Encryption and Security Tools for IA Management Nick

  • Slides: 16
Download presentation
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007

Overview • Symmetric/Asymmetric Key • Digital Signatures • Certificates • SSL Protocol • Commonly

Overview • Symmetric/Asymmetric Key • Digital Signatures • Certificates • SSL Protocol • Commonly Used Certificates • VNC Tunneling • PGP/Gnu. PG • Conclusion

Symmetric Encryption n n “Private” Key Same key for encryption and decryption Strengths: Efficient

Symmetric Encryption n n “Private” Key Same key for encryption and decryption Strengths: Efficient Weakness: Parties involved

Symmetric Encryption Cont’d

Symmetric Encryption Cont’d

Asymmetric Encryption n “Public” Key Encryption Based on Key Pair 2 Keys Public n

Asymmetric Encryption n “Public” Key Encryption Based on Key Pair 2 Keys Public n Private n n n Strength: Keys are related but not equal Weakness: Computation time

Asymmetric Key cont’d n Many public keys, One private key A User’s Private Key

Asymmetric Key cont’d n Many public keys, One private key A User’s Private Key n A User’s Public Key(s) One way Encryption/Decryption

Asymmetric Key cont’d

Asymmetric Key cont’d

Digital Signatures n n A electronic signature that validates data integrity One way hashing

Digital Signatures n n A electronic signature that validates data integrity One way hashing algorithm Strength: Data validation Weakness: Doesn’t validate the sender

Digital Signatures cont’d

Digital Signatures cont’d

Certificates n n n An electronic document used to identify an entity Can identify

Certificates n n n An electronic document used to identify an entity Can identify the entity’s name, public key, date of issuance, and date of revocation Issued by Certificate Authority in public domain

Secure Socket Layer n n n Netscape vs. Microsoft TLS Typically used on a

Secure Socket Layer n n n Netscape vs. Microsoft TLS Typically used on a client/server network Two Parts: Handshake n Bulk-Data Transfer n

SSL Handshake n Consists of four parts: Message Exchange n Public-Key Computations n Random-Number

SSL Handshake n Consists of four parts: Message Exchange n Public-Key Computations n Random-Number Generation n Handshake Authentication n

Commonly Used Certificates n n Client SSL Server SSL S/MIME CA Certificates

Commonly Used Certificates n n Client SSL Server SSL S/MIME CA Certificates

VNC Tunneling through SSH n n n VNC - Virtual Network Computing Unsecured –

VNC Tunneling through SSH n n n VNC - Virtual Network Computing Unsecured – data transmitted in plain text SSH – Secure Shell n Enables strong security with VNC capability

PGP and Gnu. PG n n n Based on public key architecture Handled by

PGP and Gnu. PG n n n Based on public key architecture Handled by multiple OS Encrypted messages sent with email software

Conclusion n n n Symmetric/Asymmetric systems Digital Signatures Certificates SSL VNC Tunneling PGP/Gnu. PG

Conclusion n n n Symmetric/Asymmetric systems Digital Signatures Certificates SSL VNC Tunneling PGP/Gnu. PG