WEBVTT

1
00:00:00.080 --> 00:00:01.624
In this section of the course,

2
00:00:01.624 --> 00:00:05.883
we're going to discuss advanced cryptographic concepts.

3
00:00:05.883 --> 00:00:08.497
The advanced cryptographic concept section

4
00:00:08.497 --> 00:00:12.508
of the course focuses on Domain 3, security engineering,

5
00:00:12.508 --> 00:00:15.495
specifically Objective 3.7,

6
00:00:15.495 --> 00:00:19.248
which states that you must be able to explain the importance

7
00:00:19.248 --> 00:00:22.116
of advanced cryptographic concepts.

8
00:00:22.116 --> 00:00:26.040
Understanding advanced cryptographic concepts is essential

9
00:00:26.040 --> 00:00:30.168
to protect sensitive data from complex and evolving threats.

10
00:00:30.168 --> 00:00:32.160
Managing encryption keys

11
00:00:32.160 --> 00:00:34.509
and selecting the right encryption techniques

12
00:00:34.509 --> 00:00:37.358
are the first vital steps in this process.

13
00:00:37.358 --> 00:00:40.358
However, as technology advances,

14
00:00:40.358 --> 00:00:42.499
considerations around security

15
00:00:42.499 --> 00:00:45.121
and performance become more intricate,

16
00:00:45.121 --> 00:00:47.008
especially with the emergence

17
00:00:47.008 --> 00:00:50.869
of new challenges like post-quantum cryptography.

18
00:00:50.869 --> 00:00:52.837
Starting now, collaboration

19
00:00:52.837 --> 00:00:57.314
in anticipating future post-quantum implications is critical

20
00:00:57.314 --> 00:01:00.312
for staying ahead of quantum processing

21
00:01:00.312 --> 00:01:04.154
to ensure security in a post-quantum world.

22
00:01:04.154 --> 00:01:06.134
As we go through this section,

23
00:01:06.134 --> 00:01:08.369
we will cover many topics related

24
00:01:08.369 --> 00:01:10.744
to advanced cryptographic concepts,

25
00:01:10.744 --> 00:01:14.609
including cryptographic blockers, key management,

26
00:01:14.609 --> 00:01:17.813
encryption techniques, security properties,

27
00:01:17.813 --> 00:01:21.859
collaborative considerations, performance considerations,

28
00:01:21.859 --> 00:01:26.859
post-quantum cryptography, and post-quantum implications.

29
00:01:27.063 --> 00:01:30.628
First, we will look at cryptographic blocker.

30
00:01:30.628 --> 00:01:34.128
Cryptographic blockers are obstacles or limitations

31
00:01:34.128 --> 00:01:37.710
that hinder or delay the implementation

32
00:01:37.710 --> 00:01:40.364
and effectiveness of encryption techniques.

33
00:01:40.364 --> 00:01:42.985
Cryptographic blockers should be assessed

34
00:01:42.985 --> 00:01:46.258
with a discussion of performance versus security.

35
00:01:46.258 --> 00:01:49.585
Performance versus security refers to the trade-off

36
00:01:49.585 --> 00:01:54.024
between the speed and efficiency of cryptographic processes

37
00:01:54.024 --> 00:01:56.614
and the level of security they provide.

38
00:01:56.614 --> 00:02:00.397
This means that higher security often requires

39
00:02:00.397 --> 00:02:02.363
more complex algorithms,

40
00:02:02.363 --> 00:02:06.678
which can slow down processing times, impacting performance.

41
00:02:06.678 --> 00:02:10.770
For example, a highly secure encryption algorithm

42
00:02:10.770 --> 00:02:12.641
like the Advanced Encryption Standard

43
00:02:12.641 --> 00:02:17.089
or AES-256 offers strong protection

44
00:02:17.089 --> 00:02:20.119
but may require more computational resources.

45
00:02:20.119 --> 00:02:23.864
This use of resources leads to a slower performance compared

46
00:02:23.864 --> 00:02:26.902
to a lighter, less secure encryption algorithm.

47
00:02:26.902 --> 00:02:29.992
This trade-off is a critical consideration

48
00:02:29.992 --> 00:02:34.111
when designing systems that need to balance robust security

49
00:02:34.111 --> 00:02:37.610
with operational efficiency, especially in environments

50
00:02:37.610 --> 00:02:40.746
where both speed and security are essential.

51
00:02:40.746 --> 00:02:43.596
Next, we will explore key management.

52
00:02:43.596 --> 00:02:46.253
Key management is made up of the processes

53
00:02:46.253 --> 00:02:50.327
and protocols that generate, distribute, store,

54
00:02:50.327 --> 00:02:53.490
and securely handle cryptographic keys

55
00:02:53.490 --> 00:02:54.602
throughout their life cycle.

56
00:02:54.602 --> 00:02:57.243
Key management concepts include key stretching

57
00:02:57.243 --> 00:02:58.730
and key splitting.

58
00:02:58.730 --> 00:03:02.500
Key stretching is a technique used to enhance the security

59
00:03:02.500 --> 00:03:05.120
of weak or short cryptographic keys

60
00:03:05.120 --> 00:03:07.650
by applying iterative hashing

61
00:03:07.650 --> 00:03:09.866
or encryption functions to that key.

62
00:03:09.866 --> 00:03:13.006
Key stretching makes brute force attacks more difficult.

63
00:03:13.006 --> 00:03:14.748
Key splitting, on the other hand,

64
00:03:14.748 --> 00:03:17.750
is a practice of dividing a cryptographic key

65
00:03:17.750 --> 00:03:19.502
into multiple parts.

66
00:03:19.502 --> 00:03:21.995
Each key part is then distributed

67
00:03:21.995 --> 00:03:25.117
and stored separately to increase security.

68
00:03:25.117 --> 00:03:28.364
Only by combining these separately stored key parts

69
00:03:28.364 --> 00:03:31.010
can the original key be reconstructed.

70
00:03:31.010 --> 00:03:34.370
In application, a system might use key stretching

71
00:03:34.370 --> 00:03:37.497
to strengthen a user's password-derived key

72
00:03:37.497 --> 00:03:39.364
before encrypting data,

73
00:03:39.364 --> 00:03:42.987
and then employ key splitting to store portions

74
00:03:42.987 --> 00:03:46.001
of the stretched key across different servers.

75
00:03:46.001 --> 00:03:47.759
This practice would ensure

76
00:03:47.759 --> 00:03:50.760
that even if one server is compromised,

77
00:03:50.760 --> 00:03:52.368
the key remains protected.

78
00:03:52.368 --> 00:03:55.535
After that, we will look at encryption techniques.

79
00:03:55.535 --> 00:03:58.770
Encryption techniques encompass the methods

80
00:03:58.770 --> 00:04:02.743
and algorithms used to convert plain text into ciphertext

81
00:04:02.743 --> 00:04:06.364
to protect the data from unauthorized access.

82
00:04:06.364 --> 00:04:08.489
Encryption techniques include

83
00:04:08.489 --> 00:04:13.489
Authenticated Encryption with Associated Data or AEAD

84
00:04:13.614 --> 00:04:15.982
and envelope encryption.

85
00:04:15.982 --> 00:04:19.109
Authenticated Encryption with Associated Data

86
00:04:19.109 --> 00:04:20.743
is an encryption technique

87
00:04:20.743 --> 00:04:24.848
that simultaneously provides confidentiality, integrity,

88
00:04:24.848 --> 00:04:28.498
and authenticity for both the encrypted message

89
00:04:28.498 --> 00:04:30.982
and additional associated data.

90
00:04:30.982 --> 00:04:34.492
The Authenticated Encryption with Associated Data ensures

91
00:04:34.492 --> 00:04:37.011
that any unauthorized modifications

92
00:04:37.011 --> 00:04:39.885
to the message or data are detectable.

93
00:04:39.885 --> 00:04:43.367
Envelope encryption involves using a data key

94
00:04:43.367 --> 00:04:44.850
to encrypt data

95
00:04:44.850 --> 00:04:48.119
and then encrypting that data key with a master key.

96
00:04:48.119 --> 00:04:51.337
This process ensures that both the data

97
00:04:51.337 --> 00:04:54.609
and the data key are securely protected.

98
00:04:54.609 --> 00:04:58.235
For example, in a secure messaging application,

99
00:04:58.235 --> 00:05:01.736
the Authenticated Encryption with Associated Data

100
00:05:01.736 --> 00:05:04.980
might be used to encrypt and authenticate a message

101
00:05:04.980 --> 00:05:09.241
while envelope encryption securely manages the keys used

102
00:05:09.241 --> 00:05:10.750
for encrypting the message,

103
00:05:10.750 --> 00:05:14.249
ensuring that both the data and its encryption keys

104
00:05:14.249 --> 00:05:16.500
are protected throughout the process.

105
00:05:16.500 --> 00:05:19.495
Next, we will explore security properties.

106
00:05:19.495 --> 00:05:22.364
Security properties are the essential attributes

107
00:05:22.364 --> 00:05:25.140
of confidentiality, integrity,

108
00:05:25.140 --> 00:05:28.242
and availability that ensure data protection.

109
00:05:28.242 --> 00:05:30.488
Security properties are realized

110
00:05:30.488 --> 00:05:33.992
through mutual authentication and forward secrecy.

111
00:05:33.992 --> 00:05:37.222
Mutual authentication is a security process

112
00:05:37.222 --> 00:05:38.357
where both parties

113
00:05:38.357 --> 00:05:42.618
in a digital conversation verify each other's identity.

114
00:05:42.618 --> 00:05:44.499
Mutual authentication ensures

115
00:05:44.499 --> 00:05:47.244
that both ends of the connection are trusted

116
00:05:47.244 --> 00:05:49.739
before data exchange occurs.

117
00:05:49.739 --> 00:05:51.999
Forward secrecy, on the other hand,

118
00:05:51.999 --> 00:05:54.868
is a property of cryptographic protocols

119
00:05:54.868 --> 00:05:58.387
that ensures the security of past and future sessions

120
00:05:58.387 --> 00:06:00.995
even if a private key is compromised.

121
00:06:00.995 --> 00:06:04.260
This is done by generating unique session keys

122
00:06:04.260 --> 00:06:05.731
for each session.

123
00:06:05.731 --> 00:06:08.501
In this practice, a private key compromise

124
00:06:08.501 --> 00:06:10.741
would only affect the current session.

125
00:06:10.741 --> 00:06:13.249
The compromise would not affect past

126
00:06:13.249 --> 00:06:15.503
or future session security,

127
00:06:15.503 --> 00:06:18.760
assuming forward secrecy is maintained in the future.

128
00:06:18.760 --> 00:06:22.750
In application, during a secure online transaction,

129
00:06:22.750 --> 00:06:26.615
mutual authentication may be used to ensure both the client

130
00:06:26.615 --> 00:06:29.493
and server authenticate with each other

131
00:06:29.493 --> 00:06:31.997
before conducting the transaction.

132
00:06:31.997 --> 00:06:35.879
Next, forward secrecy may be used to guarantee

133
00:06:35.879 --> 00:06:39.497
that even if the server's private key is compromised,

134
00:06:39.497 --> 00:06:43.766
past and future communication sessions remain secure.

135
00:06:43.766 --> 00:06:47.558
Following that, we will look at collaborative consideration.

136
00:06:47.558 --> 00:06:51.003
Collaborative considerations involve methods and protocols

137
00:06:51.003 --> 00:06:55.249
that enable secure, cooperative computing and data sharing

138
00:06:55.249 --> 00:06:59.251
among multiple parties without compromising security.

139
00:06:59.251 --> 00:07:01.990
Collaborative considerations include techniques

140
00:07:01.990 --> 00:07:04.123
such as homomorphic encryption

141
00:07:04.123 --> 00:07:07.732
and secure multi-party computation.

142
00:07:07.732 --> 00:07:10.332
Homomorphic encryption is a technique

143
00:07:10.332 --> 00:07:14.439
that enables computations to be performed on encrypted data

144
00:07:14.439 --> 00:07:16.499
without ever needing to decrypt it.

145
00:07:16.499 --> 00:07:19.614
This allows sensitive data to be securely shared

146
00:07:19.614 --> 00:07:21.746
with third parties for analysis

147
00:07:21.746 --> 00:07:24.756
without risking its exposure or compromise.

148
00:07:24.756 --> 00:07:26.541
With homomorphic encryption,

149
00:07:26.541 --> 00:07:29.751
data remains encrypted throughout the sharing process,

150
00:07:29.751 --> 00:07:32.121
ensuring that only the data owner

151
00:07:32.121 --> 00:07:35.007
can decrypt and access the original information.

152
00:07:35.007 --> 00:07:39.106
Secure multi-party computation, or SMPC,

153
00:07:39.106 --> 00:07:40.606
is a cryptographic method

154
00:07:40.606 --> 00:07:43.248
that allows several parties to work together

155
00:07:43.248 --> 00:07:47.141
to compute a result using their own individual inputs

156
00:07:47.141 --> 00:07:51.007
while keeping each party's input completely private.

157
00:07:51.007 --> 00:07:55.260
This means that no one involved learns anything

158
00:07:55.260 --> 00:07:59.238
about the other's data except the final shared secret.

159
00:07:59.238 --> 00:08:02.247
In application, several companies may want

160
00:08:02.247 --> 00:08:06.300
to collaboratively analyze each other's encrypted data sets

161
00:08:06.300 --> 00:08:09.894
without exposing their own individual data to the group.

162
00:08:09.894 --> 00:08:12.949
Homomorphic encryption would allow each company

163
00:08:12.949 --> 00:08:15.842
to perform their analysis on encrypted data

164
00:08:15.842 --> 00:08:18.622
while secure multi-party computation

165
00:08:18.622 --> 00:08:20.128
would ensure that the results

166
00:08:20.128 --> 00:08:22.354
are able to be computed collectively

167
00:08:22.354 --> 00:08:25.739
without revealing individual underlying data sets,

168
00:08:25.739 --> 00:08:28.748
maintaining privacy throughout the entire process.

169
00:08:28.748 --> 00:08:32.501
Then, we will explore performance consideration.

170
00:08:32.501 --> 00:08:35.130
Performance considerations balance the need

171
00:08:35.130 --> 00:08:37.684
for strong security with the efficiency

172
00:08:37.684 --> 00:08:40.353
and speed of cryptographic processes.

173
00:08:40.353 --> 00:08:42.240
Hardware acceleration

174
00:08:42.240 --> 00:08:44.500
is a primary performance consideration.

175
00:08:44.500 --> 00:08:48.615
Hardware acceleration uses specialized hardware components

176
00:08:48.615 --> 00:08:52.131
such as cryptographic processors or dedicated chips

177
00:08:52.131 --> 00:08:55.999
to perform encryption and decryption operations faster

178
00:08:55.999 --> 00:08:57.352
and more efficiently

179
00:08:57.352 --> 00:08:59.995
than would be possible with software alone.

180
00:08:59.995 --> 00:09:03.004
Hardware acceleration components are optimized

181
00:09:03.004 --> 00:09:05.989
to handle specific cryptographic algorithms,

182
00:09:05.989 --> 00:09:08.241
reducing the computational load

183
00:09:08.241 --> 00:09:11.413
on general-purpose CPU processors.

184
00:09:11.413 --> 00:09:12.493
In this way,

185
00:09:12.493 --> 00:09:16.497
hardware acceleration improves overall system performance.

186
00:09:16.497 --> 00:09:20.122
For example, on a high-frequency trading platform

187
00:09:20.122 --> 00:09:23.239
where both speed and security are critical,

188
00:09:23.239 --> 00:09:25.852
hardware acceleration may be employed

189
00:09:25.852 --> 00:09:29.869
to execute complex cryptographic operations rapidly,

190
00:09:29.869 --> 00:09:32.107
ensuring secure transactions

191
00:09:32.107 --> 00:09:34.867
without compromising system performance.

192
00:09:34.867 --> 00:09:39.867
Next, we'll explore post-quantum cryptography or PQC.

193
00:09:40.131 --> 00:09:42.600
Post-quantum cryptography refers

194
00:09:42.600 --> 00:09:46.336
to cryptographic algorithms specifically designed

195
00:09:46.336 --> 00:09:49.126
to withstand the advanced threats posed

196
00:09:49.126 --> 00:09:50.742
by quantum computers.

197
00:09:50.742 --> 00:09:54.747
Quantum computers, with their immense computational power,

198
00:09:54.747 --> 00:09:58.121
are expected to break many of the encryption methods

199
00:09:58.121 --> 00:10:01.004
that are currently relied upon for security.

200
00:10:01.004 --> 00:10:04.850
In this post-quantum cryptography section of the course,

201
00:10:04.850 --> 00:10:08.902
we will compare post-quantum cryptography to Diffie-Hellman

202
00:10:08.902 --> 00:10:11.366
and elliptic curve cryptography.

203
00:10:11.366 --> 00:10:14.982
First, let's define quantum cryptography.

204
00:10:14.982 --> 00:10:19.122
Quantum cryptography leverages principles like superposition

205
00:10:19.122 --> 00:10:22.357
and entanglement to secure communication

206
00:10:22.357 --> 00:10:25.365
at a level that is theoretically unbreakable.

207
00:10:25.365 --> 00:10:29.689
Furthermore, any attempt to eavesdrop would be detectable.

208
00:10:29.689 --> 00:10:33.362
Central to this capability is the use of Qubits,

209
00:10:33.362 --> 00:10:35.858
which, unlike classical bits,

210
00:10:35.858 --> 00:10:38.505
which can only exist as a one or a zero,

211
00:10:38.505 --> 00:10:41.753
can exist in multiple states simultaneously.

212
00:10:41.753 --> 00:10:43.940
This enables quantum computers

213
00:10:43.940 --> 00:10:46.504
to perform many calculations at once,

214
00:10:46.504 --> 00:10:49.685
dramatically increasing their processing power.

215
00:10:49.685 --> 00:10:54.339
So, while quantum cryptography offers unmatched security,

216
00:10:54.339 --> 00:10:58.137
it also drives the need for post-quantum cryptography

217
00:10:58.137 --> 00:11:00.378
to protect against quantum computers

218
00:11:00.378 --> 00:11:03.008
that could break current encryption methods.

219
00:11:03.008 --> 00:11:06.116
Diffie-Hellman and elliptic curve cryptography

220
00:11:06.116 --> 00:11:08.502
are vulnerable to quantum attacks,

221
00:11:08.502 --> 00:11:13.252
specifically by quantum algorithms like Shor's algorithm.

222
00:11:13.252 --> 00:11:16.919
Shor's algorithm could solve the mathematical problems

223
00:11:16.919 --> 00:11:20.745
that Diffie-Hellman and elliptic curve cryptography rely on.

224
00:11:20.745 --> 00:11:24.481
In summary, the realization of quantum computing

225
00:11:24.481 --> 00:11:26.391
will necessitate a shift

226
00:11:26.391 --> 00:11:30.358
to post-quantum cryptography algorithms that ensure

227
00:11:30.358 --> 00:11:34.230
that encrypted data remains secure in a post-quantum world.

228
00:11:34.230 --> 00:11:37.980
Finally, we will look at post-quantum implications.

229
00:11:37.980 --> 00:11:41.745
Post-quantum implications involve the future challenges

230
00:11:41.745 --> 00:11:43.747
and necessary adaptations

231
00:11:43.747 --> 00:11:47.002
to secure data against the decryption capabilities

232
00:11:47.002 --> 00:11:48.619
of quantum computers.

233
00:11:48.619 --> 00:11:52.371
Post-quantum implications include assessing resistance

234
00:11:52.371 --> 00:11:54.738
to quantum computing decryption attack

235
00:11:54.738 --> 00:11:57.627
and emerging quantum implementations.

236
00:11:57.627 --> 00:12:01.011
Resistance to quantum computing decryption attack refers

237
00:12:01.011 --> 00:12:03.987
to the development of cryptographic algorithms

238
00:12:03.987 --> 00:12:07.246
that can withstand the powerful decryption techniques

239
00:12:07.246 --> 00:12:09.619
enabled by quantum computing.

240
00:12:09.619 --> 00:12:12.347
Implementations of post-quantum algorithms

241
00:12:12.347 --> 00:12:14.450
are being developed and tested

242
00:12:14.450 --> 00:12:17.842
to replace or augment the current encryption methods

243
00:12:17.842 --> 00:12:20.243
to ensure data remains secure

244
00:12:20.243 --> 00:12:23.335
even as quantum technology advances.

245
00:12:23.335 --> 00:12:27.348
For example, organizations are beginning to explore

246
00:12:27.348 --> 00:12:29.873
and implement post-quantum algorithms

247
00:12:29.873 --> 00:12:32.242
like lattice-based cryptography

248
00:12:32.242 --> 00:12:34.614
to protect sensitive information.

249
00:12:34.614 --> 00:12:39.116
This is being done because organizations anticipate a day

250
00:12:39.116 --> 00:12:40.753
when quantum computers

251
00:12:40.753 --> 00:12:43.991
could render current encryption models ineffective.

252
00:12:43.991 --> 00:12:46.937
To finish things off, we'll take a short quiz

253
00:12:46.937 --> 00:12:49.855
to see what you learn during this section of the course,

254
00:12:49.855 --> 00:12:53.420
and we will review each of those quiz questions fully

255
00:12:53.420 --> 00:12:56.589
to ensure you can explain why the right answers were right

256
00:12:56.589 --> 00:12:58.492
and the wrong answers were wrong.

257
00:12:58.492 --> 00:13:00.243
So let's get ready

258
00:13:00.243 --> 00:13:03.356
to dive into advanced cryptographic concepts

259
00:13:03.356 --> 00:13:05.883
in this section of the course.