Vous êtes sur la page 1sur 88

Chapitre 7:

Les systèmes cryptographiques

v2.0 CCNA sécurité


7.0 Présentation
7.1 Cryptographic Services
7.2 Intégrité de base et
authenticité
7.3 confidentialité
7.4 Cryptographie à clé publique
7.5 Résumé

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
À la fin de cette section, vous devriez pouvoir:
• Expliquer les exigences de sécurité des communications, y compris l'intégrité,
l'authentification et la confidentialité.
• Expliquer la cryptographie.

• Décrire cryptanalyse.

• Décrire cryptologie.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
cryptogramme peut être créer en utilisant plusieurs
méthodes:
• Transposition

• Substitution

• pad unique

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
xxxx

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Les méthodes utilisées pour la cryptanalyse:
• Procédé force brute

• cryptogramme méthode

• Connue-Plaintext méthode

• -Plaintext procédé choisi

• Choisi-cryptogramme méthode

• Rencontrez-in-the-Middle méthode

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Analyse de la fréquence de
l'alphabet anglais

Décrypter Utilisation de
l'analyse de fréquence

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
À la fin de la section, vous devriez être en mesure de:
• Décrire le but de hash cryptographique.

• Expliquer comment MD5 et SHA-1 sont utilisés pour sécuriser les


communications de données.
• Décrire l'authenticité avec HMAC.

• Décrire les composantes de la gestion des clés.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Types de clés
cryptographiques:
• clés Symmetric

• clés asymétriques

• Signatures numériques

• clés de hachage

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
À la fin de la section, vous devriez être en mesure de:
• Expliquer comment les algorithmes de chiffrement assurent la confidentialité.

• Expliquer la fonction du DES, 3DES, AES et les algorithmes .

• Décrire la fonction de l'algorithme Encrypted Software (SEAL) et la Rivest


algorithmes de chiffrements (RC).

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
SEAL a plusieurs restrictions:
• Le routeur Cisco et les pairs doivent prendre en charge IPsec.

• Le routeur Cisco et l'autre par les pairs doivent exécuter une image IOS qui
prend en charge le cryptage.
• Le routeur et le poste ne doit pas avoir le chiffrement IPsec matériel.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
À la fin de la section, vous devriez être en mesure de:
• Expliquer les différences entre les cryptages symétriques et asymétriques et
leurs applications visées.
• Expliquer la fonctionnalité du numérique signatures.

• Expliquer les principes d'une infrastructure à clé publique (PKI).

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Quatre protocoles qui utilisent des algorithmes clés asymétriques:
• Internet Key Exchange (IKE)

• Secure Socket Layer (SSL)

• Secure Shell (SSH)

• Pretty Good Privacy (PGP)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
S
Le
tit

Alice Crypte message avec la clé Alice Crypte Une Hash utilisant la
publique de Bob clé publique de Bob

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Bob utilise la clé publique Bob utilise sa clé publique à
d'Alice pour Décrypter Hash Déchiffrer un message

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Propriétés de la signature numérique:
• Signature est authentique

• Signature est inaltérables

• Signature est non réutilisable

• Signature ne peut pas être désavoué

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Code signature numérique offre plusieurs garanties sur le code:
• Le code est authentique et est en fait d'origine par l'éditeur.

• Le code n'a pas été modifié depuis sa sortie l'éditeur du logiciel.

• L'éditeur a publié incontestablement le code.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Envoi d'un certificat
numérique

Réception d'un certificat


numérique

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
DSA Scorecard

Scorecard RSA

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Les éléments
du cadre de
l'ICP

Exemple PKI

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Topologie à une seule
racine PKI

Cross Certified CA

CA
hiérarchique

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Récupération des
certificats CA

Envoi des demandes


de certificats à
l'autorité de
certification

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Pairs Authentifier Chaque Autre

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Objectifs du chapitre:
• Expliquer les domaines de la cryptologie.

• Expliquez à deux types d'algorithmes de chiffrement.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Thank you.
• Rappelles toi, Il y a des
tutoriels utiles et guides
d'utilisation disponibles via
votre Netspace maison 1
page. (https: 2
//www.netacad.com)
• Ces ressources couvrent
une variété de sujets, y
compris la navigation, des
évaluations et des missions.
• Une capture d'écran a été
fourni ici mettant en lumière
les didacticiels liés à
l'activation des examens, la
gestion des évaluations, et
la création de
questionnaires.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 88