35. Encryption Basics - Oracle Cloud Infrastructure Foundations - video Dailymotion

Psycho Killer

Watch 35. Encryption Basics - Oracle Cloud Infrastructure Foundations - Psycho Killer on Dailymotion

Transcript

00:00welcome to this lesson on encryption basics in this particular lesson we are going to look at

00:09what encryption is what different kinds of encryption algorithms exist what does it mean

00:14to have symmetric encryption versus asymmetric encryption etc so let's start with the basics

00:19first encryption is used to transform plain text data into cipher text what does cipher text mean

00:28or cipher text is also referred to as encrypted text basically what it means it's a series of

00:34randomized letters and numbers which humans cannot make any sense of plain text you can make sense

00:40once it's encrypted cipher text you cannot make sense of that just by looking at it decryption

00:46which is the reverse process is used to transform this cipher text into plain text so plain text

00:52you take and then you encrypt it into cipher text that's encryption and the reverse process is

00:58decryption now you also hear this term called key a key is a piece of information you usually a string

01:05of numbers or letters that are stored in a file which when processed through a cryptographic algorithm

01:11and we'll look at what these algorithms look like can encrypt or decrypt data so this is the central

01:17piece you need in order to encrypt or decrypt any kind of data now you also hear of this term called

01:24key or key pair encryption key or key pair is generated for a specific algorithm that can be

01:30used for encryption or you also hear this term called digital signing so how does this work if you

01:35have to look at it visually well encryption you take the plain text data and you use the key which is

01:42generated for a specific algorithm so that's what you see here the key with a specific algorithm here

01:48and that converts into a cipher text which is a series of randomized letters and numbers which if

01:54a hacker gets access to or human gets access to they cannot make sense of and the reverse process

02:00is called decryption you take this randomized series of series of randomized letters and numbers

02:07you use the key again which is tied to an algorithm and then you can get the plain text back right so this

02:13is basically how encryption works encryption or decryption now you also hear of this term called

02:19encryption at rest and encryption in transit what this means is data at rest is the data that is stored

02:26on a physical device such as a server as you can see here it may be stored in a database or a storage

02:31account but regardless of where it is stored encryption of data at rest ensures that the data is unreadable

02:39without the keys needed to decrypt it so if an attacker obtained a hard drive with encrypted data

02:45and didn't have access to the encryption keys they would be unable to read that data so that's basically

02:51what it means by encryption at rest encryption in transit is basically data moving from one location

02:57to another such as across the internet or through a private network so how this this thing works is

03:04you can see the data is moving here right so from the client it goes let's say to the server

03:09and you can do in transit encryption so that the data is is secure so sttps is an example of

03:16encryption uh in transit encrypting data in transit basically protects it from outside

03:21attackers and provides a mechanism to transmit data while limiting the risk of exposure so so know the

03:28difference between encryption for data at rest and encryption for data in transit now let's look at

03:35a couple of uh types of uh encryption one called symmetric one called asymmetric now symmetric key

03:41cryptography is where a single key is used for encryption and decryption right so if you look

03:47there are two actors here john and mike and john is has a message let's say as simple as hello mike and he

03:55wants to encrypt it he makes use of this secret key and you can see this series of randomized numbers and

04:02letters this is the ciphertext he encrypts this uh message and then he sends it over to mike now mike

04:08also has access to the secret key and he takes that and he uses that to decrypt this message and gets

04:15the original plain text message which is hello mike now as you can guess one of the issues with this

04:21uh kind of encryption is uh everyone has access to the same key right uh and there are ways to solve

04:27around that this is just the basics kind of encryption basics lesson so we're not getting into that but

04:32as you can see the idea is both john and mike two parties here they share the same key both for

04:38encryption and decryption now contrary to this there's another algorithm which is called asymmetric

04:45encryption now asymmetric encryption is where different keys are used for encryption and decryption

04:51so as you can see here uh there are two parties again john and mike

04:54and let's say mike has generated a key pair which has a public key component and a private key

05:02component as shown here on the slide so each pair consists of a public key which may be known to

05:08others and a private key which may not be known to anyone except the owner so you can see that mike

05:15only has the private key here so what happens in asymmetric encryption is anyone can encrypt messages

05:22using a public key so you see john here uh because public key is public so he takes this and encrypts

05:30the the message but only the holder of the paired this this pair here uh private key can decrypt

05:37uh a message because only mike has this key pair here so he can decrypt the message if an attacker gets

05:44hold of uh this this public key and even this message because different keys are used for encryption and

05:49decryption they cannot make sense of this ciphertext right so the security of this system depends on the

05:56secrecy of the private key which must not become known to any other uh party here right so it should

06:03only be with mike because he generated the public and private key in the in the first place so this

06:07is what asymmetric encryption is now let's look at some other uh we looked at encryption what it is

06:14transform plaintext into ciphertext decryption is kind of reverse of that and key pair is generated or

06:19key generated for a specific algorithm to be used for encryption or digital signing now you also hear

06:25these algorithms called aes advanced encryption standard where the same key encrypts and decrypts

06:32data now aes is pretty advanced and it's very robust but the issue around here as you can imagine is

06:40is using the same key for both encryption and decryption rsa on the other hand uh is where a public key

06:47encrypts and private key decrypts the data so it has uh that kind of built-in but there has been

06:55discussion on whether to use aes or rsa both have their own advantages one thing with aes is it's a

07:02symmetric algorithm absolutely but it uses the same 128 192 or 256 a bit key for both encryption and

07:10decryption uh and so rsa on the other hand is uh computationally more intensive and it's a bit

07:18slower and there are cases where people use both together and again this is basic so we're not

07:23getting into all these details ecdsa stands for elliptic curve digital signature algorithm it's one of the

07:31more complex public key cryptography encryption algorithms is generated by elliptic curve cryptography

07:37that are smaller than the average keys generated by digital signing algorithm so again basics we don't

07:43have to go into that but as you can imagine we we just talked about it it's used for digital signing

07:49it's not used for encryption and decryption of data so that was just a quick primer on encryption basics

07:58looking at kind of the different algorithms and looking at symmetric versus asymmetric encryption

08:04another term which you hear a lot or you would hear in the subsequent lesson is this thing called hardware

08:09security module think about hardware security module or hsm as a physical computing device that safeguards

08:16and manages keys it performs encryption and decryption functions also does things like strong

08:21authentication and other cryptographic functions now there are certain characteristics of these hsm

08:28they are tamper evident as we discussed you know they are used to manage these digital keys and also

08:34perform cryptographic functions now because the critical role they play in securing applications and

08:41infrastructure hsms are typically certified to internationally recognized standards such as common

08:49criteria or fips 140 to provide users with independent assurance that the design and implementation of the

08:56product and cryptographic algorithms are sound so in case of um oci oracle cloud infrastructure we have

09:03a service called vault it uses hsm behind the scenes and the hsms it uses meet the fibs 140 dash uh

09:13two security level three uh certification i think believe the highest level goes to four so three is actually

09:20pretty pretty nice kind of standard and it has um certain characteristics of obviously it's tamper

09:27resistant uh it requires uh kind of identity based authentication and if somebody tries to tamper with

09:34the device if they get hold of the device the hsm deletes the key uh when it detects tampering so it

09:40manages that sort of the superior level of security and independent assurance that it meets certain criteria

09:47certain regulatory compliance standards so hopefully this was a quick lesson we looked at encryption

09:54basics kind of some difference between symmetric asymmetric uh encryption looked at some of the

09:59algorithms and we concluded with a quick overview of what hardware security modules are i hope you

10:06found this lesson useful thanks for your time

35. Encryption Basics - Oracle Cloud Infrastructure Foundations

Category

Transcript

Be the first to comment

Recommended