Data Encryption

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi there and welcome to our next
00:00
>> lesson, data encryption.
00:00
>> What we'll be covering in this lesson
00:00
will be some encryption basics,
00:00
issues around encryption, key elements,
00:00
no pun intended, types of encryption schemes,
00:00
and applications of cryptographic systems.
00:00
Let's begin. Some basics of encryption.
00:00
It's designed to protect data
00:00
that's in transit over the networks,
00:00
and it also protects information stored on computers.
00:00
This is referred to as data at rest and data in transit,
00:00
and so both of those states
00:00
have basically a different types
00:00
of encryption to protect it.
00:00
It's basically also designed to
00:00
deter and detect accidental deletion,
00:00
and verify the authenticity
00:00
of a transaction of a document.
00:00
Just a couple of things on encryption issues.
00:00
Encryption can be subject to
00:00
government laws and regulations.
00:00
Some countries restrict the import or export
00:00
of different encryption schemes and encryption devices.
00:00
Protection of the keys is paramount.
00:00
If you don't protect the keys
00:00
or if the keys are compromised,
00:00
all your encrypted data is potentially at risk.
00:00
An encryption could show a confidentiality,
00:00
but it can't necessarily ensure
00:00
the loss or modification of data.
00:00
Basically, the data can be modified,
00:00
in which case it can make it inaccessible to all,
00:00
or the data can be lost and exfiltrated.
00:00
A lot of cases, particularly with state-based actors,
00:00
even if the data is encrypted,
00:00
the information can be exfiltrated from the system and
00:00
then stored and brute-forced
00:00
until such a time as the key is discovered.
00:00
It's important mechanism to remember for encryption,
00:00
protects information but it's not
00:00
the only thing that can protect information.
00:00
A couple of key elements of encryption.
00:00
We have the encryption algorithm,
00:00
which is simply just a mathematically based function
00:00
used to encrypt and decrypt the data.
00:00
Now, you can write entire PhDs on encryption algorithms,
00:00
but from a size perspective,
00:00
the concept of what an encryption algorithm
00:00
is is all you really need to know.
00:00
Now, encryption keys are
00:00
essentially the information that is used
00:00
by the algorithm to make
00:00
the encryption and decryption process unique.
00:00
Think of an encryption key
00:00
very much like a key to your door,
00:00
it's unique to your door and can
00:00
open your door and only your door.
00:00
Now the key length, this is a length of the key itself,
00:00
and the long the keys basically
00:00
make the key more difficult to compromise.
00:00
There are attacks against encryption and
00:00
older encryption schemes can
00:00
be brute-forced and easily
00:00
decrypted via a number of techniques.
00:00
The way to protect against that is
00:00
to make the length of the key longer,
00:00
so more complex and more difficult to attack.
00:00
Different types of encryption schemes,
00:00
now we'll cover these in detail in the coming slides.
00:00
But you have your symmetric key systems which use
00:00
a single unique key for encryption and decryption.
00:00
Asymmetric key systems, which will use
00:00
a decryption key which will
00:00
be different to the encryption key.
00:00
Basically, it has hash functions
00:00
which will transform the text
00:00
into something of an arbitrary length
00:00
of fixed-width called the digest or a hash.
00:00
The hash systems are one way only,
00:00
and it can be used to enhance other encryption schemes
00:00
or add authenticity or integrity properties,
00:00
which we'll go into more detail shortly.
00:00
There is also public key infrastructure
00:00
and quantum cryptography.
00:00
Symmetric key cryptographic system,
00:00
so it's based on a symmetric encryption algorithm
00:00
of which there are a number of different types.
00:00
It will use a secret key to
00:00
encrypt the plaintext to ciphertext,
00:00
and it will use the same key to
00:00
decrypt the ciphertext to the plaintext.
00:00
Common example would be
00:00
the data encryption scheme or DES,
00:00
or the advanced encryption scheme,
00:00
AES, which is more commonly used today.
00:00
Some advantages and disadvantages.
00:00
The keys are much shorter,
00:00
so they're not necessarily as strong as other keys.
00:00
It is less complicated and
00:00
does use less processing power,
00:00
but also the key distribution is a main issue.
00:00
If you are wanting to protect
00:00
a message with the symmetric key,
00:00
you also need to work out a way
00:00
to securely transmit the key
00:00
to the person that you want to read the message.
00:00
Asymmetric key cryptographic system.
00:00
Basically,
00:00
the main implementation that you'll come across
00:00
here is probably public key cryptography,
00:00
which we'll talk about separately in a coming slide.
00:00
Now here, two keys we'll work together as a pair,
00:00
now one key is kept private and
00:00
the other key is publicly disclosed.
00:00
Here's how the encryption process will generally work.
00:00
We'll use the very common example
00:00
from cryptography lessons with Bob and Alice.
00:00
Bob will distribute his public key to Alice.
00:00
Alice will encrypt the message for Bob
00:00
with the public key and send it back to Bob.
00:00
Bob will receive the message from Alice and
00:00
use the private key to decrypt the message.
00:00
The private key, by the nature of it being a private key,
00:00
is only held by Bob.
00:00
Therefore, Alice can send a message to Bob encrypted
00:00
with his public key knowing
00:00
that only Bob can actually decrypt it,
00:00
because only Bob has the private key.
00:00
Now public key cryptography systems,
00:00
so these were developed to
00:00
solve the key distribution problem.
00:00
First practical implementation is the Ron Rivest,
00:00
Adi Shamir, and Leonard Adleman,
00:00
so the RSA algorithm.
00:00
A couple of advantages and disadvantages.
00:00
Key distribution, the problem is now solved.
00:00
Basically, if you want to send a message to
00:00
somebody that you haven't seen before,
00:00
haven't met, or don't have regular communication with,
00:00
you can get their public key which
00:00
is readily accessible and know that
00:00
that message will stay secret until
00:00
it reaches the intended recipient,
00:00
who is the only one who has access to the private key.
00:00
One disadvantage is the key length
00:00
does need to be a lot larger.
00:00
It is an advantage and disadvantage to a degree.
00:00
Obviously, the larger the key,
00:00
the stronger the protection.
00:00
But also it makes it more difficult for processing on
00:00
smaller systems which may not necessarily have
00:00
the processing capability for the size of the key.
00:00
That brings us onto a disadvantage there,
00:00
the complex algorithm will need high processing power.
00:00
In small devices, Internet of Things type
00:00
devices which may have
00:00
very limited hard drive space, RAM,
00:00
etc, or processing power,
00:00
these types of algorithms might not be very efficient.
00:00
Now a hash function will be used for digital signatures.
00:00
What the hash will do,
00:00
will provide the properties of
00:00
data integrity, authentication, and non-repudiation.
00:00
It basically ensures the genuineness of
00:00
a particular item that
00:00
has been run through a hash function.
00:00
Public key infrastructure,
00:00
so this is designed to
00:00
manage the process of key distribution,
00:00
revocation, or replacement.
00:00
It's an infrastructure that is simply
00:00
designed to manage the transmission,
00:00
and storage, maintenance of power breaking private keys.
00:00
Basically, it is the power behind
00:00
the security of modern Internet services.
00:00
You've got a couple of components.
00:00
You've got your certificate authority,
00:00
you've got your certificate revocation list,
00:00
and your registration authorities,
00:00
and each of these work together to
00:00
provide a process that you can securely and
00:00
safely guarantee that a public or
00:00
a private key are kept
00:00
in the manner that they need to be kept in.
00:00
Now, quantum cryptography,
00:00
it refers to the possibility of using
00:00
properties of quantum computing
00:00
for cryptographic purposes.
00:00
At this stage, it is predominantly theoretical.
00:00
However, some organizations have
00:00
made some research progress in the last few years.
00:00
Some large tech organizations such as Google and
00:00
Microsoft are leading the way with
00:00
developing actual practical uses
00:00
for quantum cryptography.
00:00
Now, one of the key benefits here would be to
00:00
determine if a message has been intercepted or read.
00:00
Quantum cryptography would have
00:00
a state change if
00:00
the message was in any way tampered with,
00:00
so that we give a level of assurance
00:00
to that particular message transmission.
00:00
Now let's talk about applications
00:00
of cryptographic systems.
00:00
Commonly you'll see cryptographic systems
00:00
in the implementation of Transport Layer Security,
00:00
so that is very much the encryption that
00:00
powers a lot of Internet sites.
00:00
If you see a website with HTTPS,
00:00
it's using a form of Transport Layer Security or TLS,
00:00
and that can either be up to
00:00
version 1.3 is the most current,
00:00
and certainly some of the older versions issues
00:00
that you'll need to be aware of.
00:00
TLS 2 version 1 and
00:00
1.1 are generally not considered secure today.
00:00
TLS also replaced the old Secure Sockets Layer, or SSL,
00:00
which is highly vulnerable to attack these days,
00:00
and realistically you shouldn't be seeing
00:00
that in use in any systems.
00:00
We also have IPSEC,
00:00
IP Security and Secure Shell,
00:00
which are two additional secure communications protocols.
00:00
We also have Secure Multipurpose
00:00
Internet Mail Extensions or S/MIME,
00:00
which is a way of putting encryption over the top of
00:00
the standard email protocol,
00:00
and to give it some level of protection.
00:00
That's our lesson. We've covered
00:00
some of the encryption basics,
00:00
some of the issues that you're likely
00:00
to encounter with encryption,
00:00
a few of the key elements
00:00
of what makes up an encryption scheme,
00:00
different types of encryption schemes,
00:00
and the applications of cryptographic systems.
00:00
I hope you enjoyed the lesson,
00:00
and I will see you at the next one.
Up Next