Professional Documents
Culture Documents
CSCU Module 04 Data Encryption
CSCU Module 04 Data Encryption
Module 4
Simplifying Security.
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
May23,2011
40PercentofITWorkersCouldHoldEmployerNetworksHostage,SurveyFinds
Roughly40percentofITworkersbelievetheycouldholdanemployersnetworkhostage evenafter
leavingthecompany bywithholdingorhidingencryptionkeys,accordingtoarecentsurveyof500
ITsecurityspecialists.
Thestudy,releasedMonday,May23,alsorevealedthatathirdofsurveyrespondentswereconfident
thattheirknowledgeandaccesstoencryptionkeysandcertificatescouldbringacompanytoahalt
withlittleeffort.ConductedinApril2011,thesurveywassanctionedbyVenafi,anetworkkeyand
encryptionprovider.
Itsashamethatsomanypeoplehavebeensold
encryptionbutnotthemeansorknowledgeto
manageit,saidJeffHudson,CEOofVenafi,ina
statement.ITdepartmentsmusttrackwherethe
keysareandmonitorandmanagewhohasaccesstothem....Itsnolongerrocketscience.Yetrecent,
costlybreachesatSony,Epsilonandelsewherereinforcetheneedforbothmoreencryptionand
effectivemanagement.
http://www.govtech.com
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Objectives
CommonTerminologies
UsageofEncryption
WhatIsEncryption?
DigitalCertificates
ObjectivesofEncryption
WorkingofDigitalCertificates
TypesofEncryption
DigitalSignature
EncryptionStandards
HowDigitalSignatureWorks?
Symmetricvs.Asymmetric
Encryption
CryptographyTools
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Encryption
Typesof
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Common Terminologies
Plaintext
Plaintextorcleartext isunencryptedreadabletext
Cipher Text
Ciphertextisencryptedandunreadable untilitisdecryptedto
plaintextwithakey
Encryption Key
Anencryptionkeyisapieceofinformationthatisusedto
encrypt anddecrypt data
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
What Is Encryption?
Encryptionistheprocessofconvertingdataintoaciphertextthatcannotbe
understoodbytheunauthorizedpeople
Toreadanencryptedfile,youmusthaveaccess toasecretkeyorpasswordthat
enablesyoutodecryptit
Encryptionisusedtoprotectsensitiveinformation duringtransmissionandstorage
Bob
Plaintext
(Morpheus)
EncryptedDATA
(3*.,~@!w9)
EncryptedDATAis
receivedbyAlice
Alicereceivesthe
plaindataafter
decryption
Alice
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Objectives of Encryption
DataIntegrity
Authentication
Thereceiverofamessagecancheckwhetherthemessage
wasmodifiedduringtransmission,eitheraccidentallyor
deliberately
Thereceiverofamessagecanverifytheoriginofthemessage
Nootherusershouldbeabletosendamessagetothe
recipientastheoriginalsender(dataoriginauthentication)
Nonrepudiation
Thesenderofamessagecannotdeny thathe/shehassent
themessage
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Usage of Encryption
Ithelpstosafelystore
sensitiveinformationona
computerorexternalstorage
media
Encryptionisusedtoprotect
usercredentials suchasuser
nameandpasswords
Encryptionprovidesasecure
medium foruserstoconnect
totheirfriendsoremployees
networkfromoutsideofthe
homeoroffice
Itprovidesahigherlevelof
trust whenreceivingfilesfrom
otherusersbyensuringthatthe
sourceandcontentsofthe
messagearetrusted
Itisalsousedasaresource
forwebbasedinformation
exchangetoprotect
importantinformation such
ascreditcardnumbers
Encryptionprovides
assurance ofasenders
identity
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Encryption
Typesof
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Types of Encryption
SymmetricEncryption
SymmetricEncryption
Encryption
DearJohn,
Thisismy
A/Cnumber
7974392830
Symmetricencryption(secretkey,sharedkey,
andprivatekey)usesthesamekeyfor
encryptionanddecryption
Plaintext
Decryption
Guuihifhofn
kbifkfnnfk
Nklclmlm
#^*&(*)_(_
DearJohn,
Thisismy
A/Cnumber
7974392830
Ciphertext
Plaintext
AsymmetricEncryption
AsymmetricEncryption
Decryption
Encryption
Asymmetricencryption(publickey)uses
differentencryptionkeysforencryptionand
decryption.Thesekeysareknownaspublic
andprivatekeys
DearJohn,
Thisismy
A/Cnumber
7974392830
Guuihifhofn
kbifkfnnfk
Nklclmlm
#^*&(*)_(_
Plaintext
Ciphertext
DearJohn,
Thisismy
A/Cnumber
7974392830
Plaintext
Hashfunction
HashFunction
Hashfunction(messagedigestsoroneway
encryption)usesnokeyforencryptionand
decryption
Hashfunction
Plaintext
10
Ciphertext
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
AsymmetricEncryption
Symmetricencryptionusesonlyonekey
forbothencryptionanddecryption
Thekeycannotbeshared freely
AsymmetricEncryptionusesapublickey
forencryptionandaprivatekey for
decryption
Symmetricencryptionrequiresthatboth
thesenderandthereceiverknowthe
secretkey
Inasymmetricencryption,thepublickey
canbefreelyshared, whicheliminatesthe
riskofcompromisingthesecretkey
Usingsymmetricencryption,datacan
be encryptedfaster
TheencryptionprocessusingAsymmetric
Encryptionisslowerandmorecomplex
Thisalgorithmislesscomplexandfaster
Asymmetricencryptionensures
confidentiality,integrity,authentication,
andnonrepudiation
Symmetricencryptionensures
confidentialityandintegrity
11
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Encryption
Typesof
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
12
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Encryption Standards
DataEncryption
Standard(DES)
AdvancedEncryption
Standard(AES)
DataEncryptionStandard(DES)isthename
oftheFederalinformationProcessing
Standard(FIPS)463,whichdescribesthe
dataencryptionalgorithm(DEA)
AdvancedEncryptionStandard(AES)is
asymmetrickeyencryptionstandard
adoptedbytheU.S.government
TheDEAisasymmetriccryptosystem
originallydesignedforimplementationin
hardware
Ithasa128bit blocksize,withkey
sizesof128,192and256bits,
respectively,forAES128,AES192and
AES256
DEAisalsousedforsingleuserencryption,
suchastostorefilesonaharddiskin
encryptedform
13
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Encryption
Typesof
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
14
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Digital Certificates
Adigitalcertificateisanelectroniccardthatprovidescredentialinformationwhile
performingonlinetransactions
Itactsasanelectroniccounterparttoadrivers license,passport,ormembership
cardandverifiestheidentityofallusersinvolvedinonlinetransactions
Adigitalcertificategenerallycontains:
Detailsofownerspublickey
Ownersname
Digitalsignatureofthe
CA(issuer)
Expirationdateof
publickey
NameoftheCertificate
Authority(CA)whoissuedthe
digitalcertificate
Serialnumberofdigital
signature
15
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Validation
Authority(VA)
UpdatesInformation
RequestforIssuing
Certificate
PublicKey
Certificate
PublicKey
Certificate
Registration
Authority(RA)
Determined
Result
UserAppliesfor
Certificate
User
Messageinpublickeycertificate
signedwithdigitalsignature
PublicKey
Validationofelectronicsignature
PrivateKey
Inquiresaboutpublickeycertificate
validitytovalidationauthority
16
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Encryption
Typesof
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
17
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Digital Signature
Digitalsignatureimplementsasymmetriccryptographytosimulatethesecurity
propertiesofasignatureindigital,ratherthanwrittenform
Digitalsignatureschemesinvolvetwoencryptionkeys:aprivatekeyforsigningthe
messageandapublickeyforverifyingsignatures
Digitalstandardsfollowtheopenstandards astheyarenottiedtoanindividualor
manufacturer
Itisoftenusedtoimplementelectronicsignatures andcanbeusedbyanytypeof
message
Itisindependentofthesignature verificationbetweenthesenderandthereceiver
18
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Confidential
Information
Hashvalue
ACCEPT
Appendthesigned
hashcodetomessage
Sendersignshashcodeusing
hisPRIVATEkey
SEAL
Encryptmessageusing
onetimesymmetrickey
OPEN
Encryptthesymmetrickey
usingrecipientsPUBLICkey
Decryptmessageusing
onetimesymmetrickey
Recipientdecryptonetimesymmetric
keyusinghisPRIVATEkey
VERIFY
DELIVER
Mailelectronicenvelopes
totherecipient
Unlockthehashvalueusing
sendersPUBLICkey
19
Rehash the
message and
compare it
with the hash
value attached
with the mail
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Flow
Encryption
Typesof
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
20
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
http://www.truecrypt.org
21
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Cryptography Tools
FolderLock
PixelCryptor
http://www.newsoftwares.net
http://www.codegazer.com
AxCrypt
EncryptOnClick
http://www.axantum.com
http://www.2brightsparks.com
Cryptainer LE
SafeHouse Explorer
http://www.cypherix.co.uk
http://www.safehousesoftware.com
AdvancedEncryptionPackage
Kruptos 2Professional
http://www.intercrypto.com
http://www.kruptos2.co.uk
22
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
Module Summary
Encryptionistheprocessofconvertingdataintoaciphertextthatcannotbeunderstood
bytheunauthorizedpeople
Symmetricencryptionusesonlyonekeyforbothencryptionanddecryption,whereas
asymmetricencryptionusesapublickeyforencryptionandaprivatekeyfordecryption
Encryptionprovidesahigherleveloftrustwhenreceivingfilesfromotherusersby
ensuringthatthesourceandcontentsofthemessagearetrusted
Adigitalcertificateisanelectroniccardthatprovidescredentialinformationwhen
performingonlinetransactions
Adigitalsignatureimplementsasymmetriccryptographytosimulatethesecurity
propertiesofasignatureindigital,ratherthanwrittenform
23
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.