• DISCOVER
  • CREATE
IN-FOCUS
CONCEPTS
PROCESS
ROLES
CONTEXT
RATIONALE
HANDS-ON LAB
CHALLENGE
CONTRIBUTING FACTORS
COURSE OF ACTION
Key Concepts:
  • Encryption and its uses in modern computer systems
  • Strong and weak cryptosystems
  • Cryptanalysis and cryptanalysis tools

Hacker Techniques,
Tools, and
Incident Handling

Cryptographic Concepts

Cryptographic Concepts
Introduction to Encryption
ZHOFRPH!
Were you able to understand this? It is a simple word that we hear every day. This is the word "WELCOME!"

WELCOME becomes ZHOFRPH when we replace each letter in this word by a letter that is three letters to the right of the original letter in the English alphabet. So, W becomes Z, E becomes H, and so on. To understand why we have done this, click the following questions. Next, click the ACTIVITY button to attempt a simple exercise.
  • What is encryption?
  • What is cryptography?
  • What is asymmetric and symmetric encryption?
  • What are the features of strong and weak encryption?
  • How is encryption used for maintaining security?
  • Which tools are available for encryption?
The process of using logic and modifying simple text to make it unreadable for general public is called encryption. The logic used in encryption is called the key. For example, when we move a letter of the English alphabet three letters to the right, the key is "3 to the right." Such encrypted data is also called ciphertext. The key can be used for both encrypting and decrypting data. Encryption can be used to protect data or messages being transferred from one computer to another on a network. For this, each node on the network can encrypt data before transmitting it. The key to decrypt the data in known only to the intended recipient, which prevents the data from being read by the rest of the world.
Safeguarding information against unauthorized disclosure is called cryptography. Cryptography is not a new concept. It has been used many times in history to encrypt sensitive, confidential information before the information is transmitted. Cryptography ensures that only the intended recipient of an encrypted message is able to read the message.
There are two types of encryption mechanisms, symmetric and asymmetric. Symmetric encryption uses a single shared key for encrypting and decrypting, and asymmetric encryption uses two keys, a public key to encrypt data and a private key to decrypt data.

Symmetric encryption is fast and simple, needs less processing power, and is easy to implement. On the other hand, asymmetric encryption uses keys that can be easily and safely distributed, enables secure key negotiation, and is useful for unique identification.
Features of strong encryption:
  • Uses a "peer-reviewed" algorithm
  • Uses appropriate configuration and keeps keys a secret
  • Uses a well-defined cipher in a secure environment
Features of weak encryption:
  • Uses a "secret" algorithm and recoverable keys
  • Uses a poorly chosen bit length for data sensitivity or odd bit lengths for "added security"
  • Uses a broken cipher or one with known flaws
Encryption is useful for maintaining the security of data and information in modern computer systems. The following technologies use encryption to ensure secure communication over a network:
  • Over-the-wire technologies, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), Internet Protocol Security (IPSec), and Virtual Private Network (VPN)
  • E-mail technology via tools such as Pretty Good Privacy (PGP), GNU Privacy Guard (GPG), and Secure/Multipurpose Internet Mail Extensions (S/MIME)
Two of the most common encyption tools are PGP and GPG.

PGP is the original accessible, secure encryption tool used in most environments. It uses public or private key pairs, with users exchanging public keys. PGP provides message authentication and integrity-checking facilities.

GPG is a full open-source replacement for PGP. It is compatible with PGP 5, 6, and 7 messages. It is originally a Linux tool, with ports available for Microsoft Windows. It supports ElGamal, Digital Signature Algorithm (DSA), Rivest Shamir Adleman (RSA), Triple Data Encryption Standard (3DES), and other algorithms.
Encryption Selection Process
You have learned that encryption is used by various contemporary technologies for maintaining the security of data and information in modern computer systems. The security professionals at an organization need to select a particular encryption technology suitable for given requirements.

The following flowchart can be used to select an encryption technology to secure any communication over a network. After going through the flowchart, click the ACTIVITY button to attempt a simple activity on the encryption selection process.

Roles Involved in Cryptology
Cryptography requires different tasks to be performed by different roles. The following is a list of roles involved in cryptology. Position the mouse pointer over each role to learn more about the skills and responsibilities of that role and the stages of the development cycle where it is applicable. Then, click the ACTIVITY button to attempt a simple exercise.
Roles
  • Security analyst
  • Security manager
  • Chief information security officer (CISO)
  • End users
Skills and Responsibilities
  • Recognize, assess, design, and use cryptographic systems.
  • Recommend encryption systems and requirements.
Set requirements, assign tasks, and review reports and design.
Set direction for the organization.
Use cryptographic software.
Stages
All stages of the development cycle
All stages of the development cycle
Planning
Deployment or Use
Industry-Based Encryption
Imagine that you are the security analyst of a company involved in developing information security strategies for clients. The last project you worked on was for a hospital, where the administration wanted to safeguard patient's personal details and reports. Now, you have received a project from a corporate client who wants to implement security strategies before sharing confidential project costs and estimates with the shareholders. Will your approach toward the new corporate project differ from that for the hospital project?
The answer to the question is yes. It is important for security analysts to analyze uses of encryption for information security among different types of organizations, such as government, military, health care, academic, business, and financial. Organizations use a wide variety of encryption technologies for varied purposes. Security analysts are required to be conversant with the broad variety of cryptographic systems and encryption technologies available and be able to effectively analyze, work with, and recommend them.
Importance of Encryption
You have learned about encryption and its uses.

Click the following questions to learn more about the importance of encryption in maintaining security over a network. Next, click the ACTIVITY button to attempt an exercise.
  • What are the benefits of encryption?
  • What are the requirements that a security analyst needs to fulfill to use encryption effectively?
Encryption is a key element of an information security environment, and it is used by both the sender and the receiver to secure data, validate senders, and protect the information technology (IT) environment.
To use encryption effectively, security analysts must be conversant with the techniques, tools, and processes used to encrypt data. In addition, they must know how aggressors may use encryption, either to protect their own data or to conceal their attacks. Finally, security analysts must be able to identify poor cryptosystems.

In this section, you will have an opportunity to practice the concepts and processes that you have explored in this lesson.

The Hands-On Lab provides you with an engaging learning experience that is diagnostic and flexible. Following the instructions provided in the Lab Manual, you will be able to practice the steps IT Security Specialists perform on a daily basis and develop the skills required for effective execution and management of IT Security operations.

Imagine that you are the information security analyst at Aim Higher College, a fictitious institution situated in the U.S.

On a busy Wednesday morning, you are called for a meeting with the chief security officer, Mac. In the meeting, he says that he has some important tasks for you. Click the image of the chief security officer to get his instructions.

After you have gone through the challenge, navigate to Contributing Factors from the panel at the top of your screen.
Hi,

I have called this meeting to give you an important task. Yesterday, I came to know that a significant vulnerability has been discovered in our university’s cryptosystem. This is a serious matter and can negatively affect the security of the data and applications being run at our offices. That is why I want you to do some research and come up with a list of things that the university should do to handle the situation.

You can ask the experts at the university about how our university uses the cryptosystem. I am also available for help and guidance if you need.

At the end of your research, I would like you to present a report on the threat the university faces and what it should do about the vulnerability. I would like you to explain what effect any changes required might have on the university or its students, employees, graduates, or other populations. The summary should include what the vulnerability is, how dangerous it could be, what its effects are, and how it can be countered. You should address communication regarding the issue, such as who would need to be made aware of the issue and how.

Best of luck!

Contributing Factors
From where do you think you can gather information to do the research work and write the report? Let's find out by clicking each contributing factor. After you have gone through the contributing factors, navigate to Course of Action from the panel at the top of your screen.

Ask a Consultant
Research the Internet
Review Critical Considerations

Select the icon from the top to receive additional
information related to the situation


Ronnie Kroon
Security Manager

Let me explain to you how our university uses the cryptosystem. The university uses Message-Digest algorithm 5 (MD5) in a wide variety of areas. These include hashing to check for the file integrity of downloaded files, MD5 hashes that the university provides for its own files that it makes available for download, and MD5 based-signing certificates from the university's internal Certificate Authority. In addition, the university uses the Cisco Adaptive Security Appliances (ASA) firewall device, which can create and sign digital certificates for users and systems. These ASAs use MD5 by default, and the university has used the ASAs to create certificates for critical systems in some departments.

You can go through the following Web sites for help in completing this assignment:
Consider what information you need to create your report. Answers to the following questions will help you in this assignment:
  • What effect does the vulnerability have on the cryptosystem?
  • Is the threat significant? What would an exploit of the cryptosystem mean to your organization?
  • How easy is it to exploit the vulnerability?
  • Does a tool exist to exploit the vulnerability?
  • Is the cryptosystem still usable, but with caveats, or should it be replaced?
  • Can your organization easily replace the cryptosystem?
  • Has an exploit been released?
  • What is the likelihood of an exploit?
  • Would attacks be conducted? What would their result be?
  • How widely used is the system?
  • Would the attacks make it untrustworthy?
  • What information is required for a technical audience?
  • What information is required for a nontechnical audience?
Course of Action
Use the following checklist as a guide to complete this assignment. Note that the tasks that you have completed are already checked in the list.

Tasks

  • Attend the meeting with the chief security officer.
  • Consider all the factors that contribute to the challenge.
  • Write a report on the threat the university faces and the response it would require from your institution.
  • In your report, explain what the university should do about the vulnerability and what effect any changes required might have on the university or its students, employees, graduates, or other populations.
  • Answer what the vulnerability is, how dangerous it could be, what its effects are, and how it can be countered.
  • Address communication regarding the issue, such as who would need to be made aware of the issue and how.
  • Do a self-review of the report with respect to the evaluation criteria mentioned in the assignment requirements.
  • Submit the assignment to your instructor.
At the end of this lesson, you should be able to:
  • Summarize the methods of encryption in modern computer systems.
  • Compare asymmetric encryption and symmetric encryption.
  • Identify common cryptographic tools and technologies.
  • Examine a cryptographic system such as Pretty Good Privacy (PGP).
In this lesson, you will learn about the concepts of encryption and cryptology and their applications in securing data and information in modern computer systems. Security professionals must be aware of the encryption technologies and tools available so that they can make effective recommendations to develop secure computer systems.