encryption (1)
TRANSCRIPT
-
7/28/2019 Encryption (1)
1/34
Basa, Angelica Rose C.
Bautista, Cecille Loie G.
Ricafrente, Ma. Giezel M.
-
7/28/2019 Encryption (1)
2/34
Basa, Angelica Rose C. Bautista, Cecille Loie G. Ricafrente, Ma. Giezel M.
-
7/28/2019 Encryption (1)
3/34
a technique to code and scramble datato prevent them from being read
without authorization.
conversion of data into a secret code for
storage in databases and transmissionover networks.
-
7/28/2019 Encryption (1)
4/34
Cleartext- Original message
Ciphertext- Coded message
Key- Mathematical value that sender select
Algorithm- A mathematical procedure for performing encryption on
data.
-
7/28/2019 Encryption (1)
5/34
-
7/28/2019 Encryption (1)
6/34
Encryption can make UNIX more secure(original message)
M-itM-@g^B^?^B?^NM-XM-vZIM-U_h^X^$kM-^^sI^^M-f1M-^ZM-jM-gBM-6M-
>^@M-"=^M-^JM-7M--M-^ (ciphertext)
-
7/28/2019 Encryption (1)
7/34
The secrecy of the key. The difficulty of guessing the key or trying out
all possible keys. Longer keys are generallyharder to guess or find.
The difficulty of inverting the encryptionalgorithm without knowing the encryption key
-
7/28/2019 Encryption (1)
8/34
It begun with a recent terrorist plot that wasthwarted by breaking into encrypted files on alaptop obtained during a criminal arrest and then
goes back to the beginnings of using secret codedmessages.
-
7/28/2019 Encryption (1)
9/34
Enciphered clay tablet(1500 BC) Early cipher disk
Famous Zimmerman coded telegram Sample of modern encrypted text
-
7/28/2019 Encryption (1)
10/34
Private Key Encryptiono uses a single key known to both sender
and receiver of the message.
o includes AES (Advanced EncryptionStandard) and Triple-DES (DataEncryption Standard)
-
7/28/2019 Encryption (1)
11/34
Cleartext
Message
Encryption
Program
Key
Ciphertext
Communications
System
CommunicationsSystemCiphertext
EncryptionProgram
CleartextMessage
Key
-
7/28/2019 Encryption (1)
12/34
Cleartext
Message
EncryptionProgram
CiphertextMessage
EncryptionProgram
CiphertextMessage
Key 1
CiphertextMessage
EncryptionProgram
Cleartext
Message
Encryption
Program
GarbledMessage
Decoding
Program
Ciphertext
Message
CiphertextMessage
EncryptionProgram
Transmission
Transmission
Key 3
Key 2
Key 1
Key 3
Key 2
-
7/28/2019 Encryption (1)
13/34
Advantages Simple
Encrypt and decrypt
your own files Fast
Uses less computerresources
Prevents widespreadmessage securitycompromise
Disadvantages Need for secure
channel for secretkey exchange
Too many keys
Origin andauthenticity of
message cannot beguaranteed
-
7/28/2019 Encryption (1)
14/34
Public Key Encryptiono uses two different keys: one for
encoding messages and other fordecoding them.
o each recipient has a private key that
is kept secret and a public key that ispublished.
-
7/28/2019 Encryption (1)
15/34
Sender Locations TransmitMessage Receiver Locations
CleartextMessage A
EncryptionProgram
CiphertextMessage A
PublicKey
CleartextMessage B
EncryptionProgram
CiphertextMessage B
PublicKey
CleartextMessage C
EncryptionProgram
CiphertextMessage C
PublicKey
Sender A
Sender B
Sender C
Secure
PrivateKey
DecryptionProgram
CleartextMessage A
CleartextMessage B
CleartextMessage C
-
7/28/2019 Encryption (1)
16/34
Advantages Convenience
Provides for messageauthentication
Detection oftampering
Provide for non-
repudiation
Disadvantages Public keys must be
authenticated
Slow
Uses up morecomputer resources
Widespread security
compromise ispossible
Loss of private key isirreparable
-
7/28/2019 Encryption (1)
17/34
Public Key Infrastructureo the underlying technical and institutional
framework that allows public keyencryption technology to be deployed.
-
7/28/2019 Encryption (1)
18/34
Digital Signatureo electronic authentication that cannot
be forged.o ensures that the message that the
sender transmitted was not tampered
with after the signature was applied.
-
7/28/2019 Encryption (1)
19/34
Digital Certificateo contains the digital signature and other
identifying information about the person or
organization to whom or which the signaturepertains.
Certificate Authorityo trusted third party
-
7/28/2019 Encryption (1)
20/34
Secure Sockets Layero Secure Sockets Layer (SSL) is the de factoencryption
standard for e-commerce. Here are some commonfeatures:
o It does not require user effort, as the need to encrypt isdetermined by the web site being accessed.
o It provides end-to-end encryption between browsersand servers and can be used to authenticate serversand clients.
o It can encrypt, authenticate and validate all protocolssupported by SSL-enabled browsers, such as FileTransfer Protocol and web-based e-mail.
-
7/28/2019 Encryption (1)
21/34
-
7/28/2019 Encryption (1)
22/34
Electronic Commerce
Electronic Mail
Virtual Private Network Wireless Network
Stored Data
-
7/28/2019 Encryption (1)
23/34
Encryption can protect information stored onyour computer from unauthorized access - evenfrom people who otherwise have access to yourcomputer system.
Encryption can protect information while it is intransit from one computer system to another.
Encryption can be used to deter and detectaccidental or intentional alterations in your data.
Encryption can be used to verify whether or notthe author of a document is really who you thinkit is.
-
7/28/2019 Encryption (1)
24/34
-
7/28/2019 Encryption (1)
25/34
Access control is a key control area in anyaudit that involves information systems, andencryption can provide strong access
controls.
-
7/28/2019 Encryption (1)
26/34
-
7/28/2019 Encryption (1)
27/34
Internal and Value-for-money Audits
Managements Assertion Effect of Encryption
Confidentiality and privacy prevents unauthorized systemaccess to confidential or personalinformation
Effectiveness and efficiency prevents unauthorized alterationof system functions
-
7/28/2019 Encryption (1)
28/34
Other Attest Audits
Management Assertion Effect of Encryption
Security prevents unauthorized access to systems and
information
Transaction integrity prevents unauthorized system access to takerecord transactions that did not take place or assetsthat do not exist prevents unauthorized alteration of transaction
recordsConfidentiality and privacy prevents unauthorized system access to
confidential or personal information
Availability prevents unauthorized access to system andnetworks to help preserve continuity of service
-
7/28/2019 Encryption (1)
29/34
Other Attest Audits
Management Assertion Effect of Encryption
Nonrepudiation digital signatures provideassurance that transactions wereactually executed by the purportedparty
Disclosure prevents unauthorized change ofdisclosed information
Maintability prevents authorized change tosource code and documentation thatinhibits system maintenance
-
7/28/2019 Encryption (1)
30/34
Audit Objective to ensure the protection of data stored
and transmitted. to assess the effectiveness of
encryption to support management
assertions
-
7/28/2019 Encryption (1)
31/34
Audit Procedureso Review the organization's information security policy to
determine whether it provides sufficient guidance ininformation classification and application of encryption.
o Review and test the encryption software to assess whetherit adequately supports the information security policy andinformation classification.
o Review and test key management procedures to assesstheir adequacy in supporting the information securitypolicy.
o Review the points of decryption and assess whether datacustodians and owners are aware of the need forcompensating controls.
o Review user procedures and interview selected users to
determine whether encryption is effectively applied.
-
7/28/2019 Encryption (1)
32/34
Audit Procedureso Review contracts with certificate authorities and other
service organizations to assess whetherresponsibilities and obligations are clearly understood.
o Where applicable, review the external control
assurance report on CAs and other serviceorganizations.
o Review the extent of deployment of encryption inrelation to statutory requirements and expectations.
o Review procedures and infrastructure controls for
wireless networks to assess whether encryptionprovides comparable security wired networks.
o Review procedures and infrastructure controls formobile devices to assess whether encryption providescomparable security to workstations.
-
7/28/2019 Encryption (1)
33/34
Audit Conclusion Summary Scope and limitations Methods and tools Outcome of the audit Recommendations
-
7/28/2019 Encryption (1)
34/34
Movie Clips from Da Vinci CodeMovie Clips from SkyfallSecurity matters
http://localhost/var/www/apps/conversion/tmp/scratch_10/Da%20Vinci%20code%20-%20cryptex%20decodeing%20scene.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/007%20Skyfall%202012%20Computer%20Scene.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/Security%20Matters_%20Email%20&%20Document%20Encryption.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/Security%20Matters_%20Email%20&%20Document%20Encryption.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/007%20Skyfall%202012%20Computer%20Scene.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/Da%20Vinci%20code%20-%20cryptex%20decodeing%20scene.flv