1 00:00:00,370 --> 00:00:02,620 Encryption ciphers are categorized as either 2 00:00:02,620 --> 00:00:04,940 symmetric or asymmetric algorithms 3 00:00:04,940 --> 00:00:07,100 and this is based on the type of key that they utilize 4 00:00:07,100 --> 00:00:08,550 to secure the data. 5 00:00:08,550 --> 00:00:10,610 When you're using a symmetric key encryption, 6 00:00:10,610 --> 00:00:12,750 you're going to have a single key that's used to encrypt 7 00:00:12,750 --> 00:00:14,380 and decrypt the data. 8 00:00:14,380 --> 00:00:16,400 With asymmetric encryption, you're going to use 9 00:00:16,400 --> 00:00:17,600 two different keys. 10 00:00:17,600 --> 00:00:19,290 One key is used to encrypt the data 11 00:00:19,290 --> 00:00:21,620 and the second key is used to decrypt it. 12 00:00:21,620 --> 00:00:23,860 Now symmetric key algorithms are often called 13 00:00:23,860 --> 00:00:25,150 private key encryption 14 00:00:25,150 --> 00:00:27,070 and this is due to the fact that both the sender 15 00:00:27,070 --> 00:00:30,330 and the receiver need to know the same shared secret. 16 00:00:30,330 --> 00:00:32,560 This same privately held key. 17 00:00:32,560 --> 00:00:35,480 Now is symmetric key, this is a fairly easy concept to 18 00:00:35,480 --> 00:00:38,190 understand, I mean after all when you go home tonight 19 00:00:38,190 --> 00:00:39,700 and you unlock your house, 20 00:00:39,700 --> 00:00:41,790 you're using symmetric key encryption. 21 00:00:41,790 --> 00:00:44,450 You're basically using the exact same key as your spouse 22 00:00:44,450 --> 00:00:46,960 or your roommate will to open and shut the door. 23 00:00:46,960 --> 00:00:48,910 Now, if you wanted me to be able to get into your house, 24 00:00:48,910 --> 00:00:51,590 you would give me an exact same copy of the key that you 25 00:00:51,590 --> 00:00:55,300 have and so we're all going to have the exact same private key. 26 00:00:55,300 --> 00:00:58,400 The key to your house so we can get in or out as needed. 27 00:00:58,400 --> 00:01:00,460 This is our shared secret key. 28 00:01:00,460 --> 00:01:03,530 Now, do to the shared secret key, we can make sure that 29 00:01:03,530 --> 00:01:06,620 there is confidentiality of the items inside your house. 30 00:01:06,620 --> 00:01:08,770 Only the people who have this key are going to be able to 31 00:01:08,770 --> 00:01:10,490 open the door and get inside. 32 00:01:10,490 --> 00:01:13,450 But you can't assure non-repudiation. 33 00:01:13,450 --> 00:01:16,080 And what that means is that if somebody is able to go in 34 00:01:16,080 --> 00:01:19,040 your house like your spouse or your roommate or even me 35 00:01:19,040 --> 00:01:21,280 and we go inside and we take your laptop 36 00:01:21,280 --> 00:01:23,760 when you're not there, when you get home you're going to know 37 00:01:23,760 --> 00:01:26,970 the laptop is gone but you don't know who did it. 38 00:01:26,970 --> 00:01:30,000 It could be anyone who had a copy of that shared secret key, 39 00:01:30,000 --> 00:01:33,250 your spouse, your roommate, me or even you. 40 00:01:33,250 --> 00:01:36,340 Now, after all a lot of people have a copy of that house key 41 00:01:36,340 --> 00:01:39,290 and so any of us could have gone in a taken your laptop. 42 00:01:39,290 --> 00:01:41,440 Beyond the challenge of proving who used the key, 43 00:01:41,440 --> 00:01:43,700 there's another challenge with symmetric algorithms 44 00:01:43,700 --> 00:01:46,720 and that's the distribution of that shared secret key. 45 00:01:46,720 --> 00:01:48,130 So if you wanted to encrypt emails 46 00:01:48,130 --> 00:01:50,330 and send them to your five closest friends. 47 00:01:50,330 --> 00:01:53,400 Each of you would have to have a set of shared secret keys 48 00:01:53,400 --> 00:01:55,610 set up for each of you, so there would be five different 49 00:01:55,610 --> 00:01:56,620 pairs of keys. 50 00:01:56,620 --> 00:01:59,510 One for you and one for each of your five friends. 51 00:01:59,510 --> 00:02:01,950 Now if everyone of those friends also wanted to be able to 52 00:02:01,950 --> 00:02:04,246 share it with each other, we're going to have to have a lot 53 00:02:04,246 --> 00:02:07,650 more keys, in fact, we're going to have 15 different sets of 54 00:02:07,650 --> 00:02:08,730 keys required. 55 00:02:08,730 --> 00:02:10,730 This means that every two people has their own 56 00:02:10,730 --> 00:02:12,610 individual set of keys. 57 00:02:12,610 --> 00:02:15,020 Now, for the same reasons that a peer-to-peer connection 58 00:02:15,020 --> 00:02:17,680 between everybody becomes untenable, as you start getting 59 00:02:17,680 --> 00:02:18,580 large numbers. 60 00:02:18,580 --> 00:02:21,210 We start having the same problem with symmetric keys 61 00:02:21,210 --> 00:02:22,840 because as you get larger numbers 62 00:02:22,840 --> 00:02:24,780 and more users that need to share a secret, 63 00:02:24,780 --> 00:02:26,770 you need to be able to distribute all of these shared 64 00:02:26,770 --> 00:02:28,350 secret keys. 65 00:02:28,350 --> 00:02:30,800 If you remember back to our wireless encryption lesson, 66 00:02:30,800 --> 00:02:34,040 we talked about your wifi password was a shared secret key. 67 00:02:34,040 --> 00:02:36,150 And if you decide to invite 50 friends over 68 00:02:36,150 --> 00:02:38,260 and you gave them all your shared secret. 69 00:02:38,260 --> 00:02:40,836 Now there's no confidentiality because so many people 70 00:02:40,836 --> 00:02:43,200 know your shared secret key. 71 00:02:43,200 --> 00:02:44,960 That's the big problem when you start dealing with 72 00:02:44,960 --> 00:02:46,400 a symmetric key. 73 00:02:46,400 --> 00:02:49,180 Now, we're going to spend some time in a separate lesson 74 00:02:49,180 --> 00:02:51,480 covering all of the different symmetric key algorithm 75 00:02:51,480 --> 00:02:53,400 specifically that you're going to need to know for the 76 00:02:53,400 --> 00:02:54,610 security plus exam. 77 00:02:54,610 --> 00:02:58,640 This includes things like DES, 3DES, IDEA, AES, 78 00:02:58,640 --> 00:03:03,397 Blowfish, Twofish and the Rivest Ciphers, RC4, RC5 and RC6. 79 00:03:04,540 --> 00:03:06,820 The second category that we have for encryption ciphers 80 00:03:06,820 --> 00:03:09,220 is known as asymmetric algorithms. 81 00:03:09,220 --> 00:03:12,320 Unlike symmetric algorithms, asymmetric algorithms do not 82 00:03:12,320 --> 00:03:14,310 require a shared secret key. 83 00:03:14,310 --> 00:03:16,370 For this reason, they're often referred to as 84 00:03:16,370 --> 00:03:18,300 public key cryptography which we're going to 85 00:03:18,300 --> 00:03:20,210 discuss in its own lesson. 86 00:03:20,210 --> 00:03:23,410 Now with asymmetric algorithms, two separate keys are used. 87 00:03:23,410 --> 00:03:25,020 One is used to encrypt the data 88 00:03:25,020 --> 00:03:27,320 and another one is used to decrypt the data. 89 00:03:27,320 --> 00:03:29,880 The most commonly used types of asymmetric algorithms 90 00:03:29,880 --> 00:03:33,670 are the Diffie-Hellman algorithm, RSA and ECC. 91 00:03:33,670 --> 00:03:36,300 Again, I'm going to save the details of each of those for 92 00:03:36,300 --> 00:03:37,520 a separate lesson. 93 00:03:37,520 --> 00:03:40,460 Now when we compare symmetric and asymmetric algorithms, 94 00:03:40,460 --> 00:03:42,640 you might be wondering which one is better. 95 00:03:42,640 --> 00:03:44,430 Well that's really a hard question to answer 96 00:03:44,430 --> 00:03:46,350 because they both are used for different purposes 97 00:03:46,350 --> 00:03:47,960 and have different benefits. 98 00:03:47,960 --> 00:03:50,820 For example, symmetric algorithms are very popular 99 00:03:50,820 --> 00:03:53,900 because they tend to be about 100 to 1000 times faster 100 00:03:53,900 --> 00:03:55,650 than an asymmetric algorithm. 101 00:03:55,650 --> 00:03:58,460 But asymmetric algorithms allows to overcome the 102 00:03:58,460 --> 00:04:00,130 key distribution challenge that we face 103 00:04:00,130 --> 00:04:01,760 with symmetric algorithms. 104 00:04:01,760 --> 00:04:04,460 Often though like most things, implementations are 105 00:04:04,460 --> 00:04:07,350 going to use a hybrid approach that combines both of these 106 00:04:07,350 --> 00:04:09,010 to get you the best benefits. 107 00:04:09,010 --> 00:04:11,510 To overcome the key distribution problem, for example, 108 00:04:11,510 --> 00:04:13,970 most implementations are going to use an asymmetric 109 00:04:13,970 --> 00:04:17,570 or public key encryption to encrypt and share a secret key 110 00:04:17,570 --> 00:04:20,670 or private key and then use symmetric encryption to 111 00:04:20,670 --> 00:04:22,690 secure the bulk of the data transfer 112 00:04:22,690 --> 00:04:25,480 because both the sender and receiver now have this shared 113 00:04:25,480 --> 00:04:27,910 secret and they're able to pass the information back 114 00:04:27,910 --> 00:04:30,950 and forth appropriately and do it much faster than an 115 00:04:30,950 --> 00:04:33,440 asymmetric algorithm could do alone. 116 00:04:33,440 --> 00:04:36,190 Now in addition to classifying algorithms as symmetric 117 00:04:36,190 --> 00:04:38,230 or asymmetric based on their key type. 118 00:04:38,230 --> 00:04:40,620 We also categorize an algorithm as a stream 119 00:04:40,620 --> 00:04:43,570 or a block cipher based on the mathematical algorithm 120 00:04:43,570 --> 00:04:45,180 that they're using to do their encryption 121 00:04:45,180 --> 00:04:46,370 and decryption. 122 00:04:46,370 --> 00:04:48,360 Stream ciphers perform their computations 123 00:04:48,360 --> 00:04:50,700 and encryption a single bite at a time. 124 00:04:50,700 --> 00:04:54,380 Making it a bit by bit process, they utilize a key stream 125 00:04:54,380 --> 00:04:56,860 generator to create a bit stream that is mixed with 126 00:04:56,860 --> 00:04:59,830 the input plain text using a mathematical exclusive 127 00:04:59,830 --> 00:05:03,060 XOR function and this creates the encrypted cipher text. 128 00:05:03,060 --> 00:05:05,510 Because these stream ciphers can perform bit by bit 129 00:05:05,510 --> 00:05:08,350 encryption, they are well suited for securing real-time 130 00:05:08,350 --> 00:05:10,710 communication data streams like streaming audio 131 00:05:10,710 --> 00:05:12,160 or streaming video. 132 00:05:12,160 --> 00:05:15,240 Now, stream ciphers also tend to be symmetric algorithms 133 00:05:15,240 --> 00:05:18,470 and they use the same key for encryption and decryption. 134 00:05:18,470 --> 00:05:20,596 A block cipher on the other hand is able to break the 135 00:05:20,596 --> 00:05:24,210 input into fixed length blocks of data before performing 136 00:05:24,210 --> 00:05:25,210 the encryption. 137 00:05:25,210 --> 00:05:27,730 For example, if you had a message that was one kilobyte 138 00:05:27,730 --> 00:05:31,970 in size, we could break it into 16 blocks of 64 bites each. 139 00:05:31,970 --> 00:05:34,480 Then each of those 16 blocks could be processed by the 140 00:05:34,480 --> 00:05:37,830 cipher and output the other side the block of cipher text 141 00:05:37,830 --> 00:05:39,030 that we're expecting. 142 00:05:39,030 --> 00:05:41,800 If your message was less than 64 bites in size, 143 00:05:41,800 --> 00:05:44,350 extra padding would be added to that data prior to it 144 00:05:44,350 --> 00:05:45,510 going through the encryption 145 00:05:45,510 --> 00:05:48,620 and this would give us the expected result from the cipher. 146 00:05:48,620 --> 00:05:51,590 Block ciphers have several advantages over a stream cipher. 147 00:05:51,590 --> 00:05:53,750 Such as, easier implementation to perform 148 00:05:53,750 --> 00:05:56,530 and they're also less susceptible to security problems. 149 00:05:56,530 --> 00:05:58,770 Block ciphers are also easily implemented through 150 00:05:58,770 --> 00:06:01,680 software solutions where stream ciphers tend to be used 151 00:06:01,680 --> 00:06:03,190 in hardware solutions. 152 00:06:03,190 --> 00:06:05,780 In fact, most of the algorithms that we're going to talk about 153 00:06:05,780 --> 00:06:07,870 in this course are block ciphers. 154 00:06:07,870 --> 00:06:11,623 Things like DES, 3DES, AES and IDEA.