Explore
For Enterprise
Join for Free
Log In

Kunst und Geisteswissenschaften
Wirtschaft
Informatik
Datenverarbeitung
Informationstechnologie
Gesundheit
Mathematik und Logik
Persönliche Entwicklung
Physik und Ingenieurwesen
Sozialwissenschaften
Sprachen lernen
Abschlüsse
Zertifikate

Alle Bereiche erkunden

Blättern
Suche
Für Unternehmen
Anmelden
Kostenlose Teilnahme

Cryptographic Hardware

Loading...

IT Security: Defense against the digital dark arts

4.8 (2,789 ratings) | 30K Students Enrolled

Kurs 1 von 5 in Zertifikat über berufliche Qualifikation für Google IT-Support Spezialisierung

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. Finally, we’ll go through a case study, where we examine the security model of Chrome OS. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: ● how various encryption algorithms and techniques work as well as their benefits and limitations. ● various authentication systems and types. ● the difference between authentication and authorization. ● how to evaluate potential risks and recommend ways to reduce risk. ● best practices for securing a network. ● how to help others to grasp security concepts and protect themselves.

Lehrplan anzeigen

Skills You'll Learn

Cybersecurity, Wireless Security, Cryptography, Network Security

Bewertungen

4.8 (2,789 ratings)

5 stars
2,285 ratings
4 stars
406 ratings
3 stars
62 ratings
2 stars
18 ratings
1 star
18 ratings

TE

Oct 05, 2018

Thank you to all the instructors. I learned concrete and useful IT skills from the courses and especially from the projects. After completing this course, I feel I want to learn more and more.

DS

Jan 30, 2019

Course 1 and 5 are probably my favorite of the courses because i feel i learned a lot in these two the most, all are great i just really wanted to learn more about security which was course 5

Aus der Unterrichtseinheit

Pelcgbybtl (Cryptology)

In the second week of this course, we'll learn about cryptology. We'll explore different types of encryption practices and how they work. We'll show you the most common algorithms used in cryptography and how they've evolved over time. By the end of this module, you'll understand how symmetric encryption, asymmetric encryption, and hashing work; you'll also know how to choose the most appropriate cryptographic method for a scenario you may see in the workplace.

Public Key Infrastructure9:05

Cryptography in Action8:31

Securing Network Traffic6:04

Cryptographic Hardware6:42

Unterrichtet von

Google

Skript

Welcome back. Let's dive right in.

Another interesting application of cryptography concepts,

is the Trusted Platform Module or TPM.

This is a hardware device that's typically integrated into the hardware of a computer,

that's a dedicated crypto processor.

TPM offers secure generation of keys,

random number generation, remote attestation,

and data binding and sealing.

A TPM has unique secret RSA key burned into the hardware at the time of manufacture,

which allows a TPM to perform things like hardware authentication.

This can detect unauthorized hardware changes to a system.

Remote attestation is the idea of a system

authenticating its software and hardware configuration to a remote system.

This enables the remote system to determine the integrity of the remote system.

This can be done using a TPM by generating a secure hash of the system configuration,

using the unique RSA key embedded in the TPM itself.

Another use of this secret hardware backed encryption key is data binding and sealing.

It involves using the secret key to derive

a unique key that's then used for encryption of data.

Basically, this binds encrypted data to the TPM and by extension,

the system the TPM is installed in,

sends only the keys stored in hardware in the TPM will be able to decrypt the data.

Data sealing is similar to binding since data

is encrypted using the hardware backed encryption key.

But, in order for the data to be decrypted,

the TPM must be in a specified state.

TPM is a standard with

several revisions that can be implemented as a discrete hardware chip,

integrated into another chip in a system,

implemented in firmware software or virtualize then a hypervisor.

The most secure implementation is the discrete chip,

since these chip packages also incorporate

physical tamper resistance to prevent physical attacks on the chip.

Mobile devices have something similar referred to as a secure element.

Similar to a TPM,

it's a tamper resistant chip often embedded in

the microprocessor or integrated into the mainboard of a mobile device.

It supplies secure storage of

cryptographic keys and provides a secure environment for applications.

An evolution of secure elements is

the Trusted Execution Environment or TEE which takes the concept a bit further.

It provides a full-blown isolated execution environment that runs alongside the main OS.

This provides isolation of the applications

from the main OS and other applications installed there.

It also isolates secure processes from each other when running in the TEE.

TPMs have received criticism around trusting the manufacturer.

Since the secret key is burned into the hardware at the time of manufacture,

the manufacturer would have access to this key at the time.

It is possible for the manufacturer to store

the keys that could then be used to duplicate a TPM,

that could break the security the module is supposed to provide.

There's been one report of a physical attack on a TPM which allowed

a security researcher to view and access the entire contents of a TPM.

But this attack required the use of an electron microscope

and micron precision equipment for manipulating a TPM circuitry.

While the process was incredibly time intensive

and required highly specialized equipment,

it proved that such an attack is possible despite the tamper protections in place.

You can read more about it just after this video.

TPMs are most commonly used to ensure platform integrity,

preventing unauthorized changes to the system either in software or hardware,

and full disk encryption utilizing the TPM to protect the entire contents of the disk.

Full Disk Encryption or FDE,

as you might have guessed from the name,

is the practice of encrypting the entire drive in the system.

Not just sensitive files in the system.

This allows us to protect the entire contents of the disk from data theft or tampering.

Now, there are a bunch of options for implementing FDE.

Like the commercial product PGP,

Bitlocker from Microsoft, which integrates very well with TPMs,

Filevault 2 from Apple,

and the open source software dm-crypt,

which provides encryption for Linux systems.

An FDE configuration will have one partition

or logical partition that holds the data to be encrypted.

Typically, the root volume,

where the OS is installed.

But, in order for the volume to be booted,

it must first be unlocked at boot time.

Because the volume is encrypted,

the BIOS can't access data on this volume for boot purposes.

This is why FDE configurations will have

a small unencrypted boot partition that contains elements like the kernel,

bootloader and a netRD.

At boot time, these elements are loaded which then prompts the user to

enter a passphrase to unlock the disk and continue the boot process.

FDE can also incorporate the TPM,

utilizing the TPM encryption keys to protect the disk.

And, it has platform integrity to prevent

unlocking of the disk if the system configuration is changed.

This protects against attacks like hardware tampering,

and disk theft or cloning.

Before we wrap up this module on encryption,

I wanted to touch base on the concept of random.

Earlier, when we covered the various encryption systems,

one commonality kept coming up that these systems rely on.

Did you notice what it was? That's okay if you didn't.

It's the selection of random numbers.

This is a very important concept in encryption

because if your number selection process isn't truly random,

then there can be some kind of pattern that an adversary can discover

through close observation and analysis of encrypted messages over time.

Something that isn't truly random is referred to as pseudo-random.

It's for this reason that operating systems

maintain what's referred to as an entropy pool.

This is essentially a source of random data to help seed random number generators.

There's also dedicated random number generators and pseudo-random number generators,

that can be incorporated into a security appliance or server to

ensure that truly random numbers are chosen when generating cryptographic keys.

I hope you found these topics in cryptography interesting and informative.

I know I did when I first learned about them.

In the next module, we'll cover the three As of security,

authentication, authorization and accounting.

These three As are awesome and I'll tell you why in the next module.

But before we get there,

one final quiz on the cryptographic concept we've covered so far.

Durchsuchen Sie unseren Katalog

Melden Sie sich kostenlos an und erhalten Sie individuelle Empfehlungen, Aktualisierungen und Angebote.

Coursera arbeitet mit erstklassigen Universitäten und Organisationen zusammen, um Online-Kurse anzubieten und dadurch universellen Zugriff auf die weltweit beste Ausbildung zu ermöglichen.

© 2019 Coursera Inc. Alle Rechte vorbehalten.

Aus dem App Store herunterladen

Erhältlich bei Google Play

Coursera
Info
Leitung
Jobs
Katalog
Zertifikate
MasterTrack™ Certificates
Abschlüsse
Für Unternehmen
Für Regierungen

Community
Learners
Partners
Developers
Beta Testers
Translators

Verbinden
Blog
Facebook
LinkedIn
Twitter
Instagram
Youtube
Tech-Blog

mehr
Bedingungen
Datenschutz
Hilfe
Zugänglichkeit
Presse
Kontakt
Verzeichnis
Partnerunternehmen