Learn about cryptography and how it can secure data.
- [Instructor] SSL and TLS are security protocols that are used to secure network communications where TLS supersedes the older and deprecated SSL, but we'll talk about those details later. First, let's start talking about cryptography. Cryptography can be defined as a method of securing data such that it's trusted and that it's viewable only by authorized parties. Crypto has been around for a long time in one form or another even in more recent history, such as during World War Two.
Pictured here we see a German Enigma machine. This was used to encrypt messages sent throughout the German military until the Allies were able to crack this system. Cryptographic keys need to be stored somewhere in order to partake in securing things like network communications or data at rest. One way to secure cryptographic keys is within a public key infrastructure, or PKI, certificate. Keys can also be stored on a smart card. Smart carts would be used, for instance, to authenticate to a VPN or perhaps to authenticate to a secured or restricted system in the office.
Common access cards, or CACs, can do the same thing except they can do more. And so that card that we use to authenticate to restricted computer systems or the VPN might also be the same card we use to gain access to a building or to a floor in the building or to unlock floors on that floor in the building. Cryptographic keys can also be stored in files. Depending on the type of key you're storing, such as a private key, which we'll define later, you want to make sure that that is in a password-protected file, because it's private to the entity to which it was issued.
It's not designed to be shared with others. And so not only should that file containing a private key be password protected, but it should also be stored in a secured location. Trusted platform module, or TPM, is firmware and that firmware can store cryptographic keys that are used to encrypt and decrypt entire disc volumes. TPM can also store information about the startup sequence on a machine, and if it's been tampered with, TPM can detect it. Cryptographic keys can also be stored on token devices, which can be a physical token, such as a key fob device that's used to gain access to a restricted environment or system or building.
Also, token devices these days can be virtual, they can be smartphone apps. But either way, these token devices can store PKI certificate information, including keys, in order to enable security. The general encryption process starts with plaintext. Plaintext is origin data before it's been encrypted or scrambled. And so that plaintext gets fed into an encryption algorithm along with the key. The result of which is encrypted data, otherwise called cyphertext.
So once data is encrypted, such as sending data over the network, this would happen before it's sent out over the wire or wirelessly. So while it's traversing the network, if the data is encrypted, anyone that can see that network traffic, anyone that captures that network traffic, would normally be able to see the addressing information in that transmission. Because normally, encryption over the network would encrypt only the payload or the data of the packet. You can encrypt more than that, but that is the norm.
Finally, only those parties that have the appropriate decryption key would be able to decrypt the ciphertext back into its origin plaintext. So where would cryptography be used? Well, we've defined a few simple examples, but also on a mobile device. We might encrypt all of the contents of the mobile device itself, including any removable media like micro SD cards. We can use crypto to encrypt the file system for protection of data at rest. We can also use it to encrypt network traffic, such as to an https-secured website.
We can use cryptography for file hashing, where we can generate a unique file hash or value and then compare that in the future when we take the hash again to the original hash to see if a change has been made. We can also use cryptography with cryptocurrency blockchain transactions. You've probably heard a lot about blockchain in relation to bitcoin digital currency. With blockchain, we really have a central ledger or list of transactions, where each new transaction or block uses the previous block, cryptographic information.
And so we have this huge list, then, or public ledger of transactions, and it does use cryptography.
- Symmetric and asymmetric encrypting
- How certificates are issued and managed
- Configuring a Linux OpenSSL PKI environment
- How TLS supersedes SSL and is considered more secure
- Acquiring a web server certificate
- Acquiring a code-signing certificate
- Configuring a website with a certificate
- Securing files and folders with EFS
- Configuring a TLS VPN