Hello and welcome. My name is Tyler McMinn and this is the Aruba Network Security Basics video series Part 2. Where in this ninth video in the series, we're going to stop and take a look at secure communications covering symmetric encryption and hash-based authentication. A lot of fun topics that we're going to touch on very lightly in this video. Let's get started. Secure communication, encryption. The goals of secure communication are that we want privacy when we are forwarding frames or forwarding data. So that user A to user B, Alice to Bob can forward there traffic over a insecure communication channel where someone like Mallory may be able to tap in. But even though they're sending it, Mallory's still not going to be able to read the contents of that payload. The assumption is, you're always having your data being captured, make sure you're encrypting the important stuff. Data integrity is validating that when Bob receives a packet from Alice, the packet that Alice sent is the packet that Bob gets, that it hasn't been altered in transit even without encryption. If Mallory was able to read everything about that email or everything about that file or whatever it is, Mallory would not be able to change anything without it being indicated to Bob. Neat little trick here but we're just establishing the integrity of the information that's being sent. Check worth $1000 shows up as a check worth $1000, hasn't been altered. Data authenticity establishes identity and these are somewhat intertwined. For example, we want to know that Alice was the one who sent it and that Alice wants to know that Bob is the only one who can really read it. Which means Alice might encrypt it with Bob's key or something that identifies Bob to Alice. We need to tie identity to this idea of authenticity that Alice is the true sender, Bob is the true recipient. Non-repudiation goes along those lines where Alice cannot deny that she actually sent the packet in the first place. Data authenticity plus integrity gives us non-repudiation. The message has not been altered and it originated with Alice. Whatever Alice sent, Alice is ultimately responsible for it. All of those are the goals of this and we can accomplish these through the use of encryption, through the use of cipher. What is encryption? Well, how much time have you got? We're going to keep this light. You take plaintext, readable data and without encryption, it just gets sent and anybody who captures the frames in between can see what you're doing. Like telnet traffic, it's unencrypted. Http traffic, unencrypted. Once you start encrypting, your taking that plaintext information, running it through some encryption cipher that mixes it or causes the data to become unreadable and is no longer understood by Mallory in the middle or Eve the eavesdropper. Encryption is the process of transforming plaintext into what we call ciphertext or encrypted text. Symmetric encryption is where you use the same key to encrypt your data as you do to decrypt the data. Same meaning symmetry or symmetric, is where the name comes from. Quick brown fox gets mixed with a key and Xored or bits are blended to come up with ciphertext. Then the same key to decrypt is applied, allowing the text to go back to clear text or plaintext so Bob can read what Alice had encrypted, same key. With key lengths, you want to always use a larger key length to increase the strength of the key. For example, if I have a key that's only four bits long, there's only 16 possibilities. If you had a key that was just one bit, then your options there would either be a zero or a one so two possibilities. Two bits would mean that you could be 00, 01, 10 or 11, which gives us four possible variations for a hacker to brute-force through or to attempt to guess. In fact, what we find mathematically speaking, is that as you increase the key size from one bit to two bits, you double the strength of the key twice the number of iterations to go through. Three bits would give us, you might guess it, eight possibilities going all the way down because as this different row of bits that then flip over and we start over again so 100, 101, 110, 011 and that's it, that is the possible outcome that you could have. Therefore, you've doubled the strength from a 2-bit combination to a 3-bit combination. Four bits would mean 16 possibilities, 5-bits would be 32 possibilities, 6-bits would be 64 possibilities. As you jump up to 16 bits, not 16 bits, 8-bits, a little bit of a typo there, you end up with 256 possibilities. Sixteen bits, if you want bonus points, you can try and guess what that is, I'll tell you here in just a minute. But as you keep doubling and doubling and doubling, you get to a common key size we see out there on websites using SSL or TLS encryption with 128 bits or encryption on WPA2 with AES 128 bits. A newer standard that people are sometimes using here is to jump their keys up to 256 bits. Not very hard even for mobile devices these days to be able to handle that on-the-fly encryption, but the amount of strength is just astronomical in the number of iterations. Even at 128 bits, you have 3.4 times 10^38. That means three, four with 38 zeros at the end of it. That roughly is the equivalent of a trillion possibilities for every square inch on the surface of the planet Earth, that's a lot to guess through. If you double the key length, does that double the strength? No, doubling the strength would be to go to a 129 bits. Doubling that would be 130 bits. You doubling until you get to this exponentially stronger key size of 256, which is just ridiculous amounts of key length. If you're wondering two to the power of 64 would be the answer here for a 16-bit key length, that 65,536, roughly. I mean the math is there if you want to dive into it but that is as deep as we're going to get into the math. The point being is that symmetric keys are relatively short, there just a few bits long but they offer us a tremendous amount of strength against brute-force attacks that a would be hacker would try and just guess what the random arrangement of ones and zeros are. This is why hackers use dictionary attacks and password guessing algorithms. All right, let's pause here. In the next video, we'll jump in and cover hash algorithms. I'm going to go ahead and put some ice on my head and we'll come back and continue the discussion.