Download pdf - CSCU Module 04 Data Encryption.pdf

1 Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

Data Encryption

Simplifying Security.

Module 4


Roughly 40 percent of IT workers believe they could hold an employer’s network hostage — even after leaving the company — by withholding or hiding encryption keys, according to a recent survey of 500 IT security specialists.

The study, released Monday, May 23, also revealed that a third of survey respondents were confident that their knowledge and access to encryption keys and certificates could bring a company to a halt with little effort. Conducted in April 2011, the survey was sanctioned by Venafi, a network key and encryption provider.

40 Percent of IT Workers Could Hold Employer Networks Hostage, Survey Finds

“It’s a shame that so many people have been sold encryption but not the means or knowledge to manage it,” said Jeff Hudson, CEO of Venafi, in a statement. “IT departments must track where thekeys are and monitor and manage who has access to them. ... It’s no longer rocket science. Yet recent, costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and effective management.”

http://www.govtech.com

May 23, 2011


Module Objectives

Common Terminologies

What Is Encryption?

Objectives of Encryption

Types of Encryption

Encryption Standards

Symmetric vs. Asymmetric Encryption

Usage of Encryption

Digital Certificates

Working of Digital Certificates

Digital Signature

How Digital Signature Works?

Cryptography Tools


Module Flow

Encryption Types of Encryption

EncryptionStandards


Digital Signature

Cryptography Tools


5

Cipher TextCipher text is encrypted and unreadable until it is decrypted to plaintext with a key

Encryption KeyAn encryption key is a piece of information that is used to encrypt and decrypt data

Common Terminologies

PlaintextPlaintext or cleartext is unencrypted readable text


What Is Encryption?

Plain text (‘Morpheus’) Bob Alice

Encryption is the process of converting data into a cipher text that cannot be understood by the unauthorized people

To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it

Encryption is used to protect sensitive information during transmission and storage

Encrypted DATA is received by Alice

Alice receives the plain data after decryption

Encrypted DATA(‘3*.,~’@!w9”)



Data Integrity

Authentication

Non‐repudiation

The receiver of a message can check whether the message was modified during transmission, either accidentally or deliberately

The receiver of a message can verify the origin of the message

No other user should be able to send a message to the recipient as the original sender (data origin authentication)

The sender of a message cannot deny that he/she has sent the message

Objectives of Encryption


Usage of EncryptionIt helps to safely store sensitive information on a computer or external storage media

Encryption is used to protect user credentials such as user name and passwords

Encryption provides assurance of a sender’s identity

It is also used as a resource for web‐based information exchange to protect important information such as credit card numbers

Encryption provides a secure medium for users to connect to their friends’ or employees’ network from outside of the home or office

It provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted


Module Flow


EncryptionStandards


Digital Signature

Cryptography Tools


Types of EncryptionSymmetric EncryptionSymmetric encryption (secret‐key, shared‐key, and private‐key) uses the same key for encryption and decryption

Asymmetric EncryptionAsymmetric encryption (public key) uses different encryption keys for encryption and decryption. These keys are known as public and private keys

Hash Function

Hash function (message digests or one‐way encryption) uses no key for encryption and decryption

Dear John,This is my A/C number7974392830


GuuihifhofnkbifkfnnfkNklclmlm#^*&(*)_(_

Encryption Decryption

Plain text Plain textCipher text

Symmetric Encryption

Asymmetric Encryption



GuuihifhofnkbifkfnnfkNklclmlm#^*&(*)_(_

Plain text Cipher text Plain text

Encryption Decryption

Hash function

Plain text Cipher text

Hash function


Symmetric vs. Asymmetric Encryption

Symmetric Encryption Asymmetric Encryption

Symmetric encryption uses only one keyfor both encryption and decryption

The key cannot be shared freely

Symmetric encryption requires that both the sender and the receiver know the secret key

Using symmetric encryption, data can be encrypted faster

This algorithm is less complex and faster

Symmetric encryption ensures confidentiality and integrity

Asymmetric Encryption uses a public keyfor encryption and a private key for decryption

In asymmetric encryption, the public key can be freely shared,which eliminates the risk of compromising the secret key

The encryption process using Asymmetric Encryption is slower and more complex

Asymmetric encryption ensures confidentiality, integrity, authentication, and non‐repudiation


Module Flow


EncryptionStandards


Digital Signature

Cryptography Tools



Encryption Standards

Data Encryption Standard (DES)

Advanced EncryptionStandard (AES)

Data Encryption Standard (DES) is the name of the Federal information Processing Standard (FIPS) 46‐3, which describes the data encryption algorithm (DEA)

The DEA is a symmetric cryptosystem originally designed for implementation in hardware

DEA is also used for single‐user encryption, such as to store files on a hard disk in encrypted form

Advanced Encryption Standard (AES) is a symmetric‐key encryption standard adopted by the U.S. government

It has a 128‐bit block size, with key sizes of 128, 192 and 256 bits, respectively, for AES‐128, AES‐192 and AES‐256


Module Flow


EncryptionStandards


Digital Signature

Cryptography Tools



Details of owner’s public key

Digital signature of the CA (issuer)

Serial number of digital signature

Owner’s name

Expiration date of public key

Name of the Certificate Authority (CA) who issued the digital certificate

A digital certificate is an electronic card that provides credential information while performing online transactions

It acts as an electronic counterpart to a drivers license, passport, or membership card and verifies the identity of all users involved in online transactions

A digital certificate generally contains:


Private Key

Public Key Validation of electronic signature

Inquires about public key certificate validity to validation authority

Determined Result

Public KeyCertificate

Message in public key certificate signed with digital signature

User

Public KeyCertificate

Updates Information

User Applies for Certificate

Registration Authority (RA)

Request for Issuing Certificate

Validation Authority (VA)

Certification Authority (CA)

How Digital Certificates Work


Module Flow


EncryptionStandards


Digital Signature

Cryptography Tools


Digital SignatureDigital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form

Digital signature schemes involve two encryption keys: a private key for signing the message and a public key for verifying signatures

Digital standards follow the open standards as they are not tied to an individual or manufacturer

It is often used to implement electronic signatures and can be used by any type of message

It is independent of the signature verification between the sender and the receiver


How Digital Signature Works

SIGN

SEAL

DELIVER

ACCEPT

OPEN

VERIFY

Encrypt message using one‐time symmetric key

Encrypt the symmetric key using recipient’s PUBLIC key

Mail electronic envelopes to the recipient

Confidential Information

Rehash the message and compare it with the hash value attached with the mail

Recipient decrypt one‐time symmetric key using his PRIVATE key

Decrypt message using one‐time symmetric key

Hash value Sender signs hash code using his PRIVATE key

Append the signed hash code to message

Unlock the hash value using sender’s PUBLIC key


Module Flow


EncryptionStandards


Digital Signature

Cryptography Tools


Cryptography Tool: TrueCrypt

http://www.truecrypt.org

TrueCrypt creates a virtual encrypted disk within a file and mounts it as a real diskEncrypts an entire partition or storage device such as USB flash drive or hard driveEncrypts a partition or drive where Windows is installed (pre‐boot authentication)Encryption is automatic, real‐time (on‐the‐fly), and transparent


PixelCryptorhttp://www.codegazer.com

Folder Lockhttp://www.newsoftwares.net

EncryptOnClickhttp://www.2brightsparks.com

Cryptainer LE http://www.cypherix.co.uk

SafeHouse Explorer http://www.safehousesoftware.com

Advanced Encryption Package http://www.intercrypto.com

AxCrypthttp://www.axantum.com

Kruptos 2 Professionalhttp://www.kruptos2.co.uk

Cryptography Tools


Module Summary

Encryption is the process of converting data into a cipher text that cannot be understood by the unauthorized people

Symmetric encryption uses only one key for both encryption and decryption, whereas asymmetric encryption uses a public key for encryption and a private key for decryption

Encryption provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted

A digital certificate is an electronic card that provides credential information when performing online transactions

A digital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form