Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,580 --> 00:00:06,580
Welcome to our lecture on cryptography, if you want to be a good cybersecurity specialist, you must
2
00:00:06,580 --> 00:00:10,900
have a good understanding of the fundamental concepts involved in cryptography.
3
00:00:12,840 --> 00:00:19,710
Cryptography is the study and application of methods and techniques to protect information by using codes
4
00:00:19,710 --> 00:00:21,080
for secure communication.
5
00:00:21,570 --> 00:00:27,110
So the bottom line in cryptography is to ensure secure communication between two parties.
6
00:00:28,880 --> 00:00:34,370
Cryptography is broadly categorized into two main categories, symmetric and asymmetric.
7
00:00:34,670 --> 00:00:37,370
We are going to start with symmetric encryption concepts.
8
00:00:38,350 --> 00:00:45,280
Symmetric encryption is also called private-key encryption, and it uses the same key for encryption
9
00:00:45,280 --> 00:00:51,040
as well as decryption, and that is why it is called symmetric, because the same key is used both
10
00:00:51,040 --> 00:00:53,330
at the source and at the destination.
11
00:00:54,010 --> 00:00:56,020
It also uses the same cipher.
12
00:00:56,440 --> 00:01:02,320
Cipher is a word which is an alternate for algorithms, is used for encryption and decryption.
13
00:01:02,800 --> 00:01:08,620
So the same algorithm is used at the source for encrypting data and the same algorithm is used at the
14
00:01:08,620 --> 00:01:14,020
destination for decrypting the data. Now key lengths determine the strength of encryption.
15
00:01:14,290 --> 00:01:16,180
And usually the longer the better.
16
00:01:16,570 --> 00:01:21,250
Some popular private key ciphers include AES, RC5 and TwoFish.
17
00:01:22,220 --> 00:01:25,530
Let's have a look at how symmetric encryption actually works.
18
00:01:26,060 --> 00:01:32,180
So we have a source which wants to send data to a destination and it wants to encrypt the data before
19
00:01:32,180 --> 00:01:32,780
sending it.
20
00:01:33,350 --> 00:01:39,260
So at the source, we have a plain text file, which means it is an encrypted text and anybody can read
21
00:01:39,260 --> 00:01:39,470
it.
22
00:01:40,370 --> 00:01:46,970
So basically, we use a key, which is kind of a secret code which helps us encode this plaintext.
23
00:01:48,080 --> 00:01:53,750
In addition to the key, we need an algorithm which is basically going to take the key and the plaintext
24
00:01:53,750 --> 00:02:00,470
data and it's going to do some steps, some operations in order to provide us with the ciphertext,
25
00:02:00,740 --> 00:02:02,870
which is basically the encrypted text.
26
00:02:03,500 --> 00:02:11,030
So using the key and the algorithm with plain text as the input, we get a ciphertext as output and
27
00:02:11,030 --> 00:02:12,840
this completes the encryption part.
28
00:02:13,760 --> 00:02:20,420
Now, the basic aim of encryption was so that we could transmit data over the public Internet without
29
00:02:20,420 --> 00:02:22,410
compromising its confidentiality.
30
00:02:23,000 --> 00:02:24,520
So that's exactly what we did.
31
00:02:24,650 --> 00:02:30,470
We converted plaintext into ciphertext and then the ciphertext, which is basically encrypted data.
32
00:02:30,590 --> 00:02:35,900
And even if somebody gets a copy of it while it is flowing over the Internet, they would still not
33
00:02:35,900 --> 00:02:38,620
be able to easily break it because it's encrypted.
34
00:02:39,260 --> 00:02:45,380
Now at the destination, the destination has received a cipher text, which is encrypted text, and
35
00:02:45,380 --> 00:02:47,330
the process now needs to be reversed.
36
00:02:48,260 --> 00:02:55,020
So at the destination, it needs to use exactly the same key which was used to encrypt the data.
37
00:02:55,490 --> 00:02:58,030
Consider it exactly like a numbered lock.
38
00:02:58,460 --> 00:03:03,330
So you really need to line up exactly those same numbers if you want to unlock it.
39
00:03:04,100 --> 00:03:11,240
So using the exact same key and using the exact same algorithm, we can decrypt this data so we can
40
00:03:11,240 --> 00:03:14,020
work the ciphertext back into plain text.
41
00:03:14,390 --> 00:03:16,610
And this is called the decryption.
42
00:03:17,270 --> 00:03:23,860
And this is how the source is able to encrypt plaintext data into ciphertext transmitted over the Internet.
43
00:03:24,170 --> 00:03:28,400
And then the destination is able to get back to plain text from the ciphertext.
44
00:03:29,180 --> 00:03:35,030
Perhaps the single most important factor which can determine the strength of encryption is the key length.
45
00:03:35,390 --> 00:03:36,820
The longer the key, the better.
46
00:03:37,250 --> 00:03:43,160
So let's say you have a password with X number of characters for every character you can select, either
47
00:03:43,160 --> 00:03:50,360
from A to Z, which are basically 26 different alphabet or digits 0-9 which are ten. So
48
00:03:50,360 --> 00:03:56,450
26 + 10 = 36 possibilities for each of these cells or each of these characters.
49
00:03:57,410 --> 00:04:01,730
But computers, they need digital numbers, they understand binary numbers.
50
00:04:02,330 --> 00:04:04,250
So we always talk about bits.
51
00:04:04,630 --> 00:04:09,860
So we talk about key lengths in terms of bits. Since we're talking about binary,
52
00:04:09,870 --> 00:04:14,290
so every cell or every bit can either be 0 or it can be 1.
53
00:04:14,720 --> 00:04:21,110
So if you have a key which spans n-bits, then it means you have 2 raised to the power n different
54
00:04:21,110 --> 00:04:22,310
combinations possible.
55
00:04:23,400 --> 00:04:30,420
Let's have a look at the comparison table, which shows us how increasing key lengths make breaking encryption
56
00:04:30,420 --> 00:04:31,040
difficult.
57
00:04:32,130 --> 00:04:38,070
So let's say if you are selecting a key length of 56-bits, which means that you have to 2 raised to the
58
00:04:38,070 --> 00:04:44,270
power 56 different combinations, and using a good state of the art computer, you can break it in 20
59
00:04:44,270 --> 00:04:44,670
hours.
60
00:04:45,480 --> 00:04:51,810
But if you increase the key length to 128, the possible combinations now jump to 2 raised to the
61
00:04:51,810 --> 00:04:59,310
power 128 and it would take 5 x 10 raised to the power 17 years to break it using the same computer,
62
00:04:59,940 --> 00:05:05,970
and say if you increase the key length to 256 bits, then you have 2 raised to the power 256
63
00:05:05,970 --> 00:05:10,790
different combinations, which would take 7 x 10, raised to the power 56 years.
64
00:05:11,040 --> 00:05:12,730
So nearly impossible to break.
65
00:05:13,740 --> 00:05:19,530
So the bottom line that we need to understand is that it is always advisable and in fact recommended
66
00:05:19,830 --> 00:05:21,600
to use long key lengths.
67
00:05:25,310 --> 00:05:31,840
A very popular and state of the art symmetric encryption scheme is AES - advanced encryption standard.
68
00:05:32,360 --> 00:05:36,400
It is so strong that it is even acceptable for military purposes.
69
00:05:37,780 --> 00:05:46,900
AES offers various key lengths, starting from 128, 192 up to 256 bits. The key determines the strength
70
00:05:46,900 --> 00:05:47,650
of the encryption.
71
00:05:47,650 --> 00:05:54,040
So obviously AES-256 would be considered stronger compared to a AES-192, for instance.
72
00:05:54,580 --> 00:06:00,910
AES has several implementations and it's widely adopted in the industry and it is used in a large
73
00:06:00,910 --> 00:06:05,210
number of applications. In contrast to symmetric encryption,
74
00:06:05,230 --> 00:06:11,570
we also have another type of encryption, which is asymmetric encryption, also known as public key
75
00:06:11,590 --> 00:06:12,340
cryptography.
76
00:06:13,390 --> 00:06:19,420
Now, the main difference between asymmetric and asymmetric is that in symmetric encryption, both the
77
00:06:19,420 --> 00:06:23,040
sender and the receiver used the same secret key.
78
00:06:23,800 --> 00:06:29,920
But the problem with those type of encryption is that let's say you want to communicate with 100 different
79
00:06:29,920 --> 00:06:35,920
people, then obviously you need to have 100 different private keys and it becomes difficult to scale
80
00:06:35,920 --> 00:06:36,380
it, right?
81
00:06:37,600 --> 00:06:40,250
So the solution to that is public-key cryptography.
82
00:06:40,630 --> 00:06:45,400
So what happens in public cryptography is that let's say you have a plain text document.
83
00:06:46,240 --> 00:06:51,490
So what you're going to do is that you're going to use the public key of the destination.
84
00:06:51,940 --> 00:06:54,280
So the destination, let's say it's a server.
85
00:06:55,180 --> 00:06:59,440
It has shared its public key, you know, which is known to everyone in the world.
86
00:07:00,130 --> 00:07:04,630
And you basically encrypt your document using this public key.
87
00:07:05,020 --> 00:07:05,360
Right?
88
00:07:07,240 --> 00:07:13,290
So now the thing is that with asymmetric encryption, anything that has been encrypted with the public key,
89
00:07:13,330 --> 00:07:17,440
it can only be decrypted by a private key, which is secret.
90
00:07:17,440 --> 00:07:17,780
Right.
91
00:07:18,010 --> 00:07:19,990
So it's like asymmetric.
92
00:07:20,020 --> 00:07:23,440
You're not using the same key for encryption and decryption.
93
00:07:23,440 --> 00:07:24,970
You're using two different keys.
94
00:07:25,360 --> 00:07:30,490
So if you want to send a message to a destination, which you want to make sure that it's encrypted,
95
00:07:31,180 --> 00:07:40,030
you need to encrypt it using the public key of the destination and then send this message over the Internet.
96
00:07:40,300 --> 00:07:45,500
So even if somebody eavesdrops, you know, on this message right here, it's not a problem.
97
00:07:46,390 --> 00:07:50,730
So at the destination, the destination is going to use its private key.
98
00:07:50,820 --> 00:07:52,090
Now, this one is secret.
99
00:07:52,090 --> 00:07:55,690
And it is only known to this, you know, the destination.
100
00:07:56,590 --> 00:07:59,680
And once it basically decrypts this.
101
00:07:59,700 --> 00:08:03,740
So basically we have completed the decryption part of the process.
102
00:08:03,760 --> 00:08:06,030
Now, a couple of points to keep in mind.
103
00:08:06,550 --> 00:08:13,930
The first being that you cannot decrypt a message or a file that has been encrypted using a public key,
104
00:08:14,080 --> 00:08:15,610
using the public key again.
105
00:08:16,300 --> 00:08:22,310
So it only works with public key encryption, decryption with private key, and vice versa.
106
00:08:22,540 --> 00:08:30,490
Right? now, another important point, which I want to clarify, which confuses a lot of people, is
107
00:08:30,490 --> 00:08:34,360
that so let's see what happens if we go the other way around.
108
00:08:34,480 --> 00:08:41,860
So, for example, if the destination encrypts a document using his private key then it is not basically encrypting
109
00:08:41,860 --> 00:08:46,600
it for the sake of secrecy, because everybody in the world, they have the public key and they can
110
00:08:46,600 --> 00:08:47,530
simply decrypt it.
111
00:08:47,530 --> 00:08:54,460
Right? In this case, what we call this is called digitally signing the document, which basically means
112
00:08:54,460 --> 00:09:01,870
that this guy is making sure that if I encrypt a document using my private key, then only my public
113
00:09:01,870 --> 00:09:03,950
key can be used to decrypt it.
114
00:09:04,330 --> 00:09:09,090
So it's just sort of an assurance that this was, you know, signed by me.
115
00:09:09,100 --> 00:09:10,990
So this document is really coming from me.
116
00:09:11,590 --> 00:09:13,670
Now, that's what we call digital signatures.
117
00:09:14,320 --> 00:09:21,250
So in a nutshell, just to reiterate, in public key cryptography or asymmetric cryptography, if you
118
00:09:21,250 --> 00:09:27,460
want to ensure confidentiality, then you'll be using the public key of the destination to encrypt the
119
00:09:27,460 --> 00:09:31,120
message which the destination can then decrypt using his private key.
120
00:09:31,120 --> 00:09:32,820
And these two keys are different.
121
00:09:33,160 --> 00:09:38,410
You won't be able to decrypt a message which has been encrypted to the public using the public key again.
122
00:09:38,410 --> 00:09:38,740
Right.
123
00:09:39,250 --> 00:09:41,010
So that ensures confidentiality.
124
00:09:41,380 --> 00:09:47,350
But if the flow is the other way around, if this destination is encrypting a document using the private
125
00:09:47,350 --> 00:09:53,020
key, then it just means that he's making sure that, you know, telling people that I have signed this
126
00:09:53,020 --> 00:09:56,680
document because everybody can decrypt this document using the public key.
127
00:09:56,710 --> 00:09:57,760
This is public knowledge.
128
00:09:57,770 --> 00:09:57,970
Right?
129
00:09:58,000 --> 00:10:02,560
So in this case, we're not talking about confidentiality or secrecy.
130
00:10:04,330 --> 00:10:07,540
Now, a couple of important points, which I would like to reiterate.
131
00:10:07,570 --> 00:10:13,840
The first is that if you want to ensure confidentiality, so basically what you need to do is that you
132
00:10:13,840 --> 00:10:19,420
need to encrypt the data using the public key of the destination or the receiver.
133
00:10:19,960 --> 00:10:25,750
And at the receiving end, the receiver is going to use the secret private key for decrypting the data.
134
00:10:25,960 --> 00:10:29,880
And please keep in mind, the private key is completely different from the public.
135
00:10:31,360 --> 00:10:36,610
Now the point that we're trying to make is that the data that has been encrypted by public key cannot
136
00:10:36,610 --> 00:10:36,820
be
137
00:10:37,050 --> 00:10:42,720
decrypted with the public, and it must use the private key at the destination for decryption.
138
00:10:43,760 --> 00:10:49,130
Now, on the other hand, if a sender is using his private key to encrypt something, then it's not
139
00:10:49,130 --> 00:10:53,360
really for secrecy because, you know, everybody in the world has the public key and they can simply
140
00:10:53,360 --> 00:10:55,700
decrypt it. In that sense,
141
00:10:55,700 --> 00:11:00,890
it is just digitally signing a document, which basically means that the sender is saying that,
142
00:11:00,890 --> 00:11:02,390
OK, here is this document.
143
00:11:02,390 --> 00:11:10,280
I have encrypted completely, you know, full document or maybe a small part of it and add to basically
144
00:11:10,290 --> 00:11:16,880
general public and simply use the public key of that sender and then decrypt or, you know, check whether
145
00:11:16,880 --> 00:11:19,550
this document actually came from the sender or not.
146
00:11:20,390 --> 00:11:26,130
The point being that only his public key can be used to decrypt this document, not somebody else's.
147
00:11:26,160 --> 00:11:27,860
So that's the key point to understand.
148
00:11:27,860 --> 00:11:33,680
The magic is basically in special mathematical operations, which allow the use of two different types
149
00:11:33,680 --> 00:11:34,170
of keys.
150
00:11:35,060 --> 00:11:40,520
So basically the difference between asymmetric and asymmetric being that in symmetric we have exactly
151
00:11:40,520 --> 00:11:43,470
the same key at both the sender and the receiver.
152
00:11:44,360 --> 00:11:48,360
However, in asymmetric encryption, we're basically using two different keys.
153
00:11:49,190 --> 00:11:55,130
So one of the reasons why we needed asymmetric encryption was because private keys cannot always be
154
00:11:55,130 --> 00:11:58,450
safely exchanged on public networks like the Internet.
155
00:11:59,120 --> 00:12:04,910
So asymmetric encryption is required to create that initial trust, the initial encrypted end to end
156
00:12:04,910 --> 00:12:10,310
communication channel over which you can even exchange symmetric keys and then use them later on for
157
00:12:10,310 --> 00:12:11,480
encryption or decryption.
158
00:12:11,960 --> 00:12:16,950
But for the initial secure and encrypted channel, you definitely need asymmetric encryption.
159
00:12:17,300 --> 00:12:22,970
Another reason why you may want to consider asymmetric encryption is because symmetric keys are not
160
00:12:22,970 --> 00:12:23,850
really scalable.
161
00:12:24,560 --> 00:12:30,530
So imagine if you are a user and you want to communicate with different entities, so you'll be requiring
162
00:12:30,530 --> 00:12:35,870
n different symmetric keys if you're using asymmetric encryption because you need a different key
163
00:12:35,870 --> 00:12:40,790
for it, one communication for it, or two you need a different key and so on.
164
00:12:41,090 --> 00:12:45,630
And so if you're talking to ten people, you need and different symmetric keys.
165
00:12:46,100 --> 00:12:50,810
So imagine if you want to communicate with thousands of different servers, you'll need thousands of
166
00:12:50,810 --> 00:12:51,600
different keys.
167
00:12:51,920 --> 00:12:54,590
So it is obviously not a scalable solution.
168
00:12:55,040 --> 00:12:57,630
Now, contrast that with asymmetric encryption.
169
00:12:58,100 --> 00:13:01,730
So if you're using asymmetric, you just need 2 keys and that's it.
170
00:13:02,570 --> 00:13:05,400
So one is the private key, which would be used by A.
171
00:13:05,870 --> 00:13:09,440
And the second is the public key, which is published to all the users.
172
00:13:09,440 --> 00:13:10,370
And it is public.
173
00:13:11,460 --> 00:13:16,680
Some popular asymmetric solutions include the Diffie-Hellman, which is used for key exchange between two
174
00:13:16,680 --> 00:13:17,230
entities.
175
00:13:17,940 --> 00:13:22,620
We also have RSA, which is used for actual encryption or decryption, and we have ECC,
176
00:13:22,890 --> 00:13:25,950
which is again used for actual encryption and decryption.
177
00:13:25,950 --> 00:13:28,050
And there are several others available as well.
178
00:13:29,450 --> 00:13:35,960
A quick recap on the differences between asymmetric and asymmetric encryption, so in symmetric encryption,
179
00:13:35,960 --> 00:13:39,950
we always use the same key for encryption as well as for decryption.
180
00:13:40,370 --> 00:13:44,990
But in asymmetric encryption, we use different keys, private and public.
181
00:13:45,970 --> 00:13:51,340
And symmetric encryption, encryption and decryption algorithms or ciphers are exactly the same,
182
00:13:51,970 --> 00:13:57,490
but in asymmetric encryption, we have different encryption and decryption algorithms because we are
183
00:13:57,490 --> 00:14:00,520
using different keys for encryption and for decryption.
184
00:14:01,570 --> 00:14:06,670
A major problem with symmetric encryption is that it is not always possible to exchange keys safely
185
00:14:07,000 --> 00:14:12,550
because to start the encryption process, the two ends need to have the same key and there is no way
186
00:14:12,550 --> 00:14:15,580
to exchange these keys without incurring some sort of risk.
187
00:14:16,300 --> 00:14:19,970
In contrast, asymmetric encryption can be done on public networks.
188
00:14:19,990 --> 00:14:23,090
In fact, it is designed for communication over public networks.
189
00:14:23,950 --> 00:14:29,740
One advantage of symmetric encryption is that it's very fast, whereas asymmetric encryption is slow
190
00:14:30,160 --> 00:14:34,450
and one of the reasons is because it's using different encryption and decryption techniques.
191
00:14:37,160 --> 00:14:42,950
Now, systematic encryption is very fast, so what we normally do is that we create the initial secure
192
00:14:42,950 --> 00:14:49,820
channel using asymmetric encryption, but once that is in place, we exchange symmetric keys or session
193
00:14:49,820 --> 00:14:55,350
keys and then we use symmetric encryption for quick and efficient encryption, decryption of data at
194
00:14:55,370 --> 00:14:56,000
the two ends.
195
00:14:56,420 --> 00:15:01,580
But for the initial establishment of the trust of the secure channel, we use asymmetric encryption.
196
00:15:01,880 --> 00:15:06,410
And then within that tunnel or within that channel, we can exchange symmetric keys as well.
197
00:15:06,950 --> 00:15:12,470
Another difference between the two encryption schemes is that for offering the same strength, symmetric
198
00:15:12,470 --> 00:15:16,030
encryption requires smaller key lengths compared to asymmetric encryption.
199
00:15:16,550 --> 00:15:22,160
And this stems from the fact that asymmetric encryption is designed to allow for two different keys
200
00:15:22,160 --> 00:15:23,130
to encrypt and decrypt.
201
00:15:23,390 --> 00:15:29,300
So that's why we generally need longer keys in asymmetric encryption in order to provide the same level
202
00:15:29,300 --> 00:15:31,200
of safety as asymmetric encryption.
203
00:15:31,730 --> 00:15:33,290
So that concludes our lecture.
204
00:15:33,320 --> 00:15:34,550
I'll see you in the next one.
22239
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.