WEBVTT

1
00:00:00.000 --> 00:00:00.833
In this lesson,

2
00:00:00.833 --> 00:00:03.720
we will learn about Encryption Techniques.

3
00:00:03.720 --> 00:00:06.600
Encryption techniques encompass the methods

4
00:00:06.600 --> 00:00:11.430
and algorithms used to convert plain text into ciphertext

5
00:00:11.430 --> 00:00:14.820
to protect data from unauthorized access.

6
00:00:14.820 --> 00:00:18.990
Encryption techniques include Authenticated Encryption

7
00:00:18.990 --> 00:00:22.590
with Associated Data, or AEAD,

8
00:00:22.590 --> 00:00:25.200
and envelope encryption.

9
00:00:25.200 --> 00:00:28.050
AEAD is an encryption technique

10
00:00:28.050 --> 00:00:32.160
that simultaneously provides confidentiality, integrity,

11
00:00:32.160 --> 00:00:35.490
and authenticity for both the encrypted message

12
00:00:35.490 --> 00:00:38.070
and additional associated data.

13
00:00:38.070 --> 00:00:41.700
Envelope encryption involves using a data key

14
00:00:41.700 --> 00:00:45.600
to encrypt data and then encrypting that data key

15
00:00:45.600 --> 00:00:47.250
with a master key.

16
00:00:47.250 --> 00:00:50.310
Let's learn more about Authenticated Encryption

17
00:00:50.310 --> 00:00:53.400
with Associated Data, or AEAD,

18
00:00:53.400 --> 00:00:55.860
and envelope encryption.

19
00:00:55.860 --> 00:00:59.160
First, we have Authenticated Encryption

20
00:00:59.160 --> 00:01:02.460
with Associated Data, or AEAD.

21
00:01:02.460 --> 00:01:05.160
AEAD is a type of encryption

22
00:01:05.160 --> 00:01:07.770
that not only keeps data private,

23
00:01:07.770 --> 00:01:11.010
but also ensures that it hasn't been tampered with

24
00:01:11.010 --> 00:01:13.650
and comes from a legitimate source.

25
00:01:13.650 --> 00:01:17.670
AEAD can validate both the encrypted data

26
00:01:17.670 --> 00:01:21.300
and associated data known as additional

27
00:01:21.300 --> 00:01:24.960
authenticated data AD, which is not encrypted,

28
00:01:24.960 --> 00:01:29.070
but still needs protection against unauthorized changes.

29
00:01:29.070 --> 00:01:33.330
Think of AEAD like sending a secure package.

30
00:01:33.330 --> 00:01:37.410
The package itself is sealed to keep its contents private.

31
00:01:37.410 --> 00:01:39.240
That's the encrypted data.

32
00:01:39.240 --> 00:01:42.660
While the label, which holds important information remains

33
00:01:42.660 --> 00:01:45.210
visible, but protected from changes,

34
00:01:45.210 --> 00:01:47.340
that's the associated data.

35
00:01:47.340 --> 00:01:51.330
If anyone tries to alter the package or the label,

36
00:01:51.330 --> 00:01:53.550
a special security seal,

37
00:01:53.550 --> 00:01:56.730
much like an authentication tag, would break

38
00:01:56.730 --> 00:01:59.910
and alert the receiver that something went wrong.

39
00:01:59.910 --> 00:02:03.600
In this way, AEAD ensures both the package

40
00:02:03.600 --> 00:02:07.680
and its label arrived in act and authentic.

41
00:02:07.680 --> 00:02:11.520
To achieve AEAD, enhanced encryption modes

42
00:02:11.520 --> 00:02:13.860
like the Advanced Encryption Standard

43
00:02:13.860 --> 00:02:15.480
in the Galois Counter Mode,

44
00:02:15.480 --> 00:02:19.290
or AESGCM, are used.

45
00:02:19.290 --> 00:02:22.073
These allow the associated data to be bound

46
00:02:22.073 --> 00:02:25.890
to the encrypted message, ensuring any misuse

47
00:02:25.890 --> 00:02:30.300
or alteration can be detected and then rejected.

48
00:02:30.300 --> 00:02:34.500
AEAD encryption uses four inputs,

49
00:02:34.500 --> 00:02:38.580
a secret key, a nonce or initialization vector,

50
00:02:38.580 --> 00:02:40.740
the plaintext to be encrypted,

51
00:02:40.740 --> 00:02:43.830
and the optional authenticated data.

52
00:02:43.830 --> 00:02:48.210
A nonce, or initialization vector in AEAD is a

53
00:02:48.210 --> 00:02:52.020
unique and random value used only once

54
00:02:52.020 --> 00:02:55.860
to ensure that the encryption process produces different

55
00:02:55.860 --> 00:02:59.040
ciphertexts, even when the same plaintext

56
00:02:59.040 --> 00:03:00.750
and key are used.

57
00:03:00.750 --> 00:03:05.490
With its four inputs, the AEAD algorithm then produces

58
00:03:05.490 --> 00:03:09.000
ciphertext which keeps the data confidential

59
00:03:09.000 --> 00:03:11.550
and provides an authentication tag

60
00:03:11.550 --> 00:03:15.690
to verify the authenticity and integrity of the data.

61
00:03:15.690 --> 00:03:18.330
When the data reaches its destination,

62
00:03:18.330 --> 00:03:21.120
the receiver uses this tag to confirm

63
00:03:21.120 --> 00:03:23.550
that the message has not been altered.

64
00:03:23.550 --> 00:03:28.080
As you can see, AEAD goes beyond basic encryption

65
00:03:28.080 --> 00:03:30.720
by adding essential checks for integrity

66
00:03:30.720 --> 00:03:33.512
and authenticity, making it a strong choice

67
00:03:33.512 --> 00:03:35.940
for secure data transmission.

68
00:03:35.940 --> 00:03:39.030
Second, we have envelope encryption.

69
00:03:39.030 --> 00:03:42.690
Envelope Encryption is a method of protecting data

70
00:03:42.690 --> 00:03:45.300
by using two layers of encryption.

71
00:03:45.300 --> 00:03:49.740
First, a data key is used to encrypt the data itself,

72
00:03:49.740 --> 00:03:53.460
ensuring that the information is kept confidential

73
00:03:53.460 --> 00:03:54.840
and secure.

74
00:03:54.840 --> 00:03:59.250
This data key is then encrypted with a stronger master key,

75
00:03:59.250 --> 00:04:01.860
adding an extra layer of security.

76
00:04:01.860 --> 00:04:03.780
This is the envelope.

77
00:04:03.780 --> 00:04:06.990
The master key is usually managed separately,

78
00:04:06.990 --> 00:04:11.610
often using an asymmetric encryption algorithm like RSA,

79
00:04:11.610 --> 00:04:14.100
which uses a public and private key pair

80
00:04:14.100 --> 00:04:15.750
for added protection.

81
00:04:15.750 --> 00:04:17.760
Think of envelope encryption,

82
00:04:17.760 --> 00:04:21.180
like locking up valuable items in a box

83
00:04:21.180 --> 00:04:24.330
and then putting that box inside a safe.

84
00:04:24.330 --> 00:04:27.600
The data key acts like the lock on the box,

85
00:04:27.600 --> 00:04:30.210
keeping the data safe inside.

86
00:04:30.210 --> 00:04:33.240
The master key is like the physical safe

87
00:04:33.240 --> 00:04:37.710
that holds the box, providing another layer of security.

88
00:04:37.710 --> 00:04:41.460
This approach is commonly used in cloud services

89
00:04:41.460 --> 00:04:44.070
and secure applications where managing

90
00:04:44.070 --> 00:04:47.280
and protecting encryption keys is critical.

91
00:04:47.280 --> 00:04:50.970
For example, in a secure messaging app,

92
00:04:50.970 --> 00:04:54.900
envelope encryption ensures that the message is protected

93
00:04:54.900 --> 00:04:56.400
by the data key,

94
00:04:56.400 --> 00:04:59.610
while the master key protects the data key itself.

95
00:04:59.610 --> 00:05:03.280
This two-step process ensures that both the data

96
00:05:03.280 --> 00:05:07.050
and the keys that secure it are well protected,

97
00:05:07.050 --> 00:05:10.650
making it much harder for unauthorized parties

98
00:05:10.650 --> 00:05:14.070
to gain access to sensitive information.

99
00:05:14.070 --> 00:05:18.060
Envelope encryption makes it easier to manage security

100
00:05:18.060 --> 00:05:21.224
because the data key can be changed frequently without

101
00:05:21.224 --> 00:05:24.030
having to update the master key.

102
00:05:24.030 --> 00:05:28.080
This flexibility adds to its appeal as it allows

103
00:05:28.080 --> 00:05:31.200
for frequent updates to data security measures

104
00:05:31.200 --> 00:05:34.110
without compromising overall protection.

105
00:05:34.110 --> 00:05:38.490
So remember, encryption techniques use various methods

106
00:05:38.490 --> 00:05:41.640
and algorithms to convert readable data

107
00:05:41.640 --> 00:05:44.100
into unreadable cipher text,

108
00:05:44.100 --> 00:05:47.160
protecting it from unauthorized access.

109
00:05:47.160 --> 00:05:51.990
authenticated Encryption with Associated Data, or AEAD,

110
00:05:51.990 --> 00:05:54.360
not only encrypts the data,

111
00:05:54.360 --> 00:05:58.740
but also includes integrity checks, verifying that the data

112
00:05:58.740 --> 00:06:01.860
and any associated information like headers

113
00:06:01.860 --> 00:06:04.500
or metadata haven't been tampered with.

114
00:06:04.500 --> 00:06:07.150
This dual layer protection ensures

115
00:06:07.150 --> 00:06:09.240
that both the encrypted message

116
00:06:09.240 --> 00:06:13.200
and the associated data are secure and authentic.

117
00:06:13.200 --> 00:06:17.250
Next, envelope encryption adds an extra layer of protection

118
00:06:17.250 --> 00:06:19.800
by encrypting data with a data key

119
00:06:19.800 --> 00:06:22.440
and then securing that key with a master key.

120
00:06:22.440 --> 00:06:25.860
This layered approach helps safeguard both the data

121
00:06:25.860 --> 00:06:27.990
and the keys themselves.

122
00:06:27.990 --> 00:06:31.380
These techniques enhance data security

123
00:06:31.380 --> 00:06:34.560
by ensuring confidentiality, integrity,

124
00:06:34.560 --> 00:06:38.250
and authenticity, making them very important

125
00:06:38.250 --> 00:06:41.013
for protecting sensitive information.