Beruflich Dokumente
Kultur Dokumente
Session Title: Understanding Basic Encryption Concepts and AIX !"#s Encrypted $ile System Session I%: SE"&'AIX(
Speaker Name: Stephen Dominguez
10/06/10
Intro to Cr&ptograph&
Cryptography is the practice and st*dy o+ hiding in+ormation Used to ,scram-le. yo*r +iles Used to prove who yo*r are Used to alert yo* i+ the contents o+ a +ile have -een changed /eri+y the identity o+ the person who sent yo* a message 0eep online comm*nications sa+e and sec*re
10-0*-10
.hat i /0ainte%t1
The message in its nat*ral +ormat! Plainte2t is reada-le to an attac3er Also re+erred to as ,clearte2t.
10-0*-10
.hat i Cipherte%t1
A message altered5 so as to -e *nreada-le +or anyone e2cept the intended recipients An attac3er seeing cipherte2t wo*ld -e *na-le to read the message Also re+erred to as ,cryptogram.
10-0*-10
.hat i $ncr&ption
The process o+ converting a message +rom its plainte2t to cipher te2t thro*gh the *se o+ a cryptogrphic algorithm and 3ey Also re+erred to as enciphering
10-0*-10
.hat i Decr&ption1
The process o+ converting a cipherte2t message into plainte2t thro*gh the *se o+ the cryptographic algorithm and 3ey that was *sed to do the original encryption Term also re+erred to as deciphering
10-0*-10
10-0*-10
10-0*-10
10-0*-10
2 ing thi cipher an! a ke& o' 13 4hat i the cipher te%t 'or: AB ;;
"&
10-0*-10
2 ing thi cipher an! a ke& o' 13 4hat i the p0ainte%t 'or: %E AB
""
10-0*-10
2 ing thi cipher an! a ke& o' 13 4hat i the cipher te%t 'or: IBM <AS/E=AS
")
10-0*-10
(NS.$5S:
>C? MBT@%ABT
"1
10-0*-10
2 ing thi cipher an! a ke& o' 13 4hat i the p0ainte%t 'or: =/B AB?CM$
"4
10-0*-10
(NS.$5S:
$U? =AMB<E
"6
10-0*-10
.hat i a Cr&ptographic 6a h1
A 3ind o+ signat*re +or a stream o+ data Also called digest5 or in+ormally5 ,chec3s*m. All streams o+ data yield hashes o+ the same length This di++ers +rom encryption C decryption! Aashes are one8way5 ie5 yo* can#t ta3e a hash and determine the stream o+ data MaDor elements: stream o+ data5 hash +*nction5 and hash
"
10-0*-10
"7
10-0*-10
"9
10-0*-10
S&mmetric Cr&ptograph&
Type o+ cryptography in which the 3ey +or encryption and decryption is the same Pro: =ood +or encrypting large amo*nts o+ data Pro: Comp*tationally +ast Pro: Aard to -rea3 i+ large 3ey *sed Pro: M*ch +aster than asymmetric cryptography Con: EeF*ires sec*re mechanism +or delivering 3eys Con: Each pair needs to -e *niF*e5 so the more *sers the more 3eys needed
":
10-0*-10
( &mmetric Cr&ptograph&
Cryptography in which a pair o+ di++erent 3eys are *sed to encrypt and decrypt! The 3eys are mathematically related! Ee+erred to as p*-lic 3ey systems The p*-lic 3ey may -e 3nown -y everyone Bnly the owner sho*ld 3now the private 3ey The private and p*-lic 3ey can#t encrypt and decrypt a message witho*t the other!
)&
10-0*-10
)"
10-0*-10
))
10-0*-10
Digita0 Signature
This is a message#s hash val*e that has -een encrypted with the sender#s private 3ey The act o+ signing means encrypting the message#s hash val*e with the sender#s private 3ey Provide +or ens*ring the integrity o+ messages Provides +or a*thentication and nonrep*diation
)1
10-0*-10
)4
10-0*-10
)6
10-0*-10
$,S Ba ic
E$S +iles are stored on dis3 in encrypted +orm @hen +iles are loaded into memory they are decrypted $iles in memory are in clear te2t $iles moved +rom memory to dis3 will -e encrypted
10-0*-10
)7
10-0*-10
(cce
Contro0 Imp0ication
Adds an additional layer o+ access %AC is still en+orced on the +iles AC<s are still en+orced %AC and AC<s are +irst chec3ed -e+ore E$S 3eys are chec3ed
)9
10-0*-10
/rere9ui ite 'or Creating $,S:enab0e! ,i0e S& tem Crypto<ite in C 'CliC( +ilesets m*st -e installed EBAC m*st -e ena-led The partition m*st -e E$S8ena-led
):
10-0*-10
Inter'ace
upporte!
1&
10-0*-10
1"
10-0*-10
1)
10-0*-10
11
10-0*-10
$,S:enab0e! 'i0e
User logs onto a partition User opens his 3eystore User can then access E$S8ena-led +iles that he has %AC access to and that the +ile has 3eys +or him
14
10-0*-10
16
10-0*-10
10-0*-10
17
10-0*-10
19
10-0*-10
1:
10-0*-10
4&
10-0*-10
4"
10-0*-10
5e'erence
@i3ipedia Cryptography +or %*mmies G Chey Co- CISSP All8in8Bne E2am =*ide5 6th Edition5 -y Shon Aarris AIX / Advanced Sec*rity $eat*res G Introd*ction and Con+ig*ration B++icial 'ISC() =*ide to the CISSP CB0 )nd Edition G Aarold $! Tipton
4)
10-0*-10
"he $ND
I+ yo* wo*ld li3e IBM <a- Services to provide assistance with implementing E$S5 please contact me5 Stephen %oming*eI5 at sdomingK*s!i-m!com
41
10-0*-10