Encryption Fundamentals
Encryption is the process of converting a plaintext message into a secure-coded form of text, called ciphertext. The ciphertext cannot be understood
without converting back, via decryption—the
reverse process—to
plaintext. This is done via a mathematical function and a special encryption/decryption password called the key. In many
countries, encryption is subject to governmental laws and regulations
that limit the key size or define what may not be encrypted.
Encryption is part of a broader science of secret languages
called cryptography, which is generally used to:
• Protect information stored on computers
from unauthorized viewing and manipulation
• Protect data in transit over networks from unauthorized interception and manipulation
• Deter and detect accidental
or intentional alterations of data
• Verify authenticity of a transaction or document
Encryption is limited in that it cannot prevent the loss of data. It is possible to compromise
encryption programs if encryption keys are not protected adequately. Therefore, encryption should be regarded as an essential,
but incomplete, form of access control that should be incorporated into an organization’s overall computer security
program.
Key Elements of Cryptographic Systems
Key elements
of cryptographic systems include:
• Encryption
algorithm—Mathematically based function
or calculation that encrypts or decrypts data.
• Encryption key—Piece of information similar to a password that makes the encryption or decryption process
unique. A user needs the correct key to access or decipher a message,
as the wrong key converts the message into an unreadable form.
• key length—Predetermined length for the key. The longer the key, the more difficult it is to compromise in a brute force
attack where all possible key combinations are tried.
Effective cryptographic systems depend upon a variety of factors including:
• Algorithm
strength
• Secrecy and difficulty of compromising a key
• Nonexistence
of back doors by which an encrypted file can be decrypted without knowing the key
• Inability
to decrypt parts of a ciphertext message and prevent known plaintext attacks
• Properties of the plaintext known by a perpetrator
Key Systems
There are two types of cryptographic systems:
• Symmetric
key Systems—These use single, secret, bidirectional keys that encrypt and decrypt.
• Asymmetric key Systems—These use pairs of unidirectional, complementary keys that only encrypt or decrypt. Typically, one of these keys is secret, and the other is publicly known.
Public key systems are asymmetric cryptographic systems.
Most encrypted transactions over the Internet use a combination of private/public keys, secret keys, hash functions (fixed values derived mathematically from a text
message) and digital certificates (that prove ownership of a public encryption key) to achieve confidentiality, message integrity, authentication and nonrepudiation by either sender or recipient (also known as a public key infrastructure [PKI]). Essentially, keys and hash values are used to transform a string of characters into a shorter or fixed-length value or key that represents
the original string. This encryption process allows data to be stored and
transported with reduced exposure so data remains secure as it moves across the Internet or other networks.
No comments:
Post a Comment