Encryption

12COMP

assessment

Useful resources:

Encryption terms

CS field guide

Khan academy

Big picture - Why

Encryption - Big picture

Key Points:

We have lots of reasons to keep secrets

Modern encryption is made up of many different tools

Basics

Ciphers

Encryption - Ciphers

Key points:

Ciphers take a plaintext message and turn it into ciphertext

They can be reversed to get the plaintext back

They require a secret key to work

Basic ciphers are symmetric, they use the same key to encrypt and decrypt

Problems:

Swapping the secret key safely

Key exchange

Untitled presentation

Key points:

Two users can create a secret that no one else knows

They can do this in public even if others are listening

Problems:

They can't tell that they are talking to the right person

Identity verification - public key crypto

Encryption - Authentication

Key points:

Now users can send messages that only the intended recipient can read.

They can use this system to prove that they are who they say they are.

Problems:

This is SLOW. Not good for lots of data

How do you know the public key you have is actually from the right person?

Hashing

Encryption - Hashing

Key points:

Not the same as encryption but very useful

Great for checking to see if your data is undamaged

Certification

Encryption - Certification

Key points:

Certification is how you can be confident that the public key belongs to the right person

Real world - HTTPS

Encryption - HTTPS

Key points:

Real communication uses all these things

Almost all online communication uses TLS

Passwords

Encryption - passwords

History

Encryption - Future

Multi-national Companies' Encryption Policies

Rememebr, questions may cover:

passwords
HTTP(S)
any major development in encryption (e.g. private / public key)
policies, or practices of a multi-national technology corporation*

* The multi-national technology corporation must be from the following list: Apple, Microsoft, Amazon, Google (including Waymo), Meta (including Facebook), Tencent (including WeChat), ByteDance (including TikTok).

Candidates can ONLY choose from the list of corporations provided. They only need to choose one corporation.

Where it is not possible to know the corporation’s policies or procedures, questions will be of the “how might / should” type.

Google

A Summary

When you use Google Cloud your data is encrypted in transit and at rest to protect the data.

Encryption in transit - used to protect data that is traveling over the internet or travelling within Google's own infrastructure. Google uses TLS
Encryption at rest - used to protect data that is stored on a disk (including SSDs) or backup media.