encryption (1)

7/28/2019 Encryption (1)

1/34

Basa, Angelica Rose C.

Bautista, Cecille Loie G.

Ricafrente, Ma. Giezel M.


2/34

Basa, Angelica Rose C. Bautista, Cecille Loie G. Ricafrente, Ma. Giezel M.


3/34

a technique to code and scramble datato prevent them from being read

without authorization.

conversion of data into a secret code for

storage in databases and transmissionover networks.


4/34

Cleartext- Original message

Ciphertext- Coded message

Key- Mathematical value that sender select

Algorithm- A mathematical procedure for performing encryption on

data.


5/34


6/34

Encryption can make UNIX more secure(original message)

M-itM-@g^B^?^B?^NM-XM-vZIM-U_h^X^$kM-^^sI^^M-f1M-^ZM-jM-gBM-6M-

>^@M-"=^M-^JM-7M--M-^ (ciphertext)


7/34

The secrecy of the key. The difficulty of guessing the key or trying out

all possible keys. Longer keys are generallyharder to guess or find.

The difficulty of inverting the encryptionalgorithm without knowing the encryption key


8/34

It begun with a recent terrorist plot that wasthwarted by breaking into encrypted files on alaptop obtained during a criminal arrest and then

goes back to the beginnings of using secret codedmessages.


9/34

Enciphered clay tablet(1500 BC) Early cipher disk

Famous Zimmerman coded telegram Sample of modern encrypted text


10/34

Private Key Encryptiono uses a single key known to both sender

and receiver of the message.

o includes AES (Advanced EncryptionStandard) and Triple-DES (DataEncryption Standard)


11/34

Cleartext

Message

Encryption

Program

Key

Ciphertext

Communications

System

CommunicationsSystemCiphertext

EncryptionProgram

CleartextMessage

Key


12/34

Cleartext

Message

EncryptionProgram

CiphertextMessage

EncryptionProgram

CiphertextMessage

Key 1

CiphertextMessage

EncryptionProgram

Cleartext

Message

Encryption

Program

GarbledMessage

Decoding

Program

Ciphertext

Message

CiphertextMessage

EncryptionProgram

Transmission

Transmission

Key 3

Key 2

Key 1

Key 3

Key 2


13/34

Advantages Simple

Encrypt and decrypt

your own files Fast

Uses less computerresources

Prevents widespreadmessage securitycompromise

Disadvantages Need for secure

channel for secretkey exchange

Too many keys

Origin andauthenticity of

message cannot beguaranteed


14/34

Public Key Encryptiono uses two different keys: one for

encoding messages and other fordecoding them.

o each recipient has a private key that

is kept secret and a public key that ispublished.


15/34

Sender Locations TransmitMessage Receiver Locations

CleartextMessage A

EncryptionProgram

CiphertextMessage A

PublicKey

CleartextMessage B

EncryptionProgram

CiphertextMessage B

PublicKey

CleartextMessage C

EncryptionProgram

CiphertextMessage C

PublicKey

Sender A

Sender B

Sender C

Secure

PrivateKey

DecryptionProgram

CleartextMessage A

CleartextMessage B

CleartextMessage C


16/34

Advantages Convenience

Provides for messageauthentication

Detection oftampering

Provide for non-

repudiation

Disadvantages Public keys must be

authenticated

Slow

Uses up morecomputer resources

Widespread security

compromise ispossible

Loss of private key isirreparable


17/34

Public Key Infrastructureo the underlying technical and institutional

framework that allows public keyencryption technology to be deployed.


18/34

Digital Signatureo electronic authentication that cannot

be forged.o ensures that the message that the

sender transmitted was not tampered

with after the signature was applied.


19/34

Digital Certificateo contains the digital signature and other

identifying information about the person or

organization to whom or which the signaturepertains.

Certificate Authorityo trusted third party


20/34

Secure Sockets Layero Secure Sockets Layer (SSL) is the de factoencryption

standard for e-commerce. Here are some commonfeatures:

o It does not require user effort, as the need to encrypt isdetermined by the web site being accessed.

o It provides end-to-end encryption between browsersand servers and can be used to authenticate serversand clients.

o It can encrypt, authenticate and validate all protocolssupported by SSL-enabled browsers, such as FileTransfer Protocol and web-based e-mail.


21/34


22/34

Electronic Commerce

Electronic Mail

Virtual Private Network Wireless Network

Stored Data


23/34

Encryption can protect information stored onyour computer from unauthorized access - evenfrom people who otherwise have access to yourcomputer system.

Encryption can protect information while it is intransit from one computer system to another.

Encryption can be used to deter and detectaccidental or intentional alterations in your data.

Encryption can be used to verify whether or notthe author of a document is really who you thinkit is.


24/34


25/34

Access control is a key control area in anyaudit that involves information systems, andencryption can provide strong access

controls.


26/34


27/34

Internal and Value-for-money Audits

Managements Assertion Effect of Encryption

Confidentiality and privacy prevents unauthorized systemaccess to confidential or personalinformation

Effectiveness and efficiency prevents unauthorized alterationof system functions


28/34

Other Attest Audits

Management Assertion Effect of Encryption

Security prevents unauthorized access to systems and

information

Transaction integrity prevents unauthorized system access to takerecord transactions that did not take place or assetsthat do not exist prevents unauthorized alteration of transaction

recordsConfidentiality and privacy prevents unauthorized system access to

confidential or personal information

Availability prevents unauthorized access to system andnetworks to help preserve continuity of service


29/34

Other Attest Audits

Management Assertion Effect of Encryption

Nonrepudiation digital signatures provideassurance that transactions wereactually executed by the purportedparty

Disclosure prevents unauthorized change ofdisclosed information

Maintability prevents authorized change tosource code and documentation thatinhibits system maintenance


30/34

Audit Objective to ensure the protection of data stored

and transmitted. to assess the effectiveness of

encryption to support management

assertions


31/34

Audit Procedureso Review the organization's information security policy to

determine whether it provides sufficient guidance ininformation classification and application of encryption.

o Review and test the encryption software to assess whetherit adequately supports the information security policy andinformation classification.

o Review and test key management procedures to assesstheir adequacy in supporting the information securitypolicy.

o Review the points of decryption and assess whether datacustodians and owners are aware of the need forcompensating controls.

o Review user procedures and interview selected users to

determine whether encryption is effectively applied.


32/34

Audit Procedureso Review contracts with certificate authorities and other

service organizations to assess whetherresponsibilities and obligations are clearly understood.

o Where applicable, review the external control

assurance report on CAs and other serviceorganizations.

o Review the extent of deployment of encryption inrelation to statutory requirements and expectations.

o Review procedures and infrastructure controls for

wireless networks to assess whether encryptionprovides comparable security wired networks.

o Review procedures and infrastructure controls formobile devices to assess whether encryption providescomparable security to workstations.


33/34

Audit Conclusion Summary Scope and limitations Methods and tools Outcome of the audit Recommendations


34/34

Movie Clips from Da Vinci CodeMovie Clips from SkyfallSecurity matters
http://localhost/var/www/apps/conversion/tmp/scratch_10/Da%20Vinci%20code%20-%20cryptex%20decodeing%20scene.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/007%20Skyfall%202012%20Computer%20Scene.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/Security%20Matters_%20Email%20&%20Document%20Encryption.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/Security%20Matters_%20Email%20&%20Document%20Encryption.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/007%20Skyfall%202012%20Computer%20Scene.flvhttp://localhost/var/www/apps/conversion/tmp/scratch_10/Da%20Vinci%20code%20-%20cryptex%20decodeing%20scene.flv

encryption (1)

Documents