COURSE CODE: IT311 – Information Assurance and

Security
Module 4

Week 5: September 14-20, 2020 | 1st Semester, S.Y. 2020-2021

Introduction
With more than three-quarters (77 percent) of American online daily
and a growing number of internet-connected devices in and around
the house, it comes as no surprise that cyberattacks on cities, corporations,
COURSE MODULE

and individuals remain a serious problem. This spring, the city of

Atlanta endured a crippling ransomeware attack arguably one of the
most impactful cyber breaches against a large American city (it took five
days for the city government’s computers and printers to get back
up and running).

The Identity Theft Resource Center’s 2017 Annual Data Breach

Year-End Review revealed that 11 percent of cyber breaches on
businesses came from unauthorized access (e.g., cracking passwords).
One-fifth of breaches involved credit and debit cards, up 6 percent from
2016. And a staggering 830 breaches included social security numbers.
This drives home the fact that no city, country, business, or
individual is 100 percent safe from malicious outsiders
(or insiders—90 percent of companies admitted feeling more vulnerable
to insider attacks). But taking proactive steps does mitigate risk.

Intended Learning Outcomes

 Briefly Identify the difference between symmetric
and asymmetric cryptosystems, e.g., number of keys required,
the types of algorithms used

Topic – Cryptography to the Rescue

 One such cyber asset is cryptography, a technique to secure
data and communications. This powerful tool has won wars (consider the
Navajo code talkers, who used encrypted code to relay sensitive information)
and is talked about more than you may realize (a “SpongeBob
Squarepants” episode contains a prime example of cryptography in action).

The end goal? Protect personal information and make it safer for
users to send messages over public spaces without unwanted cyber threat.
But how exactly does cryptography accomplish this? Is cryptography just another
name for encryption? And what are some ways users can bulletproof their email
messages using encryption, leaving intrusive eavesdroppers frustrated and
COURSE MODULE

defeated?

Cryptography Basics: Encryption vs. Cryptography, Cipher vs.

Encryption

Cryptography is the study of secure (yet accessible) communications. Encryption

and ciphers fall under this umbrella. Encryption is the process of turning text into
code. A cipher is that actual code. Think of encryption as the driving force of
cryptography. But how does basic encryption work?

Basic Encryption: The Sword Cryptography Wields

Let’s say you need to send your boss company-sensitive information.

Without the proper encryption methods (i.e., digital signature, etc.), you are
more likely to suffer from a successful man-in-the-middle attack, where the
silent but dangerous intruder can eavesdrop and even impersonate a sender
or receiver. Thanks to encryption software, your message turns from plaintext
(e.g., “Hi Sandra, attached is the…”) to ciphertext (e.g. “percent6
(0$5, @94*47df kp &th…”), making it harder for outside parties to crack.

The Nuts and Bolts of Cryptography: How the Process Works

But let’s get into the nitty-gritty details. Putting a magnifying glass up to the
hypothetical email message you just sent your boss, here’s how it got to your
boss’ inbox in one piece.
 You type up your message and send it to the encryption program
along with your encryption key (remember, we need both encryption
and decryption programs for this to work). As mentioned, the normal,
readable message (or plaintext) you created transforms via
encryption to a jumble of unreadable characters (ciphertext) and is
sent over the internet to your boss.

Now on your boss’ end: She receives the ciphertext, which hopefully is
left untampered (no man-in-the-middle attack). In a perfect world,
COURSE MODULE
the ciphertext transforms via her decryption program and decrypting
key back into your original plaintext message, and the cryptography
process is complete.

Fighting Cyber Crime Using a Basic Encryption

Algorithm

There are two main ways the cryptography process works:

asymmetric-key encryption and symmetric-key encryption. Put simply,
symmetric-key encryption is when the encryption and decryption key
matches; asymmetric-key encryption is when they don’t. But, as with
cryptography, there’s more to it

What is Symmetric-Key Encryption?

Symmetric-key encryption, or private-key encryption, encrypts and decrypts

using one shared (yet private) key. Its algorithm, or cipher, is typically speedy
and efficient. Plus, it’s great for storing encrypted documents. Encrypted
communications, however? Not so much. The key must be kept secret at all
times by both the sender and the receiver; if one leak, the encryption
method is a bust. You’d then think that private-key encryption was an
outdated encryption algorithm, but it’s actually not, and here’s why
 Myth Buster: Private-Key Encryption Is Not a Weak Defense
A little over two decades ago, the National Institute of Standards
and Technology (NIST) decided to use a private-key cipher
as the encryption standard for U.S. government agencies. Long story
short, inventors created a 128-bit private-key cipher that became
COURSE MODULE
the Advanced Encryption Standard (AES). How secure is the code?
It would take billions of years for a supercomputer running a brute
force attack to crack it.

What Is Asymmetric-Key Encryption?

When it comes to email encryption, asymmetric-key encryption (or

public-key encryption) is your go-to. The reason? Unlike symmetric-
key encryption, asymmetric-key encryption uses not one but two
keys—one private, one public. Anyone can access the public key;
technically, the sender uses the receiver’s public key when sending
a message. However, only the receiver can use their private key to
decrypt it. The same goes in reverse.
 How to Keep Your Personal Information Safe?

While there will always be cyber threats—especially in the age of

IoT—thankfully more internet traffic is encrypted than not. What
you’ll see is more web pages with the green lock HTTPS symbol to
the left of the URL (especially since, as of 2015, Google favors HTTPS
over non-HTTPS sites), signaling that the site is more secure than its
older HTTP cousin.
COURSE MODULE
The good news doesn’t stop there; according to a Grand View
Research report, the encryption software market is expected to hit
$8.4 billion by 2024, which translates to a compound annual growth
of more than 14 percent from 2016 to 2024. Still, there’s more
progress to be made: 65 percent of internet users
cite memorization as the top way to keep track of passwords, and
less than one-tenth of Gmail users rely on two-factor authentication.
It’s poor cyber-hygiene practices like these that make it easy for
spammers, spoofers, and hackers to walk through the virtual front
door. But you can protect yourself with these encryption tips:

 Play it safe and always use two-factor authentication

 Use password-management software to stay on top of
passwords
 Only visit HTTPS-secure sites
 If you run a website, make sure it is HTTPS-Secure for
cybersecurity (and search engine) purposes
 When emailing, stick with public-key encryption
 Complete install encryption methods on company
databases
 Create a digital signature on your emails, so family, friends,
and colleagues know you are you

Take advantage of these encryption tips to ward off

spammers, spoofers, and hackers. Being cyber-ready now reduces
stress and the chances of a successful cyberattack.

Springboard’s Introduction to Cybersecurity course covers basic

cryptography, crypto algorithms and characteristics, public-key
infrastructure, wireless security, and much more. Check it out today.
Pl
 Reference
 Elizabeth Mack (2018). Cryptography Basics: Ins and Outs of
Encryption
COURSE MODULE