3. Encryption
• In cryptography, encryption is the process of encoding
information.
• Converts the original representation of the information,
known as plaintext, into an alternative form known as
“ciphertext”.
• Ideally, only authorized parties can decipher a ciphertext back
to plaintext and access the original information.
• Encryption does not itself prevent interference but denies the
intelligible content to a would-be interceptor.
Source: Encryption (July 28, 2023), Wikipedia. https://en.wikipedia.org/wiki/Encryption
4. Encryption (2)
Uses:
• Secret communications
• Protect “data at rest”
• Digital rights management
• Protect “data in transit”
• Data erasure
Types:
• Diffie-Hellman key exchange
• RSA (Rivest-Shamir-Adleman)
• PGP (Pretty Good Privacy)
Source: Encryption (July 28, 2023), Wikipedia. https://en.wikipedia.org/wiki/Encryption
5. Encryption (3)
• Encryption scheme uses a “pseudo-random” encryption key
generated by an algorithm.
• Authorized recipients can easily decrypt the message with the
key provided by the originator to recipients.
• Modern encryption schemes use the concepts of public-key
and symmetric-key.
• Possible to decrypt the message without possessing the key
but, for well-designed encryption schemes considerable
computational resources and skills are required.
Source: Encryption (July 28, 2023), Wikipedia. https://en.wikipedia.org/wiki/Encryption
6. Encryption (4)
• As computing power continues to increase, computer encryption is
constantly evolving.
• DES (Data Encryption Standard) utilized a 56-bit key with 72 quadrillion
possibilities (cracked in a day by EFF's DES cracker in 1999)
• Modern standards often use stronger key sizes often 256, like AES (256-bit
mode), TwoFish, ChaCha20-Ploy 1305, Serpent (configurable up to 512-bit).
• Cipher suites utilizing a 128-bit or higher key, like AES (Advanced Encryption
Standard), will not be able to be brute-forced due to the total amount of
keys of three hundred and forty undecillion possibilities.
• Option for cracking ciphers with high key size is to find vulnerabilities in the
cipher itself, for example, RC4, a stream cipher used in WEP, cracked (2015).
Source: Encryption (July 28, 2023), Wikipedia. https://en.wikipedia.org/wiki/Encryption
7. Encryption (5)
• An important tool but not sufficient to ensure the security or privacy of
sensitive information throughout its lifetime.
• Most applications of encryption protect information only at rest or in transit,
not during processing, such as by a cloud service for example.
• With encryption of data-at-rest, adversaries have developed new types of
attacks.
• These include cryptographic attacks, stolen ciphertext attacks, attacks on
encryption keys, insider attacks, data corruption or integrity attacks, data
destruction attacks, and ransomware attacks.
• Data fragmentation and active defense data protection technologies
attempt to counter some of these attacks, by distributing, moving, or
mutating ciphertext so it is more difficult to identify, steal, corrupt, or
destroy.
Source: Encryption (July 28, 2023), Wikipedia. https://en.wikipedia.org/wiki/Encryption
8. Introduction to Linux Encryption
Overview of Linux Encryption:
• Encryption is the process of securing sensitive data by
converting it into an unreadable format.
• Linux offers powerful encryption tools for data protection,
communication security, and more.
• Safeguards data from unauthorized access, ensuring
confidentiality.
• Protects data at rest and in transit.
• Essential for compliance with privacy and security
regulations.
9. Overview of dm-crypt/LUKS
Definition: Linux Unified Key Setup (LUKS) is a disk encryption
specification that allows multiple user keys (2004).
• Key Features:
• Full-disk encryption
Encrypt the root partition
• Multiple key support
Allows users to add backup keys or passphrases (up to 8)
• Data security at rest
Ensures that files are always stored on disk in an encrypted form
Source: Linux Unified Key Setup (June 14, 2023), Wikipedia. https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
10. How dm-crypt/LUKS Works
• Encrypts entire disk partitions.
• Requires a passphrase or keyfile to unlock.
• Uses symmetric key encryption algorithms.
• Provides a secure storage layer for data.
11. Hands-On with dm-crypt/LUKS
Lab Exercise:
•Demonstrating the setup of dm-crypt/LUKS for full-
disk encryption.
•Exploring the process of unlocking and accessing
encrypted volumes.
12. Overview of GnuPG (GPG)
Definition: GNU Privacy Guard is an open-source encryption
software for email and file encryption (1997).
Key Features:
• Uses OpenPGP
Widely used email encryption standard
• File-level encryption
A form of disk encryption
• Digital signatures
Used to validate authenticity and integrity
• Public and private key pairs
Public key available to anyone, but private key available only to the owner
Source: GNU Privacy Guard (August 26, 2023), Wikipedia. https://en.wikipedia.org/wiki/GNU_Privacy_Guard
13. How GnuPG (GPG) Works
• Uses asymmetric key encryption for secure
communication.
• Encrypts and decrypts individual files or email
messages.
• Allows users to sign files with a digital signature to
verify authenticity.
14. Hands-On with GnuPG (GPG)
Lab Exercise:
•Demonstrating file-level encryption using GnuPG
(GPG).
•Creating key pairs, encrypting files, and decrypting
them.
15. Overview of OpenSSL
• Definition: An open-source toolkit implementing the SSL and
TLS protocols for secure communication.
• Key Features:
• SSL/TLS certificate generation and management
Generated through a trusted certificate authority (CA) or individual
signed certificate
• Secure socket layer for data encryption in network communication
Standard technology for securing an internet connection by
encrypting data sent between a website or browser.
Source: OpenVAS (September 22, 2023), Wikipedia. https://en.wikipedia.org/wiki/OpenVAS
16. How OpenSSL Works
• Generates X.509 certificates for web servers and
clients.
• Provides secure connections using SSL/TLS encryption.
• Enables secure web browsing, email, and other
encrypted communications.
17. Hands-On with OpenSSL
Lab Exercise:
• Demonstrating SSL/TLS certificate generation using
OpenSSL.
• Managing certificates for web servers and securing
web traffic.
18. Best Practices for Linux Encryption
• Use strong, unique passwords and passphrases.
• Regularly update encryption software and keys.
• Implement multi-factor authentication for added
security.
• Encrypt data at rest and in transit.
19. Summary
• Linux offers robust encryption tools for data protection
and secure communication.
• Understanding dm-crypt/LUKS, GnuPG (GPG), and
OpenSSL is essential for cybersecurity professionals.