Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Modern Cryptography for Cybersecurity Professionals
Modern Cryptography for Cybersecurity Professionals

Modern Cryptography for Cybersecurity Professionals: Learn how you can leverage encryption to better secure your organization's data

eBook
Mex$179.99 Mex$721.99
Paperback
Mex$902.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Modern Cryptography for Cybersecurity Professionals

Chapter 1: Protecting Data in Motion or at Rest

We live in an exciting yet challenging time. Every second of the day there are zettabytes of data traveling over networks and the internet. Data is constantly being sent and received from our homes, cars, businesses, and billions of Internet of Things (IoT) devices. In this chapter, you'll gain an appreciation for the need to secure our data in a dynamic digital world. We'll begin with a brief look at how, over the past few decades, we have seen advances in technology that have resulted in more of our data being exchanged. Concurrent to the advances in technology, we have seen an increase in the type and amount of threats to our data.

So that you understand the many resources available on guidelines for ensuring our data is not compromised, we'll take a look at the Security architecture for Open Systems Interconnection for CCITT applications, also known as X.800. You'll learn how encryption provides many security services, which include ensuring confidentiality, integrity, authentication, forward secrecy, non-repudiation, and enhanced privacy guarantees. In addition, we'll outline some common cryptographic concepts, such as Trusted Third Party (TTP) and the Public Key Infrastructure (PKI). We'll also cover how we use the story of Bob, Alice, and other personalities to help us understand complex technical concepts.

We'll then cover some basic encryption techniques. You'll see how using substitution or transposition can scramble data into an unreadable form that won't make sense unless you have the key to decrypt the message. In order to better understand substitution and transposition, we will discuss some illustrative examples that employ two basic ciphers, namely pigpen and rail fence. Finally, we'll outline some basic techniques, such as letter frequency analysis, which can be used to break some codes.

This chapter covers the following main topics:

  • Outlining the current threat landscape
  • Understanding security services
  • Introducing common cryptographic concepts
  • Outlining substitution and transposition

Outlining the current threat landscape

Over the past three decades, there has been substantial growth in the amount of digital data, both at rest and in transit. The digital wave has become an ocean of all types of data, such as email, movies, images, and tweets. With this growth comes the threat of attacks on our data, which we face on a daily basis.

In this section, we'll take a look at how our world has transformed with the adoption of digital technology, along with an overview of the current threat landscape.

Let's start with a look at the growth in digital information over the years.

Digitally transforming our world

In 1946, the world got a glimpse of the future. That was the year that the Moore School of Electrical Engineering of the University of Pennsylvania introduced the Electronic Numerical Integrator and Computer (ENIAC) system. The ENIAC was enormous, as it filled a room and was capable of performing calculations faster than any other computer at the time.

When computers first appeared, the cost to own and operate a system was extremely high. Ordinary citizens knew very little about computers. Due to their prohibitively large costs, computer systems were owned mainly by governments, industry, and universities. In 1980, the cost of a gigabyte (GB) hard drive was approximately $1.2 million. By 1990, the price was down to $8,000, and costs continued to decrease. As shown in the following graphic, from 1995 to 2000, the price of drives per GB went down substantially:

Figure 1.1 – The cost of hard drives per gigabyte

Figure 1.1 – The cost of hard drives per gigabyte

By 2010, the cost of drives per GB was approximately $0.10. Along with the cost of hard drives, the price of computers in general went down as well. With more affordable pricing, more and more businesses and consumers were embracing technology, as we'll see next.

Rapidly advancing technology

The industry continued to develop desktops, laptops, games, mobile devices, and IoT devices that began to collect and exchange more and more data. Concurrently, businesses, universities, governments, and consumers began to invest heavily in information technology, spending billions on hardware and software designed to improve the quality of life.

Today, a large percentage of the world is using digital technology and the internet, for a wide variety of purposes. Applications include e-commerce, social media, mobile banking, and email, all generating data.

Data includes anything you can see or hear and can be digitized in a multitude of different types and formats, including the following:

  • Voice over Internet Protocol (VoIP), also known as IP telephony, is a group of technologies primarily used to transmit phone calls over the internet
  • Documents such as spreadsheets, word processor documents, presentation files, and Portable Document Format (PDF) files
  • Images that include Joint Photographic Group (JPG), Tagged Image File Format (TIPP), and Bitmap Image File (BMP)
  • Video that includes a wide range of formats, such as Moving Picture Experts Group (MPEG) and Advanced Video Coding (AVC), originating from a variety of sources

Some may argue that not all data needs to be protected. However, much of the data that is in storage on a server or in motion while traveling across the network should be encrypted, mainly because this flood of data represents an opportunity for cybercriminals to obtain and exploit the data.

Every minute of every day, companies face a variety of threats to the security of their data. Let's explore this concept next.

Threatening the security of our data

Early systems, such as the ENIAC, were standalone systems and not networked. The biggest threat to these systems was a physical attack, such as someone destroying the components. As time passed, and businesses began to adopt computer technology, there still remained little threat to the security of data.

From the 1960s through to the 1990s, scientists developed protocols for the Advanced Research Projects Agency Network (ARPANET), which was the precursor to what we know now as the internet. Some significant events during this time period include the following:

  • 1972 – Ray Tomlinson creates electronic mail (email).
  • 1973 – Scientists began to use the term internet.
  • 1974 – The first Internet Service Provider (ISP) begins offering its service.
  • 1982 – Formalization of Transmission Control Protocol (TCP) and Internet Protocol (IP), or TCP/IP, the standard protocol suite for the internet.
  • 1983 – Scientists created top-level domains for the Domain Name System (DNS), such as .edu, .com, and .gov.

While there were a few reports of viruses making their way through computer systems, most anyone who worked with or knew about the internet never thought anything malicious could happen. That was until 1988, when Robert Morris, a Cornell University student, wrote and released a worm.

Important note

A worm is a self-propagating virus that can spread on its own.

The worm, later dubbed the Morris worm, created a crippling effect on the fledgling internet. As a result, Robert Morris was tried and convicted under the 1986 Computer Fraud and Abuse Act. Soon afterward, the idea of cybersecurity began to take hold. And more specifically, it became more apparent that our data could be at risk.

Over the next three decades, many more threats emerged, such as social engineering, malware, and denial of service attacks:

  • Social engineering: This is a combination of methods designed to fraudulently obtain information about an organization or computer system. Effective social engineering techniques rely on the malicious actor's ability to con someone into providing information, by using social skills and powers of influence.
  • Malware: This is malicious software that includes viruses, rootkits, spyware, and trojans. Most malware is designed to infiltrate a computer system or network to gain unauthorized access to critical information. Other forms of malware, such as ransomware, are designed to lock a system and its resources until someone pays a ransom.
  • Denial of Service (DoS): These attacks will send numerous requests to a system in an effort to interrupt or suspend services to legitimate users. In most cases, the malicious actor(s) will use a Distributed Denial of Service (DDoS) attack, which is more effective as it uses armies or botnets to launch an attack.

As outlined, there are many different types of data, such as images, documents, and video. Data can be a part of an organization, such as a business or government entity, or belong to an individual. Let's compare the two next.

Categorizing data

Data can represent either an individual's information or details that relate to a business or organization.

An individual's private data is generally referred to as Personally Identifiable Information (PII), which is information that can be used to identify someone. PII can include bank account records, social security numbers, or credit card information.

Proprietary business data includes information that if exposed can result in harm to the organization. Protected business data includes financial data, earnings reports, employee records, and trade secrets.

On any network, there are several goals or services we strive to provide, such as confidentiality, integrity, and availability. Let's explore this concept in the next section.

Understanding security services

Today, there are many threats to the security of our data. Therefore, it's imperative that we remain vigilant in protecting our networks and data from attack or unauthorized access. In this section, we'll take a look at some of the security services designed to assure our data is protected. We'll also see how cryptographic techniques can help ensure data is not modified, lost, or accessed in an unauthorized manner.

There are many guidelines that outline how to provide data security. One document that helps list security concepts is the International Telecommunications Union (ITU) Security architecture for Open Systems Interconnection for CCITT applications, also known as X.800. Let's take a look.

Investigating X.800

The Consultative Committee for International Telephony and Telegraphy (CCITT), now known as the International Telecommunications Union - Telecommunication Standardization Sector (ITU-T), recognized the need to provide a secure architecture when dealing with data transmission. More specifically, they wanted to outline the general framework of security services that should be implemented within the Open Systems Interconnection (OSI) model.

Important note

The OSI model is a seven-layer representation of how systems communicate with one another. The OSI model is well recognized among network professionals, as it breaks down the function of each layer.

X.800 outlines recommended security services, along with best-practice logical and physical controls that help protect each service. In addition to logical and physical controls, the document outlines various cryptographic techniques that should be used, such as the following:

  • Encryption: Transforms plaintext into ciphertext by using a cryptographic algorithm and key.
  • Hashing: Functions that take a given input (of any size) and produce a fixed-length output. The output size will depend on the algorithm. This is also called a one-way function, in that you cannot derive the original input from the hash value.
  • Digital signature: A cryptographic technique using asymmetric encryption to ensure message authenticity and non-repudiation.

The document lists the main security services designed to protect data, which include confidentiality, integrity, authentication, and non-repudiation.

Let's take a look at each of these and how they can be achieved, starting with confidentiality.

Ensuring confidentiality

While we may not feel that all data should be rigorously protected, in today's world, it's best to keep most, if not all, data protected from prying eyes. Confidentiality means keeping private data private by protecting against unauthorized disclosure.

An example of a violation of confidentiality would be if a malicious actor were to gain access to a company's proprietary trade secrets or customer database.

A data breach of client information can cause business harm and result in a tarnished reputation and loss of trust. To ensure confidentiality, businesses and individuals should restrict access by using access control methods that allow only authorized people, devices, or processes to have access to the data.

In addition, we can protect data confidentiality by using encryption. That way, if someone were to gain access to the information, it would be meaningless, unless they have a key to decrypt the data.

Another service is to ensure data integrity, as we'll see next.

Safeguarding integrity

Providing integrity ensures that data is not modified, lost, or destroyed in either an accidental or unauthorized manner.

An example of a violation of integrity would be someone gaining access to their payroll file and changing their salary from $30,000 to $40,000.

To protect integrity, use access control methods and employ strong audit policies. In addition, monitor the network for unusual or suspicious activity and use software designed to compare cryptographic hash values for unauthorized changes to the data.

One example of software that monitors for unauthorized changes in the filesystem is called Tripwire, which acts as a software intrusion detection system.

Tripwire works in the following manner:

  1. Prior to activating the monitoring feature, you must first flag the files that need to be checked on all filesystems and devices.
  2. Once the appropriate files are identified, the software will baseline the existing filesystem and generate a hash value for all files.
  3. After baselining, the software will scan the filesystem and generate another hash value for all flagged files.
  4. The software then compares each file's hash value against the baseline.
  5. If the hash value does not match the baseline, the system will send an alert, which will indicate that the file has been modified in an unauthorized manner.

In the following figure, the hash value of the baseline file is not the same as the hash value of the checked file:

Figure 1.2 – A hash value that does not match the baseline

Figure 1.2 – A hash value that does not match the baseline

If the hash value does not match, this will send an alert that there is a violation of the integrity of the file.

Another service that is paramount on a network is authentication, as we'll see next.

Providing authentication

When something or someone is authentic, we are assured that it is true or genuine. For example, when you go to a bank to cash a check, the bank will require you to produce identification to prove who you are.

A violation of authentication occurs when spoofing techniques are used. For example, malicious actors often use an email address that spoofs the name to look like someone you know. This is a social engineering technique that is used to get you to open a file or complete some action.

When dealing with an entity on a network, it's especially important to guarantee authenticity, as this assures both parties that the message has originated from an authorized source. One way to prove authentication is by using a message authentication code, which is a small block of code used to authenticate the origin of the message.

Another security service is non-repudiation, which prevents an entity from denying that they either sent or received a communication.

Certifying non-repudiation

Non-repudiation is preventing a party from denying participation in a communication and can be used in both sides of a conversation to prevent either party from denying their involvement. By using a digital signature, non-repudiation can be achieved in the following manner:

  • Proof of origin: Assurance that the message was sent by a specific entity
  • Proof of receipt: Assurance that the message was received by a specific entity

To understand the importance of providing non-repudiation, let's outline the concept using a scenario in the following section.

Denying involvement

Every day, busy professionals send and receive emails. So that you can better understand how this works, I'll outline the concept in a story where using a digital signature when sending an email could help provide non-repudiation.

Bob is an office manager for a large payroll department. The supervisor is Jessica, who oversees the day-to-day operations of the department. Jessica is generally busy, with many tasks and meetings throughout the day.

Jessica's administrative assistant, Paul, notices that Jessica's birthday is in 2 days. Paul emails Bob to purchase a birthday cake and plan a surprise party and invite the whole office. Bob completes all the necessary arrangements and lets Paul and the department know that everything is ready for Friday.

On Friday, Jessica returns from her morning meeting, where she is greeted by the entire department wishing her a happy birthday. Jessica looks around the room and is visibly upset, and states, "you shouldn't have done this." She then retreats to her office and closes the door.

Later that morning, Jessica calls Bob and Paul into her office and tells them that she knows they meant well, but she didn't appreciate the attention. Paul states that he has no idea how this happened. Bob replies to Paul, "you sent me an email telling me to plan the event!" Paul answers, "no I didn't."

At that point, Bob has no recourse but to take the blame, as Paul has repudiated the fact that he had requested the party.

While Bob could have printed the email from Paul to attempt to prove that Paul requested the party, this may not be sufficient, as it is possible to spoof (or recreate) an email. However, if Paul had sent the email using a digital signature, this would prove that he had sent the email. At that point, Bob could have defended himself and let Jessica know what really happened.

Using a digital signature to prevent non-repudiation is not always required; however, in a high-stakes situation, such as a financial transaction, this can be especially important.

On any network, it's also important to ensure availability, as we'll see next.

Assuring availability

Availability is the assurance that resources are available to authorized devices, users, and/or processes on the network.

A violation of availability would be a DoS attack designed to interrupt or suspend services to legitimate users.

Although ensuring availability is an important concept, we cannot use a cryptographic method to ensure this service. However, there are other ways to protect availability, such as using intrusion detection and prevention. In addition, the network administrator should also keep systems up to date with all security patches, and upgrade systems and devices when necessary.

As outlined, encryption and cryptographic techniques are some of the ways through which we can protect against the constant threats to the security of our data. In the next section, let's take a look at a few of the cryptographic concepts that you might encounter.

Introducing common cryptographic concepts

In order to securely exchange data, we use more than just encryption algorithms. We also use several cryptographic tools and techniques. When discussing these concepts, you will hear terms such as symmetric and asymmetric encryption, along with cryptographic hash.

Important note

You will get a better understanding of these terms as we progress through the chapters. If you need a quick review, visit https://www.makeuseof.com/tag/encryption-terms/ for an explanation of 11 of the most common encryption terms.

In this section, we'll provide the broad strokes of the concepts of a TTP and the PKI to help your understanding. In addition, since you'll often see an explanation of a complex topic using the names of fictional characters, we'll talk about the story of Bob and Alice.

We'll go into the details of the aforementioned terms and others as the book progresses. For now, let's start with the importance of a TTP.

Trusting a TTP

Think about doing a transaction on the internet. When you go to an online shopping site, you will want to encrypt your transactions to provide confidentiality as you exchange data with the website. Let's consider the following scenario.

Alice wants to purchase some pet supplies for her two cats. She heads out to the pet supply store, Kiddikatz. If the communication is not encrypted, the transaction could be intercepted and read by Mallory, a malicious active attacker, as part of a Man-in-The-Middle (MiTM) attack, as shown in the following graphic:

Figure 1.3 – A MiTM attack

Figure 1.3 – A MiTM attack

To prevent a MiTM attack, Alice will use Transport Layer Security (TLS) to encrypt and secure the transaction. Prior to the transaction, both parties will need to exchange keys. That is where the TTP becomes important.

A TTP is necessary in a hybrid cryptosystem. In a faceless, nameless environment such as the internet, TTPs helps us to communicate securely on the web.

The idea of a TTP works by using transitive trust. As shown in the following graphic, we see that if Alice trusts the TTP, and Kiddikatz trusts the TTP, then Alice automatically trusts Kiddikatz:

Figure 1.4 – A transaction using a TTP


Figure 1.4 – A transaction using a TTP

We know that TTPs are important in a digital transaction. Next, let's see how you can determine whether or not a site can be trusted.

Ensuring trust on the network

When you go to your browser and you see a lock next to the web address, that means you can trust the site. As shown in the following screenshot, we can see that the site for Packt Publishing is a secure connection:

Figure 1.5 – Secure website for Packt Publishing

Figure 1.5 – Secure website for Packt Publishing

Some companies that provide this trust include Verisign, Cloudflare, Google Trust Services, and Thawte. All of this is made possible because of the PKI, as outlined next.

Managing keys using the PKI

As we have seen, a TTP provides the trust required when completing transactions on the internet. During a transaction, all entities are able to securely communicate with one another by using the PKI.

Although the term Public Key Infrastructure implies that the PKI generates keys, that is not the case. Instead, the PKI generates a digital certificate to securely distribute keys between a server (such as a web server) and a client. PKI uses a TTP to generate a certificate, which provides the authentication for each entity.

Let's step through the process of distributing public keys by using a certificate.

Obtaining the certificates

Encryption algorithms use keys. There are two main types of encryption. The type of encryption will determine whether one or two keys are used. The difference is as follows:

  • Symmetric encryption: Uses a single shared key (or secret) key
  • Asymmetric encryption: Uses a pair of keys – a public key and a private key

When using asymmetric encryption, an entity's private key is kept private. However, the public key is shared for everyone to see, as it is public.

When obtaining someone's public key for a transaction, we need to be able to trust that the key is from the entity from whom we received it. As a result, when completing transactions on the internet, we use a TTP.

As shown in the following diagram, the TTP provides a certificate to each entity, which ensures proof of identity and holds the other party's verified public key:

Figure 1.6 – Certificate exchange in the PKI

Figure 1.6 – Certificate exchange in the PKI

The PKI provides the structure necessary to ensure trust and securely share the public keys between those involved in a digital transaction.

Once Alice and Kiddikatz are assured trust in one another, they can securely exchange the session key and begin the transaction.

When discussing cryptography, it is common to use themes, much like the ones used in programming, such as Foo Bar and Hello World. In the next section, let's get to know the story of Bob, Alice, and other characters, which will help us when explaining cryptographic concepts.

Getting to know Bob and Alice

When outlining technical concepts, it's important to provide an easy-to-understand explanation. Using a story with characters helps explain technical topics.

Using the characters Alice and Bob is the most common way we use to explain cryptographic concepts. For example, you might see the following when describing a scenario:

Alice needs to send Bob a secure message. They must first obtain the same shared key.

If you need more characters, there are others you can use. The characters are listed in Bruce Schneier's book Applied Cryptography, where he presents a list of characters that include the following:

  • Alice: Primary participant in the transaction
  • Bob: Secondary participant in the transaction
  • Mallory: A malicious (MiTM) attacker
  • Eve: An eavesdropper, usually a passive attacker
  • Victor or Vanna: A verifier
  • Trent: A TTP

Using the names of individuals makes complex concepts more relatable. As a result, we will see more of Bob and Alice throughout our discussion on cryptography.

When discussing encryption, one of the simplest ways to conceal the true meaning of data is by using substitution and transposition, as we'll see next.

Outlining substitution and transposition

We can define cryptography as hidden or secret writing. The concept of concealing information using secret codes began thousands of years ago. Some of the early methods to encrypt data used pen, paper, or even rings, such as the pigpen, or Freemason, cipher.

In this section, we'll take a look at early encryption techniques, called classic cryptography, which mainly used transposition and substitution. The two work in the following manner:

  • Transposition ciphers transpose letters according to a pattern.
  • Substitution ciphers substitute each letter with a different letter according to the key.

In addition, we'll also take a look at methods to break the encryption. Let's start with seeing how substitution works, along with an example using the pigpen cipher.

Substituting characters

Substitution techniques to encode text work by substituting one character for another. The characters can be letters, numbers, or special characters. There are several substitution ciphers. One example is the pigpen or Freemason cipher. This cipher uses a grid formation with symbols that represent the different letters, as shown in the following figure:

Figure 1.7 – Pigpen cipher code

Figure 1.7 – Pigpen cipher code

To generate a code, you would substitute each letter with the corresponding symbol. For example, the phrase Secret message converted using a pigpen cipher would appear as the following code:

Figure 1.8 – The phrase "Secret message" converted to code using a pigpen cipher

Figure 1.8 – The phrase "Secret message" converted to code using a pigpen cipher

Try this yourself by going to https://www.boxentriq.com/code-breaking/pigpen-cipher.

Another technique to scramble data is by using transposition, as we'll see next.

Transposing the text

There are several techniques to transpose text. Unlike substitution, which substitutes one character for another, transposition transposes or rearranges the characters according to a pattern.

One method to transpose characters is reversing the order of letters in a phrase. The phrase confidentiality is keeping private data private will become etavirp atad etavirp gnipeek si ytilaitnedifnoc.

Even though this is a simple transposition of characters, you might have difficulty determining what the phrase means, unless you know that the letters have been reversed.

The rail fence, or zig-zag, cipher is another transposition cipher that conceals data by using rails or separate lines of text.

For example, if we were to transpose the word TRANSPOSE by using three rails and filling in the blank spaces using other letters, we would have the following output:

Figure 1.9 – The rail fence cipher concealing text

Figure 1.9 – The rail fence cipher concealing text

If someone were to look at the three lines of text, they may not be able to determine the meaning, unless they know the pattern, as shown:

Figure 1.10 – The rail fence cipher with the text exposed

Figure 1.10 – The rail fence cipher with the text exposed

Both the substitution and transposition ciphers are simple ciphers where it is fairly easy to break the code to determine the plaintext. When working with methods to conceal text such as substitution and transposition, we can use various methods to break the code, as outlined next.

Breaking the code

Concurrent to creating ways to conceal data using basic cryptographic techniques came the need to break codes and ciphers by using various methods.

With classic cryptography, code-breaking is a lot like a word puzzle, where the key is found by substituting letters until you determine a match. Because some methods use transposition, you might need to evaluate the text for alternate patterns that rearrange the text in some way.

Ciphers that use one alphabet are called mono-alphabetic ciphers. If only one alphabet is used, we can employ letter frequency analysis, as described next.

Analyzing the frequency of the letters

Letter frequency analysis is a cryptographic tool. The analysis begins by determining the frequency of the letters so that the actual message can be found.

When using letter frequency analysis, English characters can be divided into groups that include the following:

  • The high-frequency group includes letters such as A, E, and T.
  • The low-frequency or rare group includes letters such as K, Q, X, and Z.
  • Digrams are pairs of letters that include th, he, of, and it. You'll also want to consider pairs using repeating letters such as ll, oo, or ee.
  • Trigrams are collections of three letters that include the, est, and, for, and his.

To adequately produce a frequency profile, you need a generous amount of characters. You can manually count the characters or use one of the applications available online, such as the one found at http://www.richkni.co.uk/php/crypta/freq.php.

If the cipher uses more than one alphabet, this will make the code more difficult to decrypt. You might even find text that doesn't use an alphabet. For example, try to decode the following message:

Figure 1.11 – Secret code

Figure 1.11 – Secret code

You can find the answer at the end of this chapter under the Assessments section.

As we can see, even simple cryptographic methods can conceal information from someone. The downside is the simpler the method, the easier it is to obtain the plaintext message.

Summary

Every day, more and more services are being added to our infrastructures, homes, and businesses, making network security a constant challenge. However, a secure network is important as it protects the organization. In this chapter, we took a look at the threats to our data that exist, which makes securely managing a large volume of data in various locations a challenge. We saw the importance of providing security services such as confidentiality, integrity, and availability, and how using cryptographic techniques can help protect those services.

We then took a look at some common cryptographic concepts, such as TTPs and key management using the PKI. We also got to know characters such as Bob, Alice, Trent, and Mallory, which help us to personalize and better understand complex cryptographic concepts. Finally, we took a look at two basic cryptographic concepts, substitution, and transposition. We saw how substitution substitutes plaintext characters with other characters to convert it into ciphertext. We also learned how transposition rearranges the characters of plaintext to conceal information. We then saw how we can use letter frequency analysis to crack a simple code, that uses a monoalphabetic cipher.

So that you can better understand the evolution of encryption, the next chapter will start with a review of some classical ciphers such as the Vigenère and Caesar ciphers. Then we'll examine how war efforts prompted the encoding of transmissions, and how the Enigma was used to securely send messages. We'll then learn the beginnings of the Data Encryption Standard (DES), with the development of Lucifer and Feistel ciphers, as scientists recognized the need to secure digital data.

Questions

Now it's time to check your knowledge. Select the best response, then check your answers with those found in the Assessment section at the end of the book.

  1. In _____, Ray Tomlinson created electronic mail (email).

    a. 1968

    b. 1972

    c. 1992

    d. 1998

  2. When protecting data, _____ ensures that data is not modified, lost, or destroyed in either an accidental or unauthorized manner.

    a. integrity

    b. confidentiality

    c. availability

    d. authentication

  3. A digital _____ is a cryptographic technique using asymmetric encryption that ensures a message is authentic and has not been modified or altered while in transit.

    a. breadcrumb

    b. cookie

    c. rail fence

    d. signature

  4. When malicious actors often use an email address that spoofs the name to look like someone you know, this is a violation of _____.

    a. integrity

    b. confidentiality

    c. availability

    d. authentication

  5. _____ encryption uses a pair of keys: a public key and a private key.

    a. Verified

    b. Asymmetric

    c. Symmetric

    d. SHA-1

  6. _____ ciphers substitute each letter with a different letter according to the key.

    a. Allocation

    b. Substitution

    c. Transposition

    d. Pigpen

  7. The rail fence, or zig-zag, cipher is a _________ cipher that conceals data by using "rails" or separate lines of text.

    a. allocation

    b. substitution

    c. transposition

    d. pigpen

Further reading

Please refer to the following links for more information:

Left arrow icon Right arrow icon

Key benefits

  • Discover how cryptography is used to secure data in motion as well as at rest
  • Compare symmetric with asymmetric encryption and learn how a hash is used
  • Get to grips with different types of cryptographic solutions along with common applications

Description

In today's world, it is important to have confidence in your data storage and transmission strategy. Cryptography can provide you with this confidentiality, integrity, authentication, and non-repudiation. But are you aware of just what exactly is involved in using cryptographic techniques? Modern Cryptography for Cybersecurity Professionals helps you to gain a better understanding of the cryptographic elements necessary to secure your data. The book begins by helping you to understand why we need to secure data and how encryption can provide protection, whether it be in motion or at rest. You'll then delve into symmetric and asymmetric encryption and discover how a hash is used. As you advance, you'll see how the public key infrastructure (PKI) and certificates build trust between parties, so that we can confidently encrypt and exchange data. Finally, you'll explore the practical applications of cryptographic techniques, including passwords, email, and blockchain technology, along with securely transmitting data using a virtual private network (VPN). By the end of this cryptography book, you'll have gained a solid understanding of cryptographic techniques and terms, learned how symmetric and asymmetric encryption and hashed are used, and recognized the importance of key management and the PKI.

Who is this book for?

This book is for IT managers, security professionals, students, teachers, and anyone looking to learn more about cryptography and understand why it is important in an organization as part of an overall security framework. A basic understanding of encryption and general networking terms and concepts is needed to get the most out of this book.

What you will learn

  • Understand how network attacks can compromise data
  • Review practical uses of cryptography over time
  • Compare how symmetric and asymmetric encryption work
  • Explore how a hash can ensure data integrity and authentication
  • Understand the laws that govern the need to secure data
  • Discover the practical applications of cryptographic techniques
  • Find out how the PKI enables trust
  • Get to grips with how data can be secured using a VPN

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 11, 2021
Length: 286 pages
Edition : 1st
Language : English
ISBN-13 : 9781838644352
Category :
Concepts :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jun 11, 2021
Length: 286 pages
Edition : 1st
Language : English
ISBN-13 : 9781838644352
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Mex$85 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Mex$85 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total Mex$ 2,995.97
Cryptography Algorithms
Mex$963.99
Modern Cryptography for Cybersecurity Professionals
Mex$902.99
Privilege Escalation Techniques
Mex$1128.99
Total Mex$ 2,995.97 Stars icon
Banner background image

Table of Contents

15 Chapters
Section 1: Securing Our Data Chevron down icon Chevron up icon
Chapter 1: Protecting Data in Motion or at Rest Chevron down icon Chevron up icon
Chapter 2: The Evolution of Ciphers Chevron down icon Chevron up icon
Chapter 3: Evaluating Network Attacks Chevron down icon Chevron up icon
Section 2: Understanding Cryptographic Techniques Chevron down icon Chevron up icon
Chapter 4: Introducing Symmetric Encryption Chevron down icon Chevron up icon
Chapter 5: Dissecting Asymmetric Encryption Chevron down icon Chevron up icon
Chapter 6: Examining Hash Algorithms Chevron down icon Chevron up icon
Section 3: Applying Cryptography in Today's World Chevron down icon Chevron up icon
Chapter 7: Adhering to Standards Chevron down icon Chevron up icon
Chapter 8: Using a Public Key Infrastructure Chevron down icon Chevron up icon
Chapter 9: Exploring IPsec and TLS Chevron down icon Chevron up icon
Chapter 10: Protecting Cryptographic Techniques Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
(7 Ratings)
5 star 71.4%
4 star 0%
3 star 0%
2 star 14.3%
1 star 14.3%
Filter icon Filter
Top Reviews

Filter reviews by




Amazon Customer Jul 20, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It’s extremely easy to follow with a lot of useful tips, was a total beginner but it has helped me understand most of the part relating to Cryptography, great book to get you started in this topic.
Amazon Verified review Amazon
Tim Aug 16, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The author did an amazing job at explaining cryptography that helps the reader understand what it is, why we use it, and how to apply cryptography to our information systems. This book is a must-read for cyber security professionals that need to learn more about cryptography. It will help these professionals to understand the importance of cryptography in this ecosystem and maybe this industry can finally get a step ahead of the malicious attackers.
Amazon Verified review Amazon
William E. Ebersole Jun 22, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is a must have for all cybersecurity professionals. It provides a comprehensive and easily digested analysis of every aspect of cryptography. Professor Bock provides excellent examples and valuable resources that are helpful to both the established cybersecurity practitioner as well as those new to the field. If you buy only one book on cybersecurity this year, it should be Modern Cryptography for Cybersecurity Professionals.
Amazon Verified review Amazon
Matthew Emerick Aug 18, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
About This BookThis is a high-level introductory book on cryptography. It gives a comprehensive understanding of the field so that the reader can then talk the talk with specialists, architects, and solution managers.Who Is This For?I would recommend this book for students who need to know about cryptography, managers who will oversee cybersecurity specialists, and anyone who is interested in the field. It is not directly for someone who wants to implement the cryptography algorithms discusses as there are no implementation details. It can, however, give a conceptual understanding to a developer who would then need a follow-up resource.OrganizationThe macrostructure of this book is well throughout and breaks it up into three sections: basic security considerations, general cryptographic techniques, and how cryptography is applied in production settings. Within each chapter, there is the overall content followed by a summary, questions (answers in the back), and further reading. The further reading is especially important and each chapter has several to dig deeper.Did This Book Succeed?This book acts as an excellent introduction but does not go further than that. After reading this book you will be able to converse about cryptography but not be able to do anything with it. This is fine depending on your role, so could be either a strength or a weakness.Rating and Final ThoughtsOverall, I give this book a 4.5 out of 5.As someone who wants to be able to build something after reading a technical book, I’m left a little high and dry. I’d love to see the author write a second, more hands-on book that pairs well with this one. In fact, a volume 1 conceptual and volume 2 practical book set might have worked better, especially if they were back and forth with each other.
Amazon Verified review Amazon
Glen Jul 13, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Cryptography was one of the challenging topics to grasp while progressing my cybersecurity learning. This author did a super amazing job in clearly explaining the concepts and technologies involved in Cryptography for any cybersecurity professional. I highly recommend this book for everyone.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.