318 0944_05F9_c1
1
© 1999, Cisco Systems, Inc.
Advanced Security Technology Concepts Session 318
318 0944_05F9_c1 © ...
54 downloads
667 Views
1MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
318 0944_05F9_c1
1
© 1999, Cisco Systems, Inc.
Advanced Security Technology Concepts Session 318
318 0944_05F9_c1 © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
2
1
What Is Cryptography • A way of keeping information private • Provides authentication and integrity • Nonrepudiation • Requires key management • A communications enabler • Communication with confidence 318 0944_05F9_c1
3
© 1999, Cisco Systems, Inc.
Agenda
• Encryption Concepts and Terminology • The PKI and CEP • A Day In the Life of an IPSec Packet • IPSec Implementation Issues
318 0944_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
4
2
Encryption Concepts and Terminology
318 318 0944_05F9_c1 0944_05F9_c1 ©©1999, 1999,Cisco CiscoSystems, Systems,Inc. Inc.
55
Confidentiality
• Confidentiality—communicating such that the intended recipients know what was being sent but unintended parties cannot determine what was sent
318 0944_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
6
3
Keys Pub
Pub
Pri
Pri
WAN DES
DES
• Each device has three keys: 1. A private key that is kept secret and never shared. Used to sign messages 2. A public key that is shared. Used by others to verify a signature 3. A shared secret key that is used to encrypt data using a symmetric encryption algorithm (e.g., DES) 318 0944_05F9_c1
7
© 1999, Cisco Systems, Inc.
Key Sizes Estimated Time for Brute-Force Attack (1995) on Symmetric Keys Cost 40 100 K 2 secs 1M .2 secs 10 M .02 secs 100 M 2 millisecs 1 B .2 millisec
318 0944_05F9_c1
56 64 80 35 hours 1 year 70,000 yrs 3.5 hours 37 days 7000 years 21 mins 4 days 700 years 2 mins 9 hours 70 years 13 secs 1 hour 7 years
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
112 1014 yrs 1013 yrs 1012 yrs 1011 yrs 1010 yrs
128 1019 yrs 1018 yrs 1017 yrs 1016 yrs 1015 yrs
8
4
Asymmetric or Public-Key Encryption Public Key
Networkers
Private Key
Encryption
&^$!@#l:{Q
Decryption
Networkers
• Encryptor and decryptor use different mathematical functions • Encryptor and decryptor use different keys • Example: Public key algorithms (RSA, Diffie-Hellman) • Generate a secret key 318 0944_05F9_c1
9
© 1999, Cisco Systems, Inc.
The Diffie-Hellman Public Key Exchange Alice
Secret Value, XA Public Value, YA
YA =g
XA
Secret Value, XB Public Value,
mod p
Bob
YB = g XB mod p YA YB
YB
XA
mod p = g
XA XB
mod p = YA
XB
mod p
(Shared Secret) g is a large prime p size is based on D-H group 318 0944_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
10
5
Diffie-Hellman Example Host A
Host B
prime p = 5, primitive g = 3
prime p =5, primitive g = 3
Choose Xa such that
Choose Xb such that
0