When confidential or important information is transmitted over non-secure networks such as the Internet it is often sensible to encrypt the data with an encryption package. Then in the event of the data being intercepted or received by the wrong person it will be very difficult for them to determine what is contained within the message thus protecting the data.
Encrypting data with an encryption package also allows the receiver of the data to authenticate the identity of the sender and confirm that they are who they say they are.
Encryption packages today tends to go hand in hand with authentication.
Authentication is the process of determining the accuracy of:
- The sender’s identity, or data origin authentication,
- The sender’s message, or data integrity,
- The receiver’s identity, or peer entity authentication.
Data origin authentication confirms the source of the data with the claim of the sender. Data integrity ensures that data has not been altered or destroyed in an unauthorised manner. Peer entity authentication confirms a peer entity in an association as the one claimed.
The most widely used current authentication method is the RSA technique.
RSA Public Key Technique
The RSA encryption package approach uses the principle that if two large prime numbers, e for encryption and d for decryption are multiplied together, the resulting number n is then very hard to factor back into the original two numbers.
n = e d
A message sent using n as the key can only be decrypted by the receiver possessing e or d. As e never leaves the transmitter and d never leaves the receiver, and factoring n into e or d is not possible in any reasonable length of time, the system is secure. Since n appears in public it is called the public key. Key d is a private key that never leaves the receiver and e never leaves the sender.
The RSA encryption package is referred to as an asymmetric cryptosystem because the decryption key d is different to the encryption key e. RSA is referred to as a two key system as either e or d can unlock the system if revealed.
As n can be released safely to the public, it is practical to build a public key directory that vastly simplifies the major headache of encryption, key distribution. The unique value of a public key n can be assigned to an individual or a company and used for authentication. This is the purpose of a certification authority.
Public key encryption package cryptosystems are easily adapted to add digital signature capability to authentication. Using a digital signature is a way of preventing repudiation by the sender.
The study and development of ways to hide information and then to recover it only by the intended recipient are the basis for cryptology. The process of encryption and decryption is carried about by a cryptosystem or an encryption package. Cryptosystems have been around since the times of the early Egyptians.
Information or plaintext is converted into ciphertext, a cipher or a cryptogram. This process is called encryption or encipherment.
Almost always, an encryption key is used to allow changes to the ciphering process on the assumption that the longer the key used to encrypt traffic, the more analysis needs to be conducted against the traffic to determine the encryption key. A new key forces a hacker to start all over again.
A decryption key is needed to reverse the encipherment process.
In a single key system, the decryption key is the same as the encryption key. Single key systems are also referred to as symmetric cryptosystems. Whereas, the RSA authentication system is a two key asymmetric system.
DES Encryption Package
The Data Encryption Standard (DES) encryption package was developed by IBM. DES is the most thoroughly tested algorithm ever, and no major weaknesses have been found in it.
In the original DES algorithm, the DES key, 56 bits long, is used to generate a pseudorandom stream of 1’s and 0’s. This stream is mixed with the data, and then fed back into itself, resulting in very scrambled data. Changing the key starts a new and different stream.
The decryption process is designed to generate the same random pattern, starting at the same point as the sender. Exactly the reverse takes place, subtracting by iterations, to arrive at plaintext data.
With modern computing power it is now possible to crack the original DES algorithm by brute force. As a consequence of this the algorithm has now advanced into Triple-DES with a key length 3 times as long.
It is necessary that both the sender and the receiver have the same key. This inherently authenticates one to the other. Data integrity is preserved because an attacker has no idea of where to begin to break the encryption.
AES Encryption Package
the Advanced Encryption Standard (AES) encryption package , also known as Rijndael, is a block cipher adopted as an encryption standard by the US government. The National Institute of Standards and Technology (NIST) established the new Advanced Encryption Standard (AES) specification on May 26, 2002.
The AES encryption package is a cryptographic algorithm that can be used to protect electronic data. Specifically, AES is an iterative, symmetric-key block cipher that can use keys of 128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes).
AES is the successor to the older Data Encryption Standard (DES). DES was approved as a Federal standard in 1977 and remained viable until 1998 when a combination of advances in hardware, software, and cryptanalysis theory allowed a DES-encrypted message to be decrypted in 56 hours. Since that time numerous other successful attacks on DES-encrypted data have been made and DES is now considered past its useful lifetime.
The AES algorithm is based on permutations and substitutions. Permutations are rearrangements of data, and substitutions replace one unit of data with another. AES performs permutations and substitutions using several different techniques.
The AES encryption package will certainly become a de facto standard for encrypting all forms of electronic information, replacing DES. AES-encrypted data is unbreakable in the sense that no known cryptanalysis attack can decrypt the AES cipher text without using a brute-force search through all possible 256-bit keys.
Public or Private Keys
Key management is a major consideration in an encrypted enterprise network. Like any other asset, keys must be generated, distributed and accounted for. Key distribution can be simplified by using a public key system such as RSA. Since the public key for any computer or individual need not be secure, a public key directory allows a computer or individual to send a message simply by asking the directory for their public key.
A private key encryption package system such as Triple DES or AES is faster than a public key system such as RSA in real-time applications. Public key systems need to sign a message and verify it at the other end, and this takes longer.
In a private key system, the keys must be the same at both ends and therefore authentication is assured intrinsically. A private key system such as Triple DES or AES is generally less expensive and less processing intensive than a public key system.
The ideal combination is to use the public key system to distribute private keys and then use the faster private key system to transmit data.
In cases where distributing keys to individuals is a major concern, or where it is necessary to authenticate previously unknown individuals, a public key algorithm should be considered, such as RSA.
In cases where security and speed are paramount or where it is relatively easy to distribute keys to known individuals a private key algorithm should be considered. They are generally more secure, faster and cheaper than public key algorithms. A suitable private key algorithm is Triple DES or AES.
If you are little more adventurous you might like to try the Random Byte encryption package. This can support key lengths significantly longer than those supported by Triple DES or AES. However, this is not widely used or tested.
If you require the finished article then try the highly respected and widely used PGP encryption package and authentication system available from Network Associates.
Alternatively, you might purchase a digital certificate and make use of an SSL encryption package.
Where are Encryption Packages Used
You will find encryption packages in use in all forms of electronic transactions. It is used to protect the information sent to your bank when withdrawing your cash from an automatic teller machine.
All reputable websites that take credit or debit card transactions will be secured using SSL encryption. This utilises a digital certificate generated using the RSA public key algorithm to encrypt all the traffic from your PC’s browser to the Internet merchants server.
Many companies today have facilities to allow their workers to access company data remotely via a VPN (virtual private network). This will either be an IPSEC VPN which typically uses RSA or the Diffie-Hellman public key algorithms to establish a secure connection and encrypts all the information using the Triple DES or AES encryption packages. Alternatively it will be an SSL VPN which uses a digital certificate generated using the RSA algorithm.
Most secure electronic communication today is protected by some form of encryption package