WEBVTT

00:00.000 --> 00:03.990
>> Hello. Let's talk a
little bit more in-depth on

00:03.990 --> 00:06.240
how symmetric algorithms
work and talk about

00:06.240 --> 00:08.970
the two types, stream and block.

00:08.970 --> 00:12.870
Now, stream ciphers encrypt
data one bit at a time.

00:12.870 --> 00:14.655
Sometimes it's one byte

00:14.655 --> 00:17.640
but just think of it
as being bit by bit,

00:17.640 --> 00:19.380
and it's very fast.

00:19.380 --> 00:21.930
As a matter of fact,
a lot of times you'll

00:21.930 --> 00:24.480
use a hardware encrypter
for stream ciphers.

00:24.480 --> 00:25.830
Just because you've got to have

00:25.830 --> 00:27.060
something that you
can keep up with

00:27.060 --> 00:30.510
the process, it's very fast.

00:30.510 --> 00:33.060
The way stream
algorithms work is they

00:33.060 --> 00:35.445
either use a process
called transposition,

00:35.445 --> 00:36.960
which is basically
just shuffling

00:36.960 --> 00:38.114
>> the characters around,

00:38.114 --> 00:39.735
>> or substitution,

00:39.735 --> 00:42.345
which is replacing one
character for another,

00:42.345 --> 00:45.080
or they use a
process called XOR,

00:45.080 --> 00:47.165
which we'll talk
about in a minute.

00:47.165 --> 00:49.865
These are some very
fast algorithms,

00:49.865 --> 00:51.875
but they're not as secure.

00:51.875 --> 00:53.870
Like we said, sometimes we

00:53.870 --> 00:56.610
trade security for performance.

00:56.620 --> 01:00.020
The only algorithm that I
want you to know for the test

01:00.020 --> 01:03.055
that is a stream cipher is RC-4.

01:03.055 --> 01:07.725
If I ask if AES is a stream
or block, you say block.

01:07.725 --> 01:11.040
Why? Because it's not RC-4.

01:11.040 --> 01:13.395
What about RC-5?

01:13.395 --> 01:16.690
It's a block because
it's not RC-4.

01:16.690 --> 01:18.680
That is the only
stream cipher they

01:18.680 --> 01:21.410
will ask you about is RC-4.

01:21.410 --> 01:24.410
Now, remember that we
already talked about

01:24.410 --> 01:26.915
some of the things
that made WEP work.

01:26.915 --> 01:30.815
One of those reasons was
that it actually use RC-4,

01:30.815 --> 01:33.730
is not as secure as when
they needed it to be.

01:33.730 --> 01:38.640
RC-4 uses either a
64-bit or a 128-bit key.

01:38.640 --> 01:42.135
But that's not very secure
bytes, today's standards.

01:42.135 --> 01:45.530
RC-4 was one of the
problems with WEP.

01:45.530 --> 01:48.140
Even when we improved
it with WPA,

01:48.140 --> 01:50.150
we were still using IC-4,

01:50.150 --> 01:52.099
so it could be
backward compatible.

01:52.099 --> 01:53.925
But with WPA2,

01:53.925 --> 01:57.570
we got away from RC-4 and
use the block cipher.

01:58.010 --> 02:01.350
Block ciphers chunked
data into blocks.

02:01.350 --> 02:03.050
Each block goes
through a series of

02:03.050 --> 02:05.090
math functions called S-box.

02:05.090 --> 02:08.390
Now, going through all these
functions takes more time,

02:08.390 --> 02:10.145
but it is more secure.

02:10.145 --> 02:14.645
The block algorithm that came
with WPA2 is called AES,

02:14.645 --> 02:17.780
and that stands for Advanced
Encryption Standard.

02:17.780 --> 02:19.910
AES is an algorithm that can

02:19.910 --> 02:22.160
provide variable
length encryption.

02:22.160 --> 02:25.415
You can use AES in
a 128-bit mode,

02:25.415 --> 02:32.440
192 or 256, with 256 giving
you the best performance.

02:32.500 --> 02:35.180
I'll also mention that
sometimes we hear about

02:35.180 --> 02:38.345
these algorithms like the
Advanced Encryption Standard,

02:38.345 --> 02:41.955
but that's actually not an
algorithm, it's a standard.

02:41.955 --> 02:43.490
The government will release

02:43.490 --> 02:45.080
these standards and then vendors

02:45.080 --> 02:48.295
will produce algorithms that
satisfy those standards.

02:48.295 --> 02:50.990
Currently, the algorithm
that satisfies

02:50.990 --> 02:53.915
the AES is called Region del.

02:53.915 --> 02:55.340
I'm not sure if they will ask

02:55.340 --> 02:56.569
>> you about that on the test,

02:56.569 --> 02:58.980
>> but it's something
to be aware of.

03:01.730 --> 03:05.115
This is an illustration
of block ciphers.

03:05.115 --> 03:07.020
You can see the S-blocks.

03:07.020 --> 03:09.190
Within each conceptual S-block,

03:09.190 --> 03:11.180
a math function is performed.

03:11.180 --> 03:13.130
The key is going to dictate

03:13.130 --> 03:15.760
what order those math
functions are performed in.

03:15.760 --> 03:19.365
Those algorithms and
keys work together.

03:19.365 --> 03:21.830
Now, I mentioned earlier that

03:21.830 --> 03:24.140
stream ciphers either
do transposition,

03:24.140 --> 03:27.695
substitution, or a
process called XOR,

03:27.695 --> 03:30.565
and that stands
for Exclusive OR.

03:30.565 --> 03:32.780
For XOR, remember we are

03:32.780 --> 03:35.285
encrypting one bit
of data at a time.

03:35.285 --> 03:37.580
If you look at the
bottom of this slide,

03:37.580 --> 03:41.240
we have plain text on the top
line and the key is next,

03:41.240 --> 03:44.140
and what we produce
is ciphertext.

03:44.140 --> 03:46.715
Let's look at the first
bit of plain text,

03:46.715 --> 03:50.480
which is one, and the first
bit of the key is a zero.

03:50.480 --> 03:52.550
If these two values are alike,

03:52.550 --> 03:54.455
the ciphertext becomes zero.

03:54.455 --> 03:57.640
If the values are
different, it becomes one.

03:57.640 --> 03:59.970
Since the first bit for each

03:59.970 --> 04:02.024
>> one and zero are different,

04:02.024 --> 04:04.415
>> the ciphertexts
bit becomes one,

04:04.415 --> 04:07.235
and that pattern follows
through for each bit.

04:07.235 --> 04:09.590
Only where there
are both the same

04:09.590 --> 04:12.870
does the ciphertexts bit
come through as a zero.

04:13.010 --> 04:16.135
That's how the XOR
process works.

04:16.135 --> 04:18.605
It's very quick and
very easy to reverse,

04:18.605 --> 04:21.155
particularly when
you have a key.

04:21.155 --> 04:23.435
We have to keep that in mind.

04:23.435 --> 04:25.280
Anything quick to encrypt is

04:25.280 --> 04:28.160
likely going to be
quick to decrypt.

04:28.160 --> 04:31.490
These are just some common
symmetric algorithms.

04:31.490 --> 04:34.790
Now, I already
mentioned RC-4 and AES.

04:34.790 --> 04:36.885
I think I already mentioned DES,

04:36.885 --> 04:38.680
Data Encryption Standard.

04:38.680 --> 04:40.340
That happens a lot
where there is

04:40.340 --> 04:43.265
a standard and the algorithm
gets created for it.

04:43.265 --> 04:45.590
When you see that S on the end,

04:45.590 --> 04:47.420
it likely means
it's a standard and

04:47.420 --> 04:50.020
an algorithm gets
created to satisfy it.

04:50.020 --> 04:53.995
An AES is by far the
most commonly used one,

04:53.995 --> 04:56.225
it's the de-facto standard.

04:56.225 --> 04:58.610
The government set apart
this standard to encrypt

04:58.610 --> 05:01.285
sensitive but
unclassified information.

05:01.285 --> 05:05.380
We know we're going to see
AES pop up on the exam.

05:05.720 --> 05:10.429
IDEA is a proprietary algorithm
that is used for PGP,

05:10.429 --> 05:12.490
which is pretty good privacy.

05:12.490 --> 05:15.050
That's an email
encryption application

05:15.050 --> 05:16.905
created by Phil Zimmerman.

05:16.905 --> 05:19.790
He noted that for national
security reasons,

05:19.790 --> 05:21.290
the government would
like to decrypt

05:21.290 --> 05:23.365
anything that we encrypt.

05:23.365 --> 05:25.520
Zimmerman wondered why are

05:25.520 --> 05:27.200
we using algorithms
that the government

05:27.200 --> 05:28.970
standardized if their goal is

05:28.970 --> 05:31.495
to decrypt anything
that's been encrypted.

05:31.495 --> 05:33.800
Zimmerman came up with
an algorithm called

05:33.800 --> 05:36.485
IDEA, which was proprietary.

05:36.485 --> 05:38.405
That's what he used to secure

05:38.405 --> 05:40.705
email and his application, PGP.

05:40.705 --> 05:43.415
That one will most likely
come up on the test.

05:43.415 --> 05:45.560
PGP is an alternative that's

05:45.560 --> 05:48.505
proprietary to
standards-based email.

05:48.505 --> 05:50.840
Now, I do think
that on the test,

05:50.840 --> 05:52.490
you'll need to look at
a list and pick out

05:52.490 --> 05:55.265
which algorithms are
symmetric versus asymmetric.

05:55.265 --> 05:58.170
I'll show you how to
do that later on.