Modern Cryptography for Cybersecurity Professionals

Book description

As a cybersecurity professional, discover how to implement cryptographic techniques to help your organization mitigate the risks of altered, disclosed, or stolen data

Key Features

  • Discover how cryptography is used to secure data in motion as well as at rest
  • Compare symmetric with asymmetric encryption and learn how a hash is used
  • Get to grips with different types of cryptographic solutions along with common applications

Book Description

In today's world, it is important to have confidence in your data storage and transmission strategy. Cryptography can provide you with this confidentiality, integrity, authentication, and non-repudiation. But are you aware of just what exactly is involved in using cryptographic techniques? Modern Cryptography for Cybersecurity Professionals helps you to gain a better understanding of the cryptographic elements necessary to secure your data.

The book begins by helping you to understand why we need to secure data and how encryption can provide protection, whether it be in motion or at rest. You'll then delve into symmetric and asymmetric encryption and discover how a hash is used. As you advance, you'll see how the public key infrastructure (PKI) and certificates build trust between parties, so that we can confidently encrypt and exchange data. Finally, you'll explore the practical applications of cryptographic techniques, including passwords, email, and blockchain technology, along with securely transmitting data using a virtual private network (VPN).

By the end of this cryptography book, you'll have gained a solid understanding of cryptographic techniques and terms, learned how symmetric and asymmetric encryption and hashed are used, and recognized the importance of key management and the PKI.

What you will learn

  • Understand how network attacks can compromise data
  • Review practical uses of cryptography over time
  • Compare how symmetric and asymmetric encryption work
  • Explore how a hash can ensure data integrity and authentication
  • Understand the laws that govern the need to secure data
  • Discover the practical applications of cryptographic techniques
  • Find out how the PKI enables trust
  • Get to grips with how data can be secured using a VPN

Who this book is for

This book is for IT managers, security professionals, students, teachers, and anyone looking to learn more about cryptography and understand why it is important in an organization as part of an overall security framework. A basic understanding of encryption and general networking terms and concepts is needed to get the most out of this book.

Table of contents

  1. Modern Cryptography for Cybersecurity Professionals
  2. Contributors
  3. About the author
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Reviews
  6. Section 1: Securing Our Data
  7. Chapter 1: Protecting Data in Motion or at Rest
    1. Outlining the current threat landscape
      1. Digitally transforming our world
      2. Threatening the security of our data
    2. Understanding security services
      1. Investigating X.800
    3. Introducing common cryptographic concepts
      1. Trusting a TTP
      2. Managing keys using the PKI
      3. Getting to know Bob and Alice
    4. Outlining substitution and transposition
      1. Substituting characters
      2. Transposing the text
      3. Breaking the code
    5. Summary
    6. Questions
    7. Further reading
  8. Chapter 2: The Evolution of Ciphers
    1. Early uses of cryptography
      1. Using tattoos and scytales
      2. Evaluating monoalphabetic ciphers
      3. Recognizing polyalphabetic ciphers
    2. Encoding transmissions during war
      1. Communicating during wartime
      2. Examining the Enigma machine
    3. Entering the digital age
      1. Innovating in the field of computing
      2. Developing the early ciphers
    4. Summary
    5. Questions
    6. Further reading
  9. Chapter 3: Evaluating Network Attacks
    1. Comparing passive and active attacks
      1. Carrying out a passive attack
      2. Launching an active attack
    2. Protecting sensitive data
      1. Understanding attack vectors
      2. Providing defense mechanisms
    3. Maintaining integrity
      1. Protecting assets
      2. Managing risk
    4. Summary
    5. Questions
    6. Further reading
  10. Section 2: Understanding Cryptographic Techniques
  11. Chapter 4: Introducing Symmetric Encryption
    1. Discovering the evolution of symmetric encryption
      1. Protecting customer data
      2. Developing the Feistel cipher
      3. Creating the Lucifer cipher
    2. Outlining symmetric algorithms
      1. Understanding symmetric encryption
      2. Describing the Data Encryption Standard
      3. Illustrating the Advanced Encryption Standard
      4. Identifying other symmetric algorithms
      5. Scheduling the keys
    3. Dissecting block and stream ciphers
      1. Using a block cipher
      2. Generating a stream
    4. Comparing symmetric encryption operation modes
      1. Using ECB
      2. Adding feedback
      3. Applying CTR mode
    5. Securing wireless communications
      1. Preventing eavesdropping
      2. Comparing protocols
    6. Summary
    7. Questions
    8. Further reading
  12. Chapter 5: Dissecting Asymmetric Encryption
    1. Realizing the need for asymmetric encryption
      1. Securely exchanging a key
      2. Outlining the PKCS
    2. Understanding cryptographic requirements
      1. Designing a strong algorithm
      2. Generating a key pair
      3. Managing keys
      4. Using asymmetric encryption
    3. Comparing public-key algorithms
      1. Outlining RSA
      2. Visualizing an elliptical curve
      3. Providing PGP
      4. Trusting public keys
    4. Working with digital signatures
      1. Providing core security services
      2. Creating a digital signature
    5. Summary
    6. Questions
    7. Further reading
  13. Chapter 6: Examining Hash Algorithms
    1. Describing a hash algorithm
      1. Creating a hash
      2. Employing a hash function
    2. Identifying optimal hash properties
      1. Generating a one-way function
      2. Producing a fixed-size output
      3. Consistently creating the same hash
      4. Ensuring collision resistance
    3. Comparing common hash algorithms
      1. Using the message digest algorithm
      2. Exploring the Secure Hash Algorithm (SHA)
      3. Recognizing other hash algorithms
    4. Authenticating a message
      1. Creating a MAC
      2. Encrypting and authenticating data
    5. Summary
    6. Questions
    7. Further reading
  14. Section 3: Applying Cryptography in Today's World
  15. Chapter 7: Adhering to Standards
    1. Understanding FIPS and PCI DSS
      1. Outlining FIPS
      2. Outlining PCI DSS
    2. Staying compliant
      1. Ensuring the privacy of patient data
      2. Giving consumers control of their data
      3. Enforcing protection in California
    3. Leveraging encrypted data
      1. Securing our data
      2. Concealing malware
      3. Holding files ransom
      4. Exposing private information
    4. Summary
    5. Questions
    6. Further reading
  16. Chapter 8: Using a Public Key Infrastructure
    1. Describing a PKI framework
      1. Understanding how a PKI assures trust
      2. Exchanging the keys
      3. Understanding the components
      4. Storing certificates
      5. Revoking a certificate
    2. Managing public keys
      1. Creating a certificate
      2. Trusting the root
      3. Spoofing the process
    3. Examining a certificate
      1. Viewing a certificate
      2. Recognizing the X.509 standard
      3. Validating a certificate
      4. Using certificates
    4. Summary
    5. Questions
    6. Further reading
  17. Chapter 9: Exploring IPsec and TLS
    1. Using a VPN
      1. Securing traffic using OpenVPN
      2. Choosing a browser-based VPN
      3. Using an SSH VPN
      4. Using a VPN on a Windows machine
    2. Outlining an IPsec VPN
      1. Grasping the IPsec framework
      2. Dissecting the AH protocol
      3. Encapsulating the security payloads
      4. Using operating modes
      5. Generating a shared secret key with DH
      6. Managing the keys using IKE
      7. Setting up an IPsec profile
    3. Understanding TLS
      1. Understanding the handshake protocols
      2. Dissecting the Record protocol
    4. Summary
    5. Questions
    6. Further reading
  18. Chapter 10: Protecting Cryptographic Techniques
    1. Recognizing cryptographic attacks
      1. Comparing various attacks
      2. Using Kali Linux
      3. Cracking WEP
    2. Attacking the infrastructure
      1. Guaranteeing trust
      2. Violating trust
    3. Influence of quantum computing
      1. Describing quantum computing
      2. Implementing quantum-resistant algorithms
    4. Summary
    5. Questions
    6. Further reading
  19. Assessments
    1. Chapter 1 – Protecting Data in Motion or at Rest
    2. Chapter 2 – The Evolution of Ciphers
    3. Chapter 3 – Evaluating Network Attacks
    4. Chapter 4 – Introducing Symmetric Encryption
    5. Chapter 5 – Dissecting Asymmetric Encryption
    6. Chapter 6 – Examining Hash Algorithms
    7. Chapter 7 – Adhering to Standards
    8. Chapter 8 – Using a Public Key Infrastructure
    9. Chapter 9 – Exploring IPsec and TLS
    10. Chapter 10 – Protecting Cryptographic Techniques
    11. Why subscribe?
  20. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Leave a review - let other readers know what you think

Product information

  • Title: Modern Cryptography for Cybersecurity Professionals
  • Author(s): Lisa Bock
  • Release date: June 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781838644352