|
Welcome to NetworkCert.NET
Security Basics
Symmetric Key Processing (also called secret-key cryptography) back to top Clear text is encrypted to cipher text using a key. It is unencrypted at the other end using the same key. The key must be installed on each computer. The confidentiality of the message depends on the secrecy and the length of the symmetric key. Example: You create a coded message to send to a computer in which each letter is substituted with the letter that is four down from it in the alphabet. So "A" becomes "E," and "B" becomes "F". You have already told the destination PC that the code is "Shift by 4". The PC gets the message and decodes it. The most popular symmetric-key system is the Data Encryption Standard (DES). Also called ANSI X3.92, it uses 64 bits--56 bits for encryption and a 8 bit parity block. No longer considered very secure. The current standard is called Triple DES using 3 128 bit keys. Available in an upgrade pack as a service pack add-on in Windows 2000. A 128-bit number has a possible 2128 different combinations Cryptanalysis or Methods of attack--Passive interception gathers any kind of information that travels across the wire (traffic patterns, blocks of encrypted code). Active interception uses a compromised key to reintroduce altered or fabricated data onto the wire. The main drawback is that the two parties must somehow exchange the key in a secure way. The most secure way to provide the key to the party is to physically deliver the key. When separated by geography, a key distribution center (trusted third party) may be used.
Asymmetric Key Processing (also called public-key cryptography) back to top Clear text is encrypted to cipher text using a key. It is unencrypted at the other end using a different key. There is a public key known to everyone and a private or secret key known only to the recipient of the message. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. Example: When Suzie wants to send a secure message to Frank, she uses Frank's public key to encrypt the message. Frank then uses his private key to decrypt it. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything. Another popular implementation of public-key encryption is the Secure Sockets Layer (SSL). SSL is an Internet security protocol used by Internet browsers and web servers to transmit sensitive information. It is part of a security protocol known as Transport Layer Security Digital certificates are used to implement this type of security. A digital certificate is basically a bit of information that says that the Web server is trusted by an independent source known as a certificate authority. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other.
Hash Functions (HMAC--Hash Metric Authentication Code) back to top The hash function (authentication block) proves authentication by comparison. A mathematical value is determined when the message is sent. I one character of message changes, the hash value will not match and data is compromised. Hash Algorithms
Message Digest 5 (MD5) converts 512 bit blocks to 128 bit tags. Secure Hash Algorithm (SHA1) is a little slower and coverts the same size clear clear text block into a large more secure 160 bit message digest. These two methods are supported by Microsoft. Comparing hash values doesn't expose the actual message. Hash values, once encrypted, produce a digitally singed Message Authentication Code (MAC) Example: An ATM machine generates and compares hash values of the password keyed in the console in the form of a PIN. If the two values agree, then the transaction proceeds. Digital envelopes Often a message is encrypted symmetrically. Once encrypted, the key to decode the message is using asymmetric encryption. Cuts down on overhead. |