The Introduction to Encryption II

This is the second of two of the most important classes we have the privilege to teach as part of theSANS Security Essentials course. In the first course, we went on a quick tour of some of theimportant issues and concepts in the field of cryptography. We saw that encryption is real, it iscrucial, it is a foundation of so much that happens in the world around us today --and, most of it in amanner that is completely transparent to us.
Nội dung trích xuất từ tài liệu:
The Introduction to Encryption II Introduction to Encryption II Security Essentials The SANS Institute Encryption and Exploits - SANS ©2001 1This is the second of two of the most important classes we have the privilege to teach as part of theSANS Security Essentials course. In the first course, we went on a quick tour of some of theimportant issues and concepts in the field of cryptography. We saw that encryption is real, it iscrucial, it is a foundation of so much that happens in the world around us today --and, most of it in amanner that is completely transparent to us.I guess you know that one of SANS’ mottos is, “Never teach anything in a class which the studentcan’t use at work the next day.” One of our goals in this course is to help you be aware of howcryptography operates under the covers in some of the major cryptosystems which are used on a24x7 basis in our world. Along the way, we’ll share some hard-earned pragmatic lessons we’velearned, and hope that our experience will be of help to you.Enjoy! 2-1 Why Do I Care About Crypto? U.S. Dept. of Commerce Public Key Infrastructure (PKI) no longer supports DES... Digital Certificates National Institute of Standards Digital Signatures E-Business and Technology (NIST) is E-Commerce leading the development of AES Distributed Denial of Service --the replacement for DES... Privacy attack daemon found to be protected by “blowfish” Mobile Code --a DES-like block cipher... Smart Cards “Adversary” The Internet Insecure Global Networks “Alice” “Bob” Communications in the presence of adversaries… Confidentiality Integrity Authentication Non-repudiation Encryption II - SANS ©2001 2Without cryptography, there is no e-business, no viable e-commerce infrastructures, no militarypresence on the Internet and no privacy for the citizens of the world. There are numerous andcontinually increasing everyday instances in which we encounter cryptosystems at work and at play,often without even realizing it. The underlying cryptographic infrastructure actually works so wellthat we only take notice when it is absent, or implemented incorrectly!When you use a secure mobile telephone, all communications between you and the party on the otherend are rapidly encrypted and decrypted on the fly, so that any eavesdropper will not be able to listenin on your conversation. Every once in awhile, we hear how the confidential communication of apublic figure was intercepted and his or her privacy compromised. Yet another example of not usingcryptographically enabled products.One of the more important emerging applications of cryptographically-enabled communications is ate-commerce-enabled web sites on the Internet and the World Wide Web. When supported with anenterprise-wide Public Key Infrastructure (PKI), a whole suite of new and innovative products andservices is instantly enabled. Today, this is leading to new business opportunities, new capabilitiesbeing delivered to consumers, new functionality provided by organizations to their shareholders,fundamental changes in the way entire industries function, new legislation, tapping into globalopportunities, etc. 2-2 Course Objectives • Concepts in Cryptography • Secret (Symmetric) Key Systems – Triple-DES – AES • Public (Asymmetric) Key Systems – RSA – ECC Encryption II - SANS ©2001 3We begin this course by examining the conceptual underpinnings behind major cryptosystems thatare in use today. In particular, we’ll look at Triple-DES which is a good alternative for the nowobsolete DES algorithm, which is officially no longer considered to be secure. Next, we’ll stop byfor a quick status update on the development activity that is currently underway throughout theglobal cryptographic community in connection with the new Advanced Encryption Standard(AES).Our n ...