Protecting Data Through Encryption: Difference between revisions
Pspatafore (talk | contribs) |
Pspatafore (talk | contribs) |
||
Line 149: | Line 149: | ||
Copyright 1996-2003 by NetAction under Creative Commons "Attribution-NonCommercial-ShareAlike license." This means you are free to share and remix the material on this site, provided the derivative work is attributed to NetAction, it is non-commercial, and the resulting work is distributed or used subject to the same license. | Copyright 1996-2003 by NetAction under Creative Commons "Attribution-NonCommercial-ShareAlike license." This means you are free to share and remix the material on this site, provided the derivative work is attributed to NetAction, it is non-commercial, and the resulting work is distributed or used subject to the same license. | ||
Source of encryption history: http://wapedia.mobi/en/History_of_cryptography: | |||
Source of encryption history: http://wapedia.mobi/en/History_of_cryptography: | |||
1.^ A Short History of Cryptography, Fred Cohen 1995, retrieved 8 June 2010 | 1.^ A Short History of Cryptography, Fred Cohen 1995, retrieved 8 June 2010 | ||
Revision as of 05:08, 29 July 2010
Protecting Data Through Encryption
Introduction
Throughout the history of mankind, spanning over thousands of years, society has found it important and necessary to keep certain information private. Cryptography became the study and practice associated with hiding such information. In this paper, I will describe how encryption and cryptography have evolved with time, and explain the methods that are most commonly used for data protection in today’s technological society.
History
Encryption or cryptology was not always intended to keep secrets. Over 4,500 years ago, man carved hieroglyphs into monuments in separate corners of the earth. The pictures and markings were not meant to encrpyt, but instead created mystery and enjoyment for others to observe. Around 500-600 BC the use of substitution ciphers were being utilized to encrypt messages, even for protecting recipes for cooking. The ancient Greeks would use a scytale to encrypt messages. In this process, a strip of leather was wrapped around a rod, and the message was printed on the leather. The recipient of the message would wrap the leather around the same size rod to view the message.
Around 800 AD, the invention of frequency analysis opened new a new door to deciphering encrypted messages. This idea organized the research of identifying frequency of letters or common groups in text.
Ahmad al-Qalqashandi wrote an encyclopedia in which he included a section on Taj ad-Din Ali ibn ad-Duraihim ben Muhammad ath-Tha 'alibi al-Mausili, who wrote about cryptology. His work included both substitution and transposition, and dates between 1312 to 1361.
Around 1518, Johannes Trithemius invented the tabula recta, in which a square table of letters is created and each row is shifted to the left to create the encryption cipher.
As the years passed and people became more knowledgable regarding the coding, they also became more cunning at developing methods to break such ciphers. In the 19th century, books and articles were published that gave useful information on how to solve the ciphers and how to find weaknesses in the coding. Once it became widespread knowledge, the cracking of ciphers were used as part of warfare and planning attacks on enemies as well as learning about the enemies plans through cracking their cipher messages.
Mechanical and electromechanical cipher machines had become invented by World War II. These machines were primarily used by the military and the government. These machines worked with rotating disks with electrical contacts that would apply a fixed substitution of letters in a manner that would be difficult to crack. The Enigma was one of the more well known examples of this type of machine and was as successful as it was because it had the ability for the rotors to advance after encrypting a letter and change the substitution. This is known as a polyalphabetic substitution cipher. Several other machines of this type were used around or after this same time period, but the Enigma was the most well known of such machines. Like previous encryption methods, these machines also had their weaknesses, and through those weaknesses, outsiders were able to break many of the messages.
The one-time pad was invented in 1917. This encryption process used bits from a secret random key and was encrypted by a modular addition, which would wrap numbers around once they reached a certain value. The only way to decrypt these messages would be with the key. It was proven to be effective if used correctly.
From the original markings on cave walls, to the encryption machines dating up through World War II, advancements were made to make the encryption process more secure and more practical. Additional advancements were made post World War II, bringing us into the more modern methods of data encryption.
Modern Methods
Data encryption is a combination of mathematical concepts, computer science, and engineering. Claude Shannon was well known as the father of mathematical cryptology because he established a theoretical baisis for the study. The Data Encryption Standard is a block cipher selected by the National Bureau of Standards as an official Federal Information Processing Standard. Symmetric-key algorithm that uses a 56-bit key is the basis for this standard. In 2001, the Advanced Encryption Standard was adopted by the US government. This is a symmetric-key ecnryption, with three block ciphers. Each cipher has a 128-bit block size, with key sizes of 128, 192, and 256 bits. This was the first publicaly accessible and open cipher approved by the NSA for top secret information.
It was in 1976 that the asymmetric key algorithm was introduced as an alternate option to the already existing symmetric key algorithms.
Symmetric
In symmetric-key encryption, each computer must have the same key. Often one is to encrypt and the other to decrypt the message. Each computer has a key that it uses to encrypt a packet of information prior to it being sent to another computer. The symmetric-key method requires all parties involved to be aware of each other so the key can be installed on each computer. Each computer must have the key, which contains the code to decrypt the information. With the Advanced Encryption Standard in place, which uses keys up to 256-bits, many people in the IT field feel confident that this will be sufficient encryption protection for a long time in the future.
Symmetric-key encryption is also known as secret-key, single-key, shared-key, one-key, and private-key encryption. This symmetric-key algorithms can be divided into the two sections below:
Stream Ciphers: encrypt the bytes of the message one at a time Block Ciphers: encrypt several bytes as a single unit. These are often based off of construction that allows them to build invertible functions from other functions that are not invertible.
To ensure that there are no interruptions to the data during the encryption process or the sending process, a message authentication code (MAC) is often applied. A keyed hash function is another addition that tags the message and its length allowing any changes to be detected. Message integrity code algorithms are created where a given message will always produce the same MIC assuming the same algorithm is used to generate both. Because they do not taken on their own key, they are less reliable when confirming a message's integrity.
Symmetric ciphers have been known to be susceptible to many types of attacks if not created correctly. These types of attacks can include:
- Known-plaintext attacks: the attacker has both the plaintext and the encrypted version and uses them to reveal secret information.
- Chosen plaintext attacks: attack is to gain further information to reduce the security and could reveal the secret key.
- Differential cryptanalysis: In reference to a block cipher, it is a set of techniques for tracing the differences of transformations, exploiting differences to reveal the key.
- Linear cryptanalysis: Based on finding approximations to the action of a cipher; used for block ciphers and stream ciphers.
Asymetric
Definitions
To become familiar with the data encryption process, a few keywords and their definitions must be understood:
Algorithm: The American Heritage Dictionary defines an algorithm as "a step-by-step problem-solving procedure, especially an established, recursive computational procedure for solving a problem in a finite number of steps." In the context of encryption, an algorithm is the mathematical formula used to scramble and unscramble data. It typically has two elements: data (for example, an email message that you want to encrypt or decrypt) and a key.
Asymmetric Cryptography: (Also known as public key cryptography.)
Encryption software that requires two keys: a public key and a private key. Encryption software users distribute their public key, but keep their private key to themselves.
Authentication:
Assuring that a message has not been modified in transit or while stored on a computer is referred to as authentication. It is one of the objectives of cryptography. (This is referred to as message authentication or message integrity.) Assuring that a public key really belongs to a specific individual, or that a specific individual has the right to send a particular encrypted message is another type of authentication.
Back Door:
A "back door" is a software function that allows someone to decrypt data without the key. In some cases, software creators intentionally include this function in software. Software that has a back door is not secure.
Certificate :
A certificate is a data file that identifies an individual, organization, or business. Certificates are obtained from specialized certificate-issuing companies such as VeriSign, and can be used to encrypt data and/or confirm the certificate owner's identity.
Cipher, Block Cipher, Stream Cipher :
A method of encryption and decryption, a.k.a. encryption algorithm.
- A Block Cipher is a method for encrypting data in chunks (several or many contiguous bits) as opposed to encoding bit-by-bit like a stream cipher.
- A Stream Cipher is a method of encrypting data bit-by-bit, as opposed to encoding a contiguous chunk of data all at once like a block cipher.
Cleartext / Plaintext:
Unencrypted text.
Cryptanalysis:
The testing of cryptography. An algorithm or program is said to have been cryptanalyzed if cryptographers have tested it for vulnerabilities.
Digital Signature:
A small piece of code that is used to authenticate the sender of data. Digital signatures are created with encryption software for verification purposes. A private key is used to create a digital signature, and a corresponding public key can be used to verify that the signature was really generated by the holder of the private key. See asymmetric cryptography.
Digital Signature Standard (DSS):
DSS is the U.S. government's standard for authenticating a digital signature.
FTP (File Transfer Protocol) :
FTP is an old but still widely used method for sending data across the Internet. The protocol itself has no security, so any login and password information is sent as plaintext. This means that if the login/password transmission is intercepted the security of any data stored on the FTP server may be compromised. There are ways to add security to FTP transmissions, but they require special software for both the server and the client (the computer that stores data and the computer that sends and receives data). Web browsers can also act as FTP clients. If your Web browser's address bar starts with "ftp://" instead of "http://" you are connected to an FTP server.
Key :
A specific string of data that is used to encrypt and decrypt messages, documents or other types of electronic data. Keys have varying levels of strength. Keys having higher numbers of bits are theoretically tougher to break because there are more possible permutations of data bits. (Since bits are binary, the number of possible permutations for a key of x bits is 2x.) The specific way a key is used depends on whether it's used with asymmetric or symmetric cryptography.
Keyring :
A set of keys. In asymmetric encryption software, separate keyrings are used to store private keys and public keys
PGP (Pretty Good Privacy) :
PGP is the de facto standard for software encryption. It is available in a variety of versions, some of which can be downloaded for free from Web sites, others of which are sold commercially. Because it is so widely used, PGP is one of the most heavily cryptanalyzed encryption programs in the world. (This means that countless cryptographers and programmers have so far been unable to break it.)
Private Key:
Private keys, a.k.a. secret keys, are used in asymmetric cryptography. One of their primary purposes is to enable someone to use a public key to encrypt data that can only be decrypted by the owner of the corresponding private key. Private keys should not be distributed.
Public Key :
Public keys are used in asymmetric cryptography. One of their primary purposes is to enable someone to encrypt messages intended for the owner of the public key. Public keys are meant for distribution, so anyone who wants to send an encrypted message to the owner of the public key can do so, but only the owner of the corresponding private key can decrypt the message.
Self-Decrypting Archive:
A self-decrypting archive is similar to the self-extracting archive that is typically used with software that is downloaded from the Internet. It contains an archive with one or more files that will automatically open and decrypt with the appropriate key or password. The advantage of a self-decrypting archive is that the recipient doesn't need special software to decrypt files. Typically, the self-decrypting archive software prompts the recipient for a password, and extracts its contents if the password is correct.
SSH (Secure Shell):
SSH, like Telnet, is a protocol that allows someone using one computer to remotely operate another computer. Unlike Telnet, however, it uses secure (encrypted) transmissions.
Symmetric Cryptography:
A method of encryption in which a single key is used to scramble and unscramble data.
Telnet :
Telnet is a protocol that allows someone using one computer to remotely operate another computer. Like FTP, Telnet is not secure. Security is possible by using special Telnet server/client software or an alternative protocol (like SSH).
Web of Trust:
An informal means of confirming the identity of someone with whom you communicate electronically.
Source Literature
Source of definitions: http://www.netaction.org: Copyright 1996-2003 by NetAction under Creative Commons "Attribution-NonCommercial-ShareAlike license." This means you are free to share and remix the material on this site, provided the derivative work is attributed to NetAction, it is non-commercial, and the resulting work is distributed or used subject to the same license.
Source of encryption history: http://wapedia.mobi/en/History_of_cryptography:
1.^ A Short History of Cryptography, Fred Cohen 1995, retrieved 8 June 2010
2.Simon Singh, The Code Book, pp. 14-20
3."Al-Kindi, Cryptgraphy, Codebreaking and Ciphers" (HTML). http://www.muslimheritage.com/topics/default.cfm?ArticleID=372. Retrieved 2007-01-12.
4.Ibrahim A. Al-Kadi (April 1992), "The origins of cryptology: The Arab contributions”, Cryptologia 16 (2): 97-126
5.^ History of Cryptography
6.Silverman, Kenneth. Edgar A. Poe: Mournful and Never-ending Remembrance. New York: Harper Perennial, 1991. p. 152-3 •David Kahn, The Codebreakers, New York, Macmillan, 1967. •Steven Levy, Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age, New York, Viking Press, 2001.
Source of modern encryption: Tyson, Jeff. "How Encryption Works." 06 April 2001. HowStuffWorks.com. <http://computer.howstuffworks.com/encryption.htm> 28 July 2010
Source of modern encryption: http://wapedia.mobi/en/Symmetric_key_algorithm