4 February 2022

Encryption Lesson Plan

What is Encryption
● Basic Definition
○ “The process of encoding information” with sophisticated algorithms
○ Converting original information (plaintext) into an illegible form (ciphertext)
○ Only the intended recipients should be able to decipher the encrypted text
○ This is not obfuscation - aka data masking - hiding original data with modified
content
● What Do I Encrypt?
○ Can’t do everything - timely and costly
○ Hypersensitive data (often in compliance with acts/laws)
■ Payment Card Information (PCI)
■ Health Information (HIPAA)
■ Personal Identification Information (PII, FERPA, GDPR)
○ Susceptible data
■ Trade secrets
■ R&D
■ Business sensitive data traversing the network (i.e. internet)
History of Encryption
● Early Forms - symbol replacement (ancient Greece/China, reserved for highly
confidential information)
● Computer Application (WWII Enigma Machine, each ciphertext had a newly replenished
key)
● Present Day - EVERYWHERE
● Contemporary Trends - Cryptographic Failure is the #2 threats (OWASP - Thanks, Rudy!
Cryptographic Failures is now #2 on the OWASP Top 10 - CipherStash Blog)
Types of Encryptions
● Symmetric
○ One key is used to both encrypt and decrypt data
○ Two types:
■ Block algorithms. Set lengths of bits are encrypted in blocks of electronic
data with the use of a specific secret key. (very commonplace)
● DES - first standardized cipher in modern computing since 1977
● AES - Advanced Encryption Standard - variable bit length
○ AES Explained (Advanced Encryption Standard) -
YouTube
■ Stream algorithms. Data is encrypted as it streams instead of being
retained in the system's memory.
○ Use: PII (payment identification information)
● Asymmetric
○ Also known as public key cryptography; uses pairs of keys
 ○ Sender encrypts an outgoing message with their private key, receiver decrypts
with private key provided by sender
○ Use: HTTPS (1995), IoT (present)
● RSA - Rivest–Shamir–Adleman - popular, complex algorithm first
described in 1977
● RSA (cryptosystem) - Wikipedia (great walkthrough of RSA)
○ Generation
○ Distribution
○ Encryption
○ Decryption
● At Rest
○ Symmetric/Asymmetric only protects data in transit. What about when it’s being
stored?
○ Data at rest - persistently stored data (e.g. disk) vs. temporary residency
(computer memory)
■ May be required in compliance with HIPAA, PCI, and FedRAMP
(risk/authorization management)
○ Only encrypt the minimum amount of sensitive data
■ May invoke crypto-shredding - the deliberate act of overwriting or deleting
keys after use
○ Use: SaaS, PaaS like Microsoft Azure and AWS
● Across the Wire
○ Encrypting data as it traverses a network - a common example is assymetric
○ Google Cloud Encryption in Transit - YouTube
● Whole Disk
○ A form of At Rest encryption
○ Breaks down into 2 levels:
■ Full Disk Encryption - automatic encryption when data is written to the
disk, but not the files themselves (locking your front door but not your
bedroom)
■ File Level Encryption - encrypt specific files or directories. “Safer,” but
time-consuming, susceptible to lost keys, minsmanagement, etc.
○ Use: BitLocker. Windows full disk encryption solution, backs into a Trusted
Platform Module (TPM) that stores RSA algorithm decryption software
● Miscellaneous Standards
○ E2E - End to End - secures the communication so only the sender and receiver
can read messages (i.e. Whatsapp can’t read your messages)
○ As such, it employs account authentication
■ E2E does not guarantee privacy
○ P2P - Point to Point - uniquely Payment Card Industry (Mastercard, Amex, VISA)
Encryption Concerns
● Time/Speed
● Who encrypts? Who holds the keys?
● How is access managed?
 ● Quantum computing capabilities
○ IBM explains that what takes the fastest computer today 1 week will take a
quantum computer 1 second: What is Quantum Computing? | IBM
● Backdoors - any other method deliberately installed that can be used to bypass
encryption
○ “A spare key under the doormat”
○ 2019 - Malwarebytes study - backdoors = 4th largest security threat
○ …but why? 2 big reasons
■ Accidentally left by developers (may have wanted ease of access in
development, one-time requests by other employees)
■ Government requested for criminal investigations
○ SSL website lists some incredible stories about backdoors, but the most
notorious = Edward Snowden, who intercepted firmware that had a backdoor

Sources:
Wikipedia - Encryption - Wikipedia
Encryption Consulting - Encryption vs Masking | Definition | Encryption Consulting
Norton - What Is Encryption? | How Encryption Protects Your Data | Norton
SimpliLearn - What Is Data Encryption: Algorithms, Methods and Techniques [2022 Edition]|
Simplilearn
Cryptomathic - Symmetric Key Encryption - why, where and how it’s used in banking
(cryptomathic.com)
Okta - Asymmetric Encryption: Definition, Architecture, Usage | Okta
Azure Encryption - Azure Data Encryption-at-Rest - Azure Security | Microsoft Docs
The SSL Store - All About Encryption Backdoors - Hashed Out by The SSL Store™
IBM - What is Quantum Computing? | IBM
Miradore - Hard Drive and Full Disk Encryption: What, Why, and How? - Miradore
Disk vs File Encryption: Which Is Best for You? | eSecurityPlanet