Sejahtera Affif, profile picture
Uploaded bySejahtera Affif
PDF, PPTX708 views

Cscu module 04 data encryption

A survey of 500 IT security specialists found that roughly 40% believe they could hold their employer's network hostage by withholding encryption keys after leaving the company. Additionally, one third were confident they could bring a company to a halt with little effort using their knowledge of encryption keys and certificates. The study highlighted the need for companies to properly manage and monitor who has access to encryption keys to avoid security breaches.

Embed presentation

Download as PDF, PPTX
Data Encryption Module 4 Simplifying Security. 1 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
May 23, 2011 40 Percent of IT Workers Could Hold Employer Networks Hostage, Survey Finds Roughly 40 percent of IT workers believe they could hold an employer’s network hostage — even after leaving the company — by withholding or hiding encryption keys, according to a recent survey of 500 IT security specialists. The study, released Monday, May 23, also revealed that a third of survey respondents were confident that their knowledge and access to encryption keys and certificates could bring a company to a halt with little effort. Conducted in April 2011, the survey was sanctioned by Venafi, a network key and encryption provider. “It’s a shame that so many people have been sold encryption but not the means or knowledge to manage it,” said Jeff Hudson, CEO of Venafi, in a statement. “IT departments must track where the keys are and monitor and manage who has access to them. ... It’s no longer rocket science. Yet recent, costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and effective management.” http://www.govtech.com 2 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
3 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module Objectives Common Terminologies What Is Encryption? Objectives of Encryption Types of Encryption Encryption Standards Symmetric vs. Asymmetric Encryption Usage of Encryption Digital Certificates Working of Digital Certificates Digital Signature How Digital Signature Works? Cryptography Tools
Module Flow 4 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
CommonTerminologies Plaintext Plaintext or cleartext is unencrypted readable text Cipher Text Cipher text is encrypted and unreadable until it is decrypted to plaintext with a key Encryption Key An encryption key is a piece of information that is used to encrypt and decrypt data 5 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Encryption is the process of converting data into a cipher text that cannot be understood by the unauthorized people To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it Encryption is used to protect sensitive information during transmission and storage Encrypted DATA is received by Alice Alice receives the plain data after 6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. What Is Encryption? Plain text Bob (‘Morpheus’) Alice decryption Encrypted DATA (‘3*.,~’@!w9”)
Objectives of Encryption 7 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Data Integrity Authentication Non‐repudiation The receiver of a message can check whether the message was modified during transmission, either accidentally or deliberately The receiver of a message can verify the origin of the message No other user should be able to send a message to the recipient as the original sender (data origin authentication) The sender of a message cannot deny that he/she has sent the message
8 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Usage of Encryption It helps to safely store sensitive information on a computer or external storage media Encryption is used to protect user credentials such as user name and passwords Encryption provides assurance of a sender’s identity Encryption provides a secure medium for users to connect to their friends’ or employees’ network from outside of the home or office It is also used as a resource for web‐based information exchange to protect important information such as credit card numbers It provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted
Module Flow 9 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
Symmetric Encryption Encryption Decryption Encryption Decryption Hash function 10 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Types of Encryption Symmetric Encryption Symmetric encryption (secret‐key, shared‐key, and private‐key) uses the same key for encryption and decryption Asymmetric Encryption Asymmetric encryption (public key) uses different encryption keys for encryption and decryption. These keys are known as public and private keys Hash Function Hash function (message digests or one‐way encryption) uses no key for encryption and decryption Dear John, This is my A/C number 7974392830 Dear John, This is my A/C number 7974392830 Guuihifhofn kbifkfnnfk Nklclmlm #^*&(*)_(_ Plain text Cipher text Plain text Asymmetric Encryption Dear John, This is my A/C number 7974392830 Dear John, This is my A/C number 7974392830 Guuihifhofn kbifkfnnfk Nklclmlm #^*&(*)_(_ Plain text Cipher text Plain text Hash function Plain text Cipher text
Symmetric vs. Asymmetric Encryption Symmetric Encryption Asymmetric Encryption 11 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Symmetric encryption uses only one key for both encryption and decryption The key cannot be shared freely Symmetric encryption requires that both the sender and the receiver know the secret key Using symmetric encryption, data can be encrypted faster This algorithm is less complex and faster Symmetric encryption ensures confidentiality and integrity Asymmetric Encryption uses a public key for encryption and a private key for decryption In asymmetric encryption, the public key can be freely shared, which eliminates the risk of compromising the secret key The encryption process using Asymmetric Encryption is slower and more complex Asymmetric encryption ensures confidentiality, integrity, authentication, and non‐repudiation
Module Flow 12 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
13 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Standards Data Encryption Standard (DES) Advanced Encryption Standard (AES) Data Encryption Standard (DES) is the name of the Federal information Processing Standard (FIPS) 46‐3, which describes the data encryption algorithm (DEA) The DEA is a symmetric cryptosystem originally designed for implementation in hardware DEA is also used for single‐user encryption, such as to store files on a hard disk in encrypted form Advanced Encryption Standard (AES) is a symmetric‐key encryption standard adopted by the U.S. government It has a 128‐bit block size, with key sizes of 128, 192 and 256 bits, respectively, for AES‐128, AES‐192 and AES‐256
Module Flow 14 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
A digital certificate is an electronic card that provides credential information while performing online transactions It acts as an electronic counterpart to a drivers license, passport, or membership card and verifies the identity of all users involved in online transactions A digital certificate generally contains: 15 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Digital Certificates Details of owner’s public key Digital signature of the CA (issuer) Serial number of digital signature Owner’s name Expiration date of public key Name of the Certificate Authority (CA) who issued the digital certificate
How Digital Certificates Work Determined Result Public Key Certificate Public Key  Validation of electronic signature 16 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Private Key  Inquires about public key certificate validity to validation authority Message in public key certificate signed with digital signature User Public Key Certificate Updates Information User Applies for Certificate Registration Authority (RA) Request for Issuing Certificate Validation Authority (VA) Certification Authority (CA)
Module Flow 17 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
18 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Digital Signature Digital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form Digital signature schemes involve two encryption keys: a private key for signing the message and a public key for verifying signatures Digital standards follow the open standards as they are not tied to an individual or manufacturer It is often used to implement electronic signatures and can be used by any type of message It is independent of the signature verification between the sender and the receiver
How Digital Signature Works 19 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. SIGN SEAL DELIVER ACCEPT OPEN VERIFY Encrypt message using one‐time symmetric key Encrypt the symmetric key using recipient’s PUBLIC key Mail electronic envelopes to the recipient Confidential Information Rehash the message and compare it with the hash value attached with the mail Recipient decrypt one‐time symmetric key using his PRIVATE key Decrypt message using one‐time symmetric key Hash value Sender signs hash code using his PRIVATE key Append the signed hash code to message Unlock the hash value using sender’s PUBLIC key
Module Flow 20 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
Cryptography Tool: TrueCrypt 21 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. http://www.truecrypt.org TrueCrypt creates a virtual encrypted disk within a file and mounts it as a real disk Encrypts an entire partition or storage device such as USB flash drive or hard drive Encrypts a partition or drive where Windows is installed (pre‐boot authentication) Encryption is automatic, real‐time (on‐the‐fly), and transparent
PixelCryptor http://www.codegazer.com 22 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Folder Lock http://www.newsoftwares.net EncryptOnClick http://www.2brightsparks.com AxCrypt http://www.axantum.com Cryptainer LE http://www.cypherix.co.uk SafeHouse Explorer http://www.safehousesoftware.com Advanced Encryption Package http://www.intercrypto.com Kruptos 2 Professional http://www.kruptos2.co.uk Cryptography Tools
23 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module Summary  Encryption is the process of converting data into a cipher text that cannot be understood by the unauthorized people  Symmetric encryption uses only one key for both encryption and decryption, whereas asymmetric encryption uses a public key for encryption and a private key for decryption  Encryption provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted  A digital certificate is an electronic card that provides credential information when performing online transactions  A digital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form

More Related Content

PDF
Encrypted mobile communications
byPhantom Encrypt
 
PPT
Lecture 6 web security
byrajakhurram
 
PDF
Analysis of VoIP Forensics with Digital Evidence Procedure
byijsrd.com
 
PPT
Practical Network Security
bySudarsun Santhiappan
 
PDF
Modified honey encryption scheme for encoding natural language message
byIJECEIAES
 
PDF
End end-security
byPatatino Melis
 
PPT
Cryptographysecurity 1222867498937700-9
bymuthulx
 
PPTX
fundamental of network security
byManish Tiwari
 
Encrypted mobile communications
byPhantom Encrypt
 
Lecture 6 web security
byrajakhurram
 
Analysis of VoIP Forensics with Digital Evidence Procedure
byijsrd.com
 
Practical Network Security
bySudarsun Santhiappan
 
Modified honey encryption scheme for encoding natural language message
byIJECEIAES
 
End end-security
byPatatino Melis
 
Cryptographysecurity 1222867498937700-9
bymuthulx
 
fundamental of network security
byManish Tiwari
 

What's hot

PDF
Askozia VoIP Security white paper - 2017, English
byAskozia
 
PPT
Computersystemssecurity 090529105555-phpapp01
byMiigaa Mine
 
PPTX
Network Security Fundamental
byMousmi Pawar
 
PPT
Network Security
byRamasubbu .P
 
PDF
Allot ServiceProtector - DDos Mitigation
byAllot Communications
 
PDF
Cryptographic Algorithms For Secure Data Communication
byCSCJournals
 
PPTX
GDPR: Protecting Your Data
byUlf Mattsson
 
PDF
Digital signature and digital identity
byEmanuele Cisbani
 
ODP
Network Security
byhj43us
 
PPTX
Network Security(Symmetric Ciphers)
byGayathridevi120
 
PDF
Virtual private network a veritable tool for network security
byeSAT Publishing House
 
PPTX
Digital certificates
byBuddhika Karunanayaka
 
PDF
Study and implementation of DES on FPGA
byVenkata Kishore
 
PDF
Survey Paper: Cryptography Is The Science Of Information Security
byCSCJournals
 
PPT
Chapter 2
byshahhardik27
 
PPT
Cryptppt1
byAnu Chaudhry
 
PDF
Radio Frequency Identification (RFID) Security issues and possible solutions
byAhmad Sharifi
 
PDF
Network Security & Attacks
byNetwax Lab
 
PDF
s117
bys1170034
 
Askozia VoIP Security white paper - 2017, English
byAskozia
 
Computersystemssecurity 090529105555-phpapp01
byMiigaa Mine
 
Network Security Fundamental
byMousmi Pawar
 
Network Security
byRamasubbu .P
 
Allot ServiceProtector - DDos Mitigation
byAllot Communications
 
Cryptographic Algorithms For Secure Data Communication
byCSCJournals
 
GDPR: Protecting Your Data
byUlf Mattsson
 
Digital signature and digital identity
byEmanuele Cisbani
 
Network Security
byhj43us
 
Network Security(Symmetric Ciphers)
byGayathridevi120
 
Virtual private network a veritable tool for network security
byeSAT Publishing House
 
Digital certificates
byBuddhika Karunanayaka
 
Study and implementation of DES on FPGA
byVenkata Kishore
 
Survey Paper: Cryptography Is The Science Of Information Security
byCSCJournals
 
Chapter 2
byshahhardik27
 
Cryptppt1
byAnu Chaudhry
 
Radio Frequency Identification (RFID) Security issues and possible solutions
byAhmad Sharifi
 
Network Security & Attacks
byNetwax Lab
 
s117
bys1170034
 

Similar to Cscu module 04 data encryption

PDF
Cscu module 04 data encryption
byAlireza Ghahrood
 
PPTX
Introduction to Cryptography and digital signatures
byanupama12369
 
PPTX
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
PPTX
cryptography-Final.pptx
bykarthikvcyber
 
PPTX
Data encryption
byDeepam Goyal
 
PPT
Cryptography & Digital certificate
byDeepak Kumar (D3)
 
PDF
computer-security-and-cryptography-a-simple-presentation
byAlex Punnen
 
PPT
Encryption
byNaiyan Noor
 
PPTX
Fundamental Concept of Cryptography in Computer Security
byUttara University
 
PDF
Security
bySri Manakula Vinayagar Engineering College
 
PPTX
Encryption in information security ppt slideshare.pptx
byukinternationalestat
 
PPTX
Cryptography and Network Security Principles.pptx
byAbrahamThompson3
 
PPTX
https://www.slideshare.net/slideshow/computing-assessment-criteria-y8-3564449...
byanishjepron2
 
PPT
Network Security: Standards and Cryptography
byJack Davis
 
PPTX
501 ch 10 understanding cryptography and pki
bygocybersec
 
PPTX
big data and Iot , its security part ,hoe yoy help this
bywarriorshanta
 
PPTX
Cryptography
bySatyajit Senapati
 
PPTX
Introduction to Network Security presentation
bykrishkiran2408
 
PPT
Whatisdigitalsignature
byKishankant Yadav
 
PPT
Whatisdigitalsignature
byKishankant Yadav
 
Cscu module 04 data encryption
byAlireza Ghahrood
 
Introduction to Cryptography and digital signatures
byanupama12369
 
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
cryptography-Final.pptx
bykarthikvcyber
 
Data encryption
byDeepam Goyal
 
Cryptography & Digital certificate
byDeepak Kumar (D3)
 
computer-security-and-cryptography-a-simple-presentation
byAlex Punnen
 
Encryption
byNaiyan Noor
 
Fundamental Concept of Cryptography in Computer Security
byUttara University
 
Security
bySri Manakula Vinayagar Engineering College
 
Encryption in information security ppt slideshare.pptx
byukinternationalestat
 
Cryptography and Network Security Principles.pptx
byAbrahamThompson3
 
https://www.slideshare.net/slideshow/computing-assessment-criteria-y8-3564449...
byanishjepron2
 
Network Security: Standards and Cryptography
byJack Davis
 
501 ch 10 understanding cryptography and pki
bygocybersec
 
big data and Iot , its security part ,hoe yoy help this
bywarriorshanta
 
Cryptography
bySatyajit Senapati
 
Introduction to Network Security presentation
bykrishkiran2408
 
Whatisdigitalsignature
byKishankant Yadav
 
Whatisdigitalsignature
byKishankant Yadav
 

Cscu module 04 data encryption

  • 1.
    Data Encryption Module4 Simplifying Security. 1 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • 2.
    May 23, 2011 40 Percent of IT Workers Could Hold Employer Networks Hostage, Survey Finds Roughly 40 percent of IT workers believe they could hold an employer’s network hostage — even after leaving the company — by withholding or hiding encryption keys, according to a recent survey of 500 IT security specialists. The study, released Monday, May 23, also revealed that a third of survey respondents were confident that their knowledge and access to encryption keys and certificates could bring a company to a halt with little effort. Conducted in April 2011, the survey was sanctioned by Venafi, a network key and encryption provider. “It’s a shame that so many people have been sold encryption but not the means or knowledge to manage it,” said Jeff Hudson, CEO of Venafi, in a statement. “IT departments must track where the keys are and monitor and manage who has access to them. ... It’s no longer rocket science. Yet recent, costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and effective management.” http://www.govtech.com 2 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • 3.
    3 Copyright ©by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module Objectives Common Terminologies What Is Encryption? Objectives of Encryption Types of Encryption Encryption Standards Symmetric vs. Asymmetric Encryption Usage of Encryption Digital Certificates Working of Digital Certificates Digital Signature How Digital Signature Works? Cryptography Tools
  • 4.
    Module Flow 4Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
  • 5.
    CommonTerminologies Plaintext Plaintextor cleartext is unencrypted readable text Cipher Text Cipher text is encrypted and unreadable until it is decrypted to plaintext with a key Encryption Key An encryption key is a piece of information that is used to encrypt and decrypt data 5 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • 6.
    Encryption is theprocess of converting data into a cipher text that cannot be understood by the unauthorized people To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it Encryption is used to protect sensitive information during transmission and storage Encrypted DATA is received by Alice Alice receives the plain data after 6 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. What Is Encryption? Plain text Bob (‘Morpheus’) Alice decryption Encrypted DATA (‘3*.,~’@!w9”)
  • 7.
    Objectives of Encryption 7 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Data Integrity Authentication Non‐repudiation The receiver of a message can check whether the message was modified during transmission, either accidentally or deliberately The receiver of a message can verify the origin of the message No other user should be able to send a message to the recipient as the original sender (data origin authentication) The sender of a message cannot deny that he/she has sent the message
  • 8.
    8 Copyright ©by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Usage of Encryption It helps to safely store sensitive information on a computer or external storage media Encryption is used to protect user credentials such as user name and passwords Encryption provides assurance of a sender’s identity Encryption provides a secure medium for users to connect to their friends’ or employees’ network from outside of the home or office It is also used as a resource for web‐based information exchange to protect important information such as credit card numbers It provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted
  • 9.
    Module Flow 9Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
  • 10.
    Symmetric Encryption EncryptionDecryption Encryption Decryption Hash function 10 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Types of Encryption Symmetric Encryption Symmetric encryption (secret‐key, shared‐key, and private‐key) uses the same key for encryption and decryption Asymmetric Encryption Asymmetric encryption (public key) uses different encryption keys for encryption and decryption. These keys are known as public and private keys Hash Function Hash function (message digests or one‐way encryption) uses no key for encryption and decryption Dear John, This is my A/C number 7974392830 Dear John, This is my A/C number 7974392830 Guuihifhofn kbifkfnnfk Nklclmlm #^*&(*)_(_ Plain text Cipher text Plain text Asymmetric Encryption Dear John, This is my A/C number 7974392830 Dear John, This is my A/C number 7974392830 Guuihifhofn kbifkfnnfk Nklclmlm #^*&(*)_(_ Plain text Cipher text Plain text Hash function Plain text Cipher text
  • 11.
    Symmetric vs. AsymmetricEncryption Symmetric Encryption Asymmetric Encryption 11 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Symmetric encryption uses only one key for both encryption and decryption The key cannot be shared freely Symmetric encryption requires that both the sender and the receiver know the secret key Using symmetric encryption, data can be encrypted faster This algorithm is less complex and faster Symmetric encryption ensures confidentiality and integrity Asymmetric Encryption uses a public key for encryption and a private key for decryption In asymmetric encryption, the public key can be freely shared, which eliminates the risk of compromising the secret key The encryption process using Asymmetric Encryption is slower and more complex Asymmetric encryption ensures confidentiality, integrity, authentication, and non‐repudiation
  • 12.
    Module Flow 12Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
  • 13.
    13 Copyright ©by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Standards Data Encryption Standard (DES) Advanced Encryption Standard (AES) Data Encryption Standard (DES) is the name of the Federal information Processing Standard (FIPS) 46‐3, which describes the data encryption algorithm (DEA) The DEA is a symmetric cryptosystem originally designed for implementation in hardware DEA is also used for single‐user encryption, such as to store files on a hard disk in encrypted form Advanced Encryption Standard (AES) is a symmetric‐key encryption standard adopted by the U.S. government It has a 128‐bit block size, with key sizes of 128, 192 and 256 bits, respectively, for AES‐128, AES‐192 and AES‐256
  • 14.
    Module Flow 14Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
  • 15.
    A digital certificateis an electronic card that provides credential information while performing online transactions It acts as an electronic counterpart to a drivers license, passport, or membership card and verifies the identity of all users involved in online transactions A digital certificate generally contains: 15 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Digital Certificates Details of owner’s public key Digital signature of the CA (issuer) Serial number of digital signature Owner’s name Expiration date of public key Name of the Certificate Authority (CA) who issued the digital certificate
  • 16.
    How Digital CertificatesWork Determined Result Public Key Certificate Public Key  Validation of electronic signature 16 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Private Key  Inquires about public key certificate validity to validation authority Message in public key certificate signed with digital signature User Public Key Certificate Updates Information User Applies for Certificate Registration Authority (RA) Request for Issuing Certificate Validation Authority (VA) Certification Authority (CA)
  • 17.
    Module Flow 17Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
  • 18.
    18 Copyright ©by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Digital Signature Digital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form Digital signature schemes involve two encryption keys: a private key for signing the message and a public key for verifying signatures Digital standards follow the open standards as they are not tied to an individual or manufacturer It is often used to implement electronic signatures and can be used by any type of message It is independent of the signature verification between the sender and the receiver
  • 19.
    How Digital SignatureWorks 19 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. SIGN SEAL DELIVER ACCEPT OPEN VERIFY Encrypt message using one‐time symmetric key Encrypt the symmetric key using recipient’s PUBLIC key Mail electronic envelopes to the recipient Confidential Information Rehash the message and compare it with the hash value attached with the mail Recipient decrypt one‐time symmetric key using his PRIVATE key Decrypt message using one‐time symmetric key Hash value Sender signs hash code using his PRIVATE key Append the signed hash code to message Unlock the hash value using sender’s PUBLIC key
  • 20.
    Module Flow 20Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Encryption Types of Encryption Encryption Standards Digital Certificates Digital Signature Cryptography Tools
  • 21.
    Cryptography Tool: TrueCrypt 21 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. http://www.truecrypt.org TrueCrypt creates a virtual encrypted disk within a file and mounts it as a real disk Encrypts an entire partition or storage device such as USB flash drive or hard drive Encrypts a partition or drive where Windows is installed (pre‐boot authentication) Encryption is automatic, real‐time (on‐the‐fly), and transparent
  • 22.
    PixelCryptor http://www.codegazer.com 22Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Folder Lock http://www.newsoftwares.net EncryptOnClick http://www.2brightsparks.com AxCrypt http://www.axantum.com Cryptainer LE http://www.cypherix.co.uk SafeHouse Explorer http://www.safehousesoftware.com Advanced Encryption Package http://www.intercrypto.com Kruptos 2 Professional http://www.kruptos2.co.uk Cryptography Tools
  • 23.
    23 Copyright ©by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module Summary  Encryption is the process of converting data into a cipher text that cannot be understood by the unauthorized people  Symmetric encryption uses only one key for both encryption and decryption, whereas asymmetric encryption uses a public key for encryption and a private key for decryption  Encryption provides a higher level of trust when receiving files from other users by ensuring that the source and contents of the message are trusted  A digital certificate is an electronic card that provides credential information when performing online transactions  A digital signature implements asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form