Click here to load reader

CSCU Module 04 Data

  • View
    919

  • Download
    359

Embed Size (px)

Text of CSCU Module 04 Data

  • 1 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Data Encryption

    Simplifying Security.

    Module 4

  • 2 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Roughly40percentofITworkersbelievetheycouldholdanemployersnetworkhostage evenafterleavingthecompany bywithholdingorhidingencryptionkeys,accordingtoarecentsurveyof500ITsecurityspecialists.

    Thestudy,releasedMonday,May23,alsorevealedthatathirdofsurveyrespondentswereconfidentthattheirknowledgeandaccesstoencryptionkeysandcertificatescouldbringacompanytoahaltwithlittleeffort.ConductedinApril2011,thesurveywassanctionedbyVenafi,anetworkkeyandencryptionprovider.

    40PercentofITWorkersCouldHoldEmployerNetworksHostage,SurveyFinds

    Itsashamethatsomanypeoplehavebeensoldencryptionbutnotthemeansorknowledgetomanageit,saidJeffHudson,CEOofVenafi,inastatement.ITdepartmentsmusttrackwherethekeysareandmonitorandmanagewhohasaccesstothem....Itsnolongerrocketscience.Yetrecent,costlybreachesatSony,Epsilonandelsewherereinforcetheneedforbothmoreencryptionandeffectivemanagement.

    http://www.govtech.com

    May23,2011

  • 3 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Module Objectives

    CommonTerminologies

    WhatIsEncryption?

    ObjectivesofEncryption

    TypesofEncryption

    EncryptionStandards

    Symmetricvs.AsymmetricEncryption

    UsageofEncryption

    DigitalCertificates

    WorkingofDigitalCertificates

    DigitalSignature

    HowDigitalSignatureWorks?

    CryptographyTools

  • 4 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Module Flow

    Encryption TypesofEncryptionEncryptionStandards

    DigitalCertificates

    DigitalSignature

    CryptographyTools

  • 5 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    5

    Cipher TextCiphertextisencryptedandunreadable untilitisdecryptedtoplaintextwithakey

    Encryption KeyAnencryptionkeyisapieceofinformationthatisusedtoencrypt anddecrypt data

    Common Terminologies

    PlaintextPlaintextorcleartext isunencryptedreadabletext

  • 6 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    What Is Encryption?

    Plaintext(Morpheus)Bob Alice

    Encryptionistheprocessofconvertingdataintoaciphertextthatcannotbeunderstoodbytheunauthorizedpeople

    Toreadanencryptedfile,youmusthaveaccess toasecretkeyorpasswordthatenablesyoutodecryptit

    Encryptionisusedtoprotectsensitiveinformation duringtransmissionandstorage

    EncryptedDATAisreceivedbyAlice

    Alicereceivestheplaindataafterdecryption

    EncryptedDATA(3*.,[email protected]!w9)

  • 7 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    7 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    DataIntegrity

    Authentication

    Nonrepudiation

    Thereceiverofamessagecancheckwhetherthemessagewasmodifiedduringtransmission,eitheraccidentallyordeliberately

    Thereceiverofamessagecanverifytheoriginofthemessage

    Nootherusershouldbeabletosendamessagetotherecipientastheoriginalsender(dataoriginauthentication)

    Thesenderofamessagecannotdeny thathe/shehassentthemessage

    Objectives of Encryption

  • 8 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Usage of EncryptionIthelpstosafelystoresensitiveinformationonacomputerorexternalstoragemedia

    Encryptionisusedtoprotectusercredentials suchasusernameandpasswords

    Encryptionprovidesassurance ofasendersidentity

    Itisalsousedasaresourceforwebbasedinformationexchangetoprotectimportantinformation suchascreditcardnumbers

    Encryptionprovidesasecuremedium foruserstoconnecttotheirfriendsoremployeesnetworkfromoutsideofthehomeoroffice

    Itprovidesahigherleveloftrust whenreceivingfilesfromotherusersbyensuringthatthesourceandcontentsofthemessagearetrusted

  • 9 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Module Flow

    Encryption TypesofEncryptionEncryptionStandards

    DigitalCertificates

    DigitalSignature

    CryptographyTools

  • 10 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Types of EncryptionSymmetricEncryptionSymmetricencryption(secretkey,sharedkey,andprivatekey)usesthesamekeyforencryptionanddecryption

    AsymmetricEncryptionAsymmetricencryption(publickey)usesdifferentencryptionkeysforencryptionanddecryption.Thesekeysareknownaspublicandprivatekeys

    HashFunction

    Hashfunction(messagedigestsoronewayencryption)usesnokeyforencryptionanddecryption

    DearJohn,ThisismyA/Cnumber7974392830

    DearJohn,ThisismyA/Cnumber7974392830

    GuuihifhofnkbifkfnnfkNklclmlm#^*&(*)_(_

    Encryption Decryption

    Plaintext PlaintextCiphertext

    SymmetricEncryption

    AsymmetricEncryption

    DearJohn,ThisismyA/Cnumber7974392830

    DearJohn,ThisismyA/Cnumber7974392830

    GuuihifhofnkbifkfnnfkNklclmlm#^*&(*)_(_

    Plaintext Ciphertext Plaintext

    Encryption Decryption

    Hashfunction

    Plaintext Ciphertext

    Hashfunction

  • 11 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Symmetric vs. Asymmetric Encryption

    SymmetricEncryption AsymmetricEncryption

    Symmetricencryptionusesonlyonekeyforbothencryptionanddecryption

    Thekeycannotbeshared freely

    Symmetricencryptionrequiresthatboththesenderandthereceiverknowthesecretkey

    Usingsymmetricencryption,datacanbe encryptedfaster

    Thisalgorithmislesscomplexandfaster

    Symmetricencryptionensuresconfidentialityandintegrity

    AsymmetricEncryptionusesapublickeyforencryptionandaprivatekey fordecryption

    Inasymmetricencryption,thepublickeycanbefreelyshared,whicheliminatestheriskofcompromisingthesecretkey

    TheencryptionprocessusingAsymmetricEncryptionisslowerandmorecomplex

    Asymmetricencryptionensuresconfidentiality,integrity,authentication,andnonrepudiation

  • 12 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Module Flow

    Encryption TypesofEncryptionEncryptionStandards

    DigitalCertificates

    DigitalSignature

    CryptographyTools

  • 13 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    13 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Encryption Standards

    DataEncryptionStandard(DES)

    AdvancedEncryptionStandard(AES)

    DataEncryptionStandard(DES)isthenameoftheFederalinformationProcessingStandard(FIPS)463,whichdescribesthedataencryptionalgorithm(DEA)

    TheDEAisasymmetriccryptosystemoriginallydesignedforimplementationinhardware

    DEAisalsousedforsingleuserencryption,suchastostorefilesonaharddiskinencryptedform

    AdvancedEncryptionStandard(AES)isasymmetrickeyencryptionstandardadoptedbytheU.S.government

    Ithasa128bit blocksize,withkeysizesof128,192and256bits,respectively,forAES128,AES192andAES256

  • 14 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Module Flow

    Encryption TypesofEncryptionEncryptionStandards

    DigitalCertificates

    DigitalSignature

    CryptographyTools

  • 15 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Digital Certificates

    Detailsofownerspublickey

    DigitalsignatureoftheCA(issuer)

    Serialnumberofdigitalsignature

    Ownersname

    Expirationdateofpublickey

    NameoftheCertificateAuthority(CA)whoissuedthedigitalcertificate

    Adigitalcertificateisanelectroniccardthatprovidescredentialinformationwhileperformingonlinetransactions

    Itactsasanelectroniccounterparttoadrivers license,passport,ormembershipcardandverifiestheidentityofallusersinvolvedinonlinetransactions

    Adigitalcertificategenerallycontains:

  • 16 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    PrivateKey

    PublicKey Validationofelectronicsignature Inquiresaboutpublickeycertificate

    validitytovalidationauthority

    DeterminedResult

    PublicKeyCertificate

    Messageinpublickeycertificatesignedwithdigitalsignature

    User

    PublicKeyCertificate

    UpdatesInformation

    UserAppliesforCertificate

    RegistrationAuthority(RA)

    RequestforIssuingCertificate

    ValidationAuthority(VA)

    CertificationAuthority(CA)

    How Digital Certificates Work

  • 17 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Module Flow

    Encryption TypesofEncryptionEncryptionStandards

    DigitalCertificates

    DigitalSignature

    CryptographyTools

  • 18 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    Digital SignatureDigitalsignatureimplementsasymmetriccryptographytosimulatethesecuritypropertiesofasignatureindigital,ratherthanwrittenform

    Digitalsignatureschemesinvolvetwoencryptionkeys:aprivatekeyforsigningthemessageandapublickeyforverifyingsignatures

    Digitalstandardsfollowtheopenstandards astheyarenottiedtoanindividualormanufacturer

    Itisoftenusedtoimplementelectronicsignatures andcanbeusedbyanytypeofmessage

    Itisindependentofthesignature verificationbetweenthesenderandthereceiver

  • 19 CopyrightbyEC-CouncilAllRightsReserved.ReproductionisStrictlyProhibited.

    How Digital Signature Works

    SIGN

    SEAL

    DELIVER

    ACCEPT

    OPEN

    VERIFY

    Encryptmessageusingonetimesymmetrickey

    EncryptthesymmetrickeyusingrecipientsPUBLICkey

    Mailelectronicenvelopestotherecipient

    ConfidentialInformation

    Rehash the message and compare it with the hash value attached with the mail

    RecipientdecryptonetimesymmetrickeyusinghisP