Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 16: Basic Integrity and Authenticity, image, image, image, image,…
Module 16: Basic Integrity and Authenticity
16.0. Introduction
16.0.1 Why Should I Take this Module?
In order to secure data as it travels across links, you need to have an understanding of how to protect that data and maintain its integrity.
Module Objective: Explain how cryptography is used to ensure data integrity and authenticity.
16.1 Integrity and Authenticity
16.1.1 Secure Communications
This may include internal traffic, but it is even more important to protect data that travels outside of the organization to branch sites, telecommuter sites, and partner sites.
Data Integrity - Guarantees that the message was not altered. Any changes to data in transit will be detected.
Origin Authentication - Guarantees that the message is not a forgery and does actually come from whom it states.
Data Confidentiality - Guarantees that only authorized users can read the message.
Data Non-Repudiation - Guarantees that the sender cannot repudiate, or refute, the validity of a message sent.
16.1.2 Cryptographic Hash Functions
Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse
16.1.3 Cryptographic Hash Operation
Mathematically, the equation h= H(x) is used to explain how a hash algorithm operates. As shown in the figure, a hash function H takes an input x and returns a fixed-size string hash value h.
16.1.4 MD5 and SHA
Hash functions are used to ensure the integrity of a message. They help ensure data has not accidentally changed and that what was sent is indeed what was received.
16.1.5 Origin Authentication
To add origin authentication and integrity assurance, use a keyed-hash message authentication code (HMAC). HMAC uses an additional secret key as input to the hash function.
16.2 Key Management
16.2.1 Characteristics of Key Management
Key management is often considered the most difficult part of designing a cryptosystem.
Many cryptosystems have failed because of mistakes in their key management, and all modern cryptographic algorithms require key management procedures
16.2.2 Key Length and Keyspace
Key length - Also called the key size, this is the measure in bits. In this course, we will use the term key length
Keyspace - This is the number of possibilities that can be generated by a specific key length.
16.2.3 The Keyspace
The keyspace of an algorithm is the set of all possible key values. A key that has n bits produces a keyspace that has 2n possible key values. By adding one bit to the key, the keyspace is effectively doubled
16.2.4 Types of Cryptographic Keys
Symmetric keys - Can be exchanged between two routers supporting a VPN
Asymmetric keys - Are used in secure HTTPS applications
Digital signatures - Are used when connecting to a secure website
Hash keys - Are used in symmetric and asymmetric key generation, digital signatures, and other types of applications
16.2.5 Choice of Cryptographic Keys
Performance is another issue that can influence the choice of a key length. An administrator must find a good balance between the speed and protective strength of an algorithm, because some algorithms, such as the Rivest, Shamir, and Adleman (RSA) algorithm, run slowly due to large key lengths.
16.3 Confidentiality
16.3.1 Data Confidentiality
Asymmetric and symmetric encryption are the two classes of encryption used to provide data confidentiality. These two classes differ in how they use keys
16.3.2 Symmetric Encryption
Symmetric algorithms use the same pre-shared key to encrypt and decrypt data. A pre-shared key, also called a secret key, is known by the sender and receiver before any encrypted communications can take place.
Symmetric Encryption Example
Today, symmetric encryption algorithms are commonly used with VPN traffic. This is because symmetric algorithms use less CPU resources than asymmetric encryption algorithms
16.3.3 Asymmetric Encryption
Asymmetric algorithms, also called public-key algorithms, are designed so that the key that is used for encryption is different from the key that is used for decryption, as shown in the figure
Asymmetric Encryption Example
Asymmetric algorithms use a public key and a private key. Both keys are capable of the encryption process, but the complementary paired key is required for decryption.
16.3.4 Asymmetric Encryption - Confidentiality
Asymmetric algorithms are used to provide confidentiality without pre-sharing a password. The confidentiality objective of asymmetric algorithms is initiated when the encryption process is started with the public key.
16.3.5 Asymmetric Encryption - Authentication
The authentication objective of asymmetric algorithms is initiated when the encryption process is started with the private key.
16.3.6 Asymmetric Encryption - Integrity
Combining the two asymmetric encryption processes provides message confidentiality, authentication, and integrity.
16.3.7 Diffie-Hellman
Diffie-Hellman (DH) is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret without having communicated before.
