Chapter 14 - 01 - Discuss Cryptographic Security Techniques - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Cryptography

Module Flow

©
Discuss |
O
Discuss
Cryptographic Various
Security. Cryptographic
Techniques | Algorithms

Cryptography @ @ @

Discuss Various
Various Discuss PKI and Discuss Other
Hash Functions Certificate Bpplications of
Applications
and Cryptography Management Cryptography
Tools Concepts

Copyright © by EC-LC cll.L. All Rights Reserved. ReproductionisIs Strictly Prohibited.
Prohibited

Discuss Cryptographic Security Techniques
Cryptography enables one to secure transactions, communications, and other processes
performed in the electronic world. This section deals with cryptography and its associated
concepts, which will enable you to understand the other topics covered later in this module.

Module 14 Page 1636 EC-Council
Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Cryptography
O Cryptography is the conversion of data into a scrambled code that is encrypted and sent across
a private or public network

QO Cryptography is used to protect confidential data, such as email messages, chat sessions, web
transactions, personal data, corporate data, and e-commerce applications

Objectives of Cryptography

» Confidentiality » Authentication

> Integrity > Nonrepudiation

=y € - (=) (=) [
- ncryption - - Decryption -
=.................. > : Msesscssearrannine >=.................... > :

Plaintext Ciphertext Ciphertext Plaintext =l
Copyright © by EC

Cryptography
Cryptography” comes from the Greek words kryptos, meaning “concealed, hidden, veiled,
secret, or mysterious,” and graphia, meaning “writing”; thus, cryptography is “the art of secret
writing.”
Cryptography is the practice of concealing information by converting plaintext (readable
format) into ciphertext (unreadable format) using a key or encryption scheme. It is the process
of converting data into a scrambled code that is encrypted and sent across a private or public
network. Cryptography protects confidential data such as email messages, chat sessions, web
transactions, personal data, corporate data, e-commerce applications, and many other types of
communication. Encrypted messages can, at times, be decrypted by cryptanalysis (code
breaking), even though modern encryption techniques are virtually unbreakable.
Objectives of Cryptography
= Confidentiality: Assurance that the information is accessible only to those authorized to
access it.

* Integrity: Trustworthiness of data or resources in terms of preventing improper and
unauthorized changes.
= Authentication: Assurance that the communication, document, or data is genuine.

* Nonrepudiation: Guarantee that the sender of a message cannot later deny having sent
the message and that the recipient cannot deny having received the message.

Module 14 Page 1637 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Cryptography Process
Plaintext (readable format) is encrypted by means of encryption algorithms such as RSA, DES,
and AES, resulting in a ciphertext (unreadable format) that, on reaching the destination, is
decrypted into readable plaintext.

(= B.. ()
=) S
(=] ) ] =y
(L]
Bl
e —
=
ncryption
—.................)
-
= Ls -
------------.----): L2
ecryption.n-n-n.----n-------)
-
:

Is =—. B
2 u« P&
B2 w« &
2
Plaintext Ciphertext Ciphertext Plaintext
Figure 14.1: Example of Cryptography

Module 14 Page 1638 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Encryption
YV O

Types of Encryption

* Symmetric Encryption

2- =
== Asymmetric Encryption
Asymmetric Encryption ’;- Key (FEK)
Symmetric
”5“:""""‘“’ =

—_—
| W—
File :
‘
Y J;..\,_
—_
Fil

){......
------
-

Encryption
Encryption is the practice of concealing information by converting a plain text (readable format)
into a cipher text (unreadable format) using a key or an encryption scheme. Encryption
guarantees the confidentiality and integrity of the organization’s data, at rest or in transit.
The encryption algorithm encrypts the plain text with the help of an encryption key. The
encryption process creates a cipher text that needs decrypting with the help of a key. The
process of decryption involves the same steps except for the usage of keys in the reverse order.
u
‘; Symmetric Key (FEK) A L

E
B File
S
Encryption
F
E
Encrypted File

e
User’s Public Key

=> FP
En
Encryp ted File
ted

=
File

0=
crypte

Encryption
BRIy Encrypted
Encrypted FEK
FEK

Figure 14.2: Encryption

The encryption process is generally applied while transmitting data through a network, mobile
phones, wireless transmission, and in Bluetooth devices.

Types of Encryption
There are two types of encryption.
= Symmetric Encryption = Asymmetric Encryption

Module 14 Page 1639 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Symmetric Encryption
O Symmetric encryption is the oldest cryptographic technique used for encrypting digital data in order
to ensure data confidentiality

Q O Itis called as symmetric encryption since a single key is used for encrypting and decrypting the data

O Itis used to encrypt large amounts of data

owan | Encrypted ¢ Both the sender and the receiver
gt
Bt | Message @3 share the same key to encrypt and -
e
P i decrypt the data :

=
Sender Receiver
(Sender uses a secret key to (Receiver decrypts the data using
encrypt a confidential message and the secret key and reads the
sends it to the receiver) confidential message)

cll. All Rights Reserved. Reproductionis Strictly Prohibited

Symmetric Encryption
Symmetric encryption requires that both the sender and the receiver of the message possess
the same encryption key. The sender uses a key to encrypt the plain text and sends the
resulting cipher text to the recipient, who uses the same key to decrypt the cipher text into
plain text. Symmetric encryption is also known as secret key cryptography since it uses only one
secret key to encrypt and decrypt the data. This type of cryptography works well when one is
communicating with only a few people.
Because the sender and receiver must share the key prior to sending any messages, this
technique is of limited use over the Internet in the case where individuals who have not had
prior contact frequently require a secure means of communication. The solution to this
problem is the public-key cryptography.

{ \
amwn | Encrypted Both the sender and the receiver Decrypted | rello
reilo
How are

s
oo | Message share the same key to encrypt and Message | you
decrypt the data

o]
aiz] ee

Sender Receiver
(Sender uses a secret key to (Receiver decrypts the data using
encrypt a confidential message and the secret key and reads the
sends it to the receiver) confidential message)

Figure 14.3: Symmetric Encryption

Module 14 Page 1640 Certified Cybersecurity Technician Copyright © by EG-Council
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

The symmetric key encryption can use either stream ciphers or block ciphers. Stream ciphers
encrypt the bits of a message one at a time, whereas block ciphers encrypt blocks of bits.
Advantages:

= |tis easy to encrypt and decrypt a message

= |t is faster than asymmetric encryption

= |tis used to encrypt large amounts of data

Disadvantages:
= The communicating parties need to share the key used for transmitting the data

= Unauthorized access to a symmetric key leads to the compromise of data at both ends

Module 14 Page 1641 Certified Cybersecurity Technician Copyright © by EC-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.