Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:01
Hello, everybody. And welcome to the I t security. Yep. It's up number 20. Cryptography, one of one of Miami's 100 men. And now breach instructor for today's session.
00:13
Learning archetypes is to understand the main and basic concepts off photography.
00:20
Well, here we have two will. All guys were really know which is your barf in alleys we have right here,
00:29
uh,
00:31
in our
00:33
really loved alleys. So cryptography, most people think that cryptography is only used to guarantee confidentiality. And that's one of the things that cryptography does. Eso Let's, sir, for that.
00:52
Cryptography can help you with tree basic
00:54
principles. Remember the CIA principles. Which us? Which is
01:00
confidentiality, integrity and inviolability.
01:04
Well, uh, cryptography helps you with confidentiality. It helps you with, um, integrity. And it can help you with availability. But there's people that you don't argue that it doesn't directly help you. It will help
01:23
it help you, but not not directly of you.
01:27
You can't think like that. Um,
01:30
but it does help you with a thing called not repudiation. Are you? Can you can call it? Call it authentication, But no repudiation on repudiation. It will be the term. So how does he help you? Well, let's start with confidentially,
01:47
um, cryptographic health through in this principle by using encryption encryption? Is that Let's say that about wants to send
01:59
Ah, Hello,
02:01
Xu Al is,
02:04
uh, doesn't want you doesn't want that Anybody outside this suit person from him and I always,
02:12
um, actually knows what they're talking about. So it uses encryption
02:19
to actually masquerade the message. So instead of hello, you know, it passes through an encryption algorithm. Let's say, uh, say
02:30
or a s, which is an example of both cement reconnect. Asymmetric algorithms will cover that in the next section.
02:38
And after passing that true, the algorithm and the key, of course you get next war No x d z Another w
02:50
Andi will send out to all this all this inter turn will pass it to the you know, if it's cement from through the same hour breath minty. And if it is asymmetric with different keep, they say the same algorithm.
03:05
And you know, if I was hacker intercept this communication right here, I will not be able to actually see what they were talking about because I mean egg X y z w doesn't make any sense to me.
03:19
But that's, you know, encryption and self. So encryption health. You, uh,
03:24
guarantee confidentiality? In Terry, we have the hash is the same hushes. They're also algorithms for hashes.
03:36
Ah, but remember, hash function doesn't use a key, you know? So it's just an algorithm. For example,
03:43
show one
03:45
should, too.
03:46
And before
03:49
you know the other algorithms and you can pass it through here
03:53
on, then generate a house function, which will be another. You know,
03:59
um,
04:00
A B C d
04:03
um, And then we'll send that to Ali's. But you will. Also in this case from with cash, is you'll also need to send the original message
04:14
to always,
04:15
which is, you know, hello message.
04:16
So if a hacker actually intercepts this, it will be able to see and the message itself, which is Hello.
04:24
Okay, right here s O. This obviously doesn't provide confidentiality, but it does provide integrity, meaning that we're now they received the hello message. It will have to pass the same message for for, uh, with this for the same
04:40
algorithm used. Remember, he doesn't use any keys, just the algorithm. And if it gives you the same I'm output. You can say that the message wasn't modified in in the way,
04:53
but it gives you something different, For example, and law B C D E f on Lee. You can tell the message was Marty five. And, you know, the integrity of the message was lost, and you cannot trust
05:08
anymore in that message. So this is hash function. Then will come the digital signatures, which is a combination off using cryptography. And I'm sort of using encryption and hash functions. It doesn't provide confusion, shall any, but it does provide
05:26
integrity. And I think all non repudiation, which is
05:30
you. Okay, there, Ryan here.
05:31
So the nano beauty ation means that bath in this case cannot deny it, haven't send the helo message. So if I send us a message, did you digitally signed?
05:45
Um, you know, again,
05:46
Hello.
05:48
Uh, from buff to Ali's. All this king guaranteed that the, uh,
05:54
message the message integrity by using the harsh. So the interview's guarantee here, but also guaranteed a long repudiation, meaning that there's a way off Bischoff. You know, knowing for sure that
06:09
park was the one that sent the message, which is the digital signature
06:14
So this is the bizarre. You know, I believe the tree main components off cryptography, which will provide you with comfort and Charlotte interrogating non repudiation,
06:26
um, again, availability. There's a case to be made of whether
06:31
from a cryptography directly help you. But, you know, most people will tell you that it does not. And there sometime. Okay, somehow, right. But again, there's a case we make. You know, we'll cover that in the next sections.
06:50
Okay, So what are the dream? Main solutions after photography? Well, our confidentiality, integrity and non repudiation.
06:59
What does not repudiation mean? It means that center where percents dimension the message cannot deny, haven't send it.
07:06
I mean, if I say hello to ah friend, then I cannot say you know what? I didn't send the message because there's a way to prove that I was the originator. Or, you know, there's there's no other way or there's no so nobody else can,
07:23
you know, haven't have sent the message because there's a thing that I have only to myself, which is the private key. But, you know, we'll cover that in the next sections.
07:33
What is the random number generator generator use it for all. This is our number that is used to add entropy, Thio, the crypto, the cryptographic process. Meaning that, for example, if I if I hashed the war Hilo
07:49
too many times, there's a chance the hackers, you know, maybe with a necessary sikota it will guess the world. Or if I used
07:59
again the same ward to encrypt it over and over and over again. There's a way that the hacker might be able to decrypt the word within the statistical analysis. Um,
08:11
so the run, the number is something that you used to attach into the beginning of the end of the message toe to add entropy. So if I encrypt hello the first time, maybe I will want to treat it the beginning of the message. And if I incredibly again, maybe I will not add one to drip on ABC.
08:30
And if I acquitted again, maybe I don't have a DC people. I don't know X y Z or something like that.
08:37
So this is a random number generation I mean, in short of being short words, Obviously there is something else that we will discuss further in the next video, which you know, south seeds and all this stuff
08:54
well, in today's brief lecture would talk about basic concept of cryptography.
09:01
It's always there the Phipps publications is to go to when we talk about cryptography. So there's no other, um,
09:09
material. I can actually recommend you that, you know, it will not go
09:13
then to the Phipps. Poor location off them basically are based in dr locations. So quite. Don't you go to the root ofall that off the articles I can put here
09:26
looking forward to the next video cover a symmetric algorithms off cryptography.
09:33
Well, that's it for today, folks. I hope you enjoyed the video and talk to you soon.

Up Next

IoT Security

The IoT Security training course is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor