eBook - ePub

Modern Cryptography for Cybersecurity Professionals

Name: Modern Cryptography for Cybersecurity Professionals
Author: Lisa Bock

Lisa Bock

Share book

286 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Modern Cryptography for Cybersecurity Professionals

Lisa Bock

Book details

Book preview

Table of contents

Citations

About This Book

As a cybersecurity professional, discover how to implement cryptographic techniques to help your organization mitigate the risks of altered, disclosed, or stolen dataKey Features• Discover how cryptography is used to secure data in motion as well as at rest• Compare symmetric with asymmetric encryption and learn how a hash is used• Get to grips with different types of cryptographic solutions along with common applicationsBook DescriptionIn today's world, it is important to have confidence in your data storage and transmission strategy. Cryptography can provide you with this confidentiality, integrity, authentication, and non-repudiation. But are you aware of just what exactly is involved in using cryptographic techniques? Modern Cryptography for Cybersecurity Professionals helps you to gain a better understanding of the cryptographic elements necessary to secure your data. The book begins by helping you to understand why we need to secure data and how encryption can provide protection, whether it be in motion or at rest. You'll then delve into symmetric and asymmetric encryption and discover how a hash is used. As you advance, you'll see how the public key infrastructure (PKI) and certificates build trust between parties, so that we can confidently encrypt and exchange data. Finally, you'll explore the practical applications of cryptographic techniques, including passwords, email, and blockchain technology, along with securely transmitting data using a virtual private network (VPN). By the end of this cryptography book, you'll have gained a solid understanding of cryptographic techniques and terms, learned how symmetric and asymmetric encryption and hashed are used, and recognized the importance of key management and the PKI.What you will learn• Understand how network attacks can compromise data• Review practical uses of cryptography over time• Compare how symmetric and asymmetric encryption work• Explore how a hash can ensure data integrity and authentication• Understand the laws that govern the need to secure data• Discover the practical applications of cryptographic techniques• Find out how the PKI enables trust• Get to grips with how data can be secured using a VPNWho this book is forThis book is for IT managers, security professionals, students, teachers, and anyone looking to learn more about cryptography and understand why it is important in an organization as part of an overall security framework. A basic understanding of encryption and general networking terms and concepts is needed to get the most out of this book.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Modern Cryptography for Cybersecurity Professionals an online PDF/ePUB?

Yes, you can access Modern Cryptography for Cybersecurity Professionals by Lisa Bock in PDF and/or ePUB format, as well as other popular books in Informatica & Sicurezza informatica. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2021

ISBN

9781838647797

Edition

Topic

Informatica

Subtopic

Sicurezza informatica

Section 1: Securing Our Data

In this section, we'll take a look at the current threat landscape so that you can better understand the reasons why we need to secure our data. First we'll outline how encryption can protect the data, whether in motion or at rest, by providing security services, such as confidentiality, integrity, and authentication. We'll then take a brief look at the evolution of ciphers over time, along with the development of Lucifer and Feistel ciphers, as scientists recognized the need to secure digital data. Finally, we'll compare some of the various network attacks that can alter the integrity of our data.

This section comprises the following chapters:

Chapter 1, Protecting Data in Motion or at Rest
Chapter 2, The Evolution of Ciphers
Chapter 3, Evaluating Network Attacks

Chapter 1: Protecting Data in Motion or at Rest

We live in an exciting yet challenging time. Every second of the day there are zettabytes of data traveling over networks and the internet. Data is constantly being sent and received from our homes, cars, businesses, and billions of Internet of Things (IoT) devices. In this chapter, you'll gain an appreciation for the need to secure our data in a dynamic digital world. We'll begin with a brief look at how, over the past few decades, we have seen advances in technology that have resulted in more of our data being exchanged. Concurrent to the advances in technology, we have seen an increase in the type and amount of threats to our data.

So that you understand the many resources available on guidelines for ensuring our data is not compromised, we'll take a look at the Security architecture for Open Systems Interconnection for CCITT applications, also known as X.800. You'll learn how encryption provides many security services, which include ensuring confidentiality, integrity, authentication, forward secrecy, non-repudiation, and enhanced privacy guarantees. In addition, we'll outline some common cryptographic concepts, such as Trusted Third Party (TTP) and the Public Key Infrastructure (PKI). We'll also cover how we use the story of Bob, Alice, and other personalities to help us understand complex technical concepts.

We'll then cover some basic encryption techniques. You'll see how using substitution or transposition can scramble data into an unreadable form that won't make sense unless you have the key to decrypt the message. In order to better understand substitution and transposition, we will discuss some illustrative examples that employ two basic ciphers, namely pigpen and rail fence. Finally, we'll outline some basic techniques, such as letter frequency analysis, which can be used to break some codes.

This chapter covers the following main topics:

Outlining the current threat landscape
Understanding security services
Introducing common cryptographic concepts
Outlining substitution and transposition

Outlining the current threat landscape

Over the past three decades, there has been substantial growth in the amount of digital data, both at rest and in transit. The digital wave has become an ocean of all types of data, such as email, movies, images, and tweets. With this growth comes the threat of attacks on our data, which we face on a daily basis.

In this section, we'll take a look at how our world has transformed with the adoption of digital technology, along with an overview of the current threat landscape.

Let's start with a look at the growth in digital information over the years.

Digitally transforming our world

In 1946, the world got a glimpse of the future. That was the year that the Moore School of Electrical Engineering of the University of Pennsylvania introduced the Electronic Numerical Integrator and Computer (ENIAC) system. The ENIAC was enormous, as it filled a room and was capable of performing calculations faster than any other computer at the time.

When computers first appeared, the cost to own and operate a system was extremely high. Ordinary citizens knew very little about computers. Due to their prohibitively large costs, computer systems were owned mainly by governments, industry, and universities. In 1980, the cost of a gigabyte (GB) hard drive was approximately $1.2 million. By 1990, the price was down to $8,000, and costs continued to decrease. As shown in the following graphic, from 1995 to 2000, the price of drives per GB went down substantially:

Figure 1.1 – The cost of hard drives per gigabyte

By 2010, the cost of drives per GB was approximately $0.10. Along with the cost of hard drives, the price of computers in general went down as well. With more affordable pricing, more and more businesses and consumers were embracing technology, as we'll see next.

Rapidly advancing technology

The industry continued to develop desktops, laptops, games, mobile devices, and IoT devices that began to collect and exchange more and more data. Concurrently, businesses, universities, governments, and consumers began to invest heavily in information technology, spending billions on hardware and software designed to improve the quality of life.

Today, a large percentage of the world is using digital technology and the internet, for a wide variety of purposes. Applications include e-commerce, social media, mobile banking, and email, all generating data.

Data includes anything you can see or hear and can be digitized in a multitude of different types and formats, including the following:

Voice over Internet Protocol (VoIP), also known as IP telephony, is a group of technologies primarily used to transmit phone calls over the internet
Documents such as spreadsheets, word processor documents, presentation files, and Portable Document Format (PDF) files
Images that include Joint Photographic Group (JPG), Tagged Image File Format (TIPP), and Bitmap Image File (BMP)
Video that includes a wide range of formats, such as Moving Picture Experts Group (MPEG) and Advanced Video Coding (AVC), originating from a variety of sources

Some may argue that not all data needs to be protected. However, much of the data that is in storage on a server or in motion while traveling across the network should be encrypted, mainly because this flood of da...