ISC2

Cryptography

This course is part of (ISC)² Systems Security Certified Practitioner (SSCP)

Taught in English

Some content may not be translated

11,267 already enrolled

Course

Gain insight into a topic and learn the fundamentals

4.7

(252 reviews)

|

95%

Beginner level
No prior experience required
6 hours (approximately)
Flexible schedule
Learn at your own pace

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

15 quizzes

Course

Gain insight into a topic and learn the fundamentals

4.7

(252 reviews)

|

95%

Beginner level
No prior experience required
6 hours (approximately)
Flexible schedule
Learn at your own pace

See how employees at top companies are mastering in-demand skills

Placeholder

Build your subject-matter expertise

This course is part of the (ISC)² Systems Security Certified Practitioner (SSCP)
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate
Placeholder
Placeholder

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

Placeholder

There are 8 modules in this course

In this course, we'll explore the field of cryptography, including public key infrastructures, certificates and digital signing. Here, we take a deep dive into the realm of confidentiality, integrity and availability. Since we aren't only using cryptography to protect data from unauthorized disclosure and improper modification, but also using encryption to regulate the ability of users to log into systems and applications. Course 3 Learning ObjectivesAfter completing this course, the participant will be able to: L3.1 - Identify the fundamental concepts of cryptography driving requirements and benefits.L3.2 - Recognize symmetric encryption methods.L3.3 - Use asymmetric encryption methods.L3.4 - Examine public-key infrastructure (PKI) systems and certificates.L3.5 - Summarize fundamental key management terms and concepts.L3.6 - Recognize how to implement secure protocols.L3.7 - Review methods of cryptanalytic attack.Course AgendaModule 1: Benefits and Driving Requirements for Cryptography (Domain 5 - Cryptography, Domain 7 - Systems and Application Security)Module 2: Support the Use of Symmetric Encryption Methods (Domain 5 - Cryptography)Module 3: Support the Use of Asymmetric Encryption Methods (Domain 5 - Cryptography)Module 4: Support the Use of Public Key Infrastructure (PKI) Systems (Domain 5 - Cryptography)Module 5: Support Key Management Processes (Domain 5 - Cryptography)Module 6: Support the use of Secure Protocols (Domain 5 - Cryptography)Module 7: Cryptanalysis (Domain 5 - Cryptography)Who Should Take This Course: BeginnersExperience Required: No prior experience required

What's included

4 videos1 reading3 quizzes

The two main types of algorithms used in encryption are symmetric and asymmetric. These types of algorithms provide substantially different benefits and have different uses as part of a cryptographic implementation. This module will examine each of these types of algorithms and describe their uses and benefits. 

What's included

5 videos1 reading1 quiz

In contrast to symmetric encryption, asymmetric encryption is relatively new, having been invented, published and thereby made publicly available only in the late 1970s.  Asymmetric algorithms became commonly known when Drs. Whitfield Diffie and Martin Hellman released a paper in 1976 called “New Directions in Cryptography.” The Diffie-Hellman paper described the concept of using two different keys (a key pair) to perform the cryptographic operations — the essence of asymmetric cryptography. The pair of keys used in asymmetric cryptography are mathematically related and must always be used as a pair. One key will not work without the other key also being used. The key pair consists of a private key, which the owner of the key pair MUST keep private; and a public key, which is computed from the private key and can be shared with anyone the owner wishes to share it with.  Asymmetric cryptography uses what is known as a trapdoor function, meaning that while it may be easy to compute a value in one direction, reversing the process is extremely difficult if not mathematically impossible to do. The mathematics used in creating the key pair makes it simple to calculate the value of the public key if a person knows the value of the private key, but the reverse (i.e., to determine the value of the private key based on the value of the public key) is something we call computationally infeasible — it would take more processing time, on more CPUs and GPUs (graphics processor units) running in parallel, to be confident of making that “lucky guess” at going backward through the trapdoor, so to speak, and cracking the private key based only on the public key.  Even Kerckhoffs’s Principle (covered in module 5) doesn’t make these cryptographic attacks any easier! Modern attacks have been done using botnet systems in which CPUs and GPUs become part of a massively parallel attack on such cryptosystems. Trapdoor functions were one of the “new directions” in the Diffie-Hellman paper; the other was using these functions to compute a symmetric session key on demand, without requiring the sender and recipient to first exchange a secret value such as a symmetric encryption key. Suddenly, the key distribution and management problem became much, much simpler. Let’s take a closer look at these ideas and see how they gave rise to public key cryptography as an infrastructure (which we call PKI for short), the widespread use of digital signatures, and a host of other ideas vital to the safe and reliable use of e-business of all forms. 

What's included

9 videos3 readings3 quizzes

A PKI is a set of system, software and communication protocols required to use, manage and control public key cryptography. As an infrastructure, it provides foundational services to users by: Publishing the public keys and certificates related to an identity Certifying that a public key is tied to an individual or an identity Verifying that a public key is valid and correct Note that the PKI is working at the level of an identity, and not at the entity level. As a private individual, the human being Kazuko is an entity; each web service or institution they deal with will know them by a different identity, quite possibly with different subsets of the total collection of identifying attributes associated with Kazuko. Each endpoint device, such as their laptops, smartphones, or smart watches, will further encapsulate some of that identity information along with the device’s own identity information, which becomes the identity that will be known by the PKI and its services.  Kazuko, like the other billions of internet users (human, device, organizational or robotic) thus has multiple identities; the PKI must serve them all. Keep this fundamental idea in mind as we work through using the PKI to keep things safe, reliable and secure. 

What's included

4 videos2 readings2 quizzes

The compromise of most cryptographic systems does not happen because of weaknesses in the algorithms; instead, it is most frequently due to problems with key management. This is often a human problem when people share keys, distribute keys improperly, choose weak keys, do not destroy old keys or store keys insecurely. History is littered with the defeats of nations and the failures of business ventures because of this. A major part of breaking the code for Nazi Germany’s Enigma machine during the Second World War was the work of the Polish mathematician Marian Rejewski. Working in the Polish General Staff’s Cipher Bureau with allied French military intelligence, he was able to determine the order of the letters on the cipher disks used in the Enigma by gaining access to two months’ worth of old encryption (setting) keys the Germans had discarded. As security professionals, we ought to be able to reach up to our bookshelves and pull down a handbook for cryptographic key and certificate management for business and private organizational use; that handbook doesn’t seem to exist yet.  NIST SP 1800-16, issued in June 2020, is a great start on this effort, but it does not address the small- and medium-sized enterprise needs, nor does the NIST Cybersecurity Framework do this either. Let’s see what we can put together, drawing from the lessons in modules 1 through 4, and a few other lessons from history. 

What's included

4 videos2 readings1 quiz

The previous modules explained the characteristics, strengths, and uses of cryptographic algorithms. As a security professional, we will use these algorithms in many ways including secure email, virtual private networks (VPNs), e-commerce and wireless security. Most cryptographic systems use a combination of symmetric and asymmetric algorithms, hashing, and digital signatures. Chapter 5 will provide you with a more solid foundation in the architectural models of internetworking, as it works through the layers of the OSI 7-Layer model and TCP/IP as protocol stacks. For now, it’s good to know that from the physical interconnection level on up through services used by applications, cryptography provides support to all aspects of security.

What's included

6 videos2 readings2 quizzes

This last part of the section on cryptography will examine some of the ways the protection of files and communications has been compromised through the science and art of cryptanalysis. There are many avenues of attack (attack vectors) that can be used against cryptosystems: to attack the key, the algorithm, the ciphertext, the implementation, or the people, but the weakest link in cryptography has to be the people. The easiest attack is through social engineering and convincing someone to disclose a password or other sensitive information. It’s important to realize that cryptanalysis and even cryptographic attacks are methods, not motives. The attackers might be the ethical penetration testers hired by your organization or be part of a law enforcement or national security organization conducting lawful intelligence (and counterintelligence) operations.  Cryptanalysis, the observation of a cryptosystem’s design or operational characteristics, can be used to find vulnerabilities or identify areas for possible improvements in a cryptosystem. Both can be and are done for benign and hostile intents. 

What's included

4 videos2 readings2 quizzes

We’ve seen that cryptographic systems, when properly used and kept secure, can support all of the CIANA+PS security needs of confidentiality, integrity, availability, non-repudiation, authenticity, safety, and privacy. This is best done by using hybrid systems that use both symmetric and asymmetric cryptographic algorithms to provide for strong, efficient operation while simplifying the key distribution and management requirements.  Encryption is not the answer to everything, of course. As with any risk management and mitigation control, it has to be applied at the right points in the organization’s information architecture and used correctly to be effective. It also must be managed to continue to deliver the required protection.

What's included

1 reading1 quiz1 peer review

Instructor

Instructor ratings
4.7 (45 ratings)
(ISC)² Education & Training
ISC2
20 Courses78,704 learners

Offered by

ISC2

Recommended if you're interested in Security

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

Showing 3 of 252

4.7

252 reviews

  • 5 stars

    82.21%

  • 4 stars

    14.22%

  • 3 stars

    1.18%

  • 2 stars

    0.79%

  • 1 star

    1.58%

JW
5

Reviewed on Oct 27, 2020

US
5

Reviewed on Dec 23, 2022

SP
4

Reviewed on Oct 1, 2022

New to Security? Start here.

Placeholder

Open new doors with Coursera Plus

Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Frequently asked questions