WEBVTT 1 00:00:00.000 --> 00:00:01.800 In this section of the course, 2 00:00:01.800 --> 00:00:04.800 we are going to discuss cryptographic types. 3 00:00:04.800 --> 00:00:07.200 The cryptographic type section of the course 4 00:00:07.200 --> 00:00:10.350 focuses on Domain 3, Security Engineering, 5 00:00:10.350 --> 00:00:13.200 specifically Objective 3.8, 6 00:00:13.200 --> 00:00:15.480 which states that given a scenario, 7 00:00:15.480 --> 00:00:17.100 you must be able to apply 8 00:00:17.100 --> 00:00:20.940 an appropriate cryptographic use case and/or technique. 9 00:00:20.940 --> 00:00:23.280 In enterprise management and security, 10 00:00:23.280 --> 00:00:26.880 understanding the tools that protect our data is critical. 11 00:00:26.880 --> 00:00:28.950 If we don't fully understand a tool, 12 00:00:28.950 --> 00:00:31.140 then we won't be able to fully employ it. 13 00:00:31.140 --> 00:00:32.640 One of the most important tools 14 00:00:32.640 --> 00:00:35.790 we use in enterprise security is cryptography. 15 00:00:35.790 --> 00:00:38.970 Cryptography is the practice of securing information 16 00:00:38.970 --> 00:00:41.520 by turning it into an unreadable format, 17 00:00:41.520 --> 00:00:45.450 accessible only to those with a valid decryption key. 18 00:00:45.450 --> 00:00:47.130 Different cryptographic types 19 00:00:47.130 --> 00:00:50.220 serve different cryptographic purposes in the network. 20 00:00:50.220 --> 00:00:54.270 For example, symmetric encryption may be used for fast, 21 00:00:54.270 --> 00:00:56.580 bulk encryption and decryption. 22 00:00:56.580 --> 00:00:59.700 In this way, we can protect our data at rest. 23 00:00:59.700 --> 00:01:03.060 Conversely, asymmetric encryption may be used 24 00:01:03.060 --> 00:01:06.060 for secure key exchange and digital signatures. 25 00:01:06.060 --> 00:01:09.510 In this way, asymmetric encryption is used to ensure 26 00:01:09.510 --> 00:01:12.510 that data remains confidential, authentic, 27 00:01:12.510 --> 00:01:14.190 and resistant to tampering. 28 00:01:14.190 --> 00:01:17.280 In any case, cryptographic techniques are fundamental 29 00:01:17.280 --> 00:01:19.590 to maintaining trust within the network. 30 00:01:19.590 --> 00:01:21.360 This foundation of trust 31 00:01:21.360 --> 00:01:24.840 is built on how we handle encryption, key management, 32 00:01:24.840 --> 00:01:26.790 and managing the authenticity 33 00:01:26.790 --> 00:01:29.250 and integrity of our communications. 34 00:01:29.250 --> 00:01:31.050 As we go through this section, 35 00:01:31.050 --> 00:01:34.710 we will cover many topics related to cryptographic types, 36 00:01:34.710 --> 00:01:39.030 including symmetric cryptography, symmetric algorithms, 37 00:01:39.030 --> 00:01:42.030 symmetric cryptography considerations, 38 00:01:42.030 --> 00:01:46.050 asymmetric cryptography, asymmetric algorithms, 39 00:01:46.050 --> 00:01:51.050 digital signatures, and asymmetric cryptography use cases. 40 00:01:51.210 --> 00:01:54.660 First, we will look at symmetric cryptography. 41 00:01:54.660 --> 00:01:57.300 Symmetric cryptography is a type of encryption 42 00:01:57.300 --> 00:01:59.190 where the same key is used 43 00:01:59.190 --> 00:02:02.610 for both encrypting and decrypting data. 44 00:02:02.610 --> 00:02:05.760 Symmetric cryptography concepts include techniques 45 00:02:05.760 --> 00:02:09.540 such as one-time pad and lightweight cryptography. 46 00:02:09.540 --> 00:02:13.050 Symmetric cryptography commonly utilizing algorithms 47 00:02:13.050 --> 00:02:16.530 such as the Advanced Encryption Standard or AES 48 00:02:16.530 --> 00:02:20.700 is widely used for its efficiency in securing data quickly 49 00:02:20.700 --> 00:02:21.990 and in bulk. 50 00:02:21.990 --> 00:02:24.300 Techniques such as the one-time pad 51 00:02:24.300 --> 00:02:28.110 may even offer theoretically unbreakable encryption. 52 00:02:28.110 --> 00:02:30.810 Theoretically unbreakable encryption is possible 53 00:02:30.810 --> 00:02:33.630 because the one-time pad encryption technique 54 00:02:33.630 --> 00:02:37.920 uses a random key, which is as long as the message itself. 55 00:02:37.920 --> 00:02:41.100 When the long random key is combined with the message, 56 00:02:41.100 --> 00:02:44.760 it produces a ciphertext that is so complex, 57 00:02:44.760 --> 00:02:47.400 it is theoretically unbreakable. 58 00:02:47.400 --> 00:02:49.650 Lightweight cryptography, on the other hand, 59 00:02:49.650 --> 00:02:52.380 is designed for environments with limited power 60 00:02:52.380 --> 00:02:56.970 and cryptographic processing resources such as IoT devices. 61 00:02:56.970 --> 00:02:59.070 Lightweight cryptography can provide 62 00:02:59.070 --> 00:03:00.990 an adequate level of security, 63 00:03:00.990 --> 00:03:04.650 while consuming a minimal amount of computational power. 64 00:03:04.650 --> 00:03:06.930 For example, a smart device 65 00:03:06.930 --> 00:03:09.510 may use lightweight symmetric encryption 66 00:03:09.510 --> 00:03:12.300 to securely communicate with a central server, 67 00:03:12.300 --> 00:03:13.950 ensuring data protection 68 00:03:13.950 --> 00:03:17.340 without overwhelming the smart device's resources. 69 00:03:17.340 --> 00:03:20.970 Next, we will explore symmetric algorithms. 70 00:03:20.970 --> 00:03:23.550 Symmetric algorithms are encryption methods 71 00:03:23.550 --> 00:03:26.640 that result in the creation of a single key. 72 00:03:26.640 --> 00:03:30.030 The result in symmetric key is used for both encrypting 73 00:03:30.030 --> 00:03:31.800 and decrypting data. 74 00:03:31.800 --> 00:03:33.930 Symmetric encryption algorithms 75 00:03:33.930 --> 00:03:37.380 include the Data Encryption Standard or DES, 76 00:03:37.380 --> 00:03:41.280 the Triple Data Encryption Standard or 3DES, 77 00:03:41.280 --> 00:03:44.580 Rivest Cipher 4 or RC4, 78 00:03:44.580 --> 00:03:49.200 Blowfish, and the Advanced Encryption Standard or AES. 79 00:03:49.200 --> 00:03:51.930 Let's take a minute to discuss each of these. 80 00:03:51.930 --> 00:03:55.110 The Data Encryption Standard was one of the earliest used 81 00:03:55.110 --> 00:03:57.300 symmetric encryption algorithms. 82 00:03:57.300 --> 00:04:00.030 Over time, its short key length 83 00:04:00.030 --> 00:04:03.690 made it vulnerable to attack, leading to the development 84 00:04:03.690 --> 00:04:06.360 of the Triple Data Encryption Standard. 85 00:04:06.360 --> 00:04:08.190 The Triple Data Encryption Standard 86 00:04:08.190 --> 00:04:11.550 applies the data encryption standard three times 87 00:04:11.550 --> 00:04:13.020 for added security. 88 00:04:13.020 --> 00:04:14.700 The Data Encryption Standard 89 00:04:14.700 --> 00:04:16.890 and the Triple Data Encryption Standard 90 00:04:16.890 --> 00:04:18.870 are considered block ciphers. 91 00:04:18.870 --> 00:04:23.100 A block cipher transforms fixed size blocks of data 92 00:04:23.100 --> 00:04:26.340 into ciphertext using a symmetric key. 93 00:04:26.340 --> 00:04:30.270 A stream cipher, on the other hand, encrypts data one bit 94 00:04:30.270 --> 00:04:33.270 or byte at a time using a key stream 95 00:04:33.270 --> 00:04:35.550 generated from a symmetric key. 96 00:04:35.550 --> 00:04:37.560 Stream ciphers are often used 97 00:04:37.560 --> 00:04:40.050 for voice and video communications. 98 00:04:40.050 --> 00:04:44.970 Rivest Cipher 4 or RC4 is a symmetric stream cipher 99 00:04:44.970 --> 00:04:47.220 known for its simplicity and speed, 100 00:04:47.220 --> 00:04:49.620 though it has been largely deprecated 101 00:04:49.620 --> 00:04:51.510 due to inherent vulnerabilities. 102 00:04:51.510 --> 00:04:55.020 Blowfish offers a flexible symmetric key length 103 00:04:55.020 --> 00:04:57.990 and has been widely used in software encryption. 104 00:04:57.990 --> 00:04:59.610 The Advanced Encryption Standard 105 00:04:59.610 --> 00:05:02.340 is the current standard for symmetric encryption 106 00:05:02.340 --> 00:05:05.640 and is known for its strong security and efficiency. 107 00:05:05.640 --> 00:05:07.110 After that, we will look 108 00:05:07.110 --> 00:05:09.390 at symmetric cryptography considerations. 109 00:05:09.390 --> 00:05:11.580 Symmetric cryptography considerations 110 00:05:11.580 --> 00:05:13.440 include resource considerations, 111 00:05:13.440 --> 00:05:15.690 as well as comparing centralized 112 00:05:15.690 --> 00:05:18.480 versus decentralized key management techniques. 113 00:05:18.480 --> 00:05:21.480 Big picture symmetric cryptography considerations 114 00:05:21.480 --> 00:05:24.900 involve evaluating the efficiency, security, 115 00:05:24.900 --> 00:05:28.170 and practicality of using symmetric encryption. 116 00:05:28.170 --> 00:05:31.110 One important cryptographic consideration 117 00:05:31.110 --> 00:05:32.970 is the number of resources 118 00:05:32.970 --> 00:05:35.580 that are needed to apply the encryption. 119 00:05:35.580 --> 00:05:39.720 Resource considerations focus on the computational power 120 00:05:39.720 --> 00:05:42.720 required for encryption and decryption. 121 00:05:42.720 --> 00:05:45.300 Resource requirements are generally low 122 00:05:45.300 --> 00:05:47.100 for symmetric algorithms, 123 00:05:47.100 --> 00:05:51.090 making them ideal for environments with limited resources. 124 00:05:51.090 --> 00:05:53.520 Next, let's compare centralized 125 00:05:53.520 --> 00:05:55.830 and decentralized key management. 126 00:05:55.830 --> 00:05:59.400 Centralized key management involves a single entity 127 00:05:59.400 --> 00:06:01.770 controlling all the encryption keys. 128 00:06:01.770 --> 00:06:05.070 This centralization simplifies key management, 129 00:06:05.070 --> 00:06:07.410 but creates a single point of failure. 130 00:06:07.410 --> 00:06:09.270 Decentralized key management 131 00:06:09.270 --> 00:06:12.450 distributes control across multiple entities. 132 00:06:12.450 --> 00:06:15.900 This decentralization increases security 133 00:06:15.900 --> 00:06:18.480 at the cost of increased complexity. 134 00:06:18.480 --> 00:06:21.330 For example, in a large enterprise, 135 00:06:21.330 --> 00:06:24.450 centralized key management might be preferred 136 00:06:24.450 --> 00:06:28.320 to streamline the encryption process across all devices. 137 00:06:28.320 --> 00:06:30.180 While on a separate scenario, 138 00:06:30.180 --> 00:06:32.970 decentralized key management may be used 139 00:06:32.970 --> 00:06:36.000 in a more complex multi-cloud environment 140 00:06:36.000 --> 00:06:38.430 to ensure that no single cloud provider 141 00:06:38.430 --> 00:06:40.710 holds all the encryption keys. 142 00:06:40.710 --> 00:06:44.610 Next, we will explore asymmetric cryptography. 143 00:06:44.610 --> 00:06:46.290 Asymmetric cryptography, 144 00:06:46.290 --> 00:06:49.020 also known as public key cryptography, 145 00:06:49.020 --> 00:06:53.130 uses a pair of keys, one public and one private, 146 00:06:53.130 --> 00:06:55.260 to encrypt and decrypt the data. 147 00:06:55.260 --> 00:06:58.380 In application, one key is used for encryption 148 00:06:58.380 --> 00:07:00.900 and the other is used for decryption. 149 00:07:00.900 --> 00:07:04.200 The same public or private key cannot be used 150 00:07:04.200 --> 00:07:06.960 for both encryption and decryption. 151 00:07:06.960 --> 00:07:09.810 Asymmetric cryptography is widely used 152 00:07:09.810 --> 00:07:12.720 for secure communications, digital signatures, 153 00:07:12.720 --> 00:07:15.210 and the key exchange process. 154 00:07:15.210 --> 00:07:18.630 The computational overhead of asymmetric encryption 155 00:07:18.630 --> 00:07:21.540 is higher than for symmetric encryption. 156 00:07:21.540 --> 00:07:24.270 In application, an organization may use 157 00:07:24.270 --> 00:07:28.740 asymmetric cryptography to sign in-house developed code 158 00:07:28.740 --> 00:07:31.740 to validate its authenticity and integrity. 159 00:07:31.740 --> 00:07:33.750 When a client downloads the code, 160 00:07:33.750 --> 00:07:35.670 they can decrypt the signature 161 00:07:35.670 --> 00:07:38.760 and be confident the code has not been tampered with 162 00:07:38.760 --> 00:07:41.700 and has originated from a trusted source. 163 00:07:41.700 --> 00:07:45.420 Following that, we will look at asymmetric algorithms. 164 00:07:45.420 --> 00:07:47.370 Asymmetric encryption algorithms 165 00:07:47.370 --> 00:07:49.200 are cryptographic techniques 166 00:07:49.200 --> 00:07:51.840 that result in the generation of key pairs, 167 00:07:51.840 --> 00:07:54.180 one public and one private key. 168 00:07:54.180 --> 00:07:58.170 These key pairs are used for encryption and decryption. 169 00:07:58.170 --> 00:08:00.030 Asymmetric encryption algorithms 170 00:08:00.030 --> 00:08:03.930 include the Digital Signature Algorithm or DSA, 171 00:08:03.930 --> 00:08:06.600 Rivest-Shamir-Adleman or RSA, 172 00:08:06.600 --> 00:08:09.510 Diffie-Hellman or DH, 173 00:08:09.510 --> 00:08:13.230 and Elliptic Curve Cryptography or ECC. 174 00:08:13.230 --> 00:08:16.860 Let's explore each of these algorithms in further detail. 175 00:08:16.860 --> 00:08:18.840 The Digital Signature Algorithm 176 00:08:18.840 --> 00:08:21.360 is used for creating digital signatures, 177 00:08:21.360 --> 00:08:23.700 ensuring data authenticity. 178 00:08:23.700 --> 00:08:26.700 RSA is named for the creators of the algorithm, 179 00:08:26.700 --> 00:08:28.740 Rivest-Shamir-Adleman, 180 00:08:28.740 --> 00:08:31.650 and is widely used for secure data transmission 181 00:08:31.650 --> 00:08:33.390 and digital signatures. 182 00:08:33.390 --> 00:08:36.180 Diffie-Hellman is also named for its creators, 183 00:08:36.180 --> 00:08:37.230 Diffie and Hellman, 184 00:08:37.230 --> 00:08:39.660 and is used for secured key exchange 185 00:08:39.660 --> 00:08:41.790 over an insecure channel. 186 00:08:41.790 --> 00:08:44.490 Finally, Elliptic Curve Cryptography 187 00:08:44.490 --> 00:08:48.240 offers similar security to the RSA algorithm, 188 00:08:48.240 --> 00:08:50.250 but with smaller key sizes, 189 00:08:50.250 --> 00:08:52.920 making it more efficient and desirable. 190 00:08:52.920 --> 00:08:56.310 Next, we will explore digital signatures. 191 00:08:56.310 --> 00:08:59.370 A digital signature is a cryptographic technique 192 00:08:59.370 --> 00:09:01.320 that ensures the authenticity 193 00:09:01.320 --> 00:09:04.350 and integrity of a message or document. 194 00:09:04.350 --> 00:09:08.220 It uses a pair of keys, a private key to sign the data 195 00:09:08.220 --> 00:09:11.970 and the corresponding public key to verify the signature. 196 00:09:11.970 --> 00:09:15.300 With the sender's public key, the signature recipient 197 00:09:15.300 --> 00:09:17.790 can confirm the identity of the sender 198 00:09:17.790 --> 00:09:21.120 to ensure the content of the message has not been altered. 199 00:09:21.120 --> 00:09:23.310 For example, in application, 200 00:09:23.310 --> 00:09:26.460 an organization can digitally sign a contract. 201 00:09:26.460 --> 00:09:29.190 Upon receipt, the contract recipient 202 00:09:29.190 --> 00:09:31.710 can verify that the signature is valid 203 00:09:31.710 --> 00:09:34.230 and that the contract has not been tampered with. 204 00:09:34.230 --> 00:09:37.020 Along with this authenticity and integrity, 205 00:09:37.020 --> 00:09:40.800 a digital signature can also provide non-repudiation. 206 00:09:40.800 --> 00:09:43.080 Non-repudiation in this case 207 00:09:43.080 --> 00:09:45.150 means that the sender cannot deny 208 00:09:45.150 --> 00:09:47.250 having signed the contract. 209 00:09:47.250 --> 00:09:48.660 They cannot deny it 210 00:09:48.660 --> 00:09:51.960 because the contract was signed with their private key, 211 00:09:51.960 --> 00:09:54.870 and they keep their private key private. 212 00:09:54.870 --> 00:09:58.710 Finally, we will look at asymmetric cryptography use cases. 213 00:09:58.710 --> 00:10:02.430 Asymmetric cryptography use cases involve scenarios 214 00:10:02.430 --> 00:10:05.370 where a public and private key pair is utilized 215 00:10:05.370 --> 00:10:08.700 to secure communications and authenticate users. 216 00:10:08.700 --> 00:10:10.890 Asymmetric cryptography use cases 217 00:10:10.890 --> 00:10:14.010 include certificate-based authentication, 218 00:10:14.010 --> 00:10:17.640 passwordless authentication, and secure email. 219 00:10:17.640 --> 00:10:19.380 Certificate-based authentication 220 00:10:19.380 --> 00:10:22.800 uses digital certificates to validate identities. 221 00:10:22.800 --> 00:10:26.400 Passwordless authentication uses cryptographic keys 222 00:10:26.400 --> 00:10:28.710 to eliminate the need for passwords. 223 00:10:28.710 --> 00:10:31.980 Secure email employs asymmetric encryption 224 00:10:31.980 --> 00:10:34.290 to ensure that email communications 225 00:10:34.290 --> 00:10:36.750 are confidential from end to end 226 00:10:36.750 --> 00:10:39.810 and can only be read by the intended recipient. 227 00:10:39.810 --> 00:10:43.050 For example, when a user sends an encrypted email 228 00:10:43.050 --> 00:10:45.240 using the recipient's public key, 229 00:10:45.240 --> 00:10:48.300 only the recipient with their own private key 230 00:10:48.300 --> 00:10:50.670 can decrypt and read the email. 231 00:10:50.670 --> 00:10:53.430 To finish things off, we'll take a short quiz 232 00:10:53.430 --> 00:10:56.640 to see what you learned during this section of the course, 233 00:10:56.640 --> 00:10:59.970 and we will review each of those quiz questions fully 234 00:10:59.970 --> 00:11:03.420 to ensure you can explain why the right answers were right 235 00:11:03.420 --> 00:11:05.280 and the wrong answers were wrong. 236 00:11:05.280 --> 00:11:09.330 So let's get ready to dive into cryptographic types 237 00:11:09.330 --> 00:11:11.133 in this section of the course.