Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,580 --> 00:00:06,580 Welcome to our lecture on cryptography, if you want to be a good cybersecurity specialist, you must 2 00:00:06,580 --> 00:00:10,900 have a good understanding of the fundamental concepts involved in cryptography. 3 00:00:12,840 --> 00:00:19,710 Cryptography is the study and application of methods and techniques to protect information by using codes 4 00:00:19,710 --> 00:00:21,080 for secure communication. 5 00:00:21,570 --> 00:00:27,110 So the bottom line in cryptography is to ensure secure communication between two parties. 6 00:00:28,880 --> 00:00:34,370 Cryptography is broadly categorized into two main categories, symmetric and asymmetric. 7 00:00:34,670 --> 00:00:37,370 We are going to start with symmetric encryption concepts. 8 00:00:38,350 --> 00:00:45,280 Symmetric encryption is also called private-key encryption, and it uses the same key for encryption 9 00:00:45,280 --> 00:00:51,040 as well as decryption, and that is why it is called symmetric, because the same key is used both 10 00:00:51,040 --> 00:00:53,330 at the source and at the destination. 11 00:00:54,010 --> 00:00:56,020 It also uses the same cipher. 12 00:00:56,440 --> 00:01:02,320 Cipher is a word which is an alternate for algorithms, is used for encryption and decryption. 13 00:01:02,800 --> 00:01:08,620 So the same algorithm is used at the source for encrypting data and the same algorithm is used at the 14 00:01:08,620 --> 00:01:14,020 destination for decrypting the data. Now key lengths determine the strength of encryption. 15 00:01:14,290 --> 00:01:16,180 And usually the longer the better. 16 00:01:16,570 --> 00:01:21,250 Some popular private key ciphers include AES, RC5 and TwoFish. 17 00:01:22,220 --> 00:01:25,530 Let's have a look at how symmetric encryption actually works. 18 00:01:26,060 --> 00:01:32,180 So we have a source which wants to send data to a destination and it wants to encrypt the data before 19 00:01:32,180 --> 00:01:32,780 sending it. 20 00:01:33,350 --> 00:01:39,260 So at the source, we have a plain text file, which means it is an encrypted text and anybody can read 21 00:01:39,260 --> 00:01:39,470 it. 22 00:01:40,370 --> 00:01:46,970 So basically, we use a key, which is kind of a secret code which helps us encode this plaintext. 23 00:01:48,080 --> 00:01:53,750 In addition to the key, we need an algorithm which is basically going to take the key and the plaintext 24 00:01:53,750 --> 00:02:00,470 data and it's going to do some steps, some operations in order to provide us with the ciphertext, 25 00:02:00,740 --> 00:02:02,870 which is basically the encrypted text. 26 00:02:03,500 --> 00:02:11,030 So using the key and the algorithm with plain text as the input, we get a ciphertext as output and 27 00:02:11,030 --> 00:02:12,840 this completes the encryption part. 28 00:02:13,760 --> 00:02:20,420 Now, the basic aim of encryption was so that we could transmit data over the public Internet without 29 00:02:20,420 --> 00:02:22,410 compromising its confidentiality. 30 00:02:23,000 --> 00:02:24,520 So that's exactly what we did. 31 00:02:24,650 --> 00:02:30,470 We converted plaintext into ciphertext and then the ciphertext, which is basically encrypted data. 32 00:02:30,590 --> 00:02:35,900 And even if somebody gets a copy of it while it is flowing over the Internet, they would still not 33 00:02:35,900 --> 00:02:38,620 be able to easily break it because it's encrypted. 34 00:02:39,260 --> 00:02:45,380 Now at the destination, the destination has received a cipher text, which is encrypted text, and 35 00:02:45,380 --> 00:02:47,330 the process now needs to be reversed. 36 00:02:48,260 --> 00:02:55,020 So at the destination, it needs to use exactly the same key which was used to encrypt the data. 37 00:02:55,490 --> 00:02:58,030 Consider it exactly like a numbered lock. 38 00:02:58,460 --> 00:03:03,330 So you really need to line up exactly those same numbers if you want to unlock it. 39 00:03:04,100 --> 00:03:11,240 So using the exact same key and using the exact same algorithm, we can decrypt this data so we can 40 00:03:11,240 --> 00:03:14,020 work the ciphertext back into plain text. 41 00:03:14,390 --> 00:03:16,610 And this is called the decryption. 42 00:03:17,270 --> 00:03:23,860 And this is how the source is able to encrypt plaintext data into ciphertext transmitted over the Internet. 43 00:03:24,170 --> 00:03:28,400 And then the destination is able to get back to plain text from the ciphertext. 44 00:03:29,180 --> 00:03:35,030 Perhaps the single most important factor which can determine the strength of encryption is the key length. 45 00:03:35,390 --> 00:03:36,820 The longer the key, the better. 46 00:03:37,250 --> 00:03:43,160 So let's say you have a password with X number of characters for every character you can select, either 47 00:03:43,160 --> 00:03:50,360 from A to Z, which are basically 26 different alphabet or digits 0-9 which are ten. So 48 00:03:50,360 --> 00:03:56,450 26 + 10 = 36 possibilities for each of these cells or each of these characters. 49 00:03:57,410 --> 00:04:01,730 But computers, they need digital numbers, they understand binary numbers. 50 00:04:02,330 --> 00:04:04,250 So we always talk about bits. 51 00:04:04,630 --> 00:04:09,860 So we talk about key lengths in terms of bits. Since we're talking about binary, 52 00:04:09,870 --> 00:04:14,290 so every cell or every bit can either be 0 or it can be 1. 53 00:04:14,720 --> 00:04:21,110 So if you have a key which spans n-bits, then it means you have 2 raised to the power n different 54 00:04:21,110 --> 00:04:22,310 combinations possible. 55 00:04:23,400 --> 00:04:30,420 Let's have a look at the comparison table, which shows us how increasing key lengths make breaking encryption 56 00:04:30,420 --> 00:04:31,040 difficult. 57 00:04:32,130 --> 00:04:38,070 So let's say if you are selecting a key length of 56-bits, which means that you have to 2 raised to the 58 00:04:38,070 --> 00:04:44,270 power 56 different combinations, and using a good state of the art computer, you can break it in 20 59 00:04:44,270 --> 00:04:44,670 hours. 60 00:04:45,480 --> 00:04:51,810 But if you increase the key length to 128, the possible combinations now jump to 2 raised to the 61 00:04:51,810 --> 00:04:59,310 power 128 and it would take 5 x 10 raised to the power 17 years to break it using the same computer, 62 00:04:59,940 --> 00:05:05,970 and say if you increase the key length to 256 bits, then you have 2 raised to the power 256 63 00:05:05,970 --> 00:05:10,790 different combinations, which would take 7 x 10, raised to the power 56 years. 64 00:05:11,040 --> 00:05:12,730 So nearly impossible to break. 65 00:05:13,740 --> 00:05:19,530 So the bottom line that we need to understand is that it is always advisable and in fact recommended 66 00:05:19,830 --> 00:05:21,600 to use long key lengths. 67 00:05:25,310 --> 00:05:31,840 A very popular and state of the art symmetric encryption scheme is AES - advanced encryption standard. 68 00:05:32,360 --> 00:05:36,400 It is so strong that it is even acceptable for military purposes. 69 00:05:37,780 --> 00:05:46,900 AES offers various key lengths, starting from 128, 192 up to 256 bits. The key determines the strength 70 00:05:46,900 --> 00:05:47,650 of the encryption. 71 00:05:47,650 --> 00:05:54,040 So obviously AES-256 would be considered stronger compared to a AES-192, for instance. 72 00:05:54,580 --> 00:06:00,910 AES has several implementations and it's widely adopted in the industry and it is used in a large 73 00:06:00,910 --> 00:06:05,210 number of applications. In contrast to symmetric encryption, 74 00:06:05,230 --> 00:06:11,570 we also have another type of encryption, which is asymmetric encryption, also known as public key 75 00:06:11,590 --> 00:06:12,340 cryptography. 76 00:06:13,390 --> 00:06:19,420 Now, the main difference between asymmetric and asymmetric is that in symmetric encryption, both the 77 00:06:19,420 --> 00:06:23,040 sender and the receiver used the same secret key. 78 00:06:23,800 --> 00:06:29,920 But the problem with those type of encryption is that let's say you want to communicate with 100 different 79 00:06:29,920 --> 00:06:35,920 people, then obviously you need to have 100 different private keys and it becomes difficult to scale 80 00:06:35,920 --> 00:06:36,380 it, right? 81 00:06:37,600 --> 00:06:40,250 So the solution to that is public-key cryptography. 82 00:06:40,630 --> 00:06:45,400 So what happens in public cryptography is that let's say you have a plain text document. 83 00:06:46,240 --> 00:06:51,490 So what you're going to do is that you're going to use the public key of the destination. 84 00:06:51,940 --> 00:06:54,280 So the destination, let's say it's a server. 85 00:06:55,180 --> 00:06:59,440 It has shared its public key, you know, which is known to everyone in the world. 86 00:07:00,130 --> 00:07:04,630 And you basically encrypt your document using this public key. 87 00:07:05,020 --> 00:07:05,360 Right? 88 00:07:07,240 --> 00:07:13,290 So now the thing is that with asymmetric encryption, anything that has been encrypted with the public key, 89 00:07:13,330 --> 00:07:17,440 it can only be decrypted by a private key, which is secret. 90 00:07:17,440 --> 00:07:17,780 Right. 91 00:07:18,010 --> 00:07:19,990 So it's like asymmetric. 92 00:07:20,020 --> 00:07:23,440 You're not using the same key for encryption and decryption. 93 00:07:23,440 --> 00:07:24,970 You're using two different keys. 94 00:07:25,360 --> 00:07:30,490 So if you want to send a message to a destination, which you want to make sure that it's encrypted, 95 00:07:31,180 --> 00:07:40,030 you need to encrypt it using the public key of the destination and then send this message over the Internet. 96 00:07:40,300 --> 00:07:45,500 So even if somebody eavesdrops, you know, on this message right here, it's not a problem. 97 00:07:46,390 --> 00:07:50,730 So at the destination, the destination is going to use its private key. 98 00:07:50,820 --> 00:07:52,090 Now, this one is secret. 99 00:07:52,090 --> 00:07:55,690 And it is only known to this, you know, the destination. 100 00:07:56,590 --> 00:07:59,680 And once it basically decrypts this. 101 00:07:59,700 --> 00:08:03,740 So basically we have completed the decryption part of the process. 102 00:08:03,760 --> 00:08:06,030 Now, a couple of points to keep in mind. 103 00:08:06,550 --> 00:08:13,930 The first being that you cannot decrypt a message or a file that has been encrypted using a public key, 104 00:08:14,080 --> 00:08:15,610 using the public key again. 105 00:08:16,300 --> 00:08:22,310 So it only works with public key encryption, decryption with private key, and vice versa. 106 00:08:22,540 --> 00:08:30,490 Right? now, another important point, which I want to clarify, which confuses a lot of people, is 107 00:08:30,490 --> 00:08:34,360 that so let's see what happens if we go the other way around. 108 00:08:34,480 --> 00:08:41,860 So, for example, if the destination encrypts a document using his private key then it is not basically encrypting 109 00:08:41,860 --> 00:08:46,600 it for the sake of secrecy, because everybody in the world, they have the public key and they can 110 00:08:46,600 --> 00:08:47,530 simply decrypt it. 111 00:08:47,530 --> 00:08:54,460 Right? In this case, what we call this is called digitally signing the document, which basically means 112 00:08:54,460 --> 00:09:01,870 that this guy is making sure that if I encrypt a document using my private key, then only my public 113 00:09:01,870 --> 00:09:03,950 key can be used to decrypt it. 114 00:09:04,330 --> 00:09:09,090 So it's just sort of an assurance that this was, you know, signed by me. 115 00:09:09,100 --> 00:09:10,990 So this document is really coming from me. 116 00:09:11,590 --> 00:09:13,670 Now, that's what we call digital signatures. 117 00:09:14,320 --> 00:09:21,250 So in a nutshell, just to reiterate, in public key cryptography or asymmetric cryptography, if you 118 00:09:21,250 --> 00:09:27,460 want to ensure confidentiality, then you'll be using the public key of the destination to encrypt the 119 00:09:27,460 --> 00:09:31,120 message which the destination can then decrypt using his private key. 120 00:09:31,120 --> 00:09:32,820 And these two keys are different. 121 00:09:33,160 --> 00:09:38,410 You won't be able to decrypt a message which has been encrypted to the public using the public key again. 122 00:09:38,410 --> 00:09:38,740 Right. 123 00:09:39,250 --> 00:09:41,010 So that ensures confidentiality. 124 00:09:41,380 --> 00:09:47,350 But if the flow is the other way around, if this destination is encrypting a document using the private 125 00:09:47,350 --> 00:09:53,020 key, then it just means that he's making sure that, you know, telling people that I have signed this 126 00:09:53,020 --> 00:09:56,680 document because everybody can decrypt this document using the public key. 127 00:09:56,710 --> 00:09:57,760 This is public knowledge. 128 00:09:57,770 --> 00:09:57,970 Right? 129 00:09:58,000 --> 00:10:02,560 So in this case, we're not talking about confidentiality or secrecy. 130 00:10:04,330 --> 00:10:07,540 Now, a couple of important points, which I would like to reiterate. 131 00:10:07,570 --> 00:10:13,840 The first is that if you want to ensure confidentiality, so basically what you need to do is that you 132 00:10:13,840 --> 00:10:19,420 need to encrypt the data using the public key of the destination or the receiver. 133 00:10:19,960 --> 00:10:25,750 And at the receiving end, the receiver is going to use the secret private key for decrypting the data. 134 00:10:25,960 --> 00:10:29,880 And please keep in mind, the private key is completely different from the public. 135 00:10:31,360 --> 00:10:36,610 Now the point that we're trying to make is that the data that has been encrypted by public key cannot 136 00:10:36,610 --> 00:10:36,820 be 137 00:10:37,050 --> 00:10:42,720 decrypted with the public, and it must use the private key at the destination for decryption. 138 00:10:43,760 --> 00:10:49,130 Now, on the other hand, if a sender is using his private key to encrypt something, then it's not 139 00:10:49,130 --> 00:10:53,360 really for secrecy because, you know, everybody in the world has the public key and they can simply 140 00:10:53,360 --> 00:10:55,700 decrypt it. In that sense, 141 00:10:55,700 --> 00:11:00,890 it is just digitally signing a document, which basically means that the sender is saying that, 142 00:11:00,890 --> 00:11:02,390 OK, here is this document. 143 00:11:02,390 --> 00:11:10,280 I have encrypted completely, you know, full document or maybe a small part of it and add to basically 144 00:11:10,290 --> 00:11:16,880 general public and simply use the public key of that sender and then decrypt or, you know, check whether 145 00:11:16,880 --> 00:11:19,550 this document actually came from the sender or not. 146 00:11:20,390 --> 00:11:26,130 The point being that only his public key can be used to decrypt this document, not somebody else's. 147 00:11:26,160 --> 00:11:27,860 So that's the key point to understand. 148 00:11:27,860 --> 00:11:33,680 The magic is basically in special mathematical operations, which allow the use of two different types 149 00:11:33,680 --> 00:11:34,170 of keys. 150 00:11:35,060 --> 00:11:40,520 So basically the difference between asymmetric and asymmetric being that in symmetric we have exactly 151 00:11:40,520 --> 00:11:43,470 the same key at both the sender and the receiver. 152 00:11:44,360 --> 00:11:48,360 However, in asymmetric encryption, we're basically using two different keys. 153 00:11:49,190 --> 00:11:55,130 So one of the reasons why we needed asymmetric encryption was because private keys cannot always be 154 00:11:55,130 --> 00:11:58,450 safely exchanged on public networks like the Internet. 155 00:11:59,120 --> 00:12:04,910 So asymmetric encryption is required to create that initial trust, the initial encrypted end to end 156 00:12:04,910 --> 00:12:10,310 communication channel over which you can even exchange symmetric keys and then use them later on for 157 00:12:10,310 --> 00:12:11,480 encryption or decryption. 158 00:12:11,960 --> 00:12:16,950 But for the initial secure and encrypted channel, you definitely need asymmetric encryption. 159 00:12:17,300 --> 00:12:22,970 Another reason why you may want to consider asymmetric encryption is because symmetric keys are not 160 00:12:22,970 --> 00:12:23,850 really scalable. 161 00:12:24,560 --> 00:12:30,530 So imagine if you are a user and you want to communicate with different entities, so you'll be requiring 162 00:12:30,530 --> 00:12:35,870 n different symmetric keys if you're using asymmetric encryption because you need a different key 163 00:12:35,870 --> 00:12:40,790 for it, one communication for it, or two you need a different key and so on. 164 00:12:41,090 --> 00:12:45,630 And so if you're talking to ten people, you need and different symmetric keys. 165 00:12:46,100 --> 00:12:50,810 So imagine if you want to communicate with thousands of different servers, you'll need thousands of 166 00:12:50,810 --> 00:12:51,600 different keys. 167 00:12:51,920 --> 00:12:54,590 So it is obviously not a scalable solution. 168 00:12:55,040 --> 00:12:57,630 Now, contrast that with asymmetric encryption. 169 00:12:58,100 --> 00:13:01,730 So if you're using asymmetric, you just need 2 keys and that's it. 170 00:13:02,570 --> 00:13:05,400 So one is the private key, which would be used by A. 171 00:13:05,870 --> 00:13:09,440 And the second is the public key, which is published to all the users. 172 00:13:09,440 --> 00:13:10,370 And it is public. 173 00:13:11,460 --> 00:13:16,680 Some popular asymmetric solutions include the Diffie-Hellman, which is used for key exchange between two 174 00:13:16,680 --> 00:13:17,230 entities. 175 00:13:17,940 --> 00:13:22,620 We also have RSA, which is used for actual encryption or decryption, and we have ECC, 176 00:13:22,890 --> 00:13:25,950 which is again used for actual encryption and decryption. 177 00:13:25,950 --> 00:13:28,050 And there are several others available as well. 178 00:13:29,450 --> 00:13:35,960 A quick recap on the differences between asymmetric and asymmetric encryption, so in symmetric encryption, 179 00:13:35,960 --> 00:13:39,950 we always use the same key for encryption as well as for decryption. 180 00:13:40,370 --> 00:13:44,990 But in asymmetric encryption, we use different keys, private and public. 181 00:13:45,970 --> 00:13:51,340 And symmetric encryption, encryption and decryption algorithms or ciphers are exactly the same, 182 00:13:51,970 --> 00:13:57,490 but in asymmetric encryption, we have different encryption and decryption algorithms because we are 183 00:13:57,490 --> 00:14:00,520 using different keys for encryption and for decryption. 184 00:14:01,570 --> 00:14:06,670 A major problem with symmetric encryption is that it is not always possible to exchange keys safely 185 00:14:07,000 --> 00:14:12,550 because to start the encryption process, the two ends need to have the same key and there is no way 186 00:14:12,550 --> 00:14:15,580 to exchange these keys without incurring some sort of risk. 187 00:14:16,300 --> 00:14:19,970 In contrast, asymmetric encryption can be done on public networks. 188 00:14:19,990 --> 00:14:23,090 In fact, it is designed for communication over public networks. 189 00:14:23,950 --> 00:14:29,740 One advantage of symmetric encryption is that it's very fast, whereas asymmetric encryption is slow 190 00:14:30,160 --> 00:14:34,450 and one of the reasons is because it's using different encryption and decryption techniques. 191 00:14:37,160 --> 00:14:42,950 Now, systematic encryption is very fast, so what we normally do is that we create the initial secure 192 00:14:42,950 --> 00:14:49,820 channel using asymmetric encryption, but once that is in place, we exchange symmetric keys or session 193 00:14:49,820 --> 00:14:55,350 keys and then we use symmetric encryption for quick and efficient encryption, decryption of data at 194 00:14:55,370 --> 00:14:56,000 the two ends. 195 00:14:56,420 --> 00:15:01,580 But for the initial establishment of the trust of the secure channel, we use asymmetric encryption. 196 00:15:01,880 --> 00:15:06,410 And then within that tunnel or within that channel, we can exchange symmetric keys as well. 197 00:15:06,950 --> 00:15:12,470 Another difference between the two encryption schemes is that for offering the same strength, symmetric 198 00:15:12,470 --> 00:15:16,030 encryption requires smaller key lengths compared to asymmetric encryption. 199 00:15:16,550 --> 00:15:22,160 And this stems from the fact that asymmetric encryption is designed to allow for two different keys 200 00:15:22,160 --> 00:15:23,130 to encrypt and decrypt. 201 00:15:23,390 --> 00:15:29,300 So that's why we generally need longer keys in asymmetric encryption in order to provide the same level 202 00:15:29,300 --> 00:15:31,200 of safety as asymmetric encryption. 203 00:15:31,730 --> 00:15:33,290 So that concludes our lecture. 204 00:15:33,320 --> 00:15:34,550 I'll see you in the next one. 22239