The permutation cipher simply rearranges the values within a block to create the ciphertext.

Almost every organization uses computer networks to share their information and to support their business operations. When we allow network access to data it is exposed to threats from inside and outside of the organization. This course examines the threats associated with using internal and external networks and how to manage the protection of information when it’s accessible via networks. In this course, a learner will be able to: ● Describe the threats to data from information communication technology (ICT) ● Identify the issues and practices associated with managing network security ● Identify the practices, tools, and methodologies associated with assessing network security ● Describe the components of an effective network security program

View Syllabus

Skills You'll Learn

Wireless Security, Intrusion Detection System, Firewall (Computing), Computer Network

Reviews

• 5 stars

  82.58%

• 4 stars

  12.92%

• 3 stars

  3.37%

• 1 star

  1.12%

ND

Oct 13, 2020

the course was awesome , and clear to read and understand , thanks for the team who prepared the course of managing network secuirty

PK

Oct 21, 2020

The course that I attended is an exelent one. This sessions helped me to learn more about cyber security

From the lesson

Cybersecurity Technology Administration (Module 3.2)

Learning objectives for the module on Cybersecurity Technology Administration

Taught By

• 

  Herbert J. Mattord, Ph.D., CISM, CISSP, CDP

  Professor of Information Security

• 

  Michael Whitman, Ph.D., CISM, CISSP

  Professor of Information Security

Presentation on theme: "Cryptography Principles of Information Security, 2nd edition"— Presentation transcript:

1 Cryptography Principles of Information Security, 2nd edition
THREATS TO INFORMATION SECURITY To make sound decisions about information security, create policies, and enforce them, management must be informed of the various kinds of threats facing the organization, its applications, data and information systems. A threat is an object, person, or other entity that represents a constant danger to an asset. To better understand the numerous threats facing the organization, a categorization scheme has been developed allowing us to group threats by their respective activities. By examining each threat category in turn, management can most effectively protect its information through policy, education and training, and technology controls. Principles of Information Security, 2nd edition

2 Learning Objectives Upon completion of this material, you should be able to:
Understand the basic cipher methods and cryptographic algorithms List and explain the major protocols used for secure communications Learning Objectives: Upon completion of this chapter you should be able to: Define and identify the various types of firewalls. Discuss the approaches to firewall implementation. Discuss the approaches to dial-up access and protection. Identify and describe the two categories of intrusion detection systems. Discuss the two strategies behind intrusion detection systems. Discuss the process of encryption and define key terms. Identify and discuss common approaches to cryptography. Compare and contrast symmetric and asymmetric encryption. Discuss various approaches to biometric access control. Principles of Information Security, 2nd edition

3 Introduction Cryptography: process of making and using codes to secure transmission of information Encryption: converting original message into a form unreadable by unauthorized individuals Cryptography And Encryption-Based Solutions Although not a specific application or security tool, encryption represents a sophisticated approach to security that is implemented in many security systems. In fact, many security-related tools use embedded encryption technologies to protect sensitive information handled by the application. Encryption is the process of converting an original message into a form that is unreadable by unauthorized individuals, that is anyone without the tools to convert the encrypted message back to its original format. The science of encryption, known as cryptology encompasses cryptography, from the Greek words kryptos, meaning hidden, and graphein, meaning to write, and cryptanalysis, the process of obtaining the original message (or plaintext) from an encrypted message (or ciphertext), without the knowledge of the algorithms and keys used to perform the encryption. Principles of Information Security, 2nd edition

4 Cipher Methods Plaintext can be encrypted through bit stream or block cipher method Bit stream: each plaintext bit transformed into cipher bit one bit at a time Block cipher: message divided into blocks (e.g., sets of 8- or 16-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key Cryptography And Encryption-Based Solutions The notation used to describe the encryption process differs depending on the source. The first uses the letters M to represent the original message, C to represent the ending ciphertext, and E to represent the encryption process: E(M) = C. This formula represents the application of encryption to a message to create ciphertext. D represents the decryption or deciphering process, thus D[E(M)]=M. K is used to represent the key, thus E(M, K) = C, or encrypting the message with the key results in the ciphertext. Now look at a simple form of encryption based on two concepts: the block cipher and the exclusive OR operation. With the block cipher method, the message is divided into blocks, i.e., 8 or 16 bit blocks, and then each block is transformed using the algorithm and key. The exclusive or operation (XOR) is a function of Boolean algebra whereby two bits are compared, and if the two bits are identical, the result is a binary 0. If the two bits are NOT the same, the result is a binary 1. Principles of Information Security, 2nd edition

5 Cipher Methods: Substitution Cipher
Substitution cipher: substitute one value for another Monoalphabetic substitution: uses only one alphabet Polyalphabetic substitution: more advanced; uses two or more alphabets An example Encryption Operations In encryption the most commonly used algorithms include two functions: substitution and transposition. In a substitution cipher, you substitute one value for another. This is a simple enough method by itself but very powerful if combined with other operations. This type of substitution is based on a monoalphabetic substitution, since it only uses one alphabet. More advanced substitution ciphers use two or more alphabets, and are referred to as polyalphabetic substitutions. Caesar reportedly used a three-value shift to the right giving that particular substitution cipher his name – the “Caesar Cipher. Just like the substitution operation, the transposition cipher is simple to understand but can be complex to decipher if properly used. Unlike the substitution cipher, the transposition cipher (or permutation cipher) simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level. Transposition ciphers move these bits or bytes to another location in the block, so that bit 1 becomes bit 4, bit 2 becomes bit 7 etc.

6 Cipher Methods: Transposition Cipher
Transposition cipher: rearranges values within a block to create ciphertext An example Encryption Operations In encryption the most commonly used algorithms include two functions: substitution and transposition. In a substitution cipher, you substitute one value for another. This is a simple enough method by itself but very powerful if combined with other operations. This type of substitution is based on a monoalphabetic substitution, since it only uses one alphabet. More advanced substitution ciphers use two or more alphabets, and are referred to as polyalphabetic substitutions. Caesar reportedly used a three-value shift to the right giving that particular substitution cipher his name – the “Caesar Cipher. Just like the substitution operation, the transposition cipher is simple to understand but can be complex to decipher if properly used. Unlike the substitution cipher, the transposition cipher (or permutation cipher) simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level. Transposition ciphers move these bits or bytes to another location in the block, so that bit 1 becomes bit 4, bit 2 becomes bit 7 etc. Principles of Information Security, 2nd edition

7 Cipher Methods: Transposition Cipher
An example Encryption Operations In encryption the most commonly used algorithms include two functions: substitution and transposition. In a substitution cipher, you substitute one value for another. This is a simple enough method by itself but very powerful if combined with other operations. This type of substitution is based on a monoalphabetic substitution, since it only uses one alphabet. More advanced substitution ciphers use two or more alphabets, and are referred to as polyalphabetic substitutions. Caesar reportedly used a three-value shift to the right giving that particular substitution cipher his name – the “Caesar Cipher. Just like the substitution operation, the transposition cipher is simple to understand but can be complex to decipher if properly used. Unlike the substitution cipher, the transposition cipher (or permutation cipher) simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level. Transposition ciphers move these bits or bytes to another location in the block, so that bit 1 becomes bit 4, bit 2 becomes bit 7 etc.

8 Cipher Methods: Exclusive OR
Exclusive OR (XOR): function of Boolean algebra; two bits are compared If two bits are identical, result is binary 0 If two bits not identical, result is binary 1 Encryption Operations In encryption the most commonly used algorithms include two functions: substitution and transposition. In a substitution cipher, you substitute one value for another. This is a simple enough method by itself but very powerful if combined with other operations. This type of substitution is based on a monoalphabetic substitution, since it only uses one alphabet. More advanced substitution ciphers use two or more alphabets, and are referred to as polyalphabetic substitutions. Caesar reportedly used a three-value shift to the right giving that particular substitution cipher his name – the “Caesar Cipher. Just like the substitution operation, the transposition cipher is simple to understand but can be complex to decipher if properly used. Unlike the substitution cipher, the transposition cipher (or permutation cipher) simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level. Transposition ciphers move these bits or bytes to another location in the block, so that bit 1 becomes bit 4, bit 2 becomes bit 7 etc. Principles of Information Security, 2nd edition

9 Cipher Methods: Exclusive OR
An example Encryption Operations In encryption the most commonly used algorithms include two functions: substitution and transposition. In a substitution cipher, you substitute one value for another. This is a simple enough method by itself but very powerful if combined with other operations. This type of substitution is based on a monoalphabetic substitution, since it only uses one alphabet. More advanced substitution ciphers use two or more alphabets, and are referred to as polyalphabetic substitutions. Caesar reportedly used a three-value shift to the right giving that particular substitution cipher his name – the “Caesar Cipher. Just like the substitution operation, the transposition cipher is simple to understand but can be complex to decipher if properly used. Unlike the substitution cipher, the transposition cipher (or permutation cipher) simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level. Transposition ciphers move these bits or bytes to another location in the block, so that bit 1 becomes bit 4, bit 2 becomes bit 7 etc. Principles of Information Security, 2nd edition

10 Cipher Methods: Practice in Class
The whole class is separated into two groups. Each group uses the following two steps (in-order) to encrypt a X-letter English word (all letters are in capital) and let the other group decrypt the cipher message. The group wins the game if it finishes earlier. Mono-alphabetic substitution: only position shift among the whole 26 English letters can be applied, e.g. a, b, c,…x, y, z => b, c, d,…, y, z, a XOR: only Y-bit key can be chosen. Examples X=4 (Word: GOOD), Y=2 (key: 01) X=6 (Word: SENSOR), Y=3 (key:101) Encryption Operations In encryption the most commonly used algorithms include two functions: substitution and transposition. In a substitution cipher, you substitute one value for another. This is a simple enough method by itself but very powerful if combined with other operations. This type of substitution is based on a monoalphabetic substitution, since it only uses one alphabet. More advanced substitution ciphers use two or more alphabets, and are referred to as polyalphabetic substitutions. Caesar reportedly used a three-value shift to the right giving that particular substitution cipher his name – the “Caesar Cipher. Just like the substitution operation, the transposition cipher is simple to understand but can be complex to decipher if properly used. Unlike the substitution cipher, the transposition cipher (or permutation cipher) simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level. Transposition ciphers move these bits or bytes to another location in the block, so that bit 1 becomes bit 4, bit 2 becomes bit 7 etc. Principles of Information Security, 2nd edition

11 Cryptographic Algorithms
Often grouped into two broad categories, symmetric and asymmetric; today’s popular cryptosystems use hybrid combination of symmetric and asymmetric algorithms Symmetric and asymmetric algorithms distinguished by types of keys used for encryption and decryption operations Cryptographic Algorithms In general, cryptographic algorithms are often grouped into two broad categories—symmetric and asymmetric—but in practice, today’s popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms. Symmetric and asymmetric algorithms can be distinguished by the types of keys they use for encryption and decryption operations. Principles of Information Security, 2nd edition

12 Cryptographic Algorithms: Symmetric Encryption
Symmetric encryption: uses same “secret key” to encipher and decipher message Encryption methods can be extremely efficient, requiring minimal processing Both sender and receiver must possess encryption key If either copy of key is compromised, an intermediate can decrypt and read messages Symmetric Encryption Symmetric encryption indicates that the same key, also known as a secret key is used to conduct both the encryption and decryption of the message. Symmetric encryption methods can be extremely efficient, requiring minimal processing to either encrypt or decrypt the message. The problem is that both the sender and the receiver must own the encryption key. If either copy of the key is compromised, an intermediate can decrypt and read the messages. One of the challenges of symmetric key encryption is getting a copy of the key to the receiver, a process that must be conducted out-of-band to avoid interception. Principles of Information Security, 2nd edition

13 Figure 8-3 Symmetric Encryption Example
Principles of Information Security, 2nd edition

14 Cryptographic Algorithms: Symmetric Encryption
Symmetric-key encryption Encryption key k = decryption key k* Dec(k, Enc(k,m)) = m or Deck(Enck (m)) = m There are a number of popular symmetric encryption cryptosystems. One of the most familiar is Data Encryption Standard (DES), developed in 1977 by IBM and based on the Data Encryption Algorithm (DEA). DEA uses a 64-bit block size and a 56-bit key. The algorithm begins by adding parity bits to the key (resulting in 64 bits) and then apples the key in 16 rounds of XOR, substitution, and transposition operations. With a 56 bit key, the algorithm has 256 possible keys to choose from (over 72 quadrillion). DES is a federally approved standard for nonclassified data. DES was cracked in 1997 when Rivest-Shamir-Aldeman (RSA) put a bounty on the algorithm. RSA offered a $10,000 reward for the first person or team to crack the algorithm. Fourteen thousand users collaborated over the Internet to finally break the encryption. Principles of Information Security, 2nd edition

15 Cryptographic Algorithms: Symmetric Encryption
Data Encryption Standard (DES): one of most popular symmetric encryption cryptosystems 64-bit block size; 56-bit key Adopted by NIST in 1976 as federal standard for encrypting non-classified information Triple DES (3DES): created to provide security far beyond DES Advanced Encryption Standard (AES): developed to replace both DES and 3DES There are a number of popular symmetric encryption cryptosystems. One of the most familiar is Data Encryption Standard (DES), developed in 1977 by IBM and based on the Data Encryption Algorithm (DEA). DEA uses a 64-bit block size and a 56-bit key. The algorithm begins by adding parity bits to the key (resulting in 64 bits) and then apples the key in 16 rounds of XOR, substitution, and transposition operations. With a 56 bit key, the algorithm has 256 possible keys to choose from (over 72 quadrillion). DES is a federally approved standard for nonclassified data. DES was cracked in 1997 when Rivest-Shamir-Aldeman (RSA) put a bounty on the algorithm. RSA offered a $10,000 reward for the first person or team to crack the algorithm. Fourteen thousand users collaborated over the Internet to finally break the encryption. Principles of Information Security, 2nd edition

16 Cryptographic Algorithms: Asymmetric Encryption
Asymmetric encryption (public key encryption) Uses two different but related keys; either key can encrypt or decrypt message If Key A encrypts message, only Key B can decrypt Highest value when one key serves as private key and the other serves as public key Asymmetric Encryption Another category of encryption techniques is asymmetric encryption, also known as public key encryption. Whereas the symmetric encryption systems are based on a single key to both encrypt and decrypt a message, asymmetric encryption uses two different keys. Either key can be used to encrypt or decrypt the message, however, if Key A is used to encrypt the message, only Key B can decrypt, and if Key B is used to encrypt a message, only Key A can decrypt it. The public key is stored in a public location, where anyone can use it. The private key, as its name suggests, is a secret known only to the owner of the key pair. The problem with asymmetric encryption is that it requires four keys to hold a single conversation between two parties. Asymmetric encryption is not as efficient as symmetric encryptions in terms of CPU computations. As a result, the hybrid system described in the section on Public Key Infrastructure is more commonly used, instead of a pure asymmetric system. Principles of Information Security, 2nd edition

17 Figure 8-4 Using Public Keys
Principles of Information Security, 2nd edition

18 Cryptographic Algorithms: Asymmetric Encryption
Asymmetric Encryption (public key encryption) Public key pk = (N, e) Secret key sk = (N, d) Encryption: Encpk (m) = [me mod N] Decryption: Decsk (c) = [cd mod N] Asymmetric Encryption Another category of encryption techniques is asymmetric encryption, also known as public key encryption. Whereas the symmetric encryption systems are based on a single key to both encrypt and decrypt a message, asymmetric encryption uses two different keys. Either key can be used to encrypt or decrypt the message, however, if Key A is used to encrypt the message, only Key B can decrypt, and if Key B is used to encrypt a message, only Key A can decrypt it. The public key is stored in a public location, where anyone can use it. The private key, as its name suggests, is a secret known only to the owner of the key pair. The problem with asymmetric encryption is that it requires four keys to hold a single conversation between two parties. Asymmetric encryption is not as efficient as symmetric encryptions in terms of CPU computations. As a result, the hybrid system described in the section on Public Key Infrastructure is more commonly used, instead of a pure asymmetric system. Principles of Information Security, 2nd edition

19 Case Study: Onion Routing (1)
Alice R Bob Sender chooses a random sequence of routers Some routers are honest, some controlled by attacker Sender controls the length of the path

20 Case Study: Onion Routing (2)
Alice R3 Bob {M}pk(B) {B,k4}pk(R4),{ }k4 {R4,k3}pk(R3),{ }k3 {R3,k2}pk(R2),{ }k2 {R2,k1}pk(R1),{ }k1 Routing info for each link encrypted with router’s public key Each router learns only the identity of the next router

21 Cryptography Tools Public Key Infrastructure (PKI): integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely PKI systems based on public key cryptosystems; include digital certificates and certificate authorities (CAs) Cryptography Tools Public Key Infrastructure (PKI) is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. PKI systems are based on public key cryptosystems and include digital certificates and certificate authorities (CAs). Principles of Information Security, 2nd edition

22 Digital Signatures Encrypted messages that can be mathematically proven to be authentic Created in response to rising need to verify information transferred using electronic systems Asymmetric encryption processes used to create digital signatures Digital Signatures An interesting thing happens when the asymmetric process is reversed, that is the private key is used to encrypt a short message. The public key can be used to decrypt it, and the fact that the message was sent by the organization that owns the private key cannot be refuted. This is known as non-repudiation, which is the foundation of digital signatures. Digital Signatures are encrypted messages that are independently verified by a central facility (registry) as authentic. Principles of Information Security, 2nd edition

23 Digital Signatures (continued)
Ensuring data integrity and non-repudiation using public- key methods s = Signsk (m) Verifypk (m*,s*) = true or false Hash-then-sign: s = Signsk(h(m)), where h is a cryptographic hash function Digital Signatures An interesting thing happens when the asymmetric process is reversed, that is the private key is used to encrypt a short message. The public key can be used to decrypt it, and the fact that the message was sent by the organization that owns the private key cannot be refuted. This is known as non-repudiation, which is the foundation of digital signatures. Digital Signatures are encrypted messages that are independently verified by a central facility (registry) as authentic. Principles of Information Security, 2nd edition

24 Digital Certificates Electronic document containing key value and identifying information about entity that controls key Digital signature attached to certificate’s container file to certify file is from entity it claims to be from Digital Certificates and Certificate Authorities As alluded to earlier, a digital certificate is an electronic document, similar to a digital signature, attacked to a file certifying that this file is from the organization it claims to be from and has not been modified from the originating format. A Certificate Authority is an agency that manages the issuance of certificates and serves as the electronic notary public to verify their worth and integrity. Principles of Information Security, 2nd edition

25 Figure 8-5 Digital Signatures
Principles of Information Security, 2nd edition

26 Key Distribution Principles of Information Security, 2nd edition
Securing the Web Secure Electronic Transactions (SET) was developed by MasterCard and Visa in 1997 to provide protection from electronic payment fraud. SET works by encrypting the credit card transfers with DES for encryption and RSA for key exchange, much as other algorithms do. SET provides the security for both Internet-based credit card transactions and the encryption of swipe systems of those credit cards in retail stores. Secure Socket Layer was developed by Netscape in 1994 to provide security in online electronic commerce transactions. It uses a number of algorithms, but mainly relies on RSA for key transfer and IDEA, DES or 3DES for encrypted symmetric key-based data transfer. Secure Hypertext Transfer Protocol (SHTTP) is an encrypted solution to the unsecured version of HTTP. It provides an alternative to the aforementioned protocols and can provide secure e-commerce transactions as well as encrypted Web pages for secure data transfer over the Web, using a number of different algorithms. Secure Shell (SSH) provides security over remote access connections using tunneling. It provides authentication services between a client and server. IP Security (IPSec) is the cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group, defined in RFC 1825, 1826 and 1827. IP Security (IPSec) is used to create Virtual Private Networks (VPNs) and is an open framework for security development within the TCP/IP family of protocol standards. Principles of Information Security, 2nd edition

27 Key Distribution (continued)
Securing the Web Secure Electronic Transactions (SET) was developed by MasterCard and Visa in 1997 to provide protection from electronic payment fraud. SET works by encrypting the credit card transfers with DES for encryption and RSA for key exchange, much as other algorithms do. SET provides the security for both Internet-based credit card transactions and the encryption of swipe systems of those credit cards in retail stores. Secure Socket Layer was developed by Netscape in 1994 to provide security in online electronic commerce transactions. It uses a number of algorithms, but mainly relies on RSA for key transfer and IDEA, DES or 3DES for encrypted symmetric key-based data transfer. Secure Hypertext Transfer Protocol (SHTTP) is an encrypted solution to the unsecured version of HTTP. It provides an alternative to the aforementioned protocols and can provide secure e-commerce transactions as well as encrypted Web pages for secure data transfer over the Web, using a number of different algorithms. Secure Shell (SSH) provides security over remote access connections using tunneling. It provides authentication services between a client and server. IP Security (IPSec) is the cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group, defined in RFC 1825, 1826 and 1827. IP Security (IPSec) is used to create Virtual Private Networks (VPNs) and is an open framework for security development within the TCP/IP family of protocol standards. Principles of Information Security, 2nd edition

28 Key Distribution (continued)
Securing the Web Secure Electronic Transactions (SET) was developed by MasterCard and Visa in 1997 to provide protection from electronic payment fraud. SET works by encrypting the credit card transfers with DES for encryption and RSA for key exchange, much as other algorithms do. SET provides the security for both Internet-based credit card transactions and the encryption of swipe systems of those credit cards in retail stores. Secure Socket Layer was developed by Netscape in 1994 to provide security in online electronic commerce transactions. It uses a number of algorithms, but mainly relies on RSA for key transfer and IDEA, DES or 3DES for encrypted symmetric key-based data transfer. Secure Hypertext Transfer Protocol (SHTTP) is an encrypted solution to the unsecured version of HTTP. It provides an alternative to the aforementioned protocols and can provide secure e-commerce transactions as well as encrypted Web pages for secure data transfer over the Web, using a number of different algorithms. Secure Shell (SSH) provides security over remote access connections using tunneling. It provides authentication services between a client and server. IP Security (IPSec) is the cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group, defined in RFC 1825, 1826 and 1827. IP Security (IPSec) is used to create Virtual Private Networks (VPNs) and is an open framework for security development within the TCP/IP family of protocol standards. Principles of Information Security, 2nd edition

29 Protocols for Secure Communications
Secure Socket Layer (SSL) protocol: uses public key encryption to secure channel over public Internet Secure Hypertext Transfer Protocol (S-HTTP): extended version of Hypertext Transfer Protocol; provides for encryption of individual messages between client and server across Internet S-HTTP is the application of SSL over HTTP; allows encryption of information passing between computers through protected and secure virtual connection Securing the Web Secure Electronic Transactions (SET) was developed by MasterCard and Visa in 1997 to provide protection from electronic payment fraud. SET works by encrypting the credit card transfers with DES for encryption and RSA for key exchange, much as other algorithms do. SET provides the security for both Internet-based credit card transactions and the encryption of swipe systems of those credit cards in retail stores. Secure Socket Layer was developed by Netscape in 1994 to provide security in online electronic commerce transactions. It uses a number of algorithms, but mainly relies on RSA for key transfer and IDEA, DES or 3DES for encrypted symmetric key-based data transfer. Secure Hypertext Transfer Protocol (SHTTP) is an encrypted solution to the unsecured version of HTTP. It provides an alternative to the aforementioned protocols and can provide secure e-commerce transactions as well as encrypted Web pages for secure data transfer over the Web, using a number of different algorithms. Secure Shell (SSH) provides security over remote access connections using tunneling. It provides authentication services between a client and server. IP Security (IPSec) is the cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group, defined in RFC 1825, 1826 and 1827. IP Security (IPSec) is used to create Virtual Private Networks (VPNs) and is an open framework for security development within the TCP/IP family of protocol standards. Principles of Information Security, 2nd edition

30 Protocols for Secure Communications (continued)
Securing with S/MIME, PEM, and PGP Secure Multipurpose Internet Mail Extensions (S/MIME): builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication Privacy Enhanced Mail (PEM): proposed as standard to function with public key cryptosystems; uses 3DES symmetric key encryption Pretty Good Privacy (PGP): uses IDEA Cipher for message encoding Securing A number of encryption cryptosystems have been adapted in an attempt to inject some degree of security into , a notoriously unsecured medium. S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication through digital signatures based on public key cryptosystems. Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a standard to function with the public key cryptosystems. PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures. Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher, a 128-bit symmetric key block encryption algorithm with 64 bit blocks for message encoding. IDEA performs 8 rounds on 16 bit sub-blocks using algebraic calculations. PGP also uses RSA for symmetric key exchange and for digital signatures. Principles of Information Security, 2nd edition

31 Protocols for Secure Communications (continued)
Securing Web transactions with SET, SSL, and S-HTTP Secure Electronic Transactions (SET): developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud Uses DES to encrypt credit card information transfers Provides security for both Internet-based credit card transactions and credit card swipe systems in retail stores Securing Web Transactions with SET, SSL, and S-HTTP Just as PGP, PEM, and S/MIME work to secure operations, a number of related protocols work to secure Web browsers, especially at electronic commerce sites. Among these are Secure Electronic Transactions (SET), Secure Socket Layer (SSL), Secure Hypertext Transfer Protocol (S-HTTP), Secure Shell (SSH-2), and IP Security (IPSec). Secure Electronic Transactions (SET) was developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud. SET uses DES to encrypt credit card information transfers and RSA for key exchange. SET provides the security for both Internet-based credit card transactions and credit card swipe systems in retail stores. Principles of Information Security, 2nd edition

32 Summary Cryptography and encryption provide sophisticated approach to security Many security-related tools use embedded encryption technologies Encryption converts a message into a form that is unreadable by the unauthorized Many tools are available and can be classified as symmetric or asymmetric, each having advantages and special capabilities Principles of Information Security, 2nd edition

Which cipher simply rearranges the values within a block to create the ciphertext?

Which of the following is used in conjunction with an algorithm to create the ciphertext from the plaintext?

What is the process of hiding messages for example Hiding a message within the digital encoding of a picture or graphic so that it is almost impossible to detect?

Is the process of converting an original message into a form that is unreadable to unauthorized individuals?