Asymmetric Encryption Algorithms

Loading...

来自 Google 的课程

IT Security: Defense against the digital dark arts

725 个评分

Google

IT Security: Defense against the digital dark arts

725 个评分

课程 5（共 5 门，Specialization Google IT Support Professional Certificate）

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: Authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: - how various encryption algorithms and techniques work and their benefits and limitations. - various authentication systems and types. - the difference between authentication and authorization. At the end of this course, you’ll be able to: - evaluate potential risks and recommend ways to reduce risk. - make recommendations on how best to secure a network. - help others to understand security concepts and protect themselves.

从本节课中

Pelcgbybtl (Cryptology)

In the second week of this course, we'll learn about cryptology. We'll explore different types of encryption practices and how they work. We'll show you the most common algorithms used in cryptography and how they've evolved over time. By the end of this module, you'll understand how symmetric encryption, asymmetric encryption, and hashing work; you'll also know how to choose the most appropriate cryptographic method for a scenario you may see in the workplace.

Asymmetric Cryptography7:54

Asymmetric Encryption Algorithms5:45

与讲师见面

Google

So, one of the first practical asymmetric cryptography systems to be developed is RSA,

name for the initials of the three co-inventors.

Ron Rivest, Adi Shamir and Leonard Adleman.

This crypto system was patented in 1983 and was

released to the public domain by RSA Security in the year 2000.

The RSA system specifies mechanisms for generation and distribution

of keys along with encryption and decryption operation using these keys.

We won't go into the details of the math involved,

since it's pretty high-level stuff and beyond the scope of this class.

But, it's important to know that

the key generation process depends on choosing two unique,

random, and usually very large prime numbers.

DSA or Digital Signature Algorithm is another example of an asymmetric encryption system,

though its used for signing and verifying data.

It was patented in 1991 and is part of

the US government's Federal Information Processing Standard.

Similar to RSA, the specification covers

the key generation process along with the signing and verifying data using the key pairs.

It's important to call out that the security of this system is dependent on

choosing a random seed value that's incorporated into the signing process.

If this value was leaked or if it can be inferred if the prime number isn't truly random,

then it's possible for an attacker to recover the private key.

This actually happened in 2010 to Sony with their PlayStation 3 game console.

It turns out they weren't ensuring this randomized value was changed for every signature.

This resulted in a hacker group called failOverflow being able to

recover the private key that Sony used to sign software for their platform.

This allowed moders to write and sign custom software that

was allowed to run on the otherwise very locked down console platform.

This resulted in game piracy becoming a problem for Sony,

as this facilitated the illicit copying and

distribution of games which caused significant losses in sales.

I've included links to more about this in the next reading,

in case you want to dive deeper.

Earlier, we talked about how asymmetric systems are commonly used as

key exchange mechanisms to establish

a shared secret that will be used with symmetric cipher.

Another popular key exchange algorithm is

DH or Diffie-Hellman named for the co-inventors.

Let's walk through how the DH key exchange algorithm works.

Let's assume we have two people who would like to communicate over an unsecured channel,

and let's call them Suzanne and Daryll.

I've grown pretty fond of these two.

First, Suzanne and Daryl agree on

the starting number that would be random and will be very large integer.

This number should be different for every session and doesn't need to be secret.

Next, each person chooses another randomized large number but this one is kept secret.

Then, they combine their shared number with

their respective secret number and send the resulting mix to each other.

Next, each person combines their secret number

with the combined value they received from the previous step.

The result is a new value that's the same on both sides without

disclosing enough information to

any potential eavesdroppers to figure out the shared secret.

This algorithm was designed solely for key exchange,

though there have been efforts to adapt it for encryption purposes.

It's even been used as part of a PKI system or Public Key Infrastructure system.

We'll dive more into PKI systems later in this course.

Elliptic curve cryptography or ECC is a public key encryption system that

uses the algebraic structure of

elliptic curves over finite fields to generate secure keys.

What does that even mean?

Well, traditional public key systems,

make use of factoring large prime numbers whereas ECC makes use of elliptic curves.

And elliptic curve is composed of a set of coordinates that fit in equation,

similar to something like Y to the second equals X to the third,

plus A X plus B. Elliptic curves have a couple of interesting and unique properties.

One is horizontal symmetry,

which means that at any point in the curve can be mirrored

along the x axis and still make up the same curve.

On top of this, any non-vertical line will intersect the curve in three places at most.

Its this last property that allows elliptic curves to be used in encryption.

The benefit of elliptic curve based encryption systems is that they are able to achieve

security similar to traditional public key systems with smaller key sizes.

So, for example, a 256 bit elliptic curve key,

would be comparable to a 3,072 bit RSA key.

This is really beneficial since it reduces the amount of data

needed to be stored and transmitted when dealing with keys.

Both Diffie-Hellman and DSA have elliptic curve variants,

referred to as ECDH and ECDSA, respectively.

The US NEST recommends the use of EC encryption,

and the NSA allows its use to protect up the top secret data with 384 bit EC keys.

But, the NSA has expressed concern about EC encryption

being potentially vulnerable to quantum computing attacks,

as quantum computing technology continues to evolve and mature.

I'm going to buy Suzanne and Darryl drink today for all their hard work.

In the meantime, we've cooked up an assignment for

you that will test your encryption and decryption skills.

Take your time to decode all the details,

and I'll see you all in the next lesson.

探索我们的目录

免费加入并获得个性化推荐、更新和优惠。

Coursera 致力于普及全世界最好的教育，它与全球一流大学和机构合作提供在线课程。

© 2018 Coursera Inc. 保留所有权利。

通过 App Store 下载

通过 Google Play 获取