Scribd
Upload
76 views

Isc2 Cisssp: Certification Training

This document provides an overview of the Security Engineering domain for the CISSP certification exam. It discusses key topics like cryptography, secure design principles, and security models. Cryptography concepts covered include the history of ciphers like Caesar, Scytale and Enigma. Modern cryptography provides services like privacy, authenticity, integrity and non-repudiation through techniques like hashing, digital signatures and public key infrastructure. The Security Engineering domain makes up 13% of the CISSP exam and focuses on technical aspects of cybersecurity.

Uploaded by

Arifur Rahman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
76 views

Isc2 Cisssp: Certification Training

This document provides an overview of the Security Engineering domain for the CISSP certification exam. It discusses key topics like cryptography, secure design principles, and security models. Cryptography concepts covered include the history of ciphers like Caesar, Scytale and Enigma. Modern cryptography provides services like privacy, authenticity, integrity and non-repudiation through techniques like hashing, digital signatures and public key infrastructure. The Security Engineering domain makes up 13% of the CISSP exam and focuses on technical aspects of cybersecurity.

Uploaded by

Arifur Rahman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

ISC2

CISSSP Certification Training


Certified Information Systems Security Professional

Conducted by
• Md Showkat Ali,
• CISSP, CCSP, PMP, CISA, CISM, CISSP, CRISC, CGEIT
CISSP DOMAINS
• The CISSP exam evaluates expertise across eight security domains.
2019 CISSP Review Course
CHAPTER 3
Security Engineering
Domains Weight
1. Security and Risk Management 15%
2. Asset Security 10%
3. Security Architecture and Engineering 13%
4. Communication and Network Security 14%
5. Identity and Access Management (IAM) 13%
6. Security Assessment and Testing 12%
7. Security Operations 13%
8. Software Development Security 10%

Total: 100%
Domain 3 Agenda

• Cryptography
• Principles of Secure Design
• Trusted Computer Base Elements
• Security Perimeter
• Reference Monitor
• Security Kernel
• Security Models
• Computer/Security Architecture
• Security Models
• Security Evaluation Criteria
CRYPTOGRAPHY
• Historical uses of Cryptography

• Security Services provided by cryptography

• Definitions and terms

• Symmetric Cryptography

• Asymmetric Cryptography

• Hybrid Cryptography

• Integrity through Hashing, MACs and Digital Signatures

• Public Key Infrastructure

• IPSec

• Attacks on Cryptography
CRYPTOGRAPHY DEFINITIONS & GOALS

• The art of creating and implementing secret codes and ciphers is known as cryptography.

• Cryptography is paralleled by the art of cryptanalysis—the study of methods to defeat codes and
ciphers.

• Together, cryptography and cryptanalysis are commonly referred to as cryptology.

• Cryptographic keys are called Crypto variables.

Goals of Cryptography:

• Goal of cryptography is to protect four fundamental index: confidentiality, integrity, authentication,


and nonrepudiation.
CRYPTOGRAPHY IN HISTORY

• Caesar Cipher

• Scytale

• Vignere

• Vernam

• Enigma Machine and Purple Machine


CAESAR CIPHER

• Simple Substitution

• Shift Characters 3 spaces

• A=D, B=E, C=F, etc.

• Substitution Ciphers are subject to pattern analysis. Its said ‘Shift Cipher’ also.
SCYTALE

• Spartans used this cipher to communicate messages to generals in the field

• Wrapped tape around a rod

• Diameter of the rod is the pre-agreed upon secret (key)


VIGNERE
• First polyalphabetic cipher

• Key word is agreed upon ahead of time

• First letter of the key is matched up against first letter of the message, and so on

Plaintext: attackatdawn
Key: LEMONLEMONLE
Ciphertext: LXFOPVEFRNHR
CRYPTOGRAPHY IN WARFARE

• Enigma Machine/Purple Machine

• Used by the Germans/Japanese in WWII

• Breaking the cryptography of these devices is credited with reducing the length of the war.
VERNAM CIPHER

• One Time Pad

• Only mathematically unbreakable form of cryptography

• Key must be used only once

• Pad must be at least as long as the message

• Key pad is statistically unpredictable

• Key Pad must be delivered and stored securely


Cryptographic Mathematics

Boolean Mathematics:
• AND: NOT:

• OR XOR
• OR:
SECURITY SERVICES PROVIDED BY CRYPTOGRAPHY

MODULO FUNCION Nonce


nonce is a random number generated at the
moment of processing for one-time use.
Ex: Initialization vector (IV), a random bit string
that is the same length as the block size and is XORed
with the message.
ONE WAY FUNCTION Zero-Knowledge Proof

• A one-way function is a mathematical The mechanism to prove your knowledge of a fact


operation that easily produces output to a third party without revealing the fact
values for each possible combination of itself to that third party.
inputs but makes it impossible to retrieve
the input values. Ex: Hashing
SECURITY SERVICES PROVIDED BY CRYPTOGRAPHY

• Privacy: Prevents unauthorized disclosure of information

• Authenticity: Verifies the claimed identity

• Integrity: Detects modification or corruption

• Non-Repudiation: Combines authenticity and integrity. A sender can’t dispute having sent a
message, nor its contents.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy