Security Plus Module 3: Explaining Appropriate Cryptographic Solutions

Course Objectives

• Compare and contrast cryptographic algorithms.
• Explain the importance of Public Key Infrastructure (PKI) and digital certificates.
• Explain the importance of using appropriate cryptographic solutions for encryption and key exchange.

Module Structure

1. Cryptographic Algorithms
2. Public Key Infrastructure
3. Cryptographic Solutions

Cryptographic Algorithms

Cryptographic Concepts

• Encryption and Decryption: Known as encoding and decoding, respectively. Plain text is unencrypted data, while ciphertext is encrypted.
• Cipher: Method of encryption or the algorithm used.
• Cryptanalysis: The art of breaking cryptographic systems, often using brute force attacks.
• Hashing Algorithms: Used for evidence integrity, storing passwords, and during investigations.
  • Symmetric Encryption: Uses the same key for both encryption and decryption.
  • Asymmetric Encryption: Uses a public key for encryption and a private key for decryption.

Key Lengths

• Longer keys provide better security.
• AES 256 is exponentially stronger than AES 128.

Asymmetric Encryption

• Uses a key pair: public and private keys.
• The public key encrypts, and the private key decrypts.
• Not suitable for large amounts of data due to resource intensity.

Hashing

• Produces a fixed-length string from input, ensuring data integrity.
• SHA-256: Popular hashing method with a 256-bit digest.
• MD5: Older, less secure hashing algorithm.

Digital Signatures

• Combines hashing and asymmetric encryption to verify authenticity and integrity.
• Provides Integrity, Authentication, and Non-repudiation.

Public Key Infrastructure (PKI)

Certificate Authorities (CA)

• Public Key Infrastructure: Ensures secure communication over networks.
• Certificate Authority: Issues digital certificates to verify identities.
• GoDaddy: Example of a well-known third-party CA.
• Internal CAs: Used within organizations, may not be recognized externally.

Digital Certificates

• A wrapper for a subject's public key, issued by a CA.
• Contains information about the subject and the CA.
• Used for signing messages and hosting secure websites.
• Standards: X.509 and PKCS.

Cryptographic Solutions

Encryption Supporting Confidentiality

• Data States: At rest, in transit, and in use.
• Symmetric Encryption: Suitable for large data volumes.
• Asymmetric Encryption: Suitable for encrypting the symmetric key itself.

Disk and File Encryption

• Full Disk Encryption (FDE): Encrypts entire storage device, such as with BitLocker or FileVault.
• Volume and File Encryption: Uses software like EFS to encrypt individual files or folders.

Salting and Key Stretching

• Salting: Adds random data to passwords to prevent dictionary attacks.
• Key Stretching: Applies extra processing to keys to make brute force attacks harder.

Blockchain

• Expanding list of records secured using cryptography.
• Decentralized: Distributed across peer-to-peer networks.
• Uses: Financial transactions, identity management, and more.

Obfuscation

• Steganography: Hiding messages within other files.
• Data Masking: Redacting or substituting data to protect privacy.
• Tokenization: Replacing data with tokens stored separately for security.