Role of Cryptography in Maintaining Network Security
Hello and Welcome to Lesson 6 of CISSP Certification Course by SimpliLearn! This lesson is about Cryptography.
Cryptography is one of the ten domains of the Common Body of Knowledge (CBK) for the CISSP certification exam.
One of the most fascinating domains in the CISSP- CBK is Cryptography. No other domain has the history, challenge, and technological advancements that cryptography enjoys. Throughout history, cryptography has been a crucial factor in military victories or failures, treason, espionage, and business advantage.
In IT security Management, Cryptography is both an art and a science—the use of deception and mathematics, to hide data, as in steganography, to render data unintelligible through the transformation of data into an unreadable state, and to ensure that a message has not been altered in transit. Another feature of some cryptographic systems is the ability to provide assurance of who sent the message, authentication of source, and proof of delivery.
The purpose of cryptography is to protect transmitted information from being read and understood by anyone except the intended recipient. Ideally, unauthorized individuals would never be able to read an enciphered message. In practice, reading an enciphered communication can be a function of time; however, the effort and corresponding time that is required for an unauthorized individual to decipher an encrypted message may be so large that it can be impractical. By the time the message is decrypted, the information within the message may be of minimal value.
Cryptography can be used to implement confidentiality, integrity, authentication, and nonrepudiation.
As a basis for exploring the fundamentals of cryptography, common definitions of cryptographic terms are necessary. These definitions are presented in the following section.
According to the (ISC) 2 Candidate Information Bulletin, a CISSP candidate will be expected to know basic concepts within cryptography; public and private key algorithms in terms of their applications and uses; algorithm construction, key distribution and management, and methods of attack; and the applications, construction, and use of digital signatures to provide authenticity of electronic transactions, and nonrepudiation of the parties involved.