Deep dive into cyber security protocols
In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted and strongly authenticated. Nowadays, term encryption is nearly of the same usage as the term – cryptography.
Course Objectives
Upon completing the course, the participants will be able to:
- Understand basic cryptography definitions.
- Understand major encryption types: asynchronous, synchronous.
- Describe the concepts of most known algorithms: public-key cryptography, symmetric key cryptography, cryptographic protocols.
- Explain the use of cryptography on different levels: software cryptography, network cryptography, data signing, digital rights management and more.
- Understand strong and weak encryption and as a result strong or weak authentication.
- Explain known vulnerabilities and weaknesses in some of encryption implementations.
- Describe trends and known solutions in cryptography and authentication nowadays.
Topics
The following topics are covered in the course
- Encryption and Authentication basics
- Encryption and Authentication definitions and concepts
- Encryption algorithms and encryption strength
- Encryption process: symmetric, asymmetric, public-key, pre-shared key and more
- Encryption usages: software, network, browsing, mail, rights management.
- Strong Authentication principles.
- End to End Encryption concept.
- Encryption, Authentication and Cyberspace
Target Audience
Security Officers, Security Personnel, CSOs, CROs, CTOs, Application Developers
Prerequisites
Basic knowledge in security
Duration
2 Days
Outline
- Basics
- What is Encryption
- History of Encryption
- Brief – Known algorithms of encryption (common knowledge)
- Encryption processes
- Encryption standards (RSA, IPSec, PGP, SSL, TLS)
- NIST
- Definitions and concepts
- Encryption types and definitions
- Symmetric-key algorithm
- Block Cypher
- Stream Cypher
- Public-key cryptography
- Hash Functions
- Message authentication code
- Random numbers
- Steganography
- Quantum encryption
- Known algorithms and encryption strength
- Diffie-Hellman
- El-Gamal
- DES
- AES
- RC4
- MD5
- SSLv2, SSLv3
- TLSv1
- Blowfish
- Sha-1(2,3)
- MAC
- Encryption process
- Computational complexity
- RSA key management and integer factorization
- Diffie-Hellman key exchange protocol and Discrete logarithm problem
- El-Gamal elliptic curve techniques
- Public-key infrastructure
- Hybrid cryptosystems
- Block Cypher mode
- Cryptanalysis
- Encryption usages
- Data protection
- Mail protection
- Digital signature and Accountability
- Network Protocol encryption
- Software user management products (Active Directory, Radius, Kerberos)
- Strong Authentication
- Multi-factor authentication (what you have, what you are, what you know)
- Tokens and Smart Card Encryption
- Wireless encryption protocols
- OTP – One Time Passwords
- SSO
- S/MIME (and Certificates)
- Known Cryptographic Attacks and Vulnerabilities
- Brute Force Attack
- MITM
- Known Plain Text Attack
- Cypher Text Only Attack
- Chosen Plaintext Attack
- Replay Attack
- Wireless attacks (Airtools) and RFID protocols
- Social Engineering Attack
- End to end encryption
- Definition
- Usages
- Known Standards that require\recommend ETE encryption
- Encryption and Authentication in Cyberspace
- Encryption in Cloud
- Encrypted root DNS (GRE tunnels, internet traffic redirection)
- IPSec
- Anonymization concept
- Deperemetrization concept