🗊Презентация Key Management. Cryptography applications

Нажмите для полного просмотра!
Key Management. Cryptography applications, слайд №1Key Management. Cryptography applications, слайд №2Key Management. Cryptography applications, слайд №3Key Management. Cryptography applications, слайд №4Key Management. Cryptography applications, слайд №5Key Management. Cryptography applications, слайд №6Key Management. Cryptography applications, слайд №7Key Management. Cryptography applications, слайд №8Key Management. Cryptography applications, слайд №9Key Management. Cryptography applications, слайд №10Key Management. Cryptography applications, слайд №11Key Management. Cryptography applications, слайд №12Key Management. Cryptography applications, слайд №13Key Management. Cryptography applications, слайд №14Key Management. Cryptography applications, слайд №15Key Management. Cryptography applications, слайд №16Key Management. Cryptography applications, слайд №17Key Management. Cryptography applications, слайд №18Key Management. Cryptography applications, слайд №19

Вы можете ознакомиться и скачать презентацию на тему Key Management. Cryptography applications. Доклад-сообщение содержит 19 слайдов. Презентации для любого класса можно скачать бесплатно. Если материал и наш сайт презентаций Mypresentation Вам понравились – поделитесь им с друзьями с помощью социальных кнопок и добавьте в закладки в своем браузере.

Слайды и текст этой презентации


Слайд 1





Key Management. Cryptography applications.
Описание слайда:
Key Management. Cryptography applications.

Слайд 2






Cryptanalysis – Code Breaking
A number of code breaking (cryptanalysis) methods exist, such as brute-force, 
ciphertext, and known-plaintext, among others.
Описание слайда:
Cryptanalysis – Code Breaking A number of code breaking (cryptanalysis) methods exist, such as brute-force, ciphertext, and known-plaintext, among others.

Слайд 3






Keys
With modern technology, security of encryption lies in the secrecy of the keys, not the algorithm.
Two terms that are used to describe keys are:
Key length - Also called the key size, this is measured in bits. In this course, we will use the term key length.
Keyspace - This is the number of possibilities that can be generated by a specific key length.
As key length increases, the keyspace increases exponentially.
Описание слайда:
Keys With modern technology, security of encryption lies in the secrecy of the keys, not the algorithm. Two terms that are used to describe keys are: Key length - Also called the key size, this is measured in bits. In this course, we will use the term key length. Keyspace - This is the number of possibilities that can be generated by a specific key length. As key length increases, the keyspace increases exponentially.

Слайд 4





Integrity and Authenticity
Cryptographic Hash Functions
Cryptographic hashes are used to verify and ensure data integrity. 
Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse.
The cryptographic hashing function can also be used to verify authentication.
A hash function takes a variable block of binary data, called the message, and produces a fixed-length, condensed representation, called the hash.
The resulting hash is also sometimes called the message digest, digest, or digital fingerprint.
With hash functions, it is computationally infeasible for two different sets of data to come up with the same hash output. 
Every time the data is changed or altered, the hash value also changes. 
Описание слайда:
Integrity and Authenticity Cryptographic Hash Functions Cryptographic hashes are used to verify and ensure data integrity. Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse. The cryptographic hashing function can also be used to verify authentication. A hash function takes a variable block of binary data, called the message, and produces a fixed-length, condensed representation, called the hash. The resulting hash is also sometimes called the message digest, digest, or digital fingerprint. With hash functions, it is computationally infeasible for two different sets of data to come up with the same hash output. Every time the data is changed or altered, the hash value also changes. 

Слайд 5





Integrity and Authenticity
Cryptographic Hash Operation
Mathematically, the equation h= H(x) is used to explain how a hash algorithm operates.
A cryptographic hash function should have the following properties:
The input can be any length.
The output has a fixed length.
H(x) is relatively easy to compute for any given x.
H(x) is one way and not reversible.
H(x) is collision free, meaning that two different input values will result in different hash values.
Описание слайда:
Integrity and Authenticity Cryptographic Hash Operation Mathematically, the equation h= H(x) is used to explain how a hash algorithm operates. A cryptographic hash function should have the following properties: The input can be any length. The output has a fixed length. H(x) is relatively easy to compute for any given x. H(x) is one way and not reversible. H(x) is collision free, meaning that two different input values will result in different hash values.

Слайд 6





Integrity and Authenticity
MD5 and SHA
Hash functions are used to ensure the integrity of a message. They ensure data has not changed accidentally or intentionally.
Three well-known hashing algorithms are 128-bit MD5, SHA-1, and SHA-2.
MD5 with 128-bit digest - A one-way function that produces a 128-bit hashed message. MD5 is considered to be a legacy algorithm. It is recommended that SHA-2 be used instead.
SHA-1 – Very similar to the MD5 hash functions. Several versions exist. SHA-1 creates a 160 bit hashed message and is slightly slower than MD5. SHA-1 has known flaws and is a legacy algorithm.
SHA-2 –Next-generation algorithm and should be used whenever possible.
While hashing can be used to detect accidental changes, it cannot be used to guard against deliberate changes. There is no unique identifying information from the sender in the hashing procedure. 
Описание слайда:
Integrity and Authenticity MD5 and SHA Hash functions are used to ensure the integrity of a message. They ensure data has not changed accidentally or intentionally. Three well-known hashing algorithms are 128-bit MD5, SHA-1, and SHA-2. MD5 with 128-bit digest - A one-way function that produces a 128-bit hashed message. MD5 is considered to be a legacy algorithm. It is recommended that SHA-2 be used instead. SHA-1 – Very similar to the MD5 hash functions. Several versions exist. SHA-1 creates a 160 bit hashed message and is slightly slower than MD5. SHA-1 has known flaws and is a legacy algorithm. SHA-2 –Next-generation algorithm and should be used whenever possible. While hashing can be used to detect accidental changes, it cannot be used to guard against deliberate changes. There is no unique identifying information from the sender in the hashing procedure. 

Слайд 7





Integrity and Authenticity 
Hash Message Authentication Code
To add authentication to integrity assurance, a keyed-hash message authentication code (HMAC) is used. 
To add authentication, HMAC uses an additional secret key as input to the hash function.
Only the sender and the receiver know the secret key, and the output of the hash function now depends on the input data and the secret key. 
Only parties who have access to that secret key can compute the digest of an HMAC function. 
If the digest that is calculated by the receiving device is equal to the digest that was sent, the message has not been altered. 
Описание слайда:
Integrity and Authenticity Hash Message Authentication Code To add authentication to integrity assurance, a keyed-hash message authentication code (HMAC) is used. To add authentication, HMAC uses an additional secret key as input to the hash function. Only the sender and the receiver know the secret key, and the output of the hash function now depends on the input data and the secret key.  Only parties who have access to that secret key can compute the digest of an HMAC function.  If the digest that is calculated by the receiving device is equal to the digest that was sent, the message has not been altered. 

Слайд 8





Public Key Cryptography
Using Digital Signatures
Описание слайда:
Public Key Cryptography Using Digital Signatures

Слайд 9





Public Key Cryptography
Digital Signatures for Code Signing
Описание слайда:
Public Key Cryptography Digital Signatures for Code Signing

Слайд 10





Public Key Cryptography
Digital Signatures for Digital Certificates
Описание слайда:
Public Key Cryptography Digital Signatures for Digital Certificates

Слайд 11





Authorities and the PKI Trust System
Public Key Management
When establishing an asymmetric connection between two hosts, the hosts will exchange their public key information. 
Trusted third parties on the Internet validate the authenticity of these public keys using digital certificates. The third party issues credentials that are difficult to forge. 
From that point forward, all individuals who trust the third party simply accept the credentials that the third party issues.
Описание слайда:
Authorities and the PKI Trust System Public Key Management When establishing an asymmetric connection between two hosts, the hosts will exchange their public key information. Trusted third parties on the Internet validate the authenticity of these public keys using digital certificates. The third party issues credentials that are difficult to forge. From that point forward, all individuals who trust the third party simply accept the credentials that the third party issues.

Слайд 12





Authorities and the PKI Trust System
The Public Key Infrastructure
Описание слайда:
Authorities and the PKI Trust System The Public Key Infrastructure

Слайд 13





Authorities and the PKI Trust System
The PKI Authorities System
Описание слайда:
Authorities and the PKI Trust System The PKI Authorities System

Слайд 14





Authorities and the PKI Trust System
The PKI Trust System
Описание слайда:
Authorities and the PKI Trust System The PKI Trust System

Слайд 15





Authorities and the PKI Trust System
Interoperability of Different PKI Vendors
Interoperability between a PKI and its supporting services is a concern because many CA vendors have proposed and implemented proprietary solutions instead of waiting for standards to develop.
To address this interoperability concern, the IETF published the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527). 
The X.509 version 3 (X.509v3) standard defines the format of a digital certificate.
Описание слайда:
Authorities and the PKI Trust System Interoperability of Different PKI Vendors Interoperability between a PKI and its supporting services is a concern because many CA vendors have proposed and implemented proprietary solutions instead of waiting for standards to develop. To address this interoperability concern, the IETF published the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527). The X.509 version 3 (X.509v3) standard defines the format of a digital certificate.

Слайд 16





Authorities and the PKI Trust System
Certificate Enrollment, Authentication, and Revocation
All systems that leverage the PKI must have the CA’s public key, called the self-signed certificate. 
The CA public key verifies all the certificates issued by the CA and is vital for the proper operation of the PKI.
The certificate enrollment process begins when CA certificates are retrieved in-band over a network, and the authentication is done out-of-band (OOB) using the telephone.
The system enrolling with the PKI contacts a CA to request and obtain a digital identity certificate for itself and to get the CA’s self-signed certificate. 
The final stage verifies that the CA certificate was authentic and is performed using an OOB method such as the Plain Old Telephone System (POTS) to obtain the fingerprint of the valid CA identity certificate.
A digital certificate can be revoked if key is compromised or if it is no longer needed.
Описание слайда:
Authorities and the PKI Trust System Certificate Enrollment, Authentication, and Revocation All systems that leverage the PKI must have the CA’s public key, called the self-signed certificate. The CA public key verifies all the certificates issued by the CA and is vital for the proper operation of the PKI. The certificate enrollment process begins when CA certificates are retrieved in-band over a network, and the authentication is done out-of-band (OOB) using the telephone. The system enrolling with the PKI contacts a CA to request and obtain a digital identity certificate for itself and to get the CA’s self-signed certificate. The final stage verifies that the CA certificate was authentic and is performed using an OOB method such as the Plain Old Telephone System (POTS) to obtain the fingerprint of the valid CA identity certificate. A digital certificate can be revoked if key is compromised or if it is no longer needed.

Слайд 17





Applications and Impacts of Cryptography
PKI Applications
Some of the many applications of PKIs are:
SSL/TLS certificate-based peer authentication 
Secure network traffic using IPsec VPNs
HTTPS Web traffic
Control access to the network using 802.1x authentication
Secure email using the S/MIME protocol
Secure instant messaging
Approve and authorize applications with Code Signing
Protect user data with the Encryption File System (EFS)
Implement two-factor authentication with smart cards
Securing USB storage devices
Описание слайда:
Applications and Impacts of Cryptography PKI Applications Some of the many applications of PKIs are: SSL/TLS certificate-based peer authentication Secure network traffic using IPsec VPNs HTTPS Web traffic Control access to the network using 802.1x authentication Secure email using the S/MIME protocol Secure instant messaging Approve and authorize applications with Code Signing Protect user data with the Encryption File System (EFS) Implement two-factor authentication with smart cards Securing USB storage devices

Слайд 18





P Applications and the Impacts of Cryptography
Encrypting Network Transactions
Threat actors can use SSL/TLS to introduce regulatory compliance violations, viruses, malware, data loss, and intrusion attempts in a network.
Other SSL/TLS-related issues may be associated with validating the certificate of a web server. When this occurs, web browsers will display a security warning. PKI-related issues that are associated with security warnings include:
Validity date range - The X.509v3 certificates specify “not before” and “not after” dates. If the current date is outside the range, the web browser displays a message. 
Signature validation error - If a browser cannot validate the signature on the certificate, there is no assurance that the public key in the certificate is authentic.
Описание слайда:
P Applications and the Impacts of Cryptography Encrypting Network Transactions Threat actors can use SSL/TLS to introduce regulatory compliance violations, viruses, malware, data loss, and intrusion attempts in a network. Other SSL/TLS-related issues may be associated with validating the certificate of a web server. When this occurs, web browsers will display a security warning. PKI-related issues that are associated with security warnings include: Validity date range - The X.509v3 certificates specify “not before” and “not after” dates. If the current date is outside the range, the web browser displays a message. Signature validation error - If a browser cannot validate the signature on the certificate, there is no assurance that the public key in the certificate is authentic.

Слайд 19





P Applications and Impacts of Cryptography
Encryption and Security Monitoring
Network monitoring becomes more challenging when packets are encrypted. 
Because HTTPS introduces end-to-end encrypted HTTP traffic (via TLS/SSL), it is not as easy to peek into user traffic.
Here is a list of some of the things that a security analyst could do:
Configure rules to distinguish between SSL and non-SSL traffic, HTTPS and non-HTTPS SSL traffic.
Enhance security through server certificate validation using CRLs and OCSP.
Implement antimalware protection and URL filtering of HTTPS content.
Deploy a Cisco SSL Appliance to decrypt SSL traffic and send it to intrusion prevention system (IPS) appliances to identify risks normally hidden by SSL.
Описание слайда:
P Applications and Impacts of Cryptography Encryption and Security Monitoring Network monitoring becomes more challenging when packets are encrypted.  Because HTTPS introduces end-to-end encrypted HTTP traffic (via TLS/SSL), it is not as easy to peek into user traffic. Here is a list of some of the things that a security analyst could do: Configure rules to distinguish between SSL and non-SSL traffic, HTTPS and non-HTTPS SSL traffic. Enhance security through server certificate validation using CRLs and OCSP. Implement antimalware protection and URL filtering of HTTPS content. Deploy a Cisco SSL Appliance to decrypt SSL traffic and send it to intrusion prevention system (IPS) appliances to identify risks normally hidden by SSL.



Похожие презентации
Mypresentation.ru
Загрузить презентацию