Summary

This chapter focused on the basic elements of cryptography and the PKI implementation.

There are two primary methods of encryption:

• Symmetric

• Asymmetric

Symmetric systems require that each end of the connection have the same private key. Asymmetric systems use a two-key system. In public key cryptography, each person has a public and a private key. The public key can be sent to the other person; the private key is never divulged.

There are five main considerations in implementing a cryptography system:

• Confidentiality

• Integrity

• Authentication

• Non-repudiation

• Access control

Confidential means that the message retains its privacy. Integrity means that the message cannot be altered without detection. Authentication is used to verify that the person who sent the message is actually who they say they are. Non-repudiation prevents either the sender or receiver from denying that the message was sent or received.

PKI is a system that has been widely implemented to provide encryption and data security in computer networks. PKI is being implemented globally by both governmental agencies and businesses.

The major components of a PKI system include the Certificate Authority, the Registration Authority, and certificates. The most common certificate implemented in PKI is the X.509 v3 certificate.

CA systems can establish trusting relationships based on a hierarchical, bridge, mesh, or hybrid structure. This relationship can be defined based upon the needs of the organization.

The three cryptographic attacks covered in this chapter were the mathematical, weak key, and birthday attacks. Mathematical attacks use mathematical methods to find ways to break an algorithm and decrypt a message. The birthday attack is based on the probability that patterns and common events become more likely as collections get larger. The weak key attack exploits either poorly chosen passwords or flaws in the password encryption algorithm.