Download - Cscu module 04 data encryption
1 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Data Encryption
Simplifying Security.
Module 4
2 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Roughly 40 percent of IT workers believe they could hold an employer’s network hostage — even after leaving the company — by withholding or hiding encryption keys, according to a recent survey of 500 IT security specialists.
The study, released Monday, May 23, also revealed that a third of survey respondents were confident that their knowledge and access to encryption keys and certificates could bring a company to a halt with little effort. Conducted in April 2011, the survey was sanctioned by Venafi, a network key and encryption provider.
40 Percent of IT Workers Could Hold Employer Networks Hostage, Survey Finds
“It’s a shame that so many people have been sold encryption but not the means or knowledge to manage it,” said Jeff Hudson, CEO of Venafi, in a statement. “IT departments must track where thekeys are and monitor and manage who has access to them. ... It’s no longer rocket science. Yet recent, costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and effective management.”
http://www.govtech.com
May 23, 2011
3 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives
Common Terminologies
What Is Encryption?
Objectives of Encryption
Types of Encryption
Encryption Standards
Symmetric vs. Asymmetric Encryption
Usage of Encryption
Digital Certificates
Working of Digital Certificates
Digital Signature
How Digital Signature Works?
Cryptography Tools
4 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption Types of Encryption
EncryptionStandards
Digital Certificates
Digital Signature
Cryptography Tools
5 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
5
Cipher TextCipher text is encrypted and unreadable until it is decrypted to plaintext with a key
Encryption KeyAn encryption key is a piece of information that is used to encrypt and decrypt data
Common Terminologies
PlaintextPlaintext or cleartext is unencrypted readable text
6 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
What Is Encryption?
Plain text (‘Morpheus’) Bob Alice
Encryption is the process of converting data into a cipher text that cannot be understood by the unauthorized people
To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it
Encryption is used to protect sensitive information during transmission and storage
Encrypted DATA is received by Alice
Alice receives the plain data after decryption
Encrypted DATA(‘3*.,~’@!w9”)
7 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
7 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Data Integrity
Authentication
Non‐repudiation
The receiver of a message can check whether the message was modified during transmission, either accidentally or deliberately
The receiver of a message can verify the origin of the message
No other user should be able to send a message to the recipient as the original sender (data origin authentication)
The sender of a message cannot deny that he/she has sent the message
Objectives of Encryption
8 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Usage of EncryptionIt helps to safely store sensitive information on a computer or external storage media
Encryption is used to protect user credentials such as user name and passwords
Encryption provides assurance of a sender’s identity
It is also used as a resource for web‐based information exchange to protect important information such as credit card numbers
Encryption provides a secure medium for users to connect to their friends’ or employees’ network from outside of the home or office
It provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted
9 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption Types of Encryption
EncryptionStandards
Digital Certificates
Digital Signature
Cryptography Tools
10 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Types of EncryptionSymmetric EncryptionSymmetric encryption (secret‐key, shared‐key, and private‐key) uses the same key for encryption and decryption
Asymmetric EncryptionAsymmetric encryption (public key) uses different encryption keys for encryption and decryption. These keys are known as public and private keys
Hash Function
Hash function (message digests or one‐way encryption) uses no key for encryption and decryption
Dear John,This is my A/C number7974392830
Dear John,This is my A/C number7974392830
GuuihifhofnkbifkfnnfkNklclmlm#^*&(*)_(_
Encryption Decryption
Plain text Plain textCipher text
Symmetric Encryption
Asymmetric Encryption
Dear John,This is my A/C number7974392830
Dear John,This is my A/C number7974392830
GuuihifhofnkbifkfnnfkNklclmlm#^*&(*)_(_
Plain text Cipher text Plain text
Encryption Decryption
Hash function
Plain text Cipher text
Hash function
11 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Symmetric vs. Asymmetric Encryption
Symmetric Encryption Asymmetric Encryption
Symmetric encryption uses only one keyfor both encryption and decryption
The key cannot be shared freely
Symmetric encryption requires that both the sender and the receiver know the secret key
Using symmetric encryption, data can be encrypted faster
This algorithm is less complex and faster
Symmetric encryption ensures confidentiality and integrity
Asymmetric Encryption uses a public keyfor encryption and a private key for decryption
In asymmetric encryption, the public key can be freely shared,which eliminates the risk of compromising the secret key
The encryption process using Asymmetric Encryption is slower and more complex
Asymmetric encryption ensures confidentiality, integrity, authentication, and non‐repudiation
12 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption Types of Encryption
EncryptionStandards
Digital Certificates
Digital Signature
Cryptography Tools
13 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
13 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Encryption Standards
Data Encryption Standard (DES)
Advanced EncryptionStandard (AES)
Data Encryption Standard (DES) is the name of the Federal information Processing Standard (FIPS) 46‐3, which describes the data encryption algorithm (DEA)
The DEA is a symmetric cryptosystem originally designed for implementation in hardware
DEA is also used for single‐user encryption, such as to store files on a hard disk in encrypted form
Advanced Encryption Standard (AES) is a symmetric‐key encryption standard adopted by the U.S. government
It has a 128‐bit block size, with key sizes of 128, 192 and 256 bits, respectively, for AES‐128, AES‐192 and AES‐256
14 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption Types of Encryption
EncryptionStandards
Digital Certificates
Digital Signature
Cryptography Tools
15 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Digital Certificates
Details of owner’s public key
Digital signature of the CA (issuer)
Serial number of digital signature
Owner’s name
Expiration date of public key
Name of the Certificate Authority (CA) who issued the digital certificate
A digital certificate is an electronic card that provides credential information while performing online transactions
It acts as an electronic counterpart to a drivers license, passport, or membership card and verifies the identity of all users involved in online transactions
A digital certificate generally contains:
16 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Private Key
Public Key Validation of electronic signature
Inquires about public key certificate validity to validation authority
Determined Result
Public KeyCertificate
Message in public key certificate signed with digital signature
User
Public KeyCertificate
Updates Information
User Applies for Certificate
Registration Authority (RA)
Request for Issuing Certificate
Validation Authority (VA)
Certification Authority (CA)
How Digital Certificates Work
17 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption Types of Encryption
EncryptionStandards
Digital Certificates
Digital Signature
Cryptography Tools
18 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Digital SignatureDigital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form
Digital signature schemes involve two encryption keys: a private key for signing the message and a public key for verifying signatures
Digital standards follow the open standards as they are not tied to an individual or manufacturer
It is often used to implement electronic signatures and can be used by any type of message
It is independent of the signature verification between the sender and the receiver
19 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
How Digital Signature Works
SIGN
SEAL
DELIVER
ACCEPT
OPEN
VERIFY
Encrypt message using one‐time symmetric key
Encrypt the symmetric key using recipient’s PUBLIC key
Mail electronic envelopes to the recipient
Confidential Information
Rehash the message and compare it with the hash value attached with the mail
Recipient decrypt one‐time symmetric key using his PRIVATE key
Decrypt message using one‐time symmetric key
Hash value Sender signs hash code using his PRIVATE key
Append the signed hash code to message
Unlock the hash value using sender’s PUBLIC key
20 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption Types of Encryption
EncryptionStandards
Digital Certificates
Digital Signature
Cryptography Tools
21 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Cryptography Tool: TrueCrypt
http://www.truecrypt.org
TrueCrypt creates a virtual encrypted disk within a file and mounts it as a real diskEncrypts an entire partition or storage device such as USB flash drive or hard driveEncrypts a partition or drive where Windows is installed (pre‐boot authentication)Encryption is automatic, real‐time (on‐the‐fly), and transparent
22 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
PixelCryptorhttp://www.codegazer.com
Folder Lockhttp://www.newsoftwares.net
EncryptOnClickhttp://www.2brightsparks.com
Cryptainer LE http://www.cypherix.co.uk
SafeHouse Explorer http://www.safehousesoftware.com
Advanced Encryption Package http://www.intercrypto.com
AxCrypthttp://www.axantum.com
Kruptos 2 Professionalhttp://www.kruptos2.co.uk
Cryptography Tools
23 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Module Summary
Encryption is the process of converting data into a cipher text that cannot be understood by the unauthorized people
Symmetric encryption uses only one key for both encryption and decryption, whereas asymmetric encryption uses a public key for encryption and a private key for decryption
Encryption provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted
A digital certificate is an electronic card that provides credential information when performing online transactions
A digital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form