[go: up one dir, main page]
Scribd
Upload
43 views20 pages

Encryption Fundamentals, Techniques and Applications

Uploaded by

shakila.nabilaputri334
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
43 views20 pages

Encryption Fundamentals, Techniques and Applications

Uploaded by

shakila.nabilaputri334
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

STMIK Pontianak

1. Cybersecurity Introduction and


Overview

Encryption Fundamentals,
2. Cybersecurity Roles
3. Cybersecurity Controls
4. Security Architecture Principles
5. Encryption Fundamentals, Techniques

Techniques and Applications


and Applications
6. Security of Networks, Systems,
Applications and Data
7. Network Security
8. Intrusion Detection and Prevention
9. Incident Response
10. Forensics
11. Preparing for the Inevitable Incident
12. Incident Detection and
Characterization
13. Security Implications and Adoption of
Evolving Technology
14. Mobile Technology – Vulnerabilities,
Threats an Risk

Copyright © 2015 ISACA . All rights reserved. 1


Section 3: Security Architecture Principles

Encryption Fundamentals
• Encryption is the process of converting a plaintext
message into a secure-coded form of text, called
ciphertext.
• The ciphertext cannot be understood without
converting back, via decryption—the reverse process
—to plaintext.
• This is done via a mathematical function and a special
encryption/decryption password called the key.
• In many countries, encryption is subject to
governmental laws and regulations that limit the key
size or define what may not be encrypted.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 2
Section 3: Security Architecture Principles

Encryption Fundamentals
• Encryption is part of a broader science of secret
languages called cryptography, which is generally
used to:
• Protect information stored on computers from
unauthorized viewing and manipulation
• Protect data in transit over networks from
unauthorized interception and manipulation
• Deter and detect accidental or intentional
alterations of data
• Verify authenticity of a transaction or document

• Encryption is limited in that it cannot prevent the loss of


data.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 3
Section 3: Security Architecture Principles

Key Elements of Cryptographic Systems

• Key elements of cryptographic systems include:


• Encryption algorithm—Mathematically based
function or calculation that encrypts or decrypts
data.
• Encryption key—Piece of information similar to a
password that makes the encryption or decryption
process unique. A user needs the correct key to
access or decipher a message, as the wrong key
converts the message into an unreadable form.
• Key length—Predetermined length for the key. The
longer the key, the more difficult it is to
compromise in a brute force attack where all
possible key combinations are tried.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 4
Section 3: Security Architecture Principles

Key Elements of Cryptographic Systems

• Effective cryptographic systems depend upon a variety


of factors including:
• Algorithm strength
• Secrecy and difficulty of compromising a key
• Nonexistence of back doors by which an encrypted
file can be decrypted without knowing the key
• Inability to decrypt parts of a ciphertext message
and prevent known plaintext attacks
• Properties of the plaintext known by a perpetrator

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 5
Section 3: Security Architecture Principles

Key Systems
• There are two types of cryptographic systems:
• Symmetric Key Systems—These use single,
secret, bidirectional keys that encrypt and decrypt.
• Asymmetric Key Systems—These use pairs of
unidirectional, complementary keys that only
encrypt or decrypt. Typically, one of these keys is
secret, and the other is publicly known.
• Public key systems are asymmetric cryptographic
systems.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 6
Section 3: Security Architecture Principles

Encryption Techniques
• Symmetric (Private) Key Encryption
• There are two main advantages to symmetric key
cryptosystems such as DES or AES:
• The user only has to remember/know one key for
both encryption and decryption.
• Symmetric key cryptosystems are generally less
complicated and, therefore, use up less processing
power than asymmetric techniques. They are
ideally suited for bulk data encryption.
• The disadvantages of this approach include:
• Difficulty distributing keys
• Limitations of shared secret

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 7
Section 3: Security Architecture Principles

Encryption Techniques
• Asymmetric (Private) Key Encryption
• The key that was used to encrypt the data cannot
be used to decrypt it. Thus, the keys are
asymmetric in that they are inversely related to
each other.
• Asymmetric keys are often used for short
messages such as encrypting DES symmetric
keys or creating digital signatures.
• In theory, a message that has been encrypted
twice, first by the sender’s secret key, and second
by the receiver’s public key, achieves both
authentication and confidentiality objectives, but it
is not commonly used because it could generate
performance issues.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 8
Section 3: Security Architecture Principles

Elliptical Curve Cryptography

• Although public key cryptography ensures message


security, the long keys and mathematical problems it
uses tend to be inefficient.
• It is believed that ECC demands less computational
power and therefore offers more security per bit.
• ECC works well on networked computers requiring
strong cryptography.
• However, it has some limitations such as bandwidth
and processing power.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 9
Section 3: Security Architecture Principles

Quantum Cryptography
• Quantum cryptography is the next generation of
cryptography that may solve some of the existing
problems associated with current cryptographic
systems, specifically the random generation and
secure distribution of symmetric cryptographic keys.
• t is based on a practical application of the
characteristics of the smallest “grains” of light
(photons) and the physical laws governing their
generation, propagation and detection.
• Initial commercial usage has already started now that
the laboratory research phase has been completed.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 10
Section 3: Security Architecture Principles

Advanced Encryption Standard


• AES has replaced the DES as the cryptographic
algorithm standard.
• Rijndael is a symmetric block cipher with variable block
and key length.
• For AES the block length was fixed to 128 bits, and
three different key sizes (128, 192 and 256 bits) were
specified.
• Each round has a 128-bit round key and the result of
the previous round as input.
• Decryption is computed by applying inverse functions
of the round operations.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 11
Section 3: Security Architecture Principles

Digital Signature
• A digital signature is an electronic identification of a
person or entity created by using a public key
algorithm.
• To verify the integrity of the data, a cryptographic
hashing algorithm, called a checksum, is computed
against the entire message or electronic document,
which generates a small fixed string message, usually
about 128 bits in length.
• This process, also referred to as a digital signature
algorithm, creates a message digest (i.e., smaller
extrapolated version of the original message).

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 12
Section 3: Security Architecture Principles

Digital Signature
• Digital signature is a cryptographic method that
ensures:
• Data integrity—Any change to the plaintext
message would result in the recipient failing to
compute the same message hash.
• Authentication—The recipient can ensure that the
message has been sent by the claimed sender
since only the claimed sender has the secret key.
• Nonrepudiation—The claimed sender cannot later
deny generating and sending the message.
• Digital signatures and public key encryption are
vulnerable to man-in-the-middle attacks wherein the
sender’s digital signature private key and public key
may be faked.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 13
Section 3: Security Architecture Principles

Virtual Private Network


• A VPN is an example of applied cryptography that
typically exchanges secure data over the Internet.
• Encryption is needed to make the connection virtually
private.
• A popular VPN technology is IPSec, which commonly
uses the DES, Triple DES or AES encryption
algorithms.
• DES uses 56-bit keys, and Triple DES applies the key
three times to achieve an effective key length of 168
bits.
• AES is a new standard adopted in 2001 that uses keys
that can be 128, 192 or 256 bits long and a block size
of 128 bits (vs. 64-bit blocks used in DES).

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 14
Section 3: Security Architecture Principles

Wireless Network Protections


• Wireless data transmission is subject to a higher risk of
interception than wired traffic.
• There is no need to manually tap into the connection,
but rather remote tools can be used to intercept the
connection covertly.
• Here are some examples:
• Email can be intercepted and read or changed.
• Hackers can replace a user’s credential with false
information that leads to the destination server
rejecting the user’s access attempts, thereby
causing denial-of-service (DoS).
• An unauthorized person can log on to a wireless
network that is not secure and use its resources,
including free connectivity to the Internet.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 15
Section 3: Security Architecture Principles

Stored Data
• Encryption is an effective and increasingly practical
way to restrict access to confidential information while
in storage.
• Encryption can fill the security gap, and it can also
protect data from hackers who, by means of malicious
software, can obtain systems administration rights.
• Encryption also helps to protect data when a computer
or a disk falls into the wrong hands.
• Many email encryption programs can also be applied
to stored data. There are also some encryption
products that focus on file protection for computers
and PDAs.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 16
Section 3: Security Architecture Principles

Public Key Infrastructure


• Key elements of the infrastructure are as follows:
• Digital certificates: digital credential is composed
of a public key and identifying information about
the owner of the public key.
• Certificate authority : A certificate authority (CA) is
an authority in a network that issues and manages
security
• credentials and public keys for message signature
verification or encryption
• Registration authority: An RA is an authority in a
network that verifies user requests for a digital
certificate and tells the CA to issue it.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 17
Section 3: Security Architecture Principles

Encryption Applications
• The use of cryptosystems by applications, for example
in email and Internet transactions, generally involves a
combination of private/public key pairs, secret keys,
hash functions and digital certificates.
• The purpose of applying these combinations is to
achieve confidentiality, message integrity or
nonrepudiation by either the sender or recipient.
• Using his/her secret key, the sender then will encrypt
the message.
• Secure Sockets Layer (SSL) and Transport Layer
Security (TLS)—These are cryptographic protocols
that provide secure communications on the Internet

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 18
Section 3: Security Architecture Principles

Encryption Risk and Key Protection

• The security of encryption methods relies mainly on


the secrecy of keys. In general, the more a key is
used, the more vulnerable it will be to compromise.
• The randomness of key generation is also a significant
factor in the ability to compromise a key.
• When encrypting keys based on passwords, a
password that lacks randomness will diminish a 128-bit
encryption algorithm’s capabilities.
• Therefore, it is essential that effective password syntax
rules are applied and easily guessed passwords are
prohibited.

Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 19
Section 3: Security Architecture Principles

Lecture 5
Lecture: Dr. Gat, S.Kom., M.Kom Copyright © 2015 ISACA . All rights reserved. 20

You might also like