1
00:00:00,370 --> 00:00:03,450
We've talked a lot about symmetric and asymmetric algorithms

2
00:00:03,450 --> 00:00:04,820
already and how they work

3
00:00:04,820 --> 00:00:05,960
but we haven't really about

4
00:00:05,960 --> 00:00:08,370
the specific asymmetric algorithms yet.

5
00:00:08,370 --> 00:00:09,489
So in this lesson,

6
00:00:09,489 --> 00:00:12,280
we're going to cover the three asymmetric algorithms

7
00:00:12,280 --> 00:00:14,530
that you have to know for the security plus exam.

8
00:00:14,530 --> 00:00:18,090
They are Diffie-Hellman, RSA and the ECC

9
00:00:18,090 --> 00:00:20,340
or Elliptic curve cryptography.

10
00:00:20,340 --> 00:00:22,810
The first asymmetric algorithm we're going to talk about

11
00:00:22,810 --> 00:00:24,480
is known as Diffie-Hellman.

12
00:00:24,480 --> 00:00:26,900
Diffie-Hellman is named for it's two inventors.

13
00:00:26,900 --> 00:00:28,880
The Diffie-Hellman algorithm is used

14
00:00:28,880 --> 00:00:31,910
to conduct key exchanges and secure key distribution.

15
00:00:31,910 --> 00:00:34,150
It's used widely when you're setting up VPN tunnels

16
00:00:34,150 --> 00:00:35,540
and other encryption tunnels,

17
00:00:35,540 --> 00:00:38,490
that require asymmetric algorithm's shared secret key

18
00:00:38,490 --> 00:00:40,770
that private key, to be exchanged first

19
00:00:40,770 --> 00:00:42,940
before setting up that symmetric tunnel

20
00:00:42,940 --> 00:00:45,270
and by using this asymmetric Diffie-Hellman,

21
00:00:45,270 --> 00:00:46,520
we can do that.

22
00:00:46,520 --> 00:00:47,780
Diffie-Hellman is susceptible to

23
00:00:47,780 --> 00:00:49,140
man in the middle attacks though,

24
00:00:49,140 --> 00:00:51,460
so, if you want to secure it you need to make sure you have

25
00:00:51,460 --> 00:00:53,000
some form of authentication,

26
00:00:53,000 --> 00:00:54,450
such as requiring a password,

27
00:00:54,450 --> 00:00:55,680
or a digital certificate,

28
00:00:55,680 --> 00:00:57,910
at the beginning of the exchange process.

29
00:00:57,910 --> 00:00:59,570
When you see Diffie-Hellman on the exam,

30
00:00:59,570 --> 00:01:01,510
I want you to remember two big things.

31
00:01:01,510 --> 00:01:03,780
First, it's an asymmetric algorithm

32
00:01:03,780 --> 00:01:06,550
and second it's used for the key exchange inside of

33
00:01:06,550 --> 00:01:10,490
creating a VPN tunnel establishment as part of IPSec.

34
00:01:10,490 --> 00:01:14,040
Our second asymmetric algorithm is known as RSA.

35
00:01:14,040 --> 00:01:15,680
It's also named for it's creators,

36
00:01:15,680 --> 00:01:19,150
Ron Rivest, Adi Shamir and Leonard Adleman.

37
00:01:19,150 --> 00:01:21,230
RSA is widely used for key exchange,

38
00:01:21,230 --> 00:01:23,430
encryption and digital signatures.

39
00:01:23,430 --> 00:01:25,430
The algorithm relies on the difficulty of

40
00:01:25,430 --> 00:01:28,010
mathematically factoring large prime numbers

41
00:01:28,010 --> 00:01:30,720
and this protects its public and private key pairs.

42
00:01:30,720 --> 00:01:35,720
RSA can support key sizes between 1024-bits and 4096-bits.

43
00:01:36,180 --> 00:01:39,600
RSA is widely used in organizations around the globe,

44
00:01:39,600 --> 00:01:41,460
if you happen to have one of those secure tokens

45
00:01:41,460 --> 00:01:44,030
on your key chain, where every 30 to 60 seconds

46
00:01:44,030 --> 00:01:45,620
the six digit number changes

47
00:01:45,620 --> 00:01:47,160
and you use that as part of your log in

48
00:01:47,160 --> 00:01:48,770
and multi factor authentication,

49
00:01:48,770 --> 00:01:49,840
well guess what?

50
00:01:49,840 --> 00:01:51,100
You're using RSA!

51
00:01:51,100 --> 00:01:55,300
Because that token stores RSA asymmetric one time use keys.

52
00:01:55,300 --> 00:01:56,850
When we cover PKI in depth

53
00:01:56,850 --> 00:01:58,290
in the next section of this course,

54
00:01:58,290 --> 00:02:00,140
you can be assured that I'm going to be discussing,

55
00:02:00,140 --> 00:02:02,640
all of the ins and outs of how RSA is used

56
00:02:02,640 --> 00:02:04,230
to secure our networks.

57
00:02:04,230 --> 00:02:06,210
The final type of asymmetric algorithm

58
00:02:06,210 --> 00:02:09,410
that we're going to cover in this section is known as ECC,

59
00:02:09,410 --> 00:02:11,890
or Elliptic Curve Cryptography.

60
00:02:11,890 --> 00:02:14,470
ECC is heavily used in mobile devices

61
00:02:14,470 --> 00:02:16,360
and it's based on the algebraic structure

62
00:02:16,360 --> 00:02:20,112
of elliptical curves over finite fields to define its keys.

63
00:02:20,112 --> 00:02:23,370
ECC is very efficient and provides better security

64
00:02:23,370 --> 00:02:26,380
than an equivalent RSA key of the same size.

65
00:02:26,380 --> 00:02:29,840
In fact, ECC's algorithm is six times more efficient

66
00:02:29,840 --> 00:02:31,270
than an RSA algorithm.

67
00:02:31,270 --> 00:02:34,630
So if you're going to have a 256-bit key with ECC,

68
00:02:34,630 --> 00:02:39,630
you'd require a 2048-bit key with RSA to be just as secure.

69
00:02:39,900 --> 00:02:42,070
For this reason, you're going to see ECC

70
00:02:42,070 --> 00:02:45,230
used in a lot of things like tablets, smartphones

71
00:02:45,230 --> 00:02:47,260
and other mobile based implementations

72
00:02:47,260 --> 00:02:49,890
because these devices have much less processing power

73
00:02:49,890 --> 00:02:53,000
available than does a standard desktop or laptop.

74
00:02:53,000 --> 00:02:55,540
There are a few variations of ECC as well

75
00:02:55,540 --> 00:02:57,790
and you might come across these in the field.

76
00:02:57,790 --> 00:02:59,640
The first is ECDH,

77
00:02:59,640 --> 00:03:01,760
which is the Elliptic Curve Diffie-Hellman.

78
00:03:01,760 --> 00:03:02,680
Which you might have guessed

79
00:03:02,680 --> 00:03:04,800
is an ECC version of our popular,

80
00:03:04,800 --> 00:03:07,030
Diffie-Hellman key exchange protocol.

81
00:03:07,030 --> 00:03:10,200
Another variant is known as the ECDHE

82
00:03:10,200 --> 00:03:11,033
which is the,

83
00:03:11,033 --> 00:03:13,640
Elliptic Curve Diffie-Hellman Ephemeral protocol.

84
00:03:13,640 --> 00:03:15,690
Which uses a different key for each portion

85
00:03:15,690 --> 00:03:17,320
of the key establishment process

86
00:03:17,320 --> 00:03:19,890
inside, the Diffie-Hellman key exchange.

87
00:03:19,890 --> 00:03:21,410
The final one you might come across,

88
00:03:21,410 --> 00:03:24,090
is known as the ECDSA, which is the

89
00:03:24,090 --> 00:03:26,530
Elliptic Curve Digital Signature Algorithm

90
00:03:26,530 --> 00:03:28,930
which is used as a public key encryption algorithm

91
00:03:28,930 --> 00:03:31,650
by the US Government in their digital signatures,

92
00:03:31,650 --> 00:03:33,810
for the exam remember that ECC

93
00:03:33,810 --> 00:03:36,550
and all of it's variants are most commonly used

94
00:03:36,550 --> 00:03:39,370
for mobile devices and low-power computing devices

95
00:03:39,370 --> 00:03:41,070
because it gives you equivalent protection

96
00:03:41,070 --> 00:03:44,163
to other asymmetric algorithms with a lower key size.