4/24/2018 Understanding Cisco Cybersecurity Fundamentals

4.5 Understanding Basic Cryptography Concepts

Encryption Overview

Open Transcript

Encryption is the process of disguising a message in such a way as to hide its original contents. With encryption, the
plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message. Decryption reverses
this process. Encryption is used to guarantee confidentiality so that only authorized entities can read the original message.

26%

Initializing...
https://ondemandelearning.cisco.com/cybersec-nil/secfnd/sections/4/pages/5 1/4
4/24/2018 Understanding Cisco Cybersecurity Fundamentals
Initializing...
Old encryption methods, such as the Caesar cipher, were based on the secrecy of the algorithm to achieve confidentiality. It
is difficult to maintain the secrecy of an encryption algorithm, and it is difficult to devise new secret encryption algorithms to
replace ones which are no longer secret. Modern encryption relies on public algorithms that are cryptographically strong
using secret keys. It is much easier to change keys than it is to change algorithms. In fact, most cryptographic systems
dynamically generate new keys over time, limiting the amount of data that may be compromised with the loss of a single
key.

Encryption can provide confidentiality at various layers of the OSI model, such as the following:

• Encrypt application layer data, such as encrypting email messages with PGP.

• Encrypt session layer data using a protocol such as SSL or TLS.

• Encrypt network layer data using protocols such as those provided in the IPsec protocol suite.

• Encrypt data link layer using MACsec (IEEE 802.1AE) or proprietary link-encrypting devices.

Encryption Algorithm Features

A good cryptographic algorithm is designed in such a way that it resists common cryptographic attacks. The best way to
break data that is protected by the algorithm is to try to decrypt the data using all possible keys. The amount of time that
such an attack needs depends on the number of possible keys, but the time is generally very long. With appropriately long
keys, such attacks are usually considered unfeasible.

Variable key lengths and scalability are also desirable attributes of a good encryption algorithm. The longer the encryption
key is, the longer it takes an attacker to break it. For example, a 16-bit key means that there are 65,536 possible keys, but a
56-bit key means that there are 7.2 x 1016 possible keys. Scalability provides flexible key length and allows you to select the
strength and speed of encryption that you need.

Changing only a few bits of the plaintext message causes its ciphertext to change completely, which is known as an
avalanche effect. The avalanche effect is a desired feature of an encryption algorithm, because it allows very similar
messages to be sent over an untrusted medium, with the encrypted (ciphertext) messages being completely different.

You must carefully consider export and import restrictions when you use encryption internationally. Some countries do not
allow the export of encryption algorithms, or they allow only the export of those algorithms with shorter keys. Some
countries impose import restrictions on cryptographic algorithms.

In January 2000, the restrictions that the U.S. Department of Commerce placed on export regulations were dramatically
relaxed. Currently, any cryptographic product is exportable under a license exception, unless the end users are
governments outside of the United States or are embargoed.

Encryption Algorithms and Keys

A key is a required parameter for encryption algorithms. There are two classes of encryption algorithms, which differ in their
use of keys:

• Symmetric encryption algorithm: Uses the same key to encrypt and decrypt data

• Asymmetric encryption algorithm: Uses different keys to encrypt and decrypt data

Content Review Question

Which one of the following options is used to determine the strength of a modern encryption algorithm?
https://ondemandelearning.cisco.com/cybersec-nil/secfnd/sections/4/pages/5 2/4
4/24/2018 Understanding Cisco Cybersecurity Fundamentals

encryption operations OSI layer

cipher block size

key size

message digest (fingerprint) size

Submit

Content Review Question

What is the primary purpose for using an encryption algorithm on a message?

authentication

confidentiality

availability

integrity

Submit

Content Review Question

After encryption has been applied to a message, what is the message identified as?

message digest

ciphertext

hash result

fingerprint

https://ondemandelearning.cisco.com/cybersec-nil/secfnd/sections/4/pages/5 3/4
4/24/2018 Understanding Cisco Cybersecurity Fundamentals

Submit

Content Review Question

Which type of encryption algorithm uses the same key to encrypt and decrypt data?

symmetric encryption algorithm

Diffie-Hellman algorithm

asymmetric encryption algorithm

dodecaphonic algorithm

Submit

Content Review Question

Which type of encryption algorithm uses the different but related keys to encrypt and decrypt data?

symmetric encryption algorithm

Diffie-Hellman algorithm

asymmetric encryption algorithm

dodecaphonic algorithm

Submit

https://ondemandelearning.cisco.com/cybersec-nil/secfnd/sections/4/pages/5 4/4