# Data Encryption

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Sign up with

Required fields are marked with an *

or

Already have an account? Sign In »

Time

7 hours 15 minutes

Difficulty

Intermediate

CEU/CPE

8

Video Transcription

00:00

>> Hi there and welcome to our next

00:00

>> lesson, data encryption.

00:00

>> What we'll be covering in this lesson

00:00

will be some encryption basics,

00:00

issues around encryption, key elements,

00:00

no pun intended, types of encryption schemes,

00:00

and applications of cryptographic systems.

00:00

Let's begin. Some basics of encryption.

00:00

It's designed to protect data

00:00

that's in transit over the networks,

00:00

and it also protects information stored on computers.

00:00

This is referred to as data at rest and data in transit,

00:00

and so both of those states

00:00

have basically a different types

00:00

of encryption to protect it.

00:00

It's basically also designed to

00:00

deter and detect accidental deletion,

00:00

and verify the authenticity

00:00

of a transaction of a document.

00:00

Just a couple of things on encryption issues.

00:00

Encryption can be subject to

00:00

government laws and regulations.

00:00

Some countries restrict the import or export

00:00

of different encryption schemes and encryption devices.

00:00

Protection of the keys is paramount.

00:00

If you don't protect the keys

00:00

or if the keys are compromised,

00:00

all your encrypted data is potentially at risk.

00:00

An encryption could show a confidentiality,

00:00

but it can't necessarily ensure

00:00

the loss or modification of data.

00:00

Basically, the data can be modified,

00:00

in which case it can make it inaccessible to all,

00:00

or the data can be lost and exfiltrated.

00:00

A lot of cases, particularly with state-based actors,

00:00

even if the data is encrypted,

00:00

the information can be exfiltrated from the system and

00:00

then stored and brute-forced

00:00

until such a time as the key is discovered.

00:00

It's important mechanism to remember for encryption,

00:00

protects information but it's not

00:00

the only thing that can protect information.

00:00

A couple of key elements of encryption.

00:00

We have the encryption algorithm,

00:00

which is simply just a mathematically based function

00:00

used to encrypt and decrypt the data.

00:00

Now, you can write entire PhDs on encryption algorithms,

00:00

but from a size perspective,

00:00

the concept of what an encryption algorithm

00:00

is is all you really need to know.

00:00

Now, encryption keys are

00:00

essentially the information that is used

00:00

by the algorithm to make

00:00

the encryption and decryption process unique.

00:00

Think of an encryption key

00:00

very much like a key to your door,

00:00

it's unique to your door and can

00:00

open your door and only your door.

00:00

Now the key length, this is a length of the key itself,

00:00

and the long the keys basically

00:00

make the key more difficult to compromise.

00:00

There are attacks against encryption and

00:00

older encryption schemes can

00:00

be brute-forced and easily

00:00

decrypted via a number of techniques.

00:00

The way to protect against that is

00:00

to make the length of the key longer,

00:00

so more complex and more difficult to attack.

00:00

Different types of encryption schemes,

00:00

now we'll cover these in detail in the coming slides.

00:00

But you have your symmetric key systems which use

00:00

a single unique key for encryption and decryption.

00:00

Asymmetric key systems, which will use

00:00

a decryption key which will

00:00

be different to the encryption key.

00:00

Basically, it has hash functions

00:00

which will transform the text

00:00

into something of an arbitrary length

00:00

of fixed-width called the digest or a hash.

00:00

The hash systems are one way only,

00:00

and it can be used to enhance other encryption schemes

00:00

or add authenticity or integrity properties,

00:00

which we'll go into more detail shortly.

00:00

There is also public key infrastructure

00:00

and quantum cryptography.

00:00

Symmetric key cryptographic system,

00:00

so it's based on a symmetric encryption algorithm

00:00

of which there are a number of different types.

00:00

It will use a secret key to

00:00

encrypt the plaintext to ciphertext,

00:00

and it will use the same key to

00:00

decrypt the ciphertext to the plaintext.

00:00

Common example would be

00:00

the data encryption scheme or DES,

00:00

or the advanced encryption scheme,

00:00

AES, which is more commonly used today.

00:00

Some advantages and disadvantages.

00:00

The keys are much shorter,

00:00

so they're not necessarily as strong as other keys.

00:00

It is less complicated and

00:00

does use less processing power,

00:00

but also the key distribution is a main issue.

00:00

If you are wanting to protect

00:00

a message with the symmetric key,

00:00

you also need to work out a way

00:00

to securely transmit the key

00:00

to the person that you want to read the message.

00:00

Asymmetric key cryptographic system.

00:00

Basically,

00:00

the main implementation that you'll come across

00:00

here is probably public key cryptography,

00:00

which we'll talk about separately in a coming slide.

00:00

Now here, two keys we'll work together as a pair,

00:00

now one key is kept private and

00:00

the other key is publicly disclosed.

00:00

Here's how the encryption process will generally work.

00:00

We'll use the very common example

00:00

from cryptography lessons with Bob and Alice.

00:00

Bob will distribute his public key to Alice.

00:00

Alice will encrypt the message for Bob

00:00

with the public key and send it back to Bob.

00:00

Bob will receive the message from Alice and

00:00

use the private key to decrypt the message.

00:00

The private key, by the nature of it being a private key,

00:00

is only held by Bob.

00:00

Therefore, Alice can send a message to Bob encrypted

00:00

with his public key knowing

00:00

that only Bob can actually decrypt it,

00:00

because only Bob has the private key.

00:00

Now public key cryptography systems,

00:00

so these were developed to

00:00

solve the key distribution problem.

00:00

First practical implementation is the Ron Rivest,

00:00

Adi Shamir, and Leonard Adleman,

00:00

so the RSA algorithm.

00:00

A couple of advantages and disadvantages.

00:00

Key distribution, the problem is now solved.

00:00

Basically, if you want to send a message to

00:00

somebody that you haven't seen before,

00:00

haven't met, or don't have regular communication with,

00:00

you can get their public key which

00:00

is readily accessible and know that

00:00

that message will stay secret until

00:00

it reaches the intended recipient,

00:00

who is the only one who has access to the private key.

00:00

One disadvantage is the key length

00:00

does need to be a lot larger.

00:00

It is an advantage and disadvantage to a degree.

00:00

Obviously, the larger the key,

00:00

the stronger the protection.

00:00

But also it makes it more difficult for processing on

00:00

smaller systems which may not necessarily have

00:00

the processing capability for the size of the key.

00:00

That brings us onto a disadvantage there,

00:00

the complex algorithm will need high processing power.

00:00

In small devices, Internet of Things type

00:00

devices which may have

00:00

very limited hard drive space, RAM,

00:00

etc, or processing power,

00:00

these types of algorithms might not be very efficient.

00:00

Now a hash function will be used for digital signatures.

00:00

What the hash will do,

00:00

will provide the properties of

00:00

data integrity, authentication, and non-repudiation.

00:00

It basically ensures the genuineness of

00:00

a particular item that

00:00

has been run through a hash function.

00:00

Public key infrastructure,

00:00

so this is designed to

00:00

manage the process of key distribution,

00:00

revocation, or replacement.

00:00

It's an infrastructure that is simply

00:00

designed to manage the transmission,

00:00

and storage, maintenance of power breaking private keys.

00:00

Basically, it is the power behind

00:00

the security of modern Internet services.

00:00

You've got a couple of components.

00:00

You've got your certificate authority,

00:00

you've got your certificate revocation list,

00:00

and your registration authorities,

00:00

and each of these work together to

00:00

provide a process that you can securely and

00:00

safely guarantee that a public or

00:00

a private key are kept

00:00

in the manner that they need to be kept in.

00:00

Now, quantum cryptography,

00:00

it refers to the possibility of using

00:00

properties of quantum computing

00:00

for cryptographic purposes.

00:00

At this stage, it is predominantly theoretical.

00:00

However, some organizations have

00:00

made some research progress in the last few years.

00:00

Some large tech organizations such as Google and

00:00

Microsoft are leading the way with

00:00

developing actual practical uses

00:00

for quantum cryptography.

00:00

Now, one of the key benefits here would be to

00:00

determine if a message has been intercepted or read.

00:00

Quantum cryptography would have

00:00

a state change if

00:00

the message was in any way tampered with,

00:00

so that we give a level of assurance

00:00

to that particular message transmission.

00:00

Now let's talk about applications

00:00

of cryptographic systems.

00:00

Commonly you'll see cryptographic systems

00:00

in the implementation of Transport Layer Security,

00:00

so that is very much the encryption that

00:00

powers a lot of Internet sites.

00:00

If you see a website with HTTPS,

00:00

it's using a form of Transport Layer Security or TLS,

00:00

and that can either be up to

00:00

version 1.3 is the most current,

00:00

and certainly some of the older versions issues

00:00

that you'll need to be aware of.

00:00

TLS 2 version 1 and

00:00

1.1 are generally not considered secure today.

00:00

TLS also replaced the old Secure Sockets Layer, or SSL,

00:00

which is highly vulnerable to attack these days,

00:00

and realistically you shouldn't be seeing

00:00

that in use in any systems.

00:00

We also have IPSEC,

00:00

IP Security and Secure Shell,

00:00

which are two additional secure communications protocols.

00:00

We also have Secure Multipurpose

00:00

Internet Mail Extensions or S/MIME,

00:00

which is a way of putting encryption over the top of

00:00

the standard email protocol,

00:00

and to give it some level of protection.

00:00

That's our lesson. We've covered

00:00

some of the encryption basics,

00:00

some of the issues that you're likely

00:00

to encounter with encryption,

00:00

a few of the key elements

00:00

of what makes up an encryption scheme,

00:00

different types of encryption schemes,

00:00

and the applications of cryptographic systems.

00:00

I hope you enjoyed the lesson,

00:00

and I will see you at the next one.

Up Next