Types of Encryption
Identify key issues of cryptography and be able to explain basic cryptographic methods in use today.
Identify encryption types.
As you learned in the preceding section, encryption can be used in a number of different ways.
There are a huge number of encryption algorithms—that is, the step-by-step procedures used to scramble data. These include RSA, RC4, DES, and others with more colorful names, such as Blowfish, Twofish, Safer, and FEAL.
NOTE
Elliptic Curve Algorithms Elliptic curve algorithms can speed up public key operations by using a complex factoring method that defines rules for adding two points on a curve to obtain a third point that is also on the curve. Shorter keys can be used (which are faster and require less storage space) without sacrificing security.
A new encryption standard called the Advanced Encryption Standard (AES), recently adopted by the U.S. Government, uses the Rijndael algorithm developed by two cryptography experts from Belgium. For more information, see the National Institute of Standards and Technology (NIST) AES Web site at http://csrc.nist.gov/encryption/aes/.
Encryption methods can be categorized by cipher type, as follows:
Substitution ciphers. A type of encryption in which each letter of the plain-text message is replaced by some other symbol (for example, a=1, b=2, and so on).
Stream ciphers. A very fast type of symmetric encryption algorithm that operates on small units of plain text (usually bits) to create a sequence of bits that will be used as a key, called a keystream.
Block ciphers. A type of symmetric encryption that takes a block of plain text of a fixed length (often 64 or 128 bits) and converts it into a block of encrypted text (ciphertext) of the same length, using a secret key.
RC4 is an example of a stream cipher. Block ciphers include IBM's Lucifer (one of the first block ciphers), DES/3DES, IDEA, Blowfish, GOST, and CAST-128.
Encryption technologies are generally broken down into two main groups:
Symmetrical encryption, also called secret key encryption
Asymmetrical encryption, also called public key encryption
Both types of encryption use keys, which are passwords, files, or values used to encrypt and decrypt data. A key can be represented as a password, but is basically a very large number (remember that all data is processed by computers in binary, which is a collection of 1s and 0s, each of which is called a bit). The larger the number of bits in a key, the more difficult it is to “break” the cryptography. The key is used with an encryption algorithm to produce the encrypted result, or ciphertext.
The main difference between symmetrical and asymmetrical encryption lies in the number of keys involved.
Symmetrical Encryption
Symmetrical encryption uses a single key, both to encrypt and decrypt the data. The key is sometimes referred to as a shared secret, because both the sender and the recipient must have the same key (or know the same password).
In practice, when you use symmetrical encryption, you run the encryption program and it creates a key and encrypts the data. You send the encrypted data to the recipient. You must also find a way to securely transmit the key to the recipient. If the key is a password, you might phone the recipient to convey the password; you certainly wouldn't want to include it with the encrypted message—or anyone who intercepted the message would also have the password.
EXAM TIP
Use of Keys It is important to understand how the manner in which a public or private key is used determines what type of data protection results. Encrypting a message with someone else's public key causes the data to be encrypted, whereas using your own private key causes the message to be signed (providing authentication) but leaves the data unencrypted (so there is no confidentiality).
Symmetrical encryption is simple and easy to use, but poses security risks because the key must be shared between the parties.
A simple symmetrical encryption method is substitution. Let's say you create an encoded message in which each letter of the alphabet is represented by a numerical digit, starting with 2 for “A” and adding 2 for each subsequent letter, so that “B” is 4, “C” is 6, and so forth. The code (A=2, B=4, C=6, and so on) is the key. Both you (the sender of the message) and the recipient must know the key.
An analogy is the typical door lock. If you lock the door to your house, and you want your neighbor to be able to open it, you must share your key with the neighbor. However, this creates a risk because your neighbor could have a copy made of your door key or even share it with someone else.
Asymmetrical Encryption
Asymmetrical encryption, also called public key encryption, is more secure. In this case, two keys, which belong to a key pair, are used together. One is called the private key, and you never share it with anyone. The other is called the public key, and you can share it with everyone. The two keys in a key pair are mathematically related, but it is considered to be “computationally infeasible” (based on the computing overhead and the length of time that would be required) to discover the private key from knowing the public key.
WARNING
Do Not Compromise Your Private Key! Public key cryptography is highly secure because you never have to share your private key with anyone. However, if the private key is compromised, it is generally more serious than the compromise of a conventional key, because someone who has your private key may be able to steal your identity, allowing the thief to use your credit cards, access your bank account, and much more.
If someone wants to send you a private message, he or she encrypts it with your public key. The message can be decrypted only by your private key—to which you are the only one who has access.
This is similar to the way safe deposit boxes at the bank work. A bank employee has the public or master key that goes into all the boxes, but to get into your box, it must be used in combination with your personal key.
REVIEW BREAK
|