Sie sind auf Seite 1von 23

Data Encryption

Module 4

Simplifying Security.

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

May23,2011

40PercentofITWorkersCouldHoldEmployerNetworksHostage,SurveyFinds
Roughly40percentofITworkersbelievetheycouldholdanemployersnetworkhostage evenafter
leavingthecompany bywithholdingorhidingencryptionkeys,accordingtoarecentsurveyof500
ITsecurityspecialists.
Thestudy,releasedMonday,May23,alsorevealedthatathirdofsurveyrespondentswereconfident
thattheirknowledgeandaccesstoencryptionkeysandcertificatescouldbringacompanytoahalt
withlittleeffort.ConductedinApril2011,thesurveywassanctionedbyVenafi,anetworkkeyand
encryptionprovider.
Itsashamethatsomanypeoplehavebeensold
encryptionbutnotthemeansorknowledgeto
manageit,saidJeffHudson,CEOofVenafi,ina
statement.ITdepartmentsmusttrackwherethe
keysareandmonitorandmanagewhohasaccesstothem....Itsnolongerrocketscience.Yetrecent,
costlybreachesatSony,Epsilonandelsewherereinforcetheneedforbothmoreencryptionand
effectivemanagement.
http://www.govtech.com

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Objectives
CommonTerminologies

UsageofEncryption

WhatIsEncryption?

DigitalCertificates

ObjectivesofEncryption

WorkingofDigitalCertificates

TypesofEncryption

DigitalSignature

EncryptionStandards

HowDigitalSignatureWorks?

Symmetricvs.Asymmetric
Encryption

CryptographyTools

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Common Terminologies
Plaintext
Plaintextorcleartext isunencryptedreadabletext

Cipher Text
Ciphertextisencryptedandunreadable untilitisdecryptedto
plaintextwithakey

Encryption Key
Anencryptionkeyisapieceofinformationthatisusedto
encrypt anddecrypt data

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

What Is Encryption?
Encryptionistheprocessofconvertingdataintoaciphertextthatcannotbe
understoodbytheunauthorizedpeople
Toreadanencryptedfile,youmusthaveaccess toasecretkeyorpasswordthat
enablesyoutodecryptit
Encryptionisusedtoprotectsensitiveinformation duringtransmissionandstorage

Bob

Plaintext
(Morpheus)

EncryptedDATA
(3*.,~@!w9)

EncryptedDATAis
receivedbyAlice

Alicereceivesthe
plaindataafter
decryption

Alice

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Objectives of Encryption
DataIntegrity

Authentication

Thereceiverofamessagecancheckwhetherthemessage
wasmodifiedduringtransmission,eitheraccidentallyor
deliberately

Thereceiverofamessagecanverifytheoriginofthemessage
Nootherusershouldbeabletosendamessagetothe
recipientastheoriginalsender(dataoriginauthentication)

Nonrepudiation

Thesenderofamessagecannotdeny thathe/shehassent
themessage

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Usage of Encryption
Ithelpstosafelystore
sensitiveinformationona
computerorexternalstorage
media

Encryptionisusedtoprotect
usercredentials suchasuser
nameandpasswords

Encryptionprovidesasecure
medium foruserstoconnect
totheirfriendsoremployees
networkfromoutsideofthe
homeoroffice

Itprovidesahigherlevelof
trust whenreceivingfilesfrom
otherusersbyensuringthatthe
sourceandcontentsofthe
messagearetrusted

Itisalsousedasaresource
forwebbasedinformation
exchangetoprotect
importantinformation such
ascreditcardnumbers

Encryptionprovides
assurance ofasenders
identity

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Types of Encryption
SymmetricEncryption

SymmetricEncryption

Encryption
DearJohn,
Thisismy
A/Cnumber
7974392830

Symmetricencryption(secretkey,sharedkey,
andprivatekey)usesthesamekeyfor
encryptionanddecryption

Plaintext

Decryption
Guuihifhofn
kbifkfnnfk
Nklclmlm
#^*&(*)_(_

DearJohn,
Thisismy
A/Cnumber
7974392830

Ciphertext

Plaintext

AsymmetricEncryption

AsymmetricEncryption

Decryption

Encryption

Asymmetricencryption(publickey)uses
differentencryptionkeysforencryptionand
decryption.Thesekeysareknownaspublic
andprivatekeys

DearJohn,
Thisismy
A/Cnumber
7974392830

Guuihifhofn
kbifkfnnfk
Nklclmlm
#^*&(*)_(_

Plaintext

Ciphertext

DearJohn,
Thisismy
A/Cnumber
7974392830

Plaintext

Hashfunction

HashFunction
Hashfunction(messagedigestsoroneway
encryption)usesnokeyforencryptionand
decryption

Hashfunction

Plaintext

10

Ciphertext

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Symmetric vs. Asymmetric Encryption


SymmetricEncryption

AsymmetricEncryption

Symmetricencryptionusesonlyonekey
forbothencryptionanddecryption
Thekeycannotbeshared freely

AsymmetricEncryptionusesapublickey
forencryptionandaprivatekey for
decryption

Symmetricencryptionrequiresthatboth
thesenderandthereceiverknowthe
secretkey

Inasymmetricencryption,thepublickey
canbefreelyshared, whicheliminatesthe
riskofcompromisingthesecretkey

Usingsymmetricencryption,datacan
be encryptedfaster

TheencryptionprocessusingAsymmetric
Encryptionisslowerandmorecomplex

Thisalgorithmislesscomplexandfaster

Asymmetricencryptionensures
confidentiality,integrity,authentication,
andnonrepudiation

Symmetricencryptionensures
confidentialityandintegrity

11

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

12

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Encryption Standards

DataEncryption
Standard(DES)

AdvancedEncryption
Standard(AES)

DataEncryptionStandard(DES)isthename
oftheFederalinformationProcessing
Standard(FIPS)463,whichdescribesthe
dataencryptionalgorithm(DEA)

AdvancedEncryptionStandard(AES)is
asymmetrickeyencryptionstandard
adoptedbytheU.S.government

TheDEAisasymmetriccryptosystem
originallydesignedforimplementationin
hardware

Ithasa128bit blocksize,withkey
sizesof128,192and256bits,
respectively,forAES128,AES192and
AES256

DEAisalsousedforsingleuserencryption,
suchastostorefilesonaharddiskin
encryptedform

13

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

14

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Digital Certificates
Adigitalcertificateisanelectroniccardthatprovidescredentialinformationwhile
performingonlinetransactions
Itactsasanelectroniccounterparttoadrivers license,passport,ormembership
cardandverifiestheidentityofallusersinvolvedinonlinetransactions
Adigitalcertificategenerallycontains:
Detailsofownerspublickey

Ownersname

Digitalsignatureofthe
CA(issuer)

Expirationdateof
publickey

NameoftheCertificate
Authority(CA)whoissuedthe
digitalcertificate

Serialnumberofdigital
signature

15

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Digital Certificates Work


Certification
Authority(CA)

Validation
Authority(VA)

UpdatesInformation

RequestforIssuing
Certificate

PublicKey
Certificate

PublicKey
Certificate

Registration
Authority(RA)

Determined
Result

UserAppliesfor
Certificate

User

Messageinpublickeycertificate
signedwithdigitalsignature

PublicKey

Validationofelectronicsignature

PrivateKey

Inquiresaboutpublickeycertificate
validitytovalidationauthority

16

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

17

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Digital Signature
Digitalsignatureimplementsasymmetriccryptographytosimulatethesecurity
propertiesofasignatureindigital,ratherthanwrittenform

Digitalsignatureschemesinvolvetwoencryptionkeys:aprivatekeyforsigningthe
messageandapublickeyforverifyingsignatures

Digitalstandardsfollowtheopenstandards astheyarenottiedtoanindividualor
manufacturer

Itisoftenusedtoimplementelectronicsignatures andcanbeusedbyanytypeof
message

Itisindependentofthesignature verificationbetweenthesenderandthereceiver

18

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Digital Signature Works


SIGN

Confidential
Information

Hashvalue

ACCEPT

Appendthesigned
hashcodetomessage

Sendersignshashcodeusing
hisPRIVATEkey

SEAL

Encryptmessageusing
onetimesymmetrickey

OPEN

Encryptthesymmetrickey
usingrecipientsPUBLICkey

Decryptmessageusing
onetimesymmetrickey

Recipientdecryptonetimesymmetric
keyusinghisPRIVATEkey

VERIFY

DELIVER

Mailelectronicenvelopes
totherecipient

Unlockthehashvalueusing
sendersPUBLICkey

19

Rehash the
message and
compare it
with the hash
value attached
with the mail

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow

Encryption

Typesof
Encryption

Encryption
Standards

Digital
Certificates

Digital
Signature

Cryptography
Tools

20

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Cryptography Tool: TrueCrypt


TrueCryptcreatesavirtualencrypteddiskwithina
fileandmountsitasarealdisk
Encryptsanentirepartitionorstoragedevicesuch
asUSBflashdriveorharddrive
Encryptsapartitionordrive whereWindowsis
installed(prebootauthentication)
Encryptionisautomatic,realtime(onthefly),and
transparent

http://www.truecrypt.org

21

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Cryptography Tools
FolderLock

PixelCryptor

http://www.newsoftwares.net

http://www.codegazer.com

AxCrypt

EncryptOnClick

http://www.axantum.com

http://www.2brightsparks.com

Cryptainer LE

SafeHouse Explorer

http://www.cypherix.co.uk

http://www.safehousesoftware.com

AdvancedEncryptionPackage

Kruptos 2Professional

http://www.intercrypto.com

http://www.kruptos2.co.uk

22

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Summary
Encryptionistheprocessofconvertingdataintoaciphertextthatcannotbeunderstood
bytheunauthorizedpeople
Symmetricencryptionusesonlyonekeyforbothencryptionanddecryption,whereas
asymmetricencryptionusesapublickeyforencryptionandaprivatekeyfordecryption
Encryptionprovidesahigherleveloftrustwhenreceivingfilesfromotherusersby
ensuringthatthesourceandcontentsofthemessagearetrusted
Adigitalcertificateisanelectroniccardthatprovidescredentialinformationwhen
performingonlinetransactions
Adigitalsignatureimplementsasymmetriccryptographytosimulatethesecurity
propertiesofasignatureindigital,ratherthanwrittenform

23

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.