Protecting Data Through Encryption
CNT 2300-91, Summer 2010
Instructor: Ben Franske
Peggy Spatafore
Protecting Data Through Encryption
Introduction
Throughout the history of mankind, spanning over thousands of years, society has found it important and necessary to keep certain information private. Cryptography became the study and practice associated with hiding such information. In this paper, I will describe how encryption and cryptography have evolved with time, and explain the methods that are most commonly used for data protection in today’s technological society. This page is intended to supply summaries on the key points of history and current methods, using fairly simple explanations from several websites. By researching to find terminology and concepts that can be easily understood by students without extensive knowledge in the computer field, the collected summaries on this page provide shortcuts to extended information previously researched by outside sources. The sources for this information are noted at the bottom of the page. For further, more in-depth information on the topics mentioned on this page, readers may visit those sites.
History
Encryption or cryptology was not always intended to keep secrets. Over 4,500 years ago, man carved hieroglyphs into monuments in separate corners of the earth. The pictures and markings were not meant to encrpyt, but instead created mystery and enjoyment for others to observe. Around 500-600 BC the use of substitution ciphers were being utilized to encrypt messages, even for protecting recipes for cooking. The ancient Greeks would use a scytale to encrypt messages. In this process, a strip of leather was wrapped around a rod, and the message was printed on the leather. The recipient of the message would wrap the leather around the same size rod to view the message.
Around 800 AD, the invention of frequency analysis opened new a new door to deciphering encrypted messages. This idea organized the research of identifying frequency of letters or common groups in text.
Ahmad al-Qalqashandi wrote an encyclopedia in which he included a section on Taj ad-Din Ali ibn ad-Duraihim ben Muhammad ath-Tha 'alibi al-Mausili, who wrote about cryptology. His work included both substitution and transposition, and dates between 1312 to 1361.
Around 1518, Johannes Trithemius invented the tabula recta, in which a square table of letters is created and each row is shifted to the left to create the encryption cipher.
As the years passed and people became more knowledgable regarding the coding, they also became more cunning at developing methods to break such ciphers. In the 19th century, books and articles were published that gave useful information on how to solve the ciphers and how to find weaknesses in the coding. Once it became widespread knowledge, the cracking of ciphers were used as part of warfare and planning attacks on enemies as well as learning about the enemies plans through cracking their cipher messages.
Mechanical and electromechanical cipher machines had become invented by World War II. These machines were primarily used by the military and the government. These machines worked with rotating disks with electrical contacts that would apply a fixed substitution of letters in a manner that would be difficult to crack. The Enigma was one of the more well known examples of this type of machine and was as successful as it was because it had the ability for the rotors to advance after encrypting a letter and change the substitution. This is known as a polyalphabetic substitution cipher. Several other machines of this type were used around or after this same time period, but the Enigma was the most well known of such machines. Like previous encryption methods, these machines also had their weaknesses, and through those weaknesses, outsiders were able to break many of the messages.
The one-time pad was invented in 1917. This encryption process used bits from a secret random key and was encrypted by a modular addition, which would wrap numbers around once they reached a certain value. The only way to decrypt these messages would be with the key. It was proven to be effective if used correctly.
From the original markings on cave walls, to the encryption machines dating up through World War II, advancements were made to make the encryption process more secure and more practical. Additional advancements were made post World War II, bringing us into the more modern methods of data encryption.
Modern Methods
Data encryption is a combination of mathematical concepts, computer science, and engineering. Claude Shannon was well known as the father of mathematical cryptology because he established a theoretical baisis for the study. The Data Encryption Standard is a block cipher selected by the National Bureau of Standards as an official Federal Information Processing Standard. Symmetric-key algorithm that uses a 56-bit key is the basis for this standard. In 2001, the Advanced Encryption Standard was adopted by the US government. This is a symmetric-key ecnryption, with three block ciphers. Each cipher has a 128-bit block size, with key sizes of 128, 192, and 256 bits. This was the first publicaly accessible and open cipher approved by the NSA for top secret information.
It was in 1976 that the asymmetric key algorithm was introduced as an alternate option to the already existing symmetric key algorithms.
Symmetric
In symmetric-key encryption, each computer must have the same key. Often one is to encrypt and the other to decrypt the message. Each computer has a key that it uses to encrypt a packet of information prior to it being sent to another computer. The symmetric-key method requires all parties involved to be aware of each other so the key can be installed on each computer. Each computer must have the key, which contains the code to decrypt the information. With the Advanced Encryption Standard in place, which uses keys up to 256-bits, many people in the IT field feel confident that this will be sufficient encryption protection for a long time in the future.
Symmetric-key encryption is also known as secret-key, single-key, shared-key, one-key, and private-key encryption. This symmetric-key algorithms can be divided into the two sections below:
Stream Ciphers: encrypt the bytes of the message one at a time Block Ciphers: encrypt several bytes as a single unit. These are often based off of construction that allows them to build invertible functions from other functions that are not invertible.
To ensure that there are no interruptions to the data during the encryption process or the sending process, a message authentication code (MAC) is often applied. A keyed hash function is another addition that tags the message and its length allowing any changes to be detected. Message integrity code algorithms are created where a given message will always produce the same MIC assuming the same algorithm is used to generate both. Because they do not taken on their own key, they are less reliable when confirming a message's integrity.
Symmetric ciphers have been known to be susceptible to many types of attacks if not created correctly. These types of attacks can include:
- Known-plaintext attacks: the attacker has both the plaintext and the encrypted version and uses them to reveal secret information.
- Chosen plaintext attacks: attack is to gain further information to reduce the security and could reveal the secret key.
- Differential cryptanalysis: In reference to a block cipher, it is a set of techniques for tracing the differences of transformations, exploiting differences to reveal the key.
- Linear cryptanalysis: Based on finding approximations to the action of a cipher; used for block ciphers and stream ciphers.
Asymmetric
In asymmetric-key encryption, the message does not require a secure initial exchange of secret keys between sender and receiver. This method is also known as public-key cryptography. A mathematically related pair of keys, a secret private key and a published public key are created using these algorithms. A digital signature is created by using these keys to verify the authenticity of the message. The private key is kept secret and the public key is passed out with less constraints. the recipient's key encrypts the message and the corresponding private key is the only way the message can be decrypted. Once the key is used, the message is verified. A message that is encrypted using a public key can only be decrypted using the private key.
A further look at the two most common uses of public key include:
- Public key encryption where a message is encrypted with a recipient's public key and can only be decrypted with the matching private key.
- Digital signatures where a message is signed with the sender's private key and anyone who has access to the sender's public key can verify the message. This method is intended to prove the sender had access to the private key.
Asymmetric encryption is widely used around the world. It uses Internet standards such as Transport Layer Security, in which segments are encrypted at the Application Layer to secure end-to-end transit at the Transport Layer. PGP and GPC are also utilized, both of which are alternative suites of encryption, often used for signing, encrypting and decrypting email messages.
As with symmetric encryption, there are also weaknesses in asymmetric encryption. These weaknesses may include:
- Brute force key search attack, in which a search of all the possible solutions is tried until the correct key is found. Creating a longer key can help decrease the chances of the key being discovered becuase it adds many additional combinates for the attack to work through, increasing the time it would take to crack the encryption, making it less favorable to be attempted.
- Side channel attack, in which information is obtained from physical execution or planning of a crytosystem. These types of attacks can be a result of exposed timing information, power consumption, or sound.
Advanced Encryption Standard
Both the symmetric and asymmetric encryption methods are based on the AES design known as substitution permutation network. The AES cipher is a specified number or repetitions of transformation rounds that convert the input plaintext into ciphertext by using the steps below.
- KeyExpansion — round keys are derived from the cipher key using Rijndael's key schedule, which expands a short key into a number of separate round keys.
- Initial Round
- AddRoundKey—each byte of the state is combined with the round key using bitwise xor
•Rounds
1.SubBytes — a non-linear substitution step where each byte is replaced with another according to a lookup table.
2.ShiftRows — a transposition step where each row of the state is shifted cyclically a certain number of steps. The number of places each byte shifts is different for each row.
3.MixColumns — a mixing operation which operates on the columns of the state, combining the four bytes in each column. At this stage each column of the state is multiplied with a fixed polynomial.
4.AddRoundKey - each byte of the state is combined with a byte of the round subkey using the XOR operation, where there are two operands, when one or the other is true; they cannot both be true.
- Final Round (no MixColumns)
1.SubBytes
2.ShiftRows
3.AddRoundKey
Definitions
Although not all of the terms below are used on this page, it is helpful to become familiar with them to gain a wider understanding of data encryption.
Algorithm: The American Heritage Dictionary defines an algorithm as "a step-by-step problem-solving procedure, especially an established, recursive computational procedure for solving a problem in a finite number of steps." In the context of encryption, an algorithm is the mathematical formula used to scramble and unscramble data. It typically has two elements: data (for example, an email message that you want to encrypt or decrypt) and a key.
Asymmetric Cryptography: (Also known as public key cryptography.)
Encryption software that requires two keys: a public key and a private key. Encryption software users distribute their public key, but keep their private key to themselves.
Authentication:
Assuring that a message has not been modified in transit or while stored on a computer is referred to as authentication. It is one of the objectives of cryptography. (This is referred to as message authentication or message integrity.) Assuring that a public key really belongs to a specific individual, or that a specific individual has the right to send a particular encrypted message is another type of authentication.
Back Door:
A "back door" is a software function that allows someone to decrypt data without the key. In some cases, software creators intentionally include this function in software. Software that has a back door is not secure.
Certificate :
A certificate is a data file that identifies an individual, organization, or business. Certificates are obtained from specialized certificate-issuing companies such as VeriSign, and can be used to encrypt data and/or confirm the certificate owner's identity.
Cipher, Block Cipher, Stream Cipher :
A method of encryption and decryption, a.k.a. encryption algorithm.
- A Block Cipher is a method for encrypting data in chunks (several or many contiguous bits) as opposed to encoding bit-by-bit like a stream cipher.
- A Stream Cipher is a method of encrypting data bit-by-bit, as opposed to encoding a contiguous chunk of data all at once like a block cipher.
Cleartext / Plaintext:
Unencrypted text.
Cryptanalysis:
The testing of cryptography. An algorithm or program is said to have been cryptanalyzed if cryptographers have tested it for vulnerabilities.
Digital Signature:
A small piece of code that is used to authenticate the sender of data. Digital signatures are created with encryption software for verification purposes. A private key is used to create a digital signature, and a corresponding public key can be used to verify that the signature was really generated by the holder of the private key. See asymmetric cryptography.
Digital Signature Standard (DSS):
DSS is the U.S. government's standard for authenticating a digital signature.
FTP (File Transfer Protocol) :
FTP is an old but still widely used method for sending data across the Internet. The protocol itself has no security, so any login and password information is sent as plaintext. This means that if the login/password transmission is intercepted the security of any data stored on the FTP server may be compromised. There are ways to add security to FTP transmissions, but they require special software for both the server and the client (the computer that stores data and the computer that sends and receives data). Web browsers can also act as FTP clients. If your Web browser's address bar starts with "ftp://" instead of "http://" you are connected to an FTP server.
Key :
A specific string of data that is used to encrypt and decrypt messages, documents or other types of electronic data. Keys have varying levels of strength. Keys having higher numbers of bits are theoretically tougher to break because there are more possible permutations of data bits. (Since bits are binary, the number of possible permutations for a key of x bits is 2x.) The specific way a key is used depends on whether it's used with asymmetric or symmetric cryptography.
Keyring :
A set of keys. In asymmetric encryption software, separate keyrings are used to store private keys and public keys
PGP (Pretty Good Privacy) :
PGP is the de facto standard for software encryption. It is available in a variety of versions, some of which can be downloaded for free from Web sites, others of which are sold commercially. Because it is so widely used, PGP is one of the most heavily cryptanalyzed encryption programs in the world. (This means that countless cryptographers and programmers have so far been unable to break it.)
Private Key:
Private keys, a.k.a. secret keys, are used in asymmetric cryptography. One of their primary purposes is to enable someone to use a public key to encrypt data that can only be decrypted by the owner of the corresponding private key. Private keys should not be distributed.
Public Key :
Public keys are used in asymmetric cryptography. One of their primary purposes is to enable someone to encrypt messages intended for the owner of the public key. Public keys are meant for distribution, so anyone who wants to send an encrypted message to the owner of the public key can do so, but only the owner of the corresponding private key can decrypt the message.
Self-Decrypting Archive:
A self-decrypting archive is similar to the self-extracting archive that is typically used with software that is downloaded from the Internet. It contains an archive with one or more files that will automatically open and decrypt with the appropriate key or password. The advantage of a self-decrypting archive is that the recipient doesn't need special software to decrypt files. Typically, the self-decrypting archive software prompts the recipient for a password, and extracts its contents if the password is correct.
SSH (Secure Shell):
SSH, like Telnet, is a protocol that allows someone using one computer to remotely operate another computer. Unlike Telnet, however, it uses secure (encrypted) transmissions.
Symmetric Cryptography:
A method of encryption in which a single key is used to scramble and unscramble data.
Telnet :
Telnet is a protocol that allows someone using one computer to remotely operate another computer. Like FTP, Telnet is not secure. Security is possible by using special Telnet server/client software or an alternative protocol (like SSH).
Web of Trust:
An informal means of confirming the identity of someone with whom you communicate electronically.
Source Literature
Source of definitions: http://www.netaction.org: Copyright 1996-2003 by NetAction under Creative Commons "Attribution-NonCommercial-ShareAlike license." This means you are free to share and remix the material on this site, provided the derivative work is attributed to NetAction, it is non-commercial, and the resulting work is distributed or used subject to the same license.
Source of encryption history: http://wapedia.mobi/en/History_of_cryptography:
1.^ A Short History of Cryptography, Fred Cohen 1995, retrieved 8 June 2010
2.Simon Singh, The Code Book, pp. 14-20
3."Al-Kindi, Cryptgraphy, Codebreaking and Ciphers" (HTML). http://www.muslimheritage.com/topics/default.cfm?ArticleID=372. Retrieved 2007-01-12.
4.Ibrahim A. Al-Kadi (April 1992), "The origins of cryptology: The Arab contributions”, Cryptologia 16 (2): 97-126
5.^ History of Cryptography
6.Silverman, Kenneth. Edgar A. Poe: Mournful and Never-ending Remembrance. New York: Harper Perennial, 1991. p. 152-3 •David Kahn, The Codebreakers, New York, Macmillan, 1967. •Steven Levy, Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age, New York, Viking Press, 2001.
Source of modern encryption: Tyson, Jeff. "How Encryption Works." 06 April 2001. HowStuffWorks.com. <http://computer.howstuffworks.com/encryption.htm> 28 July 2010
Source of modern encryption: http://wapedia.mobi/en/Symmetric_key_algorithm
Source of Asymmetric encryption: http://wapedia.mobi/en/Asymmetric_key_algorithm
Source of AES steps: http://wapedia.mobi/en/Advanced_Encryption_Standard