1
1 CopyrightCopyright©©bybyEC-CouncilEC-Council
All
AllRightsRightsReserved.Reserved.ReproductionReproductionisisStrictlyStrictlyProhibited.Prohibited.
Data Encryption
Data Encryption
Simplifying
Simplifying
Security.
Security.
Module 4
Module 4
Roughly
Roughly 4040 percentpercent of of ITIT workersworkers believebelieve theythey couldcould holdhold anan employer’semployer’s networknetwork hostagehostage — even— even afterafter leaving
leaving thethe companycompany —— by bywithholdingwithholdingororhidinghidingencryptionencryptionkeyskeys,, accordingaccording toto aa recentrecent surveysurvey of of 500500 IT
IT securitysecurity specialists.specialists. The
The study,study, releasedreleased Monday,Monday, MayMay 23,23, alsoalso revealedrevealed thatthat aa thirdthird of of surveysurvey respondentsrespondents werewere confidentconfident that
that theirtheirknowledgeknowledgeandandaccessaccesstotoencryptionencryptionkeyskeysandandcertificatescertificatescouldcouldbringbringaacompanycompanytotoaahalthalt
with
with littlelittle effort.effort. ConductedConducted inin AprilApril 2011,2011, thethe surveysurvey waswas sanctionedsanctioned byby Venafi,Venafi, aa networknetwork keykey andand encryption
encryption provider.provider.
40
40
Percent
Percent
of
of
IT
IT
Workers
Workers
Could
Could
Hold
Hold
Employer
Employer
Networks
Networks
Hostage,
Hostage,
Survey
Survey
Finds
Finds
“It’s
“It’s aa shameshame thatthat soso manymany peoplepeople havehave beenbeen soldsold encryption
encryption butbut notnot thethe meansmeans oror knowledgeknowledge toto manage
manage it,”it,” saidsaid Jeff Jeff Hudson,Hudson, CEOCEO of of Venafi,Venafi, inin aa statement.
statement. “IT“IT departmentsdepartments mustmust tracktrack wherewhere thethe keys
keys areare andand monitormonitor andand managemanage whowho hashas accessaccess toto them.them. ... It’sIt’s nono longerlonger rocketrocket science.science. YYetet recent,recent, costly
costly breachesbreaches atat Sony,Sony, EpsilonEpsilon andand elsewhereelsewhere reinforcereinforce thethe needneed forfor bothboth moremore encryptionencryption andand effective
effective management.”management.”
May May 23,23, 20112011
3 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives
Common Terminologies
What Is Encryption?
Objectives of Encryption
Types of Encryption
Encryption Standards
Symmetric vs. Asymmetric
Encryption
Usage of Encryption
Digital Certificates
Working of Digital Certificates
Digital Signature
How Digital Signature Works?
Cryptography Tools
Module Flow
Encryption
Types of
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
5 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 5
Cipher Text
Cipher text is encrypted and unreadable until it is decrypted to
plaintext with a key
Encryption Key
An encryption key is a piece of information that is used to
encrypt and decrypt data
Common Terminologies
Plaintext
What Is Encryption?
Plain text (‘Morpheus’)
Bob
Alice
Encryption is the process of
converting data into a cipher text that cannot be
understood by the unauthorized people
To read an encrypted file, you must have
access to a secret key or password that
enables you to decrypt it
Encryption is used to
protect sensitive information during transmission and storage
Encrypted DATA is received by Alice
Alice receives the plain data after
decryption Encrypted DATA
7 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
7 Copyright © byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Data Integrity
Authentication
Non
‐
repudiation
The receiver of a message can check whether the
message
was modified during transmission
, either accidentally or deliberatelyThe receiver of a message can verify the origin of the message No other user should be able to send a message to the
recipient as the original sender (data origin authentication)
The sender of a message
cannot deny
that he/she has sent the messageUsage of Encryption
It helps tosafely store sensitive information on a computer or external storage media
Encryption is usedto protect user credentials such as user name and passwords
Encryption provides assurance of a sender’s identity
It is also used as a resource for web
‐
based information exchange toprotectimportant information such as credit card numbers Encryption provides asecure
medium for users to connect to their friends’ or employees’ network from outside of the home or office
It provides ahigher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted
9 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption
Types of
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
Types of Encryption
Symmetric Encryption
Symmetric encryption (secret
‐
key, shared‐
key, and private‐
key) uses the same key forencryption and decryption
Asymmetric Encryption
Asymmetric encryption (public key) uses different encryption keys for encryption and decryption. These keys are known as public and private keys
Hash Function
Hash function (message digests or one
‐
way encryption) uses no key for encryption and decryption Dear John, This is my A/C number 7974392830 Dear John, This is my A/C number 7974392830 Guuihifhofn kbifkfnnfk Nklclmlm #^*&(*)_(_ Encryption DecryptionPlain text Cipher text Plain text
Symmetric Encryption Asymmetric Encryption Dear John, This is my A/C number 7974392830 Dear John, This is my A/C number 7974392830 Guuihifhofn kbifkfnnfk Nklclmlm #^*&(*)_(_
Plain text Cipher text Plain text Encryption Decryption
Hash function
Plain text Cipher text
11 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Symmetric vs. Asymmetric Encryption
Symmetric Encryption
Asymmetric Encryption
Symmetric encryption
uses only one key
for both encryption and decryption
The key
cannot be shared freely
Symmetric encryption requires that both
the sender and the receiver know the
secret key
Using symmetric encryption, data can
be encrypted faster
This algorithm is less complex and faster
Symmetric encryption
ensures
confidentiality and integrity
Asymmetric Encryption uses a
public key
for encryption and a
private key for
decryption
In asymmetric encryption, the public key
can be
freely shared, which eliminates the
risk of compromising the secret key
The encryption process using Asymmetric
Encryption is
slower and more complex
Asymmetric encryption
ensures
confidentiality, integrity, authentication,
and non
‐
repudiation
Module Flow
Encryption
Types of
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
13 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
13 Copyright © byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Encryption Standards
Data Encryption
Standard (DES)
Advanced Encryption
Standard (AES)
Data Encryption Standard (DES) is the name of the Federal information Processing Standard (FIPS) 46
‐
3, which describes the data encryption algorithm (DEA)The DEA is a symmetric cryptosystem originally designed for implementation in hardware
DEA is also used for single
‐
user encryption, such as to store files on a hard disk in encrypted formAdvanced Encryption Standard (AES) is a
symmetric
‐
key encryption
standard adopted by the U.S. government It has a128
‐
bit
block size, with key sizes of 128, 192 and 256 bits,respectively, for AES
‐
128, AES‐
192 and AES‐
256Module Flow
Encryption
Types of
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
15 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Digital Certificates
Details of owner’s public key
Digital signature of the
CA (issuer)
Serial number of digital
signature
Owner’s name
Expiration date of
public key
Name of the Certificate
Authority (CA) who issued the
digital certificate
A digital certificate is an electronic card that provides credential information while
performing online transactions
It acts as an electronic counterpart to a drivers license, passport, or membership
card and verifies the identity of all users involved in online transactions
Private Key
Public Key Validation of electronic signature
Inquires about public key certificate validity to validation authority
Determined Result Public Key
Certificate
Message in public key certificate signed with digital signature
User
Public Key Certificate
Updates Information
User Applies for Certificate
Registration Authority (RA)
Request for Issuing Certificate
Validation
Authority (VA)
Certification
Authority (CA)
17 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow
Encryption
Types of
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
Digital Signature
Digital signature implements asymmetric cryptography to simulate the security
properties of a signature in digital, rather than written form
Digital signature schemes involve two encryption keys: a private key for signing the
message and a public key for verifying signatures
Digital standards follow the open standards as they are not tied to an individual or
manufacturer
It is often used to implement electronic signatures and can be used by any type of
message
19 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How Digital Signature Works
SIGN SEAL DELIVER ACCEPT OPEN VERIFY
Encrypt message using one‐time symmetric key
Encrypt the symmetric key using recipient’s PUBLIC key
Mail electronic envelopes to the recipient Confidential Information Rehash the message and compare it with the hash value attached with the mail Recipient decrypt one‐time symmetric
key using his PRIVATE key
Decrypt message using one‐time symmetric key
Hash value Sender signs hash code using his PRIVATE key
Append the signed hash code to message
Unlock the hash value using sender’s PUBLIC key
Module Flow
Encryption
Types of
Encryption
Encryption
Standards
Digital
Certificates
Digital
Signature
Cryptography
Tools
21 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Cryptography Tool: TrueCrypt
http://www.truecrypt.org
TrueCrypt creates avirtual encrypted disk within a file and mounts it as a real disk
Encrypts anentire partition or storage device such as USB flash drive or hard drive
Encrypts apartition or drive where Windows is installed (pre
‐
boot authentication)Encryption is automatic, real
‐
time (on‐
the‐
fly), and transparentPixelCryptor
http://www.codegazer.comFolder Lock
http://www.newsoftwares.netEncryptOnClick
http://www.2brightsparks.comCryptainer LE
http://www.cypherix.co.ukSafeHouse Explorer
http://www.safehousesoftware.comAdvanced Encryption Package
http://www.intercrypto.comAxCrypt
http://www.axantum.comKruptos 2 Professional
http://www.kruptos2.co.ukCryptography Tools
23 Copyright © byEC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Summary
Encryption is the process of converting data into a cipher text that cannot be understood
by the unauthorized people
Symmetric encryption uses only one key for both encryption and decryption, whereas
asymmetric encryption uses a public key for encryption and a private key for decryption
Encryption provides a higher level of trust when receiving files from other users by
ensuring that the source and contents of the message are trusted
A digital certificate is an electronic card that provides credential information when
performing online transactions
