Chapter 7:

Cryptographic Systems

CCNA Security v2.0

 7.0 Introduction
7.1 Cryptographic Services
7.2 Basic Integrity and
Authenticity
7.3 Confidentiality
7.4 Public Key Cryptography
7.5 Summary

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
 Upon completion of this section, you should be able to:
• Explain the requirements of secure communications including integrity,
authentication, and confidentiality.
• Explain cryptography.

• Describe cryptoanalysis.

• Describe cryptology.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 Ciphertext can be creating using several methods:
• Transposition

• Substitution

• One-time pad

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 xxxx

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
 Methods used for cryptanalysis:
• Brute-force method

• Ciphertext method

• Known-Plaintext method

• Chosen-Plaintext method

• Chosen-Ciphertext method

• Meet-in-the-Middle method

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
 Frequency Analysis of the
English Alphabet

Deciphering Using Frequency

Analysis

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
 Upon completion of the section, you should be able to:
• Describe the purpose of cryptographic hashes.

• Explain how MD5 and SHA-1 are used to secure data communications.

• Describe authenticity with HMAC.

• Describe the components of key management.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
 Types of cryptographic keys:
• Symmetric keys

• Asymmetric keys

• Digital signatures

• Hash keys

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
 Upon completion of the section, you should be able to:
• Explain how encryption algorithms provide confidentiality.

• Explain the function of the DES, 3DES, and the AES algorithms .

• Describe the function of the Software Encrypted Algorithm (SEAL) and the
Rivest ciphers (RC) algorithms.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
 SEAL has several restrictions:
• The Cisco router and the peer must support IPsec.

• The Cisco router and the other peer must run an IOS image that supports
encryption.
• The router and the peer must not have hardware IPsec encryption.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
 Upon completion of the section, you should be able to:
• Explain the differences between symmetric and asymmetric encryptions and
their intended applications.
• Explain the functionality of digital signatures.

• Explain the principles of a public key infrastructure (PKI).

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Four protocols that use asymmetric key algorithms:
• Internet Key Exchange (IKE)

• Secure Socket Layer (SSL)

• Secure Shell (SSH)

• Pretty Good Privacy (PGP)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
 P
Fi
G
st
Alice Encrypts Message Using Bob’s Alice Encrypts A Hash Using Bob’s
Public Key Public Key

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
 Bob Uses Alice’s Public Key to Bob Uses His Public Key to Decrypt
Decrypt Hash Message

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Digital Signature Properties:
• Signature is authentic

• Signature is unalterable

• Signature is not reusable

• Signature cannot be repudiated

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Digitally signing code provides several assurances about the code:
• The code is authentic and is actually sourced by the publisher.

• The code has not been modified since it left the software publisher.

• The publisher undeniably published the code.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
 Sending a Digital Certificate

Receiving a Digital Certificate

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
 DSA Scorecard

RSA Scorecard

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
 Elements of the
PKI Framework

PKI Example

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
 Single-Root PKI Topology

Cross Certified CA

Hierarchical CA

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
 Retrieving CA Certificates

Submitting Certificate
Requests to the CA

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
 Peers Authenticate Each Other

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
 Chapter Objectives:
• Explain the areas of cryptology.

• Explain to two kinds of encryption algorithms.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 88