One of the challenges we have
with today's mobile devices
is we're limited by
the amount of battery
that we currently
have available.
There is a balance between
providing security and being
able to have a mobile device
that will stay available to us
throughout the entire day.
That means on most
mobile devices,
we tend to use cryptography
that is going to use less power.
For example, we might use
smaller symmetric key sizes,
or we may use elliptic
curve cryptography, which
uses a lot less resources
than traditional asymmetric
encryption.
If we have an application
that requires low latency,
then we're going to need a type
of encryption that doesn't use
as much resources on the CPU.
We need to be able to
encrypt and decrypt
this information very quickly.
In those cases,
we're probably going
to use symmetric encryption
and use some smaller key sizes
to keep the process as
efficient as possible.
If we're concerned about
the integrity of the data
that we're sending
back and forth,
then we'll want to use
an encryption method that
is strong, that probably is
using relatively large keys,
and will probably
include some type
of hashing to make sure that
we can check for data integrity
once this information
is transmitted.
One of the biggest
reasons we use encryption
is to make sure our data
remains confidential.
It is a secret
and private method
of communicating that no one
else other than our recipient
would be able to see.
It's common to use
file-level encryption,
drive-level encryption,
or even encryption
over our email to maintain
this confidentiality.
There may be times when
we're sending information
to someone else, and
we want to be sure
that the information
they received
is exactly the information
we originally sent.
This is called integrity,
and it prevents somebody
from modifying data as you're
sending it between two points.
It's common to use hashes
to provide this integrity.
You would take a hash of the
data as you're sending it,
and then have the
person on the other end
perform the same
hashing function
and compare the two hashes
to verify that nothing
has changed during transmit.
We see this commonly
used with file transfers
to verify that a file
transfer was successful.
We also use this
to store passwords.
So we can store the
password in a form that
doesn't show what the
original password is,
but we're still able to
perform a check to make sure
that everyone is
authenticating properly.
We can also use
cryptography to hide data.
We do this using obfuscation.
Modern malware takes
advantage of obfuscation
by encrypting data
and transferring it
onto your system.
Since the data is encrypted,
it will hide itself
from any anti-virus scanners
that might be on your system.
Once that malware
executes on your system,
it decrypts itself and then
begins infecting your computer.
Cryptography is commonly
used with authentication.
We spoke earlier about taking
passwords and hashing them
so that we can store them on
a system for comparison later.
We will often combine our
passwords with a random salt
and create a hash of both
the salt and the password.
That way, if someone does gain
access to our hashed password
list, they'll see that
all of the passwords
look completely unique,
even if somebody
was sharing the same password.
Another useful feature
of cryptography
is non-repudiation.
That allows us to confirm that
any information we would have
received from a
third party really
did come from that third party.
By using digital signatures,
we can provide both integrity
and non-repudiation of data that
we might send to someone else.
As a security
professional, you'll
find there will be many
different kinds of cryptography
in use in the enterprise.
This is an ongoing balancing act
of providing the right security
but using the right
type of resources.
You'll see this happen if
you're choosing a browser.
You have to make
sure the browser will
support the type of
encryptions you're
using on your web server.
And the same thing applies
for VPN-type connections that
have a certain set of
supported algorithms,
and you have to make sure
that your VPN concentrator is
able to support the clients
that you're installing
on your workstations.
