Protecting Data Through Encryption: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 117: Line 117:
Source of definitions: http://www.netaction.org:  
Source of definitions: http://www.netaction.org:  
Copyright 1996-2003 by NetAction under Creative Commons "Attribution-NonCommercial-ShareAlike license." This means you are free to share and remix the material on this site, provided the derivative work is attributed to NetAction, it is non-commercial, and the resulting work is distributed or used subject to the same license.
Copyright 1996-2003 by NetAction under Creative Commons "Attribution-NonCommercial-ShareAlike license." This means you are free to share and remix the material on this site, provided the derivative work is attributed to NetAction, it is non-commercial, and the resulting work is distributed or used subject to the same license.
Source of encryption history: http://wapedia.mobi/en/History_of_cryptography
Source of encryption history: http://wapedia.mobi/en/History_of_cryptography

Revision as of 03:46, 27 July 2010

Protecting Data Through Encryption

Introduction

Throughout the history of mankind, spanning over thousands of years, society has found it important and necessary to keep certain information private. Cryptography became the study and practice associated with hiding such information. In this paper, I will describe how encryption and cryptography have evolved with time, and explain the methods that are most commonly used for data protection in today’s technological society.

History

Encryption or cryptology was not always intended to keep secrets. Over 4,500 years ago, man carved hieroglyphs into monuments in separate corners of the earth. The pictures and markings were not meant to code, but instead created mystery and enjoyment for others to observe. Around 500-600 BC the use of substitution ciphers was being utilized to encrypt messages, even for protecting recipes.

Methods

Data encryption is a combination of mathematical concepts, computer science, and engineering.


Symmetric

Asymetric

Definitions

To become familiar with the data encryption process, a few keywords and their definitions must be understood:


Algorithm: The American Heritage Dictionary defines an algorithm as "a step-by-step problem-solving procedure, especially an established, recursive computational procedure for solving a problem in a finite number of steps." In the context of encryption, an algorithm is the mathematical formula used to scramble and unscramble data. It typically has two elements: data (for example, an email message that you want to encrypt or decrypt) and a key.


Asymmetric Cryptography: (Also known as public key cryptography.) Encryption software that requires two keys: a public key and a private key. Encryption software users distribute their public key, but keep their private key to themselves.


Authentication: Assuring that a message has not been modified in transit or while stored on a computer is referred to as authentication. It is one of the objectives of cryptography. (This is referred to as message authentication or message integrity.) Assuring that a public key really belongs to a specific individual, or that a specific individual has the right to send a particular encrypted message is another type of authentication.


Back Door: A "back door" is a software function that allows someone to decrypt data without the key. In some cases, software creators intentionally include this function in software. Software that has a back door is not secure.


Certificate : A certificate is a data file that identifies an individual, organization, or business. Certificates are obtained from specialized certificate-issuing companies such as VeriSign, and can be used to encrypt data and/or confirm the certificate owner's identity.


Cipher, Block Cipher, Stream Cipher : A method of encryption and decryption, a.k.a. encryption algorithm.

  • A Block Cipher is a method for encrypting data in chunks (several or many contiguous bits) as opposed to encoding bit-by-bit like a stream cipher.
  • A Stream Cipher is a method of encrypting data bit-by-bit, as opposed to encoding a contiguous chunk of data all at once like a block cipher.


Cleartext / Plaintext: Unencrypted text.


Cryptanalysis: The testing of cryptography. An algorithm or program is said to have been cryptanalyzed if cryptographers have tested it for vulnerabilities.


Digital Signature: A small piece of code that is used to authenticate the sender of data. Digital signatures are created with encryption software for verification purposes. A private key is used to create a digital signature, and a corresponding public key can be used to verify that the signature was really generated by the holder of the private key. See asymmetric cryptography.


Digital Signature Standard (DSS): DSS is the U.S. government's standard for authenticating a digital signature.


FTP (File Transfer Protocol) : FTP is an old but still widely used method for sending data across the Internet. The protocol itself has no security, so any login and password information is sent as plaintext. This means that if the login/password transmission is intercepted the security of any data stored on the FTP server may be compromised. There are ways to add security to FTP transmissions, but they require special software for both the server and the client (the computer that stores data and the computer that sends and receives data). Web browsers can also act as FTP clients. If your Web browser's address bar starts with "ftp://" instead of "http://" you are connected to an FTP server.


Key : A specific string of data that is used to encrypt and decrypt messages, documents or other types of electronic data. Keys have varying levels of strength. Keys having higher numbers of bits are theoretically tougher to break because there are more possible permutations of data bits. (Since bits are binary, the number of possible permutations for a key of x bits is 2x.) The specific way a key is used depends on whether it's used with asymmetric or symmetric cryptography.


Keyring : A set of keys. In asymmetric encryption software, separate keyrings are used to store private keys and public keys


PGP (Pretty Good Privacy) : PGP is the de facto standard for software encryption. It is available in a variety of versions, some of which can be downloaded for free from Web sites, others of which are sold commercially. Because it is so widely used, PGP is one of the most heavily cryptanalyzed encryption programs in the world. (This means that countless cryptographers and programmers have so far been unable to break it.)


Private Key: Private keys, a.k.a. secret keys, are used in asymmetric cryptography. One of their primary purposes is to enable someone to use a public key to encrypt data that can only be decrypted by the owner of the corresponding private key. Private keys should not be distributed.


Public Key : Public keys are used in asymmetric cryptography. One of their primary purposes is to enable someone to encrypt messages intended for the owner of the public key. Public keys are meant for distribution, so anyone who wants to send an encrypted message to the owner of the public key can do so, but only the owner of the corresponding private key can decrypt the message.


Self-Decrypting Archive: A self-decrypting archive is similar to the self-extracting archive that is typically used with software that is downloaded from the Internet. It contains an archive with one or more files that will automatically open and decrypt with the appropriate key or password. The advantage of a self-decrypting archive is that the recipient doesn't need special software to decrypt files. Typically, the self-decrypting archive software prompts the recipient for a password, and extracts its contents if the password is correct.


SSH (Secure Shell): SSH, like Telnet, is a protocol that allows someone using one computer to remotely operate another computer. Unlike Telnet, however, it uses secure (encrypted) transmissions.


Symmetric Cryptography: A method of encryption in which a single key is used to scramble and unscramble data.


Telnet : Telnet is a protocol that allows someone using one computer to remotely operate another computer. Like FTP, Telnet is not secure. Security is possible by using special Telnet server/client software or an alternative protocol (like SSH).


Web of Trust: An informal means of confirming the identity of someone with whom you communicate electronically.


Source Literature

Source of definitions: http://www.netaction.org: Copyright 1996-2003 by NetAction under Creative Commons "Attribution-NonCommercial-ShareAlike license." This means you are free to share and remix the material on this site, provided the derivative work is attributed to NetAction, it is non-commercial, and the resulting work is distributed or used subject to the same license.

Source of encryption history: http://wapedia.mobi/en/History_of_cryptography