Documente Academic
Documente Profesional
Documente Cultură
Module 4
Simplifying Security.
1 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
May 23, 2011
40 Percent of IT Workers Could Hold Employer Networks Hostage, Survey Finds
Roughly 40 percent of IT workers believe they could hold an employer’s network hostage — even after
leaving the company — by withholding or hiding encryption keys, according to a recent survey of 500
IT security specialists.
The study, released Monday, May 23, also revealed that a third of survey respondents were confident
that their knowledge and access to encryption keys and certificates could bring a company to a halt
with little effort. Conducted in April 2011, the survey was sanctioned by Venafi, a network key and
encryption provider.
“It’s a shame that so many people have been sold
encryption but not the means or knowledge to
manage it,” said Jeff Hudson, CEO of Venafi, in a
statement. “IT departments must track where the
keys are and monitor and manage who has access to them. ... It’s no longer rocket science. Yet recent,
costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and
effective management.”
http://www.govtech.com
2 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives
Common Terminologies
Usage of Encryption
What Is Encryption?
Digital Certificates
Objectives of Encryption
Working of Digital Certificates
Types of Encryption
Digital Signature
Encryption Standards
How Digital Signature Works?
Symmetric vs. Asymmetric
Cryptography Tools
Encryption
3 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Types of Encryption
Encryption
Encryption Standards
4 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Common Terminologies
Plaintext
Plaintext or cleartext is unencrypted readable text
Cipher Text
Cipher text is encrypted and unreadable until it is decrypted to
plaintext with a key
Encryption Key
An encryption key is a piece of information that is used to
encrypt and decrypt data
5 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
What Is Encryption?
Encryption is the process of converting data into a cipher text that cannot be
understood by the unauthorized people
To read an encrypted file, you must have access to a secret key or password that
enables you to decrypt it
Encryption is used to protect sensitive information during transmission and storage
6 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Objectives of Encryption
Data Integrity The receiver of a message can check whether the message
was modified during transmission, either accidentally or
deliberately
Authentication The receiver of a message can verify the origin of the message
No other user should be able to send a message to the
recipient as the original sender (data origin authentication)
Non‐repudiation
The sender of a message cannot deny that he/she has sent
the message
7 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Usage of Encryption
It helps to safely store
Encryption is used to protect
sensitive information on a
user credentials such as user
computer or external storage
name and passwords
media
Encryption provides a secure It provides a higher level of
medium for users to connect trust when receiving files from
to their friends’ or employees’ other users by ensuring that the
network from outside of the source and contents of the
home or office message are trusted
It is also used as a resource
for web‐based information Encryption provides
exchange to protect assurance of a sender’s
important information such identity
as credit card numbers
8 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Types of Encryption
Encryption
Encryption Standards
9 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Types of Encryption
Symmetric Encryption
Symmetric Encryption Encryption Decryption
Dear John,
Symmetric encryption (secret‐key, shared‐key, This is my
Guuihifhofn
kbifkfnnfk
Dear John,
This is my
A/C number
and private‐key) uses the same key for 7974392830
Nklclmlm
#^*&(*)_(_
A/C number
7974392830
encryption and decryption
Plain text Cipher text Plain text
Asymmetric Encryption
Asymmetric Encryption
Encryption Decryption
Asymmetric encryption (public key) uses Dear John,
This is my
Guuihifhofn
kbifkfnnfk
Dear John,
This is my
different encryption keys for encryption and A/C number
7974392830
Nklclmlm
#^*&(*)_(_
A/C number
7974392830
decryption. These keys are known as public
and private keys Plain text Cipher text Plain text
Hash function
Hash Function
Hash function (message digests or one‐way Hash function
encryption) uses no key for encryption and
decryption
Plain text Cipher text
10 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Symmetric vs. Asymmetric Encryption
Symmetric Encryption Asymmetric Encryption
Symmetric encryption uses only one key Asymmetric Encryption uses a public key
for both encryption and decryption for encryption and a private key for
The key cannot be shared freely decryption
Symmetric encryption requires that both In asymmetric encryption, the public key
the sender and the receiver know the can be freely shared, which eliminates the
secret key risk of compromising the secret key
Using symmetric encryption, data can The encryption process using Asymmetric
be encrypted faster Encryption is slower and more complex
This algorithm is less complex and faster Asymmetric encryption ensures
confidentiality, integrity, authentication,
Symmetric encryption ensures and non‐repudiation
confidentiality and integrity
11 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Types of Encryption
Encryption
Encryption Standards
12 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Encryption Standards
Data Encryption Advanced Encryption
Standard (DES) Standard (AES)
Data Encryption Standard (DES) is the name
of the Federal information Processing Advanced Encryption Standard (AES) is
Standard (FIPS) 46‐3, which describes the a symmetric‐key encryption standard
data encryption algorithm (DEA) adopted by the U.S. government
The DEA is a symmetric cryptosystem It has a 128‐bit block size, with key
originally designed for implementation in sizes of 128, 192 and 256 bits,
hardware respectively, for AES‐128, AES‐192 and
DEA is also used for single‐user encryption, AES‐256
such as to store files on a hard disk in
encrypted form
13 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Types of Encryption
Encryption
Encryption Standards
14 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Digital Certificates
A digital certificate is an electronic card that provides credential information while
performing online transactions
It acts as an electronic counterpart to a drivers license, passport, or membership
card and verifies the identity of all users involved in online transactions
A digital certificate generally contains:
Details of owner’s public key Owner’s name
Digital signature of the Expiration date of
CA (issuer) public key
Name of the Certificate
Serial number of digital
Authority (CA) who issued the
signature
digital certificate
15 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How Digital Certificates Work
Certification Validation
Updates Information
Authority (CA) Authority (VA)
Request for Issuing
Certificate
Public Key
Registration Public Key Determined
Certificate
Certificate Result
Authority (RA)
User Applies for
Certificate
User Message in public key certificate
signed with digital signature
Public Key Validation of electronic signature
Inquires about public key certificate
Private Key validity to validation authority
16 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Types of Encryption
Encryption
Encryption Standards
17 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Digital Signature
Digital signature implements asymmetric cryptography to simulate the security
properties of a signature in digital, rather than written form
Digital signature schemes involve two encryption keys: a private key for signing the
message and a public key for verifying signatures
Digital standards follow the open standards as they are not tied to an individual or
manufacturer
It is often used to implement electronic signatures and can be used by any type of
message
It is independent of the signature verification between the sender and the receiver
18 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How Digital Signature Works
SIGN Append the signed ACCEPT
hash code to message
Decrypt message using
SEAL OPEN one‐time symmetric key
DELIVER VERIFY
Rehash the
message and
compare it
with the hash
value attached
Mail electronic envelopes with the mail
Unlock the hash value using
to the recipient sender’s PUBLIC key
19 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Types of Encryption
Encryption
Encryption Standards
20 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Cryptography Tool: TrueCrypt
TrueCrypt creates a virtual encrypted disk within a
file and mounts it as a real disk
Encrypts an entire partition or storage device such
as USB flash drive or hard drive
Encrypts a partition or drive where Windows is
installed (pre‐boot authentication)
Encryption is automatic, real‐time (on‐the‐fly), and
transparent
http://www.truecrypt.org
21 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Cryptography Tools
Folder Lock PixelCryptor
http://www.newsoftwares.net http://www.codegazer.com
AxCrypt EncryptOnClick
http://www.axantum.com http://www.2brightsparks.com
22 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Summary
Encryption is the process of converting data into a cipher text that cannot be understood
by the unauthorized people
Symmetric encryption uses only one key for both encryption and decryption, whereas
asymmetric encryption uses a public key for encryption and a private key for decryption
Encryption provides a higher level of trust when receiving files from other users by
ensuring that the source and contents of the message are trusted
A digital certificate is an electronic card that provides credential information when
performing online transactions
A digital signature implements asymmetric cryptography to simulate the security
properties of a signature in digital, rather than written form
23 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.