Please enable JavaScript.

Coggle requires JavaScript to display documents.

CHAPTER 9 - CONFIDENTIALITY AND PRIVACY CONTROLS - Coggle Diagram

- - - - Hashing is a process that takes plaintext of any length and creates a short code called a hash.
    - - Creating a digital signature is a two-step process. The document creator first generates a hash of the document (or file) and then encrypts that hash using his or her private key.
    - - Symmetric encryption systems use the same key both to encrypt and to decrypt. AES is an example of a symmetric encryption system. It is commonly included in most operating systems. Asymmetric encryption systems use two keys. One key, called the public key, is widely distributed and available to everyone; the other, called the private key, is kept secret and known only to the owner of that pair of keys.
    - - Just as passports and drivers licenses are issued by a
        trusted independent party (the government) and employ mechanisms such as holograms and watermarks to prove that they are genuine, digital certificates are issued by an organization called a certificate authority and contain the certificate authority’s digital signature to prove that they are genuine.
      - This system for issuing pairs of public and private keys and corresponding digital certificates is called a public key infrastructure (PKI). The entire PKI system hinges on trusting the certificate authorities that issue the keys and certificates.
      - A digital certificate is an electronic document that contains an entity’s public key and certifies the identity of the owner of that particular public key.
    - - Encryption algorithm
        
        The nature of the algorithm used to combine the key and the
        plaintext is important. A strong algorithm is difficult, if not impossible, to break by using brute-force guessing techniques. Secrecy is not necessary for strength.
      - Policing for managing cryptographic keys
        
        The management of cryptographic keys is often the most vulnerable aspect of encryption systems. No matter how long the keys are, or how strong an encryption algorithm is, if the keys have been stolen, the encryption can be easily broken. Therefore, cryptographic keys must be stored securely and protected with strong access controls.
      - Key length
        
        Longer keys provide stronger encryption by reducing the number of repeating blocks in the ciphertext. This makes it harder to spot patterns in the ciphertext that reflect patterns in the original plaintext.
    - - To protect confidentiality and privacy, information must be encrypted not only within a system, but also when it is in transit over the Internet. encrypting information while it traverses the Internet creates a virtual private network (VPN), so named because it provides the functionality of a privately owned secure network without the associated costs of leased telephone lines, satellites, and other communication equipment.