SlideShare a Scribd company logo

Security Training: #2 Cryptography Basics

Yulian Slobodyan
Yulian Slobodyan
Technology
1 of 38
Cryptography Basics Yulian Slobodyan December 2008
Presentation Path  Introduction  Symmetric Cryptography  Asymmetric Cryptography  Certificates and Key Management  Email Security  Network Protocols Security  Technical Choices  Questions  Appendix 2
Introduction
Introduction>Cryptography for Security Confidentiality  Encryption/Decryption Integrity  Hashing  Keyed Hashing or MAC (Message Authentication Code)  Digital Signatures Authentication  Keyed Hashing or MAC (Message Authentication Code)  Digital Signatures  Hashing Non-Repudiation  Digital Signatures 4
Introduction>Basic Terms  Encryption/Decryption  Plain Text  Cipher Text  Cipher  Key 5
Introduction>Cryptography Flavors  Symmetric Cryptography  Synonyms: Private Key, Secret Key, Shared Key, One Key, Single Key  Asymmetric Cryptography  Synonyms: Public Key 6
Symmetric Cryptography
Symmetric Cryptography Block ciphers Stream ciphers Other Cryptographic hash functions (Hashing) MAC - Message Authentication Codes (Keyed Hashing) 8
Symmetric Cryptography>Block Ciphers 9
Symmetric Cryptography>Block Ciphers  DES (Data Encryption Standard)  56 bit key size  Secure? NO!  3DES (Triple DES)  56-bit key size. 1 or 2 or 3 keys used. Max: 168 bits  Secure? ALMOST (using 3 different keys)  AES (Advanced Encryption Standard) or Rijndael [rɛindal]  128/192/256 bit key size  Secure? 128 bit – for dynamic data, 192 bit – ALMOST, 256 – YES (Currently)  6 times faster than 3DES !!!  RC2  Variable key size  Secure? Vulnerable to related key attack using 2^34 chosen plaintexts 10
Symmetric Cryptography>Stream Ciphers  RC4  Variable key size (typically 40-256 bit)  eSTREAM Portfolio  HC-256 (256 bit key size)  Rabbit (128 bit key size)  Salsa20 (256 bit key size)  SOSEMANUK (128-256 bit key size, use 128) 11
Symmetric Cryptography>Hash Functions  The ideal hash function properties:  easy to compute the hash for any given data  extremely difficult to construct a text that has a given hash  extremely difficult to modify a given text without changing its hash  extremely unlikely that two different messages will have the same hash  SHA-1 (160 bit)  MD5 (128 bit)  SHA-2 (SHA-256/224, SHA-512/384)  SHA-3 (In development) SHA-1 fox: the quick red fox: the quick red box: ff0f0a8b656f0b44c26933acd2e367b6c1211290 0fa561fd7e9cf714d5f94c422106ec8979c0c147 a6b613310c301411300cc742ac5bf205728b78cb 12
Symmetric Cryptography>MAC Algorithms  MAC – Message Authentication Code  UMAC (AES)  HMAC (MD5 or SHA-1)  CMAC (AES) 13
Symmetric Cryptography>Pros and Cons  Speed  Key Management 14
Symmetric Cryptography>Dev Choices  Encryption/Decryption – AES  192 bit key – volatile data  256 bit key – sensitive data  Hashing  MD5 – integrity checks  SHA-256 – password hashing  MAC  HMAC, UMAC  CHANGE PRIVATE KEYS REGULARLY!!! 15
Asymmetric Cryptography
Asymmetric Cryptography  Public Key Encryption  Digital Signatures  Public Key Certificates 17
Asymmetric Cryptography>Encryption  RSA  Diffie-Hellman key exchange  ECC (Elliptic Curve Cryptography) (Elliptic curve: y2 = x3 + ax + b ) 18
Asymmetric Cryptography>Digital Signing  DSA (Digital Signature Algorithm)  RSA  ECDSA (Elliptic Curve DSA) 19
Asymmetric Cryptography>Pros and Cons  No Shared Secret  Speed 20
Asymmetric Cryptography>Dev Choices  Encryption - RSA  1024 bit key – volatile data  2048 bit key - sensitive data  Digital Signing – DSA  2048 bit key – beyond 2010  3072 bit key – beyond 2030  MANDATORY PUBLIC KEY INFRASTRUCTURE!!! 21
Certificates and Key Management
Key Management  Key Management  generation  exchange  storage  safeguarding  use  vetting  replacement  Flavors  PKI (Public Key Infrastructure)  X.509  Web Of Trust  PGP 23
Key Management>Digital Certificate  X.509  PGP (Pretty Good Privacy) 24
Key Management>PKI 25
Asymmetric Cryptography>Web Of Trust 26
Email Security
Email Security  ESMTP  S/MIME  OpenPGP 28
Email Security>Extended SMTP  SMTP security extensions  SMTP-AUTH  STARTTLS 29
Email Security>S/MIME and OpenPGP Mandatory features S/MIME v3 OpenPGP Message format Binary, based on CMS Binary, based on previous PGP Certificate format Binary, based on X.509v3 Binary, based on previous PGP Symmetric encryption algorithm TripleDES (DES EDE3 CBC) TripleDES (DES EDE3 Eccentric CFB) Signature algorithm Diffie-Hellman (X9.42) with DSS or RSA ElGamal with DSS Hash algorithm SHA-1 SHA-1 MIME encapsulation of signed data Choice of multipart/signed or CMS format multipart/signed with ASCII armor MIME encapsulation of encrypted data application/pkcs7-mime multipart/encrypted 30
Network Cryptographic Protocols
Cryptographic Protocols  IPSec  Kerberos  NTLM  TLS/SSL  SSH 32
Cryptography Technical Choices
Cryptography Technical Choices  Use a hash when you want a way of verifying that data has not been tampered with in transit.  Use a keyed hash when you want to prove that an entity knows a secret without sending the secret back and forth, or you want to defend against interception during transit by using a simple hash.  Use encryption when you want to hide data when being sent across an insecure medium or when making the data persistent.  Use a certificate when you want to verify the person claiming to be the owner of the public key.  Use symmetric encryption for speed and when both parties share the key in advance.  Use asymmetric encryption when you want to safely exchange data across an insecure medium.  Use a digital signature when you want authentication and non-repudiation.  Use a salt value (a cryptographically generated random number) to defend against dictionary attacks. 34
Questions…
Appendix
Appendix>Cryptography Map 37
Appendix>References and Resources  Wikipedia  Information Security  Network Security  Cryptography  SANS Software Security Institute  Application Security Resources  Research Library  Microsoft Patterns & Practices  Security Guidance  Michael Howard's Web Log  J.D. Meier's Blog  OWASP 38

Recommended

MD5Algorithm
MD5AlgorithmMD5Algorithm
MD5AlgorithmMirza Tarannum
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryptionrajakhurram
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Pkcs 5
Pkcs 5Pkcs 5
Pkcs 5snakesv
 
Encryption
EncryptionEncryption
EncryptionIGZ Software house
 
Md5
Md5Md5
Md5annamalai
 
Hashing Algorithm: MD5
Hashing Algorithm: MD5Hashing Algorithm: MD5
Hashing Algorithm: MD5ijsrd.com
 
Encryption in php
Encryption in phpEncryption in php
Encryption in phpsana mateen
 

Recommended

MD5Algorithm
MD5AlgorithmMD5Algorithm
MD5AlgorithmMirza Tarannum
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryptionrajakhurram
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Pkcs 5
Pkcs 5Pkcs 5
Pkcs 5snakesv
 
Encryption
EncryptionEncryption
EncryptionIGZ Software house
 
Md5
Md5Md5
Md5annamalai
 
Hashing Algorithm: MD5
Hashing Algorithm: MD5Hashing Algorithm: MD5
Hashing Algorithm: MD5ijsrd.com
 
Encryption in php
Encryption in phpEncryption in php
Encryption in phpsana mateen
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).pptGnanalakshmiV
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Network Security(MD5)
Network Security(MD5)Network Security(MD5)
Network Security(MD5)United International University
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing FunctionsYusuf Uzun
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
Cryptography Ashik
Cryptography AshikCryptography Ashik
Cryptography AshikAshik Iqbal
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Data encryption algorithm(edit)
Data encryption algorithm(edit)Data encryption algorithm(edit)
Data encryption algorithm(edit)Hussain Almohammadi
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5Khulna University, Khulna, Bangladesh
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerEmprovise
 
Hash function
Hash functionHash function
Hash functionHarry Potter
 
The Double Ratchet Algorithm
The Double Ratchet AlgorithmThe Double Ratchet Algorithm
The Double Ratchet AlgorithmIndian Institute of Information Technology, Lucknow
 
SSL Primer
SSL PrimerSSL Primer
SSL PrimerMahadev Gaonkar
 
Encryption techniques
Encryption techniques Encryption techniques
Encryption techniques ShrikantSharma86
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
Apache Commons Overview
Apache Commons OverviewApache Commons Overview
Apache Commons Overviewghessler
 
Eliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetEliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetOwaspCzech
 

More Related Content

What's hot

Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).pptGnanalakshmiV
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing FunctionsYusuf Uzun
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 
Cryptography Ashik
Cryptography AshikCryptography Ashik
Cryptography AshikAshik Iqbal
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerEmprovise
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 

What's hot (20)

MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
 
Network Security(MD5)
Network Security(MD5)Network Security(MD5)
Network Security(MD5)
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing Functions
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
Cryptography Ashik
Cryptography AshikCryptography Ashik
Cryptography Ashik
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Data encryption algorithm(edit)
Data encryption algorithm(edit)Data encryption algorithm(edit)
Data encryption algorithm(edit)
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Hash function
Hash functionHash function
Hash function
 
The Double Ratchet Algorithm
The Double Ratchet AlgorithmThe Double Ratchet Algorithm
The Double Ratchet Algorithm
 
SSL Primer
SSL PrimerSSL Primer
SSL Primer
 
Encryption techniques
Encryption techniques Encryption techniques
Encryption techniques
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 

Viewers also liked

Apache Commons Overview
Apache Commons OverviewApache Commons Overview
Apache Commons Overviewghessler
 
Eliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetEliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetOwaspCzech
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-Baljit Saini
 
Security Training: #1 What Actually a Security Is?
Security Training: #1 What Actually a Security Is?Security Training: #1 What Actually a Security Is?
Security Training: #1 What Actually a Security Is?Yulian Slobodyan
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
The Role of People Management, Performance and Incentives in more effective L...
The Role of People Management, Performance and Incentives in more effective L...The Role of People Management, Performance and Incentives in more effective L...
The Role of People Management, Performance and Incentives in more effective L...Kenny Ong
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Concept of hashing
Concept of hashingConcept of hashing
Concept of hashingRafi Dar
 
Hashing and Hash Tables
Hashing and Hash TablesHashing and Hash Tables
Hashing and Hash Tablesadil raja
 
Cyber crime types & laws
Cyber crime types & lawsCyber crime types & laws
Cyber crime types & lawssureshjogesh48
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Network security ppt
Network security pptNetwork security ppt
Network security pptshashi712
 

Viewers also liked (20)

Apache Commons Overview
Apache Commons OverviewApache Commons Overview
Apache Commons Overview
 
Eliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the InternetEliptic-Curve Cryptography and the Internet
Eliptic-Curve Cryptography and the Internet
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-
 
it act
it actit act
it act
 
Security Training: #1 What Actually a Security Is?
Security Training: #1 What Actually a Security Is?Security Training: #1 What Actually a Security Is?
Security Training: #1 What Actually a Security Is?
 
Bluetooth Hacking
Bluetooth HackingBluetooth Hacking
Bluetooth Hacking
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its security
 
The Role of People Management, Performance and Incentives in more effective L...
The Role of People Management, Performance and Incentives in more effective L...The Role of People Management, Performance and Incentives in more effective L...
The Role of People Management, Performance and Incentives in more effective L...
 
Applied Cryptography
Applied CryptographyApplied Cryptography
Applied Cryptography
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Concept of hashing
Concept of hashingConcept of hashing
Concept of hashing
 
Ch17 Hashing
Ch17 HashingCh17 Hashing
Ch17 Hashing
 
Hashing and Hash Tables
Hashing and Hash TablesHashing and Hash Tables
Hashing and Hash Tables
 
Hashing PPT
Hashing PPTHashing PPT
Hashing PPT
 
Cyber crime types & laws
Cyber crime types & lawsCyber crime types & laws
Cyber crime types & laws
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 

Similar to Security Training: #2 Cryptography Basics

Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!OWASP
 
Basic Security in Routing and Switching
Basic Security in Routing and SwitchingBasic Security in Routing and Switching
Basic Security in Routing and SwitchingReza Farahani
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything elseVlad Garbuz
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoHarry Potter
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoJames Wong
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoYoung Alista
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoDavid Hoen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoTony Nguyen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoLuis Goldster
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoFraboni Ec
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 

Similar to Security Training: #2 Cryptography Basics (20)

Cryptography101
Cryptography101Cryptography101
Cryptography101
 
Moein
MoeinMoein
Moein
 
IPSEC
IPSECIPSEC
IPSEC
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
 
[Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things![Wroclaw #8] TLS all the things!
[Wroclaw #8] TLS all the things!
 
Basic Security in Routing and Switching
Basic Security in Routing and SwitchingBasic Security in Routing and Switching
Basic Security in Routing and Switching
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Hashing
HashingHashing
Hashing
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 

More from Yulian Slobodyan

Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps RevolutionYulian Slobodyan
 
Mono - Alternative .NET CLR Implementation
Mono - Alternative .NET CLR ImplementationMono - Alternative .NET CLR Implementation
Mono - Alternative .NET CLR ImplementationYulian Slobodyan
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesYulian Slobodyan
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
StreamInsight Breakthrough
StreamInsight BreakthroughStreamInsight Breakthrough
StreamInsight BreakthroughYulian Slobodyan
 

More from Yulian Slobodyan (10)

Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps Revolution
 
Slides Saturn-final
Slides Saturn-finalSlides Saturn-final
Slides Saturn-final
 
IoT, Demystified
IoT, DemystifiedIoT, Demystified
IoT, Demystified
 
Amazon Cloud Overview
Amazon Cloud OverviewAmazon Cloud Overview
Amazon Cloud Overview
 
Mono - Alternative .NET CLR Implementation
Mono - Alternative .NET CLR ImplementationMono - Alternative .NET CLR Implementation
Mono - Alternative .NET CLR Implementation
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
.NET Micro Framework
.NET Micro Framework.NET Micro Framework
.NET Micro Framework
 
eBiz#3: CEP
eBiz#3: CEPeBiz#3: CEP
eBiz#3: CEP
 
StreamInsight Breakthrough
StreamInsight BreakthroughStreamInsight Breakthrough
StreamInsight Breakthrough
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Security Training: #2 Cryptography Basics

  • 2. Presentation Path  Introduction  Symmetric Cryptography  Asymmetric Cryptography  Certificates and Key Management  Email Security  Network Protocols Security  Technical Choices  Questions  Appendix 2
  • 4. Introduction>Cryptography for Security Confidentiality  Encryption/Decryption Integrity  Hashing  Keyed Hashing or MAC (Message Authentication Code)  Digital Signatures Authentication  Keyed Hashing or MAC (Message Authentication Code)  Digital Signatures  Hashing Non-Repudiation  Digital Signatures 4
  • 5. Introduction>Basic Terms  Encryption/Decryption  Plain Text  Cipher Text  Cipher  Key 5
  • 6. Introduction>Cryptography Flavors  Symmetric Cryptography  Synonyms: Private Key, Secret Key, Shared Key, One Key, Single Key  Asymmetric Cryptography  Synonyms: Public Key 6
  • 8. Symmetric Cryptography Block ciphers Stream ciphers Other Cryptographic hash functions (Hashing) MAC - Message Authentication Codes (Keyed Hashing) 8
  • 10. Symmetric Cryptography>Block Ciphers  DES (Data Encryption Standard)  56 bit key size  Secure? NO!  3DES (Triple DES)  56-bit key size. 1 or 2 or 3 keys used. Max: 168 bits  Secure? ALMOST (using 3 different keys)  AES (Advanced Encryption Standard) or Rijndael [rɛindal]  128/192/256 bit key size  Secure? 128 bit – for dynamic data, 192 bit – ALMOST, 256 – YES (Currently)  6 times faster than 3DES !!!  RC2  Variable key size  Secure? Vulnerable to related key attack using 2^34 chosen plaintexts 10
  • 11. Symmetric Cryptography>Stream Ciphers  RC4  Variable key size (typically 40-256 bit)  eSTREAM Portfolio  HC-256 (256 bit key size)  Rabbit (128 bit key size)  Salsa20 (256 bit key size)  SOSEMANUK (128-256 bit key size, use 128) 11
  • 12. Symmetric Cryptography>Hash Functions  The ideal hash function properties:  easy to compute the hash for any given data  extremely difficult to construct a text that has a given hash  extremely difficult to modify a given text without changing its hash  extremely unlikely that two different messages will have the same hash  SHA-1 (160 bit)  MD5 (128 bit)  SHA-2 (SHA-256/224, SHA-512/384)  SHA-3 (In development) SHA-1 fox: the quick red fox: the quick red box: ff0f0a8b656f0b44c26933acd2e367b6c1211290 0fa561fd7e9cf714d5f94c422106ec8979c0c147 a6b613310c301411300cc742ac5bf205728b78cb 12
  • 13. Symmetric Cryptography>MAC Algorithms  MAC – Message Authentication Code  UMAC (AES)  HMAC (MD5 or SHA-1)  CMAC (AES) 13
  • 14. Symmetric Cryptography>Pros and Cons  Speed  Key Management 14
  • 15. Symmetric Cryptography>Dev Choices  Encryption/Decryption – AES  192 bit key – volatile data  256 bit key – sensitive data  Hashing  MD5 – integrity checks  SHA-256 – password hashing  MAC  HMAC, UMAC  CHANGE PRIVATE KEYS REGULARLY!!! 15
  • 17. Asymmetric Cryptography  Public Key Encryption  Digital Signatures  Public Key Certificates 17
  • 18. Asymmetric Cryptography>Encryption  RSA  Diffie-Hellman key exchange  ECC (Elliptic Curve Cryptography) (Elliptic curve: y2 = x3 + ax + b ) 18
  • 19. Asymmetric Cryptography>Digital Signing  DSA (Digital Signature Algorithm)  RSA  ECDSA (Elliptic Curve DSA) 19
  • 20. Asymmetric Cryptography>Pros and Cons  No Shared Secret  Speed 20
  • 21. Asymmetric Cryptography>Dev Choices  Encryption - RSA  1024 bit key – volatile data  2048 bit key - sensitive data  Digital Signing – DSA  2048 bit key – beyond 2010  3072 bit key – beyond 2030  MANDATORY PUBLIC KEY INFRASTRUCTURE!!! 21
  • 22. Certificates and Key Management
  • 23. Key Management  Key Management  generation  exchange  storage  safeguarding  use  vetting  replacement  Flavors  PKI (Public Key Infrastructure)  X.509  Web Of Trust  PGP 23
  • 24. Key Management>Digital Certificate  X.509  PGP (Pretty Good Privacy) 24
  • 28. Email Security  ESMTP  S/MIME  OpenPGP 28
  • 29. Email Security>Extended SMTP  SMTP security extensions  SMTP-AUTH  STARTTLS 29
  • 30. Email Security>S/MIME and OpenPGP Mandatory features S/MIME v3 OpenPGP Message format Binary, based on CMS Binary, based on previous PGP Certificate format Binary, based on X.509v3 Binary, based on previous PGP Symmetric encryption algorithm TripleDES (DES EDE3 CBC) TripleDES (DES EDE3 Eccentric CFB) Signature algorithm Diffie-Hellman (X9.42) with DSS or RSA ElGamal with DSS Hash algorithm SHA-1 SHA-1 MIME encapsulation of signed data Choice of multipart/signed or CMS format multipart/signed with ASCII armor MIME encapsulation of encrypted data application/pkcs7-mime multipart/encrypted 30
  • 32. Cryptographic Protocols  IPSec  Kerberos  NTLM  TLS/SSL  SSH 32
  • 34. Cryptography Technical Choices  Use a hash when you want a way of verifying that data has not been tampered with in transit.  Use a keyed hash when you want to prove that an entity knows a secret without sending the secret back and forth, or you want to defend against interception during transit by using a simple hash.  Use encryption when you want to hide data when being sent across an insecure medium or when making the data persistent.  Use a certificate when you want to verify the person claiming to be the owner of the public key.  Use symmetric encryption for speed and when both parties share the key in advance.  Use asymmetric encryption when you want to safely exchange data across an insecure medium.  Use a digital signature when you want authentication and non-repudiation.  Use a salt value (a cryptographically generated random number) to defend against dictionary attacks. 34
  • 38. Appendix>References and Resources  Wikipedia  Information Security  Network Security  Cryptography  SANS Software Security Institute  Application Security Resources  Research Library  Microsoft Patterns & Practices  Security Guidance  Michael Howard's Web Log  J.D. Meier's Blog  OWASP 38