Sergio Ginocchio
  • Home
  • About
  • Cyber Security Operations and Leadership Program
    • Cyber Security Fundamentals >
      • Vulnerability Assessment
    • Cryptography >
      • Cryptographic Techniques for Network Security
    • Security Architecture
    • Operational Policy >
      • Summary of Major US and Industry Rules
      • Data Classification and Security Policy Models
      • Privacy Policy
    • Risk Management
    • Management and Cyber Security
    • Secure Software Design and Development
    • Network Visualization and Vulnerability Detection >
      • SIEM Tools Trade Study
      • Vulnerability Scanning Tools
      • Viewing Network Communications with Wireshark
    • Cyber Threat Intelligence
    • Cyber Incident Response and Computer Forensics
  • Reference Link Library
    • Major Industry Websites
    • Government Resources
    • Cybersecurity News
    • Cyber Security Tools >
      • Tools
    • Certification and Training
    • Books
    • Coursework Final Papers
  • Media Presentation
  • Home
  • About
  • Cyber Security Operations and Leadership Program
    • Cyber Security Fundamentals >
      • Vulnerability Assessment
    • Cryptography >
      • Cryptographic Techniques for Network Security
    • Security Architecture
    • Operational Policy >
      • Summary of Major US and Industry Rules
      • Data Classification and Security Policy Models
      • Privacy Policy
    • Risk Management
    • Management and Cyber Security
    • Secure Software Design and Development
    • Network Visualization and Vulnerability Detection >
      • SIEM Tools Trade Study
      • Vulnerability Scanning Tools
      • Viewing Network Communications with Wireshark
    • Cyber Threat Intelligence
    • Cyber Incident Response and Computer Forensics
  • Reference Link Library
    • Major Industry Websites
    • Government Resources
    • Cybersecurity News
    • Cyber Security Tools >
      • Tools
    • Certification and Training
    • Books
    • Coursework Final Papers
  • Media Presentation

Cryptography


Cryptography is a branch of mathematics that is based on the transformation of data and can be used to provide several security services [1]:
  • Confidentiality is the property whereby sensitive information is not disclosed to unauthorized entities. Confidentiality can be provided by a cryptographic process called encryption.
  • Data integrity is a property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. The process of determining the integrity of the data is called data integrity authentication.
  • Authentication  provides assurance of an entity's identity.
  • Non-repudiation is a mechanism to prove that the sender really sent this message, i.e. cannot claim he/she did not actually send the information.

Types of Cryptographic Algorithms

Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption; also called symmetric encryption. Primarily used for privacy and confidentiality.

Public Key Cryptography (PKC): Uses one key for encryption and another for decryption; also called asymmetric encryption. Primarily used for authentication, non-repudiation, and key exchange.

Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint. Primarily used for message integrity. [2]


Digital Signature
is a technique based on public key cryptography used to validate the authenticity and integrity of a message, software or digital document. A digital signature can be verified by anyone with access to the public key. The signature can be used to provide assurance of data integrity and source authentication, and to support non-repudiation.

[1] Barker, E. (2016, August). Guideline for using cryptographic standards in the federal government: Cryptographic mechanisms. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175B.pdf
[2] Kessler, G.C. (2018, June 19). An overview of cryptography. Retrieved from https://www.garykessler.net/library/crypto.html#intro