NSE4_FGT-6.4 Fortinet NSE 4 – FortiOS 6.4 – FortiGate Firewall V6.4 Part 23
May 1, 2023

66. Lecture-66:Cryptography Symmetric & Asymmetric Encryption.

Today topic is VPN. But before starting VPN, we need to know some basic terminologies. So let me go through quickly, okay? And that is cryptography. What is cryptography? Basically is a Greek word which you know, it’s made from two words, kryptos and griffin. It’s a Greek word. Cryptography. It means hidden writing, krypton means hidden secret and griffin means written. So that’s why it’s become like a cryptography. So basically this is a method to hide your data, to hide your information, to make them garbage so that nobody, no third person can understand them. This method, we call them cryptography to make them impossible to read them for any other third party person, to scramble the data, to change them, to modify, to do something with the data so that nobody else, but only you and the receiver person can know the data. So this type of method, we call them cryptography, so that nobody can hack my data with data in motion either data in storage, so we call them cryptography. Now, in cryptography, there are few terminologies, one is plain text. What is plaintext? Plaintext means the original data which is readable, clear text, data, whatever, like whatever you can see. Now this is clear text, you can understand that this is in plain English.

So plain text, clear text, when human can read them and anybody can read them, they call them plain text. Either clear text, the other one is cypertext. When we convert plain text to non readable format garbage data, hidden data, we call them ciphertext. And this conversion is called encryption. So encryption is nothing just to scramble your data, just to change the data so that nobody know either to make them non readable. So this method called them encryption. And when the receiver received the garbage data, either the cipher text, so they will apply the same rule to make them plain text, again, readable format. So this is called again plain text. And this conversion from cybertext to cybertext to plain text, we call them decryption. So four things are involved in cryptography. Plain text, we convert them to cybertext and cypress, we convert them to bake to plaintext and encryption and decryption. But both party has to know the method, how you make the data hide, and this method, and this techniques and this formula, we call them encryption algorithm. Algorithm is nothing but formula techniques, method which you use to change the data so that nobody knows the data. So this is called encryption algorithm. Now the party who received the data, they have to apply the same method, the same algorithm to receive the data and clear text.

This is called encryption algorithm. Like in simple words, I will show you from old techniques. You know, encryption has since long time but in old days people was just changing the world. Normally I give an example, I have very good friend, he is in UK. So in our area, normally smoking is not allowed in our culture. So whenever he wants to try to smoke so we have a key word to tell us. So normally there is a key word he tell me in front of elder. Whenever we sitting with elder. So he normally say let’s go. Now the people understand that they want to go but actually he know and me know these are the key words that he want to smoke basically. So this is called encryption. And I know the method so I can decrypt that he want to smoke. So this encryption is since long time long I cannot say how long is. And theretime there is a Caesar cipher as well. Suppose if I put here hello, only I can choose because in English alphabet there are 26 characters. I can choose anything. Suppose I say two. Two means they change hello to two keyword other. And this is E means encryption, d means decryption and choose. Now hello? Is being changed to J-G-N NQ after H. What is this HGH? Because I said to shift the h to other word e become EU, FG, it’s become G and L become N and the other L become N and O become Q. This is also encryption, what is called encryption. Now do you understand? What is this? J-G-N NQ. It doesn’t make any sense. It used to be in old days but if you apply this method in nowadays, so anybody can hate them. Because in every English word vowels are repeated mostly E and A. These two words is repeatedly in every word you will see and only 26 character combination.

So just make a table and draw again jqnn look at L. L is become NN. So very soon anybody can hate them this one. But anyway, this is the old method which we call them Caesar cipher nowadays. You will see, I show you SSH traffic and SSL traffic data has become encryption to telegarbage data. But just to show you so Caesar cypress the key. This key is important. If that person received this text, they will put them here. But if they don’t know the key, suppose if they put four, it will become something else. But if they put two and decrypt them so they will get hello, this is called Encryption and decryption. And the key which I use, this is the method which I use shift two key away. This is called algorithm encryption algorithm which method I use. So I will tell to my friend that just shift the words to two words away and you will get the original text. So this is called encryption algorithm. Okay. This is my encryption algorithm. Plain text. When I change them, this becomes cypresse and key is one or two or three, whatever. And there is encryption decryption. That’s the method we apply. And the other person will put the ciphertext they will apply to make them plain text and they will use the same key to decrypt them. It’s the simple words to understand.

Now, encryption and decryption. We have two type of encryption and encryption. Symmetric encryption and asymmetric encryption. Encryption we know when we change data from plain text to cybertext, we call them encryption. When we make data to hide, we call them encryption. When nobody knows and change the data, we call them encryption. There are two possible ways to make the data hide. One is symmetric and other is asymmetric. So what is symmetric? Symmetric encryption means to use the same key to encrypt and the same key to decrypt. What I had done in this case two is the same key. When I was encrypting, I used two when I was decrypting. So I use the same key. So this is called symmetric encryption. Same key is used for encryption and also the same key is used for decryption. So this type of encryption we call it symmetric encryption. Like a key you can log and you can unlock. You are using the same key to lock and unlock. This would be done here. Now, another method is asymmetric. Another method is asymmetric. In asymmetric encryption, we are using two different key to encrypt and decrypt. You got my point.

So there are two key to use. One key is to lock and the other key is to unlock. Let me quickly give you a demo. There is scripture tool. I’m not going in detail. I just want to give you an overview quickly. There is a utility which called crypto tool. Okay? And let me go to visit. There is encryption and Decryption next there is classical method. Classical method the old method like a Caesar cyper and vinegar. So many encryption method. I don’t want to go in detail but there is a modern as well. Let me choose modern and modern we have symmetric we are only one key. You can see it’s showing here as well key and there are two key is nothing but just hexadcimal number. By the way, don’t confuse the key with okay, so let me choose symmetric encryption first. So there are so many example of symmetric. Let me choose the first one, okay? Encryption and the key size is one and this the key, this call key by the way. So key is this one. So let me type this the key and let me type the hello everyone. This is my clear text message. Now let me encrypt them. They see you can understand anything. No. Now this is actual encryption encryption garbage data. Look it, nobody knows that this is hello everyone. Now when the person get this one, they will get this garbage data but they have to use the same method which is AES next. And here they will say decrypt this time. Okay? And here they will put a decrypted message here. But they will use the same key if anything is wrong in the key. Suppose if I change the key suppose if it will not decrypt. Look at, nothing is coming out. I need to go back and have to put the same key. That’s the key. The key which I encrypt. The same key has to be used to decrypt. And here you will see the result. There’s the garbage data and this the actual message come out.

This is called symmetric encryption. Same key. Now let’s do asymmetric. Let me do a visit encryption and decryption. Let me go to modern encryption and decryption. Let me go to Asymmetric encryption and let me choose RSA. Now, they are asking so many things. First, they say generate two different keys. So we need to go to keys RSA key generator. Now they are telling me that these are the key n and E is the public key. N and D is the private key. So n and E. So this is N, this your key. N and e. This the e is the public key. So let me write down just the public key. Public key. Second, they say that N again because mathematically they have a combination, something similar. And this 1D, this is public key which is totally different from the above. So this is sorry private. Private key is always private. It will not be visible and public will be visible all the time to everyone. So anybody can encrypt the message using this key and you will receive them and you will decrypt it like a box. Suppose this is an open box, this is a public key. But when you close this box so you don’t have a key it will lock. Only the person have the key can open this box. Put your message in this public key and close them. Now only the person who belongs this public key can open it. Now maybe in your mind that if this box is a fake box yes. So there is a certificate and many things coming in the picture.

But I don’t want to go in detail. I’m just giving you a quick overview. Not going in any detail. So now my keys are generated. Let me go back. Now let me encrypt. So encrypt will use this key. Okay, public key and decrypt will use this private key. So now it’s asking me use the public key to encrypt the message. So I say this the public key. And the other one is say one part this is the public key and this is the message. Hello everyone. Next. And this is the cyprotex which I get. I told you what is cybertext. So cypertext is this one. And if you need the clear text so clear text was a hello everyone. That’s it. Now I got the Cypr text. Now what about the other party? The other party? What they will do when they receive the message? They will use decrypt. They will use the same method but here they will not use this key to decrypt them. They will use their own private key. There’s the private key and there’s the second part of private key. And here they will use that garbage data. This one cipher text. They will put them there. And next they will get original text. Now, hello everyone.

So this is called asymmetric encryption. Symmetric was using same key to encrypt and decrypt. And asymmetric used two different key which I show you quickly. Another concept is hash. What is hash? We call them digest. We can call them checksum, we can call them message digest. We can call them hash value. Basically, hash is one way. It’s not like an encryption and decryption. If you generate them once, it will be generated. And that’s it. We are using hash to nobody changed the data in motion. Maybe your data is encrypted. But somebody attached some more encrypted data. So what happened? You will receive more data even though it’s encrypted. He cannot read. The person cannot read. But they change it. They alter them. They change them. So, for this purpose, we are using Haysh algorithm which are two famous ones. MD five message digest and Shah secure hash algorithm. These are the two famous hashing algorithm. How? Let me show you. This my text. Okay? Let me save this file. I want to send you this file ABC on the desktop. I encrypt them, okay? Consider them as encrypted. Even this one. This one is encrypted. Yeah, this text is encrypted.

Nobody know underway this encrypted already. Let me remove this one as well. Now you know, nobody know this is encrypted data. But on the way so what I need on the way somebody can change them and add BB something you don’t know but he made them more. So you will receive change data even though it’s encrypted. But he can change them. So for this purpose, we need hash algorithm. What I will do from here, I will generate hash of this video before sending the data. Where is my file which was ABC. Okay, this one and I will calculate hash value. This is MD Five hash. It’s one time. You know, it cannot be reversible. It’s not reversible. This is just for verification purpose. This the hash value I generated before sending the file with ABC text. Now I will. WhatsApp? You this is the hash value. When you receive when MD Five there is another application. When you receive ABC, what you will do, you will open them ABC. It will generate some hash value. And now you will copy and paste the hash value which I see and verify. So it’s not match. Why it has to be matched by the way? Okay, let me do maybe I put other file. Okay. No, sorry. It was HMAC was click. So let me click ABC. Now this is ABC and calculate. So this t hash value control v. Okay. So when you receive them, you will generate and the one which I send, you will make and verify if it is matched, it means everything is okay. You receive the same data which I sent, but somebody changed only one dot.

Okay, I’m just putting one dot and CTRL s. Now, when you receive the file ABC and the actual data which I sent sam match, it means somebody altered the data. So for this purpose, we are using hash. And there are two famous hash, which is MD five, message digest five. In Sha secure hash algorithm, shah has many flavor. Let me go quickly. So this is MD five, message digest 512345. This is message digest five is generated equally. 32 digits all the time. It will be like a small value of this one. But Sha has many flavors. Sha one, Sha 256, Sha 384, shah Five and so on. And I’ll show you as well. There is another concept. Hashmake hash message authentication code. You can put extra password as well. Extra password ABC. So the hash value original plus key. So it will generate a new key. This is just extra protection, nothing else. End of the day, just to use for which purpose? To identify the data. That data is not being changed when I send and when you receive it, that’s it. So these are the two main thing which I quickly revised. Now let me close this one quickly.

67. Lecture-67:Introduction to Diffi-Hellman (DH) Group.

What is D phi Hellman d Phelman we call them DH as well. Basically two scientists with Dr. Whitefield DFI and Dr. Martin Helman. These two scientists in 1976 they developed this algorithm, this method, this formula, this mathematical algorithm if two party wants want to communicate and don’t want to exchange the key so we have a method to exchange the key without exchanging the key. In VPN, the big issue was suppose if you have a two router one in UK and the other one is in USA so VPN what they will do? First they will authenticate each other so definitely they will send in clear text, the data and through internet so if anybody in the middle they will see the key then what the hell of this? Then VPN they can hack everything afterwards they know the password. So the question was how to exchange the key through unsecure channel using a secure method. So their method is DP hellman. They developed a mathematical formula that no need to exchange the key, we will use some mathematical techniques so even if somebody in the middle can see the key, they will not understand it. They will generate some random key and mathematical multiplication and mathematical division and something and end of the day the tunnel will be established and all SSH TLS, SSL, all these are using DP Hellman method. If you are going to any banking website, they are using this method otherwise first time you have to send data and clear text in VPN but it’s okay due to this DP Hellman and we call them in shortcut DH. These are the famous group one 2514, 1519 and 20 and DP Hellmen but there are so many from one to 30 and from 31, two, three to seven six, seven these are unassigned normally in firewall and router you will see these group, you have to choose this group.

The more you go, the more you will get a strong key and more strong method. DP Helman one 25, 14, 15, 19, 20, 21 and 24. So this is the method how they will exchange the key first of all, they both party will decide any prime number. Suppose they both decide prime number 13 it’s okay if in the middle they will see that these two guys choose 13, it’s okay, heck or no 13 number, it’s okay. Then both the party will generate a prime number sorry, one number suppose they choose six again, the hacker know that they choose six so what now both the party will generate a private key which I just show you private key now the hacker don’t know, they will not exchange this key. Now, hacker know only 13 and six. Now this side and this side they generate some random key. What they will do random private key, any key, anything and they will do a modulus and they will do some multiplication with their 13. Private key is five, six, power five and modulus 13.

With this one they will do some mathematical I am showing you in shortcut, in real world it will be a bigger number, not a small like a 13 I will show you from some software so they will generate some public key from these mathematical techniques and this guy will also do the same. Whatever key they choose, they don’t know their private key and this guy don’t know their private key. And the middle hacker don’t know which private key they choose but they multiply with those thing and the end

they get nine and they get two now they will exchange again the hacker know these two keys. So what they know 13 six and they are no two and nine they do can do nothing with those keys. So when they exchange so what they will do they will do again they will choose nine their key the key is she exchange with their private key. So now the hacker don’t know private key. They will multiply. Sorry? They will the power and modulus and there will be a key generated automatically in this side, they will get two and they will do the same thing. End of the day they will get the same key this is the mathematical techniques and they call them DP Helmen let me show you quickly if I have crypto tool there is a crypto tool there is old one which if I have and the old one just win good one the new one they change many things. So let me show you there is a crypto toolia this one let me show you so let me go to protocol and there is DP helmet demonstration set public parameter okay so let me give you this example then I will change them so what prime number we choose? Prime number nine we choose nine yeah what was sorry prime number is 1313 and generator is nine except okay 13 and nine then this side which key they select? They select five. And this side. What they select, they select four, then create a share key. Calculate share case three, which there’s three key.

Okay, there one is two. But our one is three, three and this side. Now generate nine. Now they will exchange the key, which I told you, this public key will be generated. Exchange the key. So they exchange the key this side. And they exchange the key this side now there is a mathematical this one again. And end of the day they will get the same key. Calculate they get three and calculate they get three without exchanging the private key. They’ve done their job. Five and four is not in the action. This is called DP hellman. Now let me show you in real world in real world it will be like this. One look at a huge number except and now let me generate a huge number. It will be like this. Choose a secret key. Let me choose a secret key. It will be like this. Let me choose this. Select a key like a key. This is key not one two three. I was just to show you in simple word. Now calculate this the huge number. What the hecker will do with this number? And now they will exchange this huge number with each other. And they will exchange now you can generate calculation and OK and this key will be same. The last stages is 20. And this will be also 20 here 20. And this is called DP help. So in VPN we will use this method. That’s why I am telling you this.

Leave a Reply

How It Works

img
Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
img
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
img
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!