Chapter 7 - 01 - Discuss Essential Network Security Protocols - 03_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Pretty Good Privacy (PGP) O Pretty good privacy (PGP) is an application layer protocol which provides cryptographic privacy and authentication for network communication W A O It encrypts and decrypts email communication as well as authenticates messages with digital signatures and encrypts stored files File Encryption 5"““‘ Key File Encryption A — Encrypted File h Eni cryption ti G — Encrypted File with the User's Public Key in the [ Encrypted Key User’s Private Key A,— —_— User’s Public Key Qoo File Decryption Header Decryption : i i : Encrypted File Mbt:: the Use;‘s Public Key in the Header i @ Encrypted Key — A— Encrypted File oC_J Decryption File Pretty Good Privacy (PGP) Pretty good privacy (PGP) is an and authentication for network decryption computer program communication. PGP enhances application layer protocol which provides cryptographic privacy communication. Pretty good privacy (PGP) is an encryption and that is used for providing confidentiality and validation during the security of emails. How Does PGP Work? Every user has a public encryption key and a private key. Messages are sent to another user after encrypting them using the public key. The receiver decrypts the message using their private key. PGP compresses the message, resulting in an increase in the security of the message in the network. PGP creates a session key which is used only once. It encrypts the message using the session key along with the encryption algorithm. The session key is encrypted by the recipient’s public key. The public key encrypted session key is sent to the recipient along with the encrypted message. Module 07 Page 692 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls —- Technical Controls Exam 212-82 File Encryption Random File Key A Encryption Encrypted File n ,— ’— User’s Public Key —_— Encrypted File h cfl c" with the User’s " Encryption Public Key in the Header Encrypted Key Figure 7.6: File Encryption using PGP A recipient uses their private key to decrypt the session key and to decrypt the entire message. File Decryption A= AS Encrypted File with the User’s Public Keyin the Header User’s Private Key -[0 | T~ 0= Encrypted Key A _ _— L L T Decryption h Decryption Encrypted File File Figure 7.7: File Decryption There are two versions of PGP: = RSA Algorithm = Diffie-Hellman Algorithm PGP creates a hash code from the user’s name and signature to encrypt the sender’s private key. The receiver uses the sender’s public key to decrypt the hash code. Module 07 Page 693 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls —- Technical Controls Exam 212-82 Secure/Multipurpose Internet Mail Extensions (S/MIME) Secure/multipurpose internet mail extensions (S/MIME) 0 o 1 > is an application layer protocol which is used for sending digitally signed and encrypted email messages 02 > It uses the RSA system for email encryption o 3 0 > Network defenders need to enable S/MIME-based security for mailboxes in their organizations Secure/Multipurpose Internet Mail Extensions (S/MIME) (Cont’d) Alice fi Alice % ‘ Public ‘ g Bob Secure/Multipurpose Internet Mail Extensions (S/IMIME) (S/IMIIME) Secure/multipurpose internet mail extensions (S/MIME) is used for sending digitally signed and encrypted messages. It allows you to encrypt email messages and digitally sign them to ensure confidentiality, integrity, and non-repudiation for messages. It provides cryptographic security services such as: = Authentication Module 07 Page 694 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls = Exam 212-82 Message integrity = Non-repudiation = Privacy = Data security S/MIME ensures e-mail security and has been included in the latest versions of different web browsers. It uses the RSA encryption method and provides details regarding the encryption and digital signatures in the message. An S/MIME protocol needs to ensure that it gains a certificate from the CA or from a public CA. The protocol uses different private keys for signature and for encryption. Alice Message w _;_; i ] : ‘ H. Y AD> ce:::lcate Private Key.................... Slgnaing i 06 trcvot ion (DES) Encryption g v = v 9 Signature Encrypted " > e M'e’ssig! > EEEETPPRPPRPEE = e e Secret Key Encryption (RSA) : Digital > |sesssssssssscsansead Signature Bob E V Checking G Decryption (DES) '5 u>@ A '?‘-'H-HU v w..............)G Secret Key Decryption (RSA) A Public Key Bob cersaracasansdpl OK? | sorenres >Pul::|i:w - Alice v o fl @ Public A = Leronres OK? |enrnnnnnnnn | w Cet;l(f)l;ate © Private Key * Bob Figure 7.8: Working of S/MIME Module 07 Page 695 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Differences between 7.0 PGP and S/MIME_,.-‘.-:-'.-"" /. Mandatory Features S/MIME v3 OpenPGP ~ Message Format Binary, Based on CMS Application/Pkcs 7-mime Certificate Format Binary, Based on X.509v3 s'g: My, Based on previous Symmetric Encryption 5 Triple DES (DES, EDE3, and CBC) Triple DES (DES, EDE3, and Diffie-Heliman (X9.42) WIth DSS o\ ool with DSS Hash Algorithm SHA- 1 SHA-1 MIME Encapsulation of Signed Data Choice of Multipart/signed or CMS Format :. Multipart/signed ASCIl armor MIME Encapsulation of Encrypted Data S : Application/Pkcs 7-mime Multipart/Encrypted Algorithm Signature Algorithm or RSA - = cFB) Differences between PGP and S/MIME Mandatory Features S/MIME v3 OpenPGP Message Format Binary, Based on CMS Application/Pkcs 7-mime Certificate Format Binary, Based on X.509v3 Binary, Based on previous PGP Symmetric Encryption Triple DES (DES, EDE3, and CBC) Triple DES (DES, EDE3, and Eccentric CFB) Algorithm Signature Algorithm Diffie-Hellman (X9.42) with DSS or RSA Hash Algorithm SHA-1 MIME Encapsulation of Signed Data Choice of Multipart/signed or MIME Encapsulation of Encrypted Data ElGamal with DSS SHA-1 CMS Format Multipart/signed ASCIl armor Application/Pkcs 7-mime Multipart/Encrypted Table 7.2: Differences between PGP and S/MIME Module 07 Page 696 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.