268
Chapter 7
■
PKI and Cryptographic Applications
a different message that produces
the same message digest, thereby maintaining the validity
of the original digital signature.
Don’t forget that social engineering techniques can also be used in
cryptanalysis. If you’re able to obtain a decryption key by simply ask-
ing
the sender for it, that’s much easier than attempting to crack the
cryptosystem!
Replay
The replay attack is used against cryptographic algorithms that don’t incorporate
temporal protections. In this attack, the malicious individual
intercepts an encrypted mes-
sage between two parties (often a request for authentication) and then later “replays” the
captured message to open a new session. This attack can be defeated by incorporating a
time stamp and expiration period into each message.
Summary
Asymmetric key cryptography, or public key encryption, provides
an extremely fl exible
infrastructure, facilitating simple, secure communication between parties that do not nec-
essarily know each other prior to initiating the communication. It also provides the frame-
work for the digital signing of messages to ensure nonrepudiation and message integrity.
This chapter
explored public key encryption, which provides a scalable cryptographic
architecture for use by large numbers of users. We also described some popular cryp-
tographic algorithms, such as link encryption and end-to-end encryption. Finally, we
introduced you to
the public key infrastructure, which uses certifi cate authorities (CAs)
to generate digital certifi cates containing the public keys of system users and digital signa-
tures, which rely on a combination of public key cryptography and hashing functions.
We also looked at some of the common applications of cryptographic technology in solv-
ing everyday problems. You learned how cryptography can be used to secure email (using
PGP and S/MIME), web communications (using SSL and TLS), and both peer-to-peer and
gateway-to-gateway networking (using IPsec and ISAKMP) as
well as wireless communica-
tions (using WPA and WPA2).
Finally, we covered some of the more common attacks used by malicious individuals
attempting to interfere with or intercept encrypted communications between two parties.
Such attacks include birthday, cryptanalytic, replay,
brute-force, known plaintext, chosen
plaintext, chosen ciphertext,
meet-in-the-middle, man-in-the-middle, and birthday attacks.
It’s important for you to understand these attacks in order to provide adequate security
against them.