Cryptographic technology allows the secure exchange of information over otherwise insecure means. In this video, Mike Chapple explains encryption, decryption, and the use of cryptographic keys.
- [Instructor] Cryptography is one of the most important controls available to information security professionals. Encryption protects sensitive information from unauthorized disclosure in many different environments, and many other security functions depend upon cryptography. As we move to the cloud, encryption becomes even more important as a security control for two reasons. First, we use encryption to protect data in transit. That's data being sent over a network. This might be data traveling back and forth between an organization's work sites and the cloud or between the organization and our customers or partners. When data is moving over a network, it's especially vulnerable to eavesdropping threats, and encryption serves as a strong control against those threats. Second, we use encryption to protect data at rest. That's data when it's stored in any location. When it comes to cloud computing, encrypting the data that we have at rest protects it against disclosure if the cloud vendor has a security failure that allows an unauthorized person to access our storage space. If we've encrypted our stored data, that access will be fruitless, as the attacker will only see encrypted data and won't have the ability to decrypt it. So with those purposes in mind, let's explore cryptography in more detail. Cryptography is the use of mathematical algorithms to transform information into a form that's not readable by unauthorized individuals, but it does provide authorized individuals with the ability to transform that information back into readable form by again using a mathematical algorithm through a process called decryption. Cryptography depends upon two basic operations. The first, encryption, converts information from its plaintext form into an encrypted version that's unreadable, known as ciphertext. The second operation, decryption, performs the reverse transformation, using an algorithm to transform encrypted ciphertext back into plaintext form. Now, I've used the term algorithm a few times. If you're not already familiar with algorithms, they're simply a set of mathematical instructions that one follows to achieve a desired result. Think of an algorithm as a mathematical recipe. Algorithms are very similar to computer code, and, in fact, computer code is often designed to implement mathematical algorithms. Let's take a look at a basic algorithm designed to convert temperatures from Fahrenheit into Celsius. The algorithm has an input, the temperature in Fahrenheit, and it takes this input through a series of steps. First, it subtracts 32 from the input. Then it multiplies the result by five and divides that result by nine. Then it provides a final result as output, and that final result is the Celsius equivalent of the temperature that was input in Fahrenheit. Encryption algorithms work in similar ways except the steps are different. They have two inputs, the plaintext message and an encryption key. They then go through a series of mathematical steps that transform that message using the key. The important thing to know is that these steps are complex in nature, and the use of a strong encryption key makes them impossible to reverse without access to the key. The output of this process is the encrypted ciphertext. If you were to open up the ciphertext message, you'd find that it is no longer readable to the human eye. It would just look like a bunch of digital garbage. When you do need to reverse the encryption operation and access the original data, you do so using a decryption function. Decryption functions also have two inputs, the encrypted message, otherwise known as the ciphertext, and the decryption key. The function then uses the decryption key to follow another series of complex mathematical steps on the ciphertext message. These steps reverse the encryption process and restore the original data. It's important to know that you can't decrypt a message without access to the appropriate decryption key. Protecting the secrecy of the decryption key preserves the confidentiality of the encrypted data. The output of the decryption process is the plaintext data. That's how encryption works.
Note: This course is designed to cover the most recent version of the CCSP exam, released in August 2019.
- Block storage types
- Cloud storage security threats
- Encryption basics
- Choosing encryption algorithms
- Key management
- Public key infrastructure (PKI)
- Creating and revoking digital signatures
- Securing common protocols
- Data protection
- Information management
- Information rights management
- Logging security events
- Continuous security monitoring