CPSC 4820 - DAY 4 JANUARY 30, 2018 ================================================================================ SYMMETRIC VS. ASYMMETRIC ENCRYPTION ----------------------------------- Symmetric-key systems are simpler and faster, but there main drawback is that the two party systems must have a way to exchange the key in a secure way. Public key encryption avoids this problem. AES and DES avoids this problem. The most popular symmetric-key system is the Data Encryption Standard (DES). DES uses 56-bit keys, they are short enough to be easily brute-forced. Asymmetric encryption - Public and Private key. Requires encrypting with public key and decrypting with private key. Asymmetric Encryption Algorithms - RSA (most common), DSA (SHA-1), Diffie- Helman. Procedure for Diffie-Hellman: 1. Both parties agree on a large prime number, which will serve as a seed value 2. Both parties agree on an encryption generator (typically AES), which will be used to manipulate the values in a predefined way. 3. Independently, each party comes up with another prime number, which is kept secret from the other party. This number is used as a private key for this interaction (different than the private SSH key used for authentication). 4. The generated private key, the encryption generator, and the shared prime number are used to generate a public key that is derived from the private key, but which can be shared with the other party. 5. Both participants then exchange their generated public keys. 6. The receiving entity uses their own private key, the other party's public key, and the original shared prime number to compute a shared secret key. Although this is independently computed by each party, using opposite private and public keys, it will result in the same secret key. 7. The shared secret is then used to encrypt all communication that follows. AWS Security and IAM -------------------- AWS Shared Responsibilty Model - AWS services you utilize to run your workloads (EC2 instances, S3 buckets, etc) API Endpoints - SSL Endpoints, Security Groups, VPC Security Groups - security at the instance level. Policies in IAM are JSON documents that describe permissions. An IAM role uses a policy. An IAM role has no associated credentials. IAM users, applications, and services may assume IAM roles. Security Token Credentials - will give access to a service temporarily from 15 minutes - 36 hours.