Scribd
Upload
1K views23 pages

CSCU Module 04 Data Encryption PDF

Survey: 40 percent of it workers believe they could hold employer networks hostage. A third of survey respondents were confident they could bring a company to a halt with little effort. The survey was sanctioned by Venafi, a network key and encryption provider. Recent breaches at Sony, Epsilon reinforce the need for more encryption and management.

Uploaded by

Sandeep Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views23 pages

CSCU Module 04 Data Encryption PDF

Survey: 40 percent of it workers believe they could hold employer networks hostage. A third of survey respondents were confident they could bring a company to a halt with little effort. The survey was sanctioned by Venafi, a network key and encryption provider. Recent breaches at Sony, Epsilon reinforce the need for more encryption and management.

Uploaded by

Sandeep Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Data Encryption

Module 4

Simplifying Security.

CopyrightbyEC-Council
[Link].

May23,2011

40PercentofITWorkersCouldHoldEmployerNetworksHostage,SurveyFinds
Roughly40percentofITworkersbelievetheycouldholdanemployersnetworkhostage evenafter
leavingthecompany bywithholdingorhidingencryptionkeys,accordingtoarecentsurveyof500
ITsecurityspecialists.
Thestudy,releasedMonday,May23,alsorevealedthatathirdofsurveyrespondentswereconfident
thattheirknowledgeandaccesstoencryptionkeysandcertificatescouldbringacompanytoahalt
withlittleeffort.ConductedinApril2011,thesurveywassanctionedbyVenafi,anetworkkeyand
encryptionprovider.
Itsashamethatsomanypeoplehavebeensold
encryptionbutnotthemeansorknowledgeto
manageit,saidJeffHudson,CEOofVenafi,ina
[Link]
keysareandmonitorandmanagewhohasaccesstothem....[Link],
costlybreachesatSony,Epsilonandelsewherereinforcetheneedforbothmoreencryptionand
effectivemanagement.
[Link]

CopyrightbyEC-Council
[Link].

Module Objectives
CommonTerminologies

UsageofEncryption

WhatIsEncryption?

DigitalCertificates

ObjectivesofEncryption

WorkingofDigitalCertificates

TypesofEncryption

DigitalSignature

EncryptionStandards

HowDigitalSignatureWorks?

[Link]
Encryption

CryptographyTools

CopyrightbyEC-Council
[Link].

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

CopyrightbyEC-Council
[Link].

Common Terminologies
Plaintext
Plaintextorcleartext isunencryptedreadabletext

Cipher Text
Ciphertextisencryptedandunreadable untilitisdecryptedto
plaintextwithakey

Encryption Key
Anencryptionkeyisapieceofinformationthatisusedto
encrypt anddecrypt data

CopyrightbyEC-Council
[Link].

What Is Encryption?
Encryptionistheprocessofconvertingdataintoaciphertextthatcannotbe
understoodbytheunauthorizedpeople
Toreadanencryptedfile,youmusthaveaccess toasecretkeyorpasswordthat
enablesyoutodecryptit
Encryptionisusedtoprotectsensitiveinformation duringtransmissionandstorage

Bob

Plaintext
(Morpheus)

EncryptedDATA
(3*.,~@!w9)

EncryptedDATAis
receivedbyAlice

Alicereceivesthe
plaindataafter
decryption

Alice

CopyrightbyEC-Council
[Link].

Objectives of Encryption
DataIntegrity

Authentication

Thereceiverofamessagecancheckwhetherthemessage
wasmodifiedduringtransmission,eitheraccidentallyor
deliberately

Thereceiverofamessagecanverifytheoriginofthemessage
Nootherusershouldbeabletosendamessagetothe
recipientastheoriginalsender(dataoriginauthentication)

Nonrepudiation

Thesenderofamessagecannotdeny thathe/shehassent
themessage

CopyrightbyEC-Council
[Link].

Usage of Encryption
Ithelpstosafelystore
sensitiveinformationona
computerorexternalstorage
media

Encryptionisusedtoprotect
usercredentials suchasuser
nameandpasswords

Encryptionprovidesasecure
medium foruserstoconnect
totheirfriendsoremployees
networkfromoutsideofthe
homeoroffice

Itprovidesahigherlevelof
trust whenreceivingfilesfrom
otherusersbyensuringthatthe
sourceandcontentsofthe
messagearetrusted

Itisalsousedasaresource
forwebbasedinformation
exchangetoprotect
importantinformation such
ascreditcardnumbers

Encryptionprovides
assurance ofasenders
identity

CopyrightbyEC-Council
[Link].

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

CopyrightbyEC-Council
[Link].

Types of Encryption
SymmetricEncryption

SymmetricEncryption

Encryption
DearJohn,
Thisismy
A/Cnumber
7974392830

Symmetricencryption(secretkey,sharedkey,
andprivatekey)usesthesamekeyfor
encryptionanddecryption

Plaintext

Decryption
Guuihifhofn
kbifkfnnfk
Nklclmlm
#^*&(*)_(_

DearJohn,
Thisismy
A/Cnumber
7974392830

Ciphertext

Plaintext

AsymmetricEncryption

AsymmetricEncryption

Decryption

Encryption

Asymmetricencryption(publickey)uses
differentencryptionkeysforencryptionand
[Link]
andprivatekeys

DearJohn,
Thisismy
A/Cnumber
7974392830

Guuihifhofn
kbifkfnnfk
Nklclmlm
#^*&(*)_(_

Plaintext

Ciphertext

DearJohn,
Thisismy
A/Cnumber
7974392830

Plaintext

Hashfunction

HashFunction
Hashfunction(messagedigestsoroneway
encryption)usesnokeyforencryptionand
decryption

Hashfunction

Plaintext

10

Ciphertext

CopyrightbyEC-Council
[Link].

Symmetric vs. Asymmetric Encryption


SymmetricEncryption

AsymmetricEncryption

Symmetricencryptionusesonlyonekey
forbothencryptionanddecryption
Thekeycannotbeshared freely

AsymmetricEncryptionusesapublickey
forencryptionandaprivatekey for
decryption

Symmetricencryptionrequiresthatboth
thesenderandthereceiverknowthe
secretkey

Inasymmetricencryption,thepublickey
canbefreelyshared, whicheliminatesthe
riskofcompromisingthesecretkey

Usingsymmetricencryption,datacan
be encryptedfaster

TheencryptionprocessusingAsymmetric
Encryptionisslowerandmorecomplex

Thisalgorithmislesscomplexandfaster

Asymmetricencryptionensures
confidentiality,integrity,authentication,
andnonrepudiation

Symmetricencryptionensures
confidentialityandintegrity

11

CopyrightbyEC-Council
[Link].

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

12

CopyrightbyEC-Council
[Link].

Encryption Standards

DataEncryption
Standard(DES)

AdvancedEncryption
Standard(AES)

DataEncryptionStandard(DES)isthename
oftheFederalinformationProcessing
Standard(FIPS)463,whichdescribesthe
dataencryptionalgorithm(DEA)

AdvancedEncryptionStandard(AES)is
asymmetrickeyencryptionstandard
[Link]

TheDEAisasymmetriccryptosystem
originallydesignedforimplementationin
hardware

Ithasa128bit blocksize,withkey
sizesof128,192and256bits,
respectively,forAES128,AES192and
AES256

DEAisalsousedforsingleuserencryption,
suchastostorefilesonaharddiskin
encryptedform

13

CopyrightbyEC-Council
[Link].

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

14

CopyrightbyEC-Council
[Link].

Digital Certificates
Adigitalcertificateisanelectroniccardthatprovidescredentialinformationwhile
performingonlinetransactions
Itactsasanelectroniccounterparttoadrivers license,passport,ormembership
cardandverifiestheidentityofallusersinvolvedinonlinetransactions
Adigitalcertificategenerallycontains:
Detailsofownerspublickey

Ownersname

Digitalsignatureofthe
CA(issuer)

Expirationdateof
publickey

NameoftheCertificate
Authority(CA)whoissuedthe
digitalcertificate

Serialnumberofdigital
signature

15

CopyrightbyEC-Council
[Link].

How Digital Certificates Work


Certification
Authority(CA)

Validation
Authority(VA)

UpdatesInformation

RequestforIssuing
Certificate

PublicKey
Certificate

PublicKey
Certificate

Registration
Authority(RA)

Determined
Result

UserAppliesfor
Certificate

User

Messageinpublickeycertificate
signedwithdigitalsignature

PublicKey

Validationofelectronicsignature

PrivateKey

Inquiresaboutpublickeycertificate
validitytovalidationauthority

16

CopyrightbyEC-Council
[Link].

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

17

CopyrightbyEC-Council
[Link].

Digital Signature
Digitalsignatureimplementsasymmetriccryptographytosimulatethesecurity
propertiesofasignatureindigital,ratherthanwrittenform

Digitalsignatureschemesinvolvetwoencryptionkeys:aprivatekeyforsigningthe
messageandapublickeyforverifyingsignatures

Digitalstandardsfollowtheopenstandards astheyarenottiedtoanindividualor
manufacturer

Itisoftenusedtoimplementelectronicsignatures andcanbeusedbyanytypeof
message

Itisindependentofthesignature verificationbetweenthesenderandthereceiver

18

CopyrightbyEC-Council
[Link].

How Digital Signature Works


SIGN

Confidential
Information

Hashvalue

ACCEPT

Appendthesigned
hashcodetomessage

Sendersignshashcodeusing
hisPRIVATEkey

SEAL

Encryptmessageusing
onetimesymmetrickey

OPEN

Encryptthesymmetrickey
usingrecipientsPUBLICkey

Decryptmessageusing
onetimesymmetrickey

Recipientdecryptonetimesymmetric
keyusinghisPRIVATEkey

VERIFY

DELIVER

Mailelectronicenvelopes
totherecipient

Unlockthehashvalueusing
sendersPUBLICkey

19

Rehash the
message and
compare it
with the hash
value attached
with the mail

CopyrightbyEC-Council
[Link].

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

20

CopyrightbyEC-Council
[Link].

Cryptography Tool: TrueCrypt


TrueCryptcreatesavirtualencrypteddiskwithina
fileandmountsitasarealdisk
Encryptsanentirepartitionorstoragedevicesuch
asUSBflashdriveorharddrive
Encryptsapartitionordrive whereWindowsis
installed(prebootauthentication)
Encryptionisautomatic,realtime(onthefly),and
transparent

[Link]

21

CopyrightbyEC-Council
[Link].

Cryptography Tools
FolderLock

PixelCryptor

[Link]

[Link]

AxCrypt

EncryptOnClick

[Link]

[Link]

Cryptainer LE

SafeHouse Explorer

[Link]

[Link]

AdvancedEncryptionPackage

Kruptos 2Professional

[Link]

[Link]

22

CopyrightbyEC-Council
[Link].

Module Summary
Encryptionistheprocessofconvertingdataintoaciphertextthatcannotbeunderstood
bytheunauthorizedpeople
Symmetricencryptionusesonlyonekeyforbothencryptionanddecryption,whereas
asymmetricencryptionusesapublickeyforencryptionandaprivatekeyfordecryption
Encryptionprovidesahigherleveloftrustwhenreceivingfilesfromotherusersby
ensuringthatthesourceandcontentsofthemessagearetrusted
Adigitalcertificateisanelectroniccardthatprovidescredentialinformationwhen
performingonlinetransactions
Adigitalsignatureimplementsasymmetriccryptographytosimulatethesecurity
propertiesofasignatureindigital,ratherthanwrittenform

23

CopyrightbyEC-Council
[Link].

You might also like