Welcome to Cyber Res Video Siris on the comp tier. Security plus 5 +01 Certification and exam.
I'm your instructor, Ron Werner.
Please visit Cyber Bury Dad, I t for more information on this certification and many others.
The sixth domain for the Comedy of Security plus 5 +01 exam is on cryptography and P k I
Cryptography is an ancient concept dating back to the Assyrians and Egyptians.
In the beginning, the systems of cryptography were manually performed
during the 20th century. Machines a mechanical cryptography were born.
Domain six looks at how crypto is used in modern computing systems.
Cryptography is a primary security control we use every day and many times don't realize it.
This domain explores the concepts of cryptography, looks at many popular encryption methods and their applications.
In addition to being able to explain these fundamental cryptography concepts, you will begin to understand how cryptography works as a tool to protect and authenticate all types of information,
including how this protection applies to systems with no prior contact residing in separate geographical locations.
While cryptography is mathematically based,
you don't need to be a math expert. Survive this section on the security plus example,
the first part of domain six has you compare and contrast basic concepts of cryptography.
This is an overview video help you gain confidence in general cryptography terms
because of the length of number of concepts in this video, I'll split it into two parts.
In this video, I'll introduce the following concepts. Symmetric algorithms, diffusion and confusion associated with cryptography,
different modes of operation
streaming ciphers versus block, Cipher's key strength.
Asymmetric algorithms, hash ings,
elliptical curve cryptography,
key exchange and key strength.
Steganography and obfuscation,
digital signatures, session keys, secret algorithms
perfect for word secrecy
and then common use cases.
Let's get started and looking through all of these different terms and concepts associated with cryptography
as you dive into the world of cryptography, it's important to understand the difference between encoding
and encryption. Encrypting data is the method by which plain text message week messages we can read is converted from a readable form. Human form toe on included version
that can only be decoded by another person. Another entity if they have the decryption key. So encryption uses keys
while including does not. It's the process of transforming data from one form into another It's a human readable form to machine readable form, changing words into asking, for example, or binary that's encoding.
A crypto system, or cipher system provides a method for protecting information by disguising it in a format that only authorized systems were individuals can read
the use and creation of such systems is called cryptography, and it involves turning plain text
into cipher, text or encrypted text
and then the cipher text back to plain text so humans can use it or read it.
More specifically, encryption protects the confidentiality in safety safeguards. Data integrity
combined. The process of encryption is based on the following two important principles.
So you were. You are changing the values to confuse the reader
or diffusion. Where you're defusing, you're adding in different characters or substituting different characters. Be aware of these two terms
related to cryptography.
An algorithm is the mathematical procedure or sequence of steps taken to perform the encryption and decryption.
Practically speaking, you can think of an algorithm as a cooking recipe with the ingredients needed and step by step instructions.
These algorithms are used in conjunction with a key to encrypt and decrypt,
so the key is a secret value used within an algorithm to encrypt decrypt. We'll talk a lot more about keys through these videos,
an important principle you need to be aware of Its called Kirk Off's principal from the 19th century.
It states on Lee. The secrecy of the key provide security.
This is particularly important relation to associated algorithms. The algorithm itself does not need to be and should not be kept secret.
You just lied there in the public domain. It's the keys that need to be kept secret.
Be aware of these concepts. Let's move forward. Looking at other terms,
the first type of encryption will look at is called symmetric encryption symmetric, meaning symmetry or the same
where the same key is used for encryption
and decryption. See the graphic on your screen.
The challenge, though, is that this key needs to be kept secret, cannot be shared in the public domain, so it needs to be transferred from the sender to the receiver.
Advantages of symmetric encryption is that it's easy to implement, tends to be very fast
disadvantage. How do I get that key to that receiver off to use some other type of a channel, make sure it stays secret.
There are two main types of symmetric encryption ciphers.
First is a block,
which is chunks of data. Think of it as a page, if you will, to fixed length group of bits.
Choirs padding, though. If there's not enough data for a block, so so your block is one page and you have enough text for half of a page.
Then you need some type of padding to fill in the rest.
So there's always a set block size, say, 512 bits
would be a cent block size.
It's more complex and not quite as fast as streaming. Ciphers
may require an initialization vector talk What Ivy is a little later
contrasting. That is a stream cipher, which takes bits by bits and Crips each bit as it's coming along.
It's faster, higher performance, say, used in networking,
but it is more susceptible to malicious insertions.
Be aware of these two different types of ciphers. We'll talk more about them as we move forward through these radios.
An important concept associated with encryption is the key strength.
I think that this way, you have your own key for your house.
Shorter keys have les pins and are less secure.
Longer keys. I think of a physical key Lock has numerous pins. So is therefore harder to crack would be harder to lock. Pick.
Same idea in the computing world,
longer is better.
The key entropy or randomness is also important. You'd want someone to be able to guess your key. That's why we've introduced pseudo random numbers.
It's almost next to impossible to have a true random number on a computing system.
So we developed pseudo random numbers. It's random enough, and this random ization increases the security of keys used. An encryption, The initialization vector. It's a fixed size input of a random or pseudo random value.
She needs something to start with for your keys so you have your initialization. Vector
assures that each message and Crips differently.
Another important term is this not a nonce. It's a number used on Lee wants to random or pseudo random number that is used once and associate ID say with a time stamp
to increase the key strength. A nonce can also be used as an I. V
earlier briefly mentioned the challenge of key exchange when talking about symmetric encryption.
How do I share my secret key with you so you can decrypt my message.
So it's this process for chairing the encryption keys
in the physical world. If I can see you can hand you the key
in the virtual world that we're separated over the Internet, how do we safely and securely share keys will go through key exchange in future videos? Two different types. One is an in bad where the key is shared in the communications channel. So when I'm sending you an encrypted message, I'll send the key with it,
as opposed to out of band, using some other transmission media that we agree upon in advance in Band has its security challenges. If someone's able to intercept the message, they can see potentially the key.
So it's a good idea to use how would have banned as much as possible. Another concept associate with cryptography and keys is Ford Secrecy,
also known as perfect Forward secrecy. It's a feature of a specific key agreement protocols that give assurances that your session keys will not be compromised. Even if the private key of the server is compromised, use your study material to review these terms. Make sure you are getting them in your mind
for the security plus exam
and as a security professional.
Further concepts associated with Keys First, a session key a randomly Jim generated to perform both encryption and decryption during the communication of a session
between parties. So right now we're going through a video session, so we just have a key on Lee Good for our video session. Once the session is over, the key is deleted
and ephemeral. Keys on Lee used for one session
Common too. Ephemeral key agreement protocols.
Asymmetric encryption is different than symmetric encryption.
Asymmetric encryption, meaning different keys. There are two keys used.
Want public key,
One private key.
I would encrypt a document using your public E. Anyone can see you're public E, but only you can decrypt it using your private or secret key.
Now both of these keys are mathematically related. We'll talk about how that works when we go through the RS a algorithm, a common asymmetric encryption method
on Lee, The private key needs to be kept secret. An asymmetric encryption,
and on Lee, it can decrypt the message. Another part of asymmetric encryption is digital signatures. Let's talk about that next
digital signatures provide non repudiation that proof that the message came from a certain entity or individual digital signatures also use public private key pairs. The differences. The message is signed. Using the sender's private
key. I'll sign a document with my private key by Secret Key only I know it.
Then you can validate that it came for me using my public key.
You can also use this for message integrity associated with hashing of the message.
By the way, digital signatures does not protect message confidentiality.
It's just proof and validation
of the center.
The purpose of P. K. I or public key infrastructure is to manage keys and certificates. Key exchange key management, particularly when you're using a lot of keys, associate with a lot of entities or individuals becomes the challenge. P k I has solved that by managing keys and certificates through a P. K. I.
An organization establishes and maintains a trustworthy
P K I enables the use of encryption and digital signature service is cross. A wide variety of applications and network interfaces will cover a lot more about P K I in a future video.
This concludes the first part of section 61 Compare and contrast basic concepts of cryptography. Stay tuned for the second part as we dive in further into Maur terms associated with us.