' algoriths are widel% de!lo%ed in an% networking

a!!lications because of their favorable s!eed and variable ke%A
length ca!abilities+

,here are several variation of (' algoriths including:

('N
('G
('<
('>
(' Algoriths
104
(onIs 'ode or (ivest 'odes Scorecard
An A9/ finalist 48i"ndael
+on5
A 128,!it to 256, !it !loc-
cipher that +as designed
!y 8i(est6 /idney6 and
Ain and is !ased on 8C5
Its #ain design goal +as
to #eet the re<uire#ent
of A9/
A fast !loc- cipher that
has a (aria!le !loc- siDe
and -ey siDe
It can !e used as a drop,
in replace#ent for )9/ if
the !loc- siDe is set to
64,!it
.ost +idely used strea#
cipher !ased on a
(aria!le -ey,siDe *erna#
strea# cipher
It is often used in file
encryption products and
secure co##unications6
such as +ithin //'
>he cipher can !e
e%pected to run (ery
<uic-ly in soft+are and
is considered secure
*aria!le -ey,siDe !loc-
cipher that +as designed
as a Edrop,inE
replace#ent for )9/
?se
1286 1&26 or 256
2loc- cipher
1&&8
8C6
0 to 2040 !its 4128
suggested5
2loc- cipher
1&&4
8C5
1 , 256
/trea# cipher
1&87
8C4
40 and 64 3ey siDe 4in !its5
2loc- cipher >ype of Algorith#
1&87 >i#eline
8C2 )escription
105

D" is an as%etric cr%!togra!hic !rotocol that allows two

!arties that have no !rior knowledge of each other to Eointl%
establish a shared secret ke% over an insecure counications
channel+
,his ke% can then be used to encr%!t subse)uent counications using a
s%etric ke% ci!her+

Published b% 5hitfield Diffie and &artin "ellan in ;DC>+

DiffieA"ellan 3D"4
106

D" is coonl% used when data is e0changed using an IPsec

?PN. data is encr%!ted on the Internet using either SSL or ,LS.
or when SS" data is e0changed+

It is not an encr%!tion echanis and is not t%!icall% used to

encr%!t data because it is e0treel% slow for an% sort of bulk
encr%!tion+

,his is wh% it is coon to encr%!t the bulk of the traffic using a

s%etric algorith and use the D" algorith to create ke%s that
will be used b% the encr%!tion algorith+
D"
107
D" Scorecard
.ediu#
8esource
Consu#ption
?n-no+n !ut considered (ery safe
>i#e to crac-
4Assu#ing a co#puter could try 255
-eys per second5
/lo+ /peed
5126 10246 2048 3ey siDe 4in !its5
Asy##etric >ype of Algorith#
1&76 >i#eline
)iffie,0ell#an Algorith# )escription
108
DiffieA"ellan Algorith
10&
Alice and 8ob D" Ke% /0change
Alice 2o!
56 23 56 23
6
/ecret Calc /ecret Calc
56#od 23 F 8

2o! and Alice agree to use a !ase nu#!er gF5 and pri#e nu#!er
pF23

Alice chooses a secret integer aF6

Alice sends 2o! 4ga #od p5 or 56 #od 23 F 8

/hared /hared
110

In co!uting. the odulo o!eration finds the reainder of

division of one nuber b% another+

2iven two nubers. G and A. a odulo = 3abbreviated as a od

=4 is the reainder. on division of a b% =+

For instance:

98 od 39 would evaluate to 2+

9& od 39 would evaluate to 0+

&odulo
111
Alice and 8ob D" Ke% /0change
Alice 2o!
Calc Calc
15
56#od 23 F 8

.ean+hile 2o! chooses a secret integer !F15

515#od 23 F 1&

2o! sends Alice 4ga #od p5 or 515 #od 23 F 1&

Alice co#putes 4%a #od p5 or 1&6 #od 23 F 2

1&6#od 23 F 2
815#od 23 F 2

2o! co#putes 4%a #od p5 or 86 #od 23 F 2

56 23 56 23
/ecret /ecret /hared /hared
6
112
Alice and 8ob D" Ke% /0change

>he result 425 is the sa#e for !oth Alice and 2o!

>hey +ill no+ use this as the secret -ey for encryption
Alice 2o!
Calc Calc
15
56#od 23 F 8
515#od 23 F 1&
1&6#od 23 F 2
815#od 23 F 2
56 23 56 23
/ecret /ecret /hared /hared
6
113

2>H:

,he initial secret integer used b% Alice 364 and 8ob 3154 are ver%. ver% large
nubers 3;BNG bits4+
8 !its R 10101010
1024 !its F
Alice and 8ob D" Ke% /0change
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
101010101010101010101010101010101010101010101010101010101010101010101010101010101010
1010101010101010101010101010101010101010101010101010101010101010
%u&lic Key
Cryptography
115

PublicAke% algoriths are as%etric algoriths based on the

use of two different ke%s instead of one+
;ri(ate -ey: ,his ke% ust be know only b% its owner+
;u!lic -ey: ,his ke% is known to ever%one 3it is public4+

,he ke% that is used for encr%!tion is different fro the ke% that is
used for decr%!tion+
"owever. the decr%!tion ke% cannot. in an% reasonable aount of tie. be
calculated fro the encr%!tion ke% and vice versa+

PublicAke% s%stes have a clear advantage over s%etric

algoriths:
,here is no need to agree on a coon ke% for both the sender and the
receiver+
PublicAke% Algoriths
116

/ither ke% can be used for encr%!tion but the co!leentar%

atched ke% is re)uired for decr%!tion+
If a !ublic ke% encr%!ts data. the atching !rivate ke% decr%!ts data+
If a !rivate ke% encr%!ts data. the atching !ublic ke% decr%!ts data+
Fundaental 'once!t
117

Sender encr%!ts the essage using

the receiver7s pu!lic ke%+
(eeber that this ke% is known to
ever%one+

,he encr%!ted essage is sent to

the receiving end. who will decr%!t
the essage with his pri(ate ke%+
Fnl% the receiver can decr%!t the essage
because no one else has the !rivate ke%+
Process
118

,his !rocess enables as%etric algoriths to achieve:

'onfidentialit%
Integrit%
Authentication
'IA
Authentication F ;ri(ate 3ey 49ncrypt5 I ;u!lic 3ey 4)ecrypt5
Confidentiality F ;u!lic 3ey 4)ecrypt5 I ;ri(ate 3ey 49ncrypt5
11&

Authentication is achieved when the encr%!tion !rocess is started

with the !rivate ke%+
,he corres!onding !ublic ke% ust be used to decr%!t the data+

Since onl% one host has the !rivate ke%. onl% that host could have
encr%!ted the essage. !roviding authentication of the sender+
Authentication
120
As%etric Algoriths for Authentication
2 Alice trans#its the encrypted #essage to 2o!
1 Alice encrypts a #essage +ith her pri(ate -ey
3 >o (erify that the #essage actually ca#e fro# Alice6 2o! re<uests and ac<uires
Alice7s pu!lic -ey
4 2o! uses the pu!lic -ey to successfully decrypt the #essage and authenticate that
the #essage did6 indeed6 co#e fro# Alice
121

'onfidentialit% is achieved when the encr%!tion !rocess is started

with the !ublic ke%+

5hen the !ublic ke% is used to encr%!t the data. the !rivate ke%
ust be used to decr%!t the data+
Fnl% one host has the !rivate ke% guaranteeing confidentialit%+
'onfidentialit%
122
As%etric Algoriths for 'onfidentialit%
2 Alice uses 2o!7s pu!lic -ey to encrypt a #essage using an agreed,upon algorith#
1 Alice as-s 2o! for his pu!lic -ey and 2o! sends it to her
3 Alice sends the encrypted #essage to 2o!
4 2o! uses his pri(ate -ey to decrypt and re(eal the #essage
123

,o !rovide confidentialit%. authentication and integrit%. the

cobination of two !hases is necessar%+
Phase ; A 'onfidentialit%
Phase N A Authentication
'obining Authentication and 'onfidentialit%
124
'obining Authentication and 'onfidentialit%
2 Alice encrypts a hash of the #essage using her pri(ate -ey
1 Alice encrypts a #essage using 2o!7s pu!lic -ey
3 2o! uses Alice7s pu!lic -ey to decrypt and re(eal the hash
4 2o! uses his pri(ate -ey to decrypt and re(eal the #essage
125

5ellAknown as%etric ke% algoriths:

DiffieA"ellan
Digital Signature Standard 3DSS4. which incor!orates the Digital Signature
Algorith
(SA encr%!tion algoriths
/l2aal
/lli!tical curve techni)ues
As%etric Ke% Algoriths
126
As%etric /ncr%!tion Algoriths
Algorith#
3ey length
4in !its5
)escription
)iffie,0ell#an 4)05 5126 10246 2048
;u!lic -ey algorith# in(ented in 1&76 !y Hhitfield )iffie and .artin 0ell#an that allo+s t+o
parties to agree on a -ey that they can use to encrypt #essages
/ecurity depends on the assu#ption that it is easy to raise a nu#!er to a certain po+er6 !ut
difficult to co#pute +hich po+er +as used gi(en the nu#!er and the outco#e
)igital /ignature
/tandard 4)//5 and
)igital /ignature
Algorith# 4)/A5
512 , 1024
Created !y =I/> and specifies )/A as the algorith# for digital signatures
)/A is a pu!lic -ey algorith# !ased on the 9lJa#al signature sche#e
/ignature creation speed is si#ilar +ith 8/A6 !ut is 10 to 40 ti#es as slo+ for (erification
8/A encryption
algorith#s
512 to 2048
)e(eloped !y 8on 8i(est6 Adi /ha#ir6 and 'eonard Adle#an at .I> in 1&77
It is an algorith# for pu!lic,-ey cryptography !ased on the difficulty of factoring (ery large
nu#!ers
It is the first algorith# -no+n to !e suita!le for signing as +ell as encryption6 and one of the first
great ad(ances in pu!lic -ey cryptography
Hidely used in electronic co##erce protocols6 and is !elie(ed to !e secure gi(en sufficiently
long -eys and the use of up,to,date i#ple#entations
9IJa#al 512 , 1024
An asy##etric -ey encryption algorith# for pu!lic,-ey cryptography +hich is !ased on the )iffie,
0ell#an -ey agree#ent
)e(eloped in 1&84 and used in J=? ;ri(acy Juard soft+are6 ;J;6 and other cryptosyste#s
A disad(antage is that the encrypted #essage !eco#es (ery !ig6 a!out t+ice the siDe of the
original #essage and for this reason it is only used for s#all #essages such as secret -eys
9lliptical cur(e
techni<ues
160
9lliptic cur(e cryptography +as in(ented !y =eil 3o!litD in 1&87 and !y *ictor .iller in 1&86
Can !e used to adapt #any cryptographic algorith#s6 such as )iffie,0ell#an or 9lJa#al
>he #ain ad(antage of elliptic cur(e cryptography is that the -eys can !e #uch s#aller
127

Although the atheatics differ with each algorith. the% all

share one trait in that the calculations re)uired are co!licated+

Design is based on factoring e0treel% large nubers or

co!uting discrete logariths of e0treel% large nubers+
As a result. co!utation takes ore tie for as%etric algoriths+
'an be u! to ;.BBB ties slower than s%etric algoriths+

8ecause the% lack s!eed. the% are t%!icall% used in lowAvolue

cr%!togra!hic echaniss+
As%etric Ke% Algoriths
128

,%!ical ke% lengths for as%etric algoriths range fro <;N to

GBD> bits+
Ke% lengths VR ;BNG bits 'onsidered to be trustworth%
Ke% lengths W ;BNG bits 'onsidered unreliable

Do not co!are as%etric and s%etric algoriths because

the%Ire underl%ing designs differ greatl%+
For e0a!le:
NBG=Abit encr%!tion ke% of (SA is roughl% e)uivalent to a ;N=Abit ke% of ('G in ters of
resistance against bruteAforce attacks+
Ke% Lengths
'igital Signatures
130

Authenticit% of digitall% signed data:

Digital signatures authenticate a source. !roving that a certain !art% has seen
and signed the data in )uestion+

Integrit% of digitall% signed data:

Digital signatures guarantee that the data has not changed fro the tie it
was signed+

Nonre!udiation of the transaction:

,he reci!ient can take the data to a third !art%. and the third !art% acce!ts the
digital signature as a !roof that this data e0change did take !lace+
,he signing !art% cannot re!udiate that it has signed the data+
Digital Signatures Securit% Services
131

Digital signatures are often used in the following situations:

,o !rovide a uni)ue !roof of data source. which can onl% be generated b% a
single !art%. such as contract signing in eAcoerce environents+
,o authenticate a user b% using the !rivate ke% of that user and the signature
it generates+
,o !rove the authenticit% and integrit% of PKI certificates+
,o !rovide nonre!udiation using a secure tiesta! and a trusted tie
source+
/ach !art% has a uni)ue. secret signature ke%. which is not shared with an% other !art%.
aking nonre!udiation !ossible+
Digital Signatures
132
Digital Signatures
N+ 8ob encr%!ts the hash with the !rivate ke%+
;+ 8ob creates a hash of the docuent+
:+ ,he encr%!ted hash. known as the signature. is a!!ended to the docuent+
G+ Alice acce!ts the docuent with the digital signature and obtains 8obIs !ublic ke%+
<+ Alice decr%!ts the signature using 8obIs !ublic ke% to unveil the assued hash value+
>+ Alice calculates the hash of the received docuent. without its signature. and co!ares this hash
to the decr%!ted signature hash and if the hashes atch R docuent is authentic+
133

Digital signatures are coonl% used for code signing:

Provide assurance of the authenticit% and integrit% of software codes+
,he e0ecutable files. or !ossibl% the entire installation !ackage of a !rogra.
are wra!!ed with a digitall% signed envelo!e. which allows the end user to
verif% the signature before installing the software+
'ode Signing
134

5ellAknown as%etric algoriths. such as (SA or Digital

Signature Algorith 3DSA4. are t%!icall% used to !erfor digital
signing+

In ;DDG. the $+S+ NIS, selected the DSA as the Digital Signature
Standard 3DSS4+
DSA is based on the discrete logarith !roble and can onl% !rovide digital
signatures+

A network adinistrator ust decide whether (SA or DSA is ore

a!!ro!riate for a given situation+
DSA signature generation is faster than DSA signature verification+
(SA signature verification is uch faster than signature generation+
Digital Signing
135
DSA Scorecard
/ignature (erification is slo+ )isad(antages
/ignature generation is fast Ad(antages
;ro(ides digital signatures >ype of Algorith#
1&&4 >i#eline
)igital /ignature Algorith# 4)/A5 )escription
136
(SA Scorecard
512 , 2048 3ey siDe 4in !its5
/ignature generation is slo+ )isad(antages
/ignature (erification is fast Ad(antages
Asy##etric algorith# >ype of Algorith#
1&77 >i#eline
8on 8i(est6 Adi /ha#ir6 and 'en Adle#an )escription
%KI
138

PKI is the service fraework needed to su!!ort largeAscale !ublic

ke%Abased technologies+
?er% scalable solutions which is an e0treel% i!ortant authentication
solution for ?PNs+

PKI is a set of technical. organi1ational. and legal co!onents

that are needed to establish a s%ste that enables largeAscale
use of !ublic ke% cr%!togra!h% to !rovide authenticit%.
confidentialit%. integrit%. and nonre!udiation services+
,he PKI fraework consists of the hardware. software. !eo!le. !olicies. and
!rocedures needed to create. anage. store. distribute. and revoke digital
certificates+
PKI
13&

'ertificates:
Published !ublic inforation containing the binding between the naes and
!ublic ke%s of entities+

'ertificate authorit%:
A trusted thirdA!art% entit% that issues certificates+
,he certificate of a user is alwa%s signed b% a 'A+
/ver% 'A also has a certificate containing its !ublic ke%. signed b% itself+
,his is called a 'A certificate or. ore !ro!erl%. a selfAsigned 'A certificate+
PKI ,ers
140
?endors 'ertificate
http://+++(erisignco#
http://+++entrustco#
http://+++(eriDon!usinessco#/
http://+++rsaco#/
http://+++no(ellco#
http://+++#icrosoftco#
141
PKI /0a!le
%KI Stan$ar$s
143

Intero!erabilit% between different PKI vendors is still an issue+

,o address this intero!erabilit% concern. the I/,F fored the

PublicAKe% Infrastructure P+<BD 3PKIP4 workgrou!. that is
dedicated to !rooting and standardi1ing PKI in the Internet+

,his workgrou! has !ublished a draft set of standards. P+<BD.

detailing coon data forats and PKIArelated !rotocols in a
network+
'urrent Status
G50&
144

Defines basic PKI forats such as the certificate and certificate

revocation list 3'(L4 forat to enable basic intero!erabilit%+

5idel% used for %ears:

Secure web servers: SSL and ,LS
5eb browsers: SSL and ,LS
/ail !rogras: S-&I&/
IPsec ?PN: IK/
P+<BDv:
145

,he PublicAKe% 'r%!togra!h% Standards 3PK'S4 refers to a grou!

of Public Ke% 'r%!togra!h% Standards devised and !ublished b%
(SA Laboratories+
PK'S !rovides basic intero!erabilit% of a!!lications that use !ublicAke%
cr%!togra!h%+
PK'S defines the lowAlevel forats for the secure e0change of arbitrar% data.
such as an encr%!ted !iece of data or a signed !iece of data+
PK'S
146

PK'S X;: (SA 'r%!togra!h% Standard

PK'S X:: D" Ke% Agreeent Standard

PK'S X<: PasswordA8ased 'r%!togra!h% Standard

PK'S X>: /0tendedA'ertificate S%nta0 Standard

PK'S XC: 'r%!togra!hic &essage S%nta0 Standard

PK'S X=: PrivateAKe% Inforation S%nta0 Standard

PK'S X;B: 'ertification (e)uest S%nta0 Standard

PK'S X;N: Personal Inforation /0change S%nta0 Standard

PK'S X;:: /lli!tic 'urve 'r%!togra!h% Standard

PK'S X;<: 'r%!togra!hic ,oken Inforation Forat Standard

PKI Standards
147

,he I/,F designed the Si!le 'ertificate /nrollent Protocol

3S'/P4 to ake issuing and revocation of digital certificates as
scalable as !ossible+

,he goal of S'/P is to su!!ort the secure issuance of certificates

to network devices in a scalable anner using e0isting
technolog% whenever !ossible+
S'/P
Certificate Authorities
14&

PKIs can for different to!ologies of trust. including:

SingleAroot PKI to!ologies
"ierarchical 'A to!ologies
'rossAcertified 'A to!ologies
Level of ,rust
150
SingleA(oot PKI ,o!olog% 3(oot 'A4
151
"ierarchical 'A ,o!olog%
152
'rossAcertified 'A ,o!olog%
153

,he issuing 'A a% be a:

(oot 'A 3the to!Alevel 'A in the hierarch%4
Subordinate 'A

,he PKI ight e!lo% registration authorities 3(As4 to acce!t

re)uests for enrollent in the PKI+
,his reduces the burden on 'As in an environent that su!!orts a large
nuber of certificate transactions or where the 'A is offline+
PKI /nrollent Process
154
PKI /nrollent Process
155

$suall% tasks offloaded to an (A:

Authentication of users when the% enroll with the PKI+
Ke% generation for users that cannot generate their own ke%s+
Distribution of certificates after enrollent+

Additional tasks include:

?erif%ing user identit%+
/stablishing !asswords for certificate anageent transactions+
Subitting enrollent re)uests to the 'A+
"andling certificate revocation and reAenrollent+
PKI /nrollent Process
156

,he first ste! of the user is to securel% obtain a co!% of the !ublic
ke% of the 'A+
,he !ublic ke% verifies all the certificates issued b% the 'A and is vital for the
!ro!er o!eration of the PKI+

,he !ublic ke%. called the selfAsigned certificate. is also distributed

in the for of a certificate issued b% the 'A itself+

Fnl% a root 'A issues selfAsigned certificates+

'A Authentication Procedure
157
'A Authentication Procedure
N+ $!on recei!t of the 'A certificate. each s%ste 3of Alice and 8ob4 verifies the validit% of
the certificate using !ublic ke% cr%!togra!h%+
;+ Alice and 8ob re)uest the 'A certificate that contains the 'A !ublic ke%+
:+ Alice and 8ob follow u! the technical verification done b% their s%ste b% tele!honing
the 'A adinistrator and verif%ing the !ublic ke% and serial nuber of the certificate+
; ;
N N
CA
Certificate
CA
Certificate
: :
158
'A Authentication (etrieval
N+ $!on recei!t of the certificate re)uests. the 'A adinistrator tele!hones Alice and 8ob
to confir their subittal and the !ublic ke% and issues the certificate b% adding soe
additional data to the certificate re)uest. and digitall% signing it all+
;+ Alice and 8ob forward a certificate re)uest which includes their !ublic ke% along and
inforation that is encr%!ted using the !ublic ke% of the 'A+
:+ /ither the end user anuall% retrieves the certificate or S'/P autoaticall% retrieves the
certificate. and the certificate is installed onto the s%ste+
; ;
CA
Certificate
CA
Certificate
:
:
N N