Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:01
Hello, everybody. And welcome to the I t Security. It's up. Number 25
00:06
fully came for structure. My name is on hand, Dragon, and I'll be instructor for today's session.
00:13
The learning objectivity is to understand how poorly came for a structure works and how all the previous cryptographic concepts we have covered interact with each other.
00:24
If you haven't watched the previous videos, please do so because, well, put together all of them in this final media. And if you haven't watched him, you will not be able to understand most of the concepts uses use it in this media. So we have. So far we have covered the confidentiality part,
00:44
uh, using symmetry,
00:49
kiss an asymmetric
00:55
algorithms and guess we else cover integrity, which we have used. The hash is for that, and we also convert non repudiation concept and for that would use a digital
01:07
signatures.
01:12
But how all of them work together in order to actually guarantee all of them because we have covered them in an isolated way, meaning that we get there either provide confidentiality or integrity are now repudiation. But what happens if we want? Thio
01:30
used all of these concepts in one single communication. Well, it's possible.
01:34
And to do that, we first have to cover a couple of additional concepts in this case. For example, certificates or digital certificates, they're used Thio, um,
01:48
whole the public key, Remember? In a cement in the asymmetric war buff, She's right here,
01:56
uh, uses, um,
01:57
his full wiki.
02:00
And it's private
02:02
and on Lisa's well uses her ample, the key
02:07
and her private key.
02:10
Uh, so in this in this scenario,
02:14
uh, if we're talking about a certificate which be right here
02:21
tries a lot of information above, you know, and maybe I seem right here this certificate with whole box poorly key
02:30
and it will whole additional information like expiration date fingerprint serial number. Who signs it? Because at the end, I cannot just trust involved on dhe. Say okay, if he sent me his public e, that's the one, or that's the final or that's above himself.
02:51
Maybe someone strikes proving that communication
02:53
or trying Thio, you know, steals bulbs identity and send me a poor lucky that it's not buffs and I if I continue communicating with that and you know I would compromise may be confidential information, so I need to be sure that I'm actually using Bob's public e.
03:09
So there's the's authorities, which are certificate authorities,
03:15
uh, which are in charge of providing,
03:17
you know, signing the certificate and basically saying Okay, I trust I trust in above. And I trust him that much, that I can sign these documents. And, you know, I can assure you that buff it's actually above and you know that six Public E and you know there's
03:37
there's more information, inter certificates,
03:39
but, you know, certificate upper is they don't have the time to do this for all off the incoming request. So they have to relay in registration authorities,
03:51
which is their job is basically to, um,
03:54
investigate the this object in this case book. And actually, you know us for information, asking questions that only vote will be able to respond our reply. And that way we can guaranteed above. It's actually Bob, you know, the identity
04:13
above his, you know,
04:15
checked. It's reviewed and, you know, the due diligence is perform it in order to guarantee that, but it's actually about
04:21
so with that, um, we can't, you know, how can we again guarantee all of these concepts into a single communication. Well, um, it's a race right here. This will not be needing this.
04:34
Uh, the point right now is to actually guarantee confidentiality, integrity, um, normal affiliations off first or start by exchanging the kids. I above sense to Alice, his public e
04:48
and always since back, but her bully Kim
04:51
so that we can create No, we already used asymmetric ese.
04:59
Right now we have to use symmetric is and we create something called session kiss one time kiss. What means that? Which means that I will use that key to excellent crypt information. But remember that the problem with
05:13
symmetric keys was that how can I exchange them and guarantee you know them?
05:19
How can I send the symmetric key from one point from point A to point B on, in this case from about two alleys Garentina the confidentiality of the key because at the end, the same key will be used at both sides. And then someone in the Internet intercepts that
05:38
e I will not have confusion shallot anymore. But I want to take advantage off symmetric kids, which is the performance it they encrypt way faster than asymmetric key. So For that, I create a session king,
05:53
which will be my symmetric key, and I will ingredient. Let's say that is rated above sign. So I encrypted with Alice's public ing
06:04
and I have result, which is, you know, a B C 12 tree. I send that to Ali's
06:13
All this uses her private key. Remember, this private key is not sure with anybody and now always has the exact same symmetric key or session key at the side. So I was able to, you know, exchange the symmetric key safely on Valentin, confident Charlie's right?
06:31
Right Now use both
06:33
symmetric. An asymmetric is this concept is called Kik Rock and Key or Key Encryption key. And there are algorithms dedicated to that, for example, difficult man. It's not going to dedicated ascend a key encryption key algorithm. So now that I have you know, the same key at both sides, I can start, you know,
06:53
exchanging information and encrypting information. But I also want to
06:57
to hash information
06:59
or to actually guarantee the integrity of messages. So I I I also like Thio guarantee that the,
07:09
uh no repudiation. So for Temple, I won't say hello again.
07:14
So Why will I need to do or to use the rest off the concepts or guaranteed rest off the concepts? Well, I can pass this message through a hash.
07:24
Oh, it's a, uh, Shaw.
07:27
Uh, Sue 56.
07:30
And this will give me, um
07:31
X Y Z 234 but, you know, that's that's on Lee. Um,
07:40
in Terry. I want Teoh guy antique anon repudiation. So I go and I used box. Private key, sort of, but line,
07:48
um and you know, I encrypt the hash message, remember? With box. Private key again. This is a non appropriation involved. Should. Should have have not
08:01
sure this key with anybody else. So I get a new message, which is, uh, no.
08:07
Plus, I implore assign. +121234
08:11
And, you know, I now have a guarantee
08:15
integrity, which is right here
08:18
and confident shot. I'm sorry. Not repudiation, which is right here, which should basically covered this in Terry
08:26
and our repudiation concepts. But how can I know it's still guaranteeing confidentiality? Well, I can take these value
08:37
and this volume
08:39
putting together in, you know, uh,
08:43
on email or something that you can
08:45
call it Whatever you want right here on e mail
08:50
and I can encrypt this. But it is what? The symmetric key I have right here
08:56
because I have asymmetric key and they already have this for previously. Remember when we were exchanging the keys so I can use this key to encrypt this right here? I send it encrypted and Ali's can decrypt it with this metric e which
09:13
and now we now use and took, you know, took advantage of
09:18
the best things off asymmetric instrumental kiss.
09:22
And now they're I decrypted. I can't go back in the process and
09:26
just Bob Spool icky to decrypt this message right here, which will give me in return the x
09:33
Why Z to dream for.
09:37
And then I can go through the same hash algorithm
09:41
which is right here,
09:43
and pass this message without algorithm. And you should give me this exact same value. Eso
09:52
the point here that we already we have cover all the concepts into a single communication. I know this could be over one
10:01
for for any me commerce for cryptography. But you can go back in the tedious and posit whatever us know and match your your rhythm so you can actually understand all the concepts and how they are used together in a single communication
10:18
name. One protocol that uses both symmetric and asymmetric. Its goal at the https
10:28
uses that in fact uses something called a sane person, which include the symmetric algorithm, the asymmetric algorithms they hash algorithms used and lied. Digital signatures are going to miss you so you can
10:43
implement all the concepts into a single communication and be able to use the exact same algorithms at both sides off the communication.
10:50
But those people rapping he or king encryption key means all in means that you can use asymmetric algorithms to encrypt symmetric algorithm, kiss and be able to use them both in a can sail communication.
11:07
What C A n a rate will. It means certificate authority and registration Authority on certificate authority is the one who shines the digital certificate and registration authorities That is the one in charge off verifying the subject's identity. And that is not being, you know,
11:26
uh,
11:26
compromise, not compromises in. And the identity is not, you know,
11:31
stalling or someone else's identity.
11:39
In today's really lecture would talk about the main concept off the polling key infrastructure.
11:45
And then again, you know, again and again we go to the NSA Phipps publication,
11:52
looking forward in the nest in an Expedia who covered the gaiety. Cloud service is
11:58
Well, that's it for today, folks, I hope in your video and talk to you soon.

Up Next

IoT Security

This IoT Security training is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor