ENCRYPTION METHODS AND APPLICATIONS

(CISCO CERTIFIED SUPPORT TECHNICIAN)

CCST CYBERSECURITY
DURATION: 3 MONTHS
AMEER HAMZA
GOVERNMENT COLLEGE OF TECHNOLOGY, SAMANABAD,
FAISALABAD

1
CONTENTS
 Types of Encryption

 Hashing

 Certificates and Public Key Infrastructure

 Strong vs. Weak Encryption Algorithms

 State of Data and Appropriate Encryption

 Protocol Using Encryption

2
Types of Encryption

3
Types of Encryption

4
Types of Encryption

5
Types of Encryption

6
Types of Encryption
 Using Symmetric encryption for stored data generally works well, but using
it to transmit data across a network can be difficult.
 The main issue of using symmetric encryption for transmission encryptions
is transmitting a key securely from a message sender to the receiver.
 Asymmetric encryption algorithms are slower but do not encounter the key
distribution problem of symmetric algorithms.
 With an asymmetric encryption algorithm, the first step is to create a key
pair consisting of a public key and a private key.
 Each subject must protect their private key but can publish their public key
without restriction. To ensure the confidentiality of data, a data owner or
message sender would encrypt data with the intended recipient's public
key. 7
Types of Encryption
 The only way to decrypt such a message is with the corresponding private
key, which belongs to the intended recipient. In this way, a sender can
encrypt a message that only the intended recipient can decrypt.
 Asymmetric encryption can do more than just protect confidentiality. If a
message sender encrypted a message with the private key, anyone with
that sender's public key could decrypt that message
 While this approach does not guarantee confidentiality, it does guarantee
that successful decryption proves that the sender encrypted the message,
thereby guaranteeing the authenticity of the sender.
 Guaranteeing the authenticity of the sender is a property called non-
repudiation. Put another way, non-repudiation means that the sender is
unable to deny sending a message. 8
Hashing
 One other very useful cryptographic function is hashing.
 A hashing function is called a one-way function in that it is very easy to
calculate in one direction but extremely difficult to reverse. A hashing
function takes an arbitrary-sized input and returns a fixed-length string
that represents the input data.
 The unique features of hashing algorithms are that any small change
to the input results in a large change to the output and constructing
two different inputs that produce the same output is extremely
difficult and exceedingly rare
 An easy way to see how hashing works is to view hashing algorithm in
action. Navigate to https://andersbrownworth.com/blockchain/hash 9
Hashing
 The properties of hashing algorithms make them well suited for protecting
data integrity.
 A data owner or message sender can calculate a hash value of the
message and send that hash value along with the original message.
 The receiver can calculate a hash value of the received message and
compare that against the received hash value.
 If the received hash value and calculated hash values agree, the receiver is
confident that the message was received without modification.
 If the hash values differ, the received message was changed due to either
error or malicious intent.
 In this way, hash values are very useful when used in integrity controls. 10
Certificates and Public Key Infrastructure

11
Certificates and Public Key Infrastructure
Certificate
 A certificate is a data structure that includes a trusted identity and that identity's
public key which has been validated by a trusted entity.
 A certificate is an authenticated identifier for an identity, that identity's public key
and other descriptive information, including an expiration date for the certificate,
all digitally signed by the CA.
 Certificates enable the sharing of public keys and trust in the source of those
keys.
 If you trust the CA, you should trust the certificates the CA provides.
Certificate Authority (CA)
 The trusted entity is often called a Certificate Authority (CA).
 As long as a subject trusts the CA, that subject should trust any certificate that the
CA provides. 12
Certificates and Public Key Infrastructure

13
Certificates and Public Key Infrastructure

14
Strong vs. Weak Encryption Algorithms

15
Strong vs. Weak Encryption Algorithms

 In the 1970s, the data encryption standard (DES) was considered a very
secure encryption algorithm and was adopted by the US government as its
standard encryption algorithm.
 However, by the end of the 1990s, it was shown that advancing computer
technology could provide hardware that ran so fast that DES encryption
could be cracked in about 20 minutes.
 This realization made it clear that stronger encryption algorithms were
needed. 16
Strong vs. Weak Encryption Algorithms

 As of Today, the state-of-the-art symmetric encryption algorithm is the

Advanced Encryption Standard (AES), based on the Rijndael block
cipher that uses keys as large as 256 bits.
17
Strong vs. Weak Encryption Algorithms
 The right choice for any application is to consider how long your data needs to be
secure when you select an encryption algorithm. Data that only needs to be protected
for short periods of time do not need the strongest encryption algorithms.
 For example, Pizza company wants to protect the delivery address of their customers
to avoid their competitors swooping in and offering to deliver a meal at a lower rate.
The delivery address can be protected using encryption, but that address only needs
to protected for a matter of minutes.
 As long as the encryption algorithm takes more than several minutes to crack, it is
strong enough for this application.
 On the other hand, customers who provide their credit cards for payment expect that
data to be protected indefinitely. The encryption algorithm to protect payment card
data should be much stronger than the algorithms selected to protect data for just
minutes. 18
State of Data and Appropriate Encryption

 Three most common data states include Data at Rest, Data in Transit
and Data in Use.
19
State of Data and Appropriate Encryption

 The main reason to encrypt data at rest is to restrict the ability of

unauthorized subjects to access the plaintext associated with the
encrypted ciphertext. 20
State of Data and Appropriate Encryption
 Pizza delivery drivers carry laptops with customer and order
information. The disk drives in their laptops are encrypted using
multifactor authentication to protect the keys.
 Anyone who steals a laptop will be unable to access any of the data
without the decryption keys.

21
State of Data and Appropriate Encryption

 When Pizza company customers place orders for delivery, those orders likely
include personal information such as name, address and payment information. 22
State of Data and Appropriate Encryption

 Application designers try to leverage the best of both worlds by combining

both asymmetric encryption with symmetric encryption to set up secure
channels, exchange symmetric keys securely and then use those symmetric
keys for faster encryption for subsequent communications. 23
State of Data and Appropriate Encryption

24
Protocols Using Encryption
 The networks of today use multiple layers of protocols to exchange data
among nodes.
 The only way different computers or devices can talk to one another over
network connections is to agree on the rules of communication, also called
protocols.
 Communication protocols set the rules for approved formats of how
messages can be exchanged.
 When computer networks were originally designed, security was not a major
concern.
 Network users were well behaved and did not engage in malicious behavior.
 It did not take long for bad actors to begin taking advantage of the lack of
security and attack data transmitted on networks.
25
Protocols Using Encryption
 The IT infrastructures require layers of protection for data in transit, and the most
common control in use today is encryption. There are many current protocols use
encryption to hide network traffic from malicious users.
 One of the more complete approaches to secure network communication is IP
security (IPsec). The IPsec protocol offers data authentication, integrity and
privacy between any two entities.
 A more common secure protocol is HTTPS, the HTTP protocol transmitted over
Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is the most
common protocol for secure web traffic.
 Most web browsers even display a padlock icon in the address bar to indicate that
the current connection is protected using a secure protocol. When interacting with
the web, users should pay attention to web browser indications to ensure that all
communication is secure using an encrypted protocol. 26
Protocols Using Encryption
 There are other types of protocols beyond web interactions.
 The Secure Shell Protocol (SSH) is another protocol and application that supports
remote communication in a secure manner.
 Many legacy protocols initially lacked encryption capabilities but later versions
have added those capabilities to make even very old protocols secure enough for
continued use in today's infrastructures.
 For example, the file transport protocol (FTP) is insecure because it lacks
encryption. To make FTP more secure, two newer protocols, SFTP and FTPS both
add security in the form of encryption to the original FTP protocol.
 A popular program to transfer files using FTP is File Zilla.
27
Protocols Using Encryption

 Many other protocols that incorporate encryption to secure network

communications. The best rule of thumb is to use the latest available
version of any protocol to keep network communication secure. 28