Friday, June 1, 2018

Encryption: An introduction


To an average person deprived of knowledge of how data transmission works, the term Encryption may be a little loaded in meaning. But in actual fact, it does spell out the literal meaning of the English word. To encrypt essentially means to "hide" from unwanted persons. it is important  to have the basic understanding of this word as it relates to how the data we generate daily (the pictures, text and all) are sent from family, friend or business across the network of networks i.e  the internet.

Coupled with the explosion of cloud technologies and the continuous reduction in cost of the methods in which data can be stored, the need for encryption has never been more relevant. Owing to the widespread connectivity brought about by the cloud, data can be encrypted in transit (end-2-end) or at rest.

Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and  those without authorization are unable to access. The message to be disguised (plaintext) is made intelligible to an interceptor using an encryption algorithm (cipher). The new message or data created is called the ciphertext.

An exchange of encrypted data (message + key used to scramble) between two ends will require  a key to make the data transmitted readable when it reaches its destination

It is important not to be put off by the words used to describe the process involved. To surmise in data encryption, the following are major types of encryption used:

  • Block ciphers: here data encryption is encrypted per block of data. DES & 3DES are examples of such:

  • Data Encryption Standard is a previously predominant algorithm for the encryption of electronic data. It takes a fixed length string of plaintext bits and transforms it through a series of complicated operations into another ciphertext bit strings of the same length has a 64 bit block size. The actual block size used is 56 bits. It uses a key to customize the transformation, so that the decryption can only be performed by those who know the particular used to encrypt.

  • Triple Data Encryption Standard is a block cipher that applies the DES cipher algorithm three times to each a data block. The 56bits cipher key size of the DES was generally sufficient when the algorithm was designed but the increasing computational power made brute force attack possible. 3DES increases the key size of the DES to protect against attacks, without the need to design a completely new block of cipher algorithm

  • Steam cipher: here series of randomized numbers or keystreams are used to make intelligible plain text per character of the text.

  • Public-Key , also known as asymmetric cryptography, refers to a cryptographic algorithm which requires two separate keys one of which is secret and the other public. Although different but they are both mathematically linked. The public key is used to encrypt plaintext or to verify digital signatures between two end nodes. A public encryption key requires a private decryption key. The private key is only know to the sending computer, while the public key is given by the sending computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key of the originating computer and its own private key. Key pair is based on prime numbers of long length.

  • Private Key cryptography: This is the possessed by the receiving computer in combination with the sending computer’s public key to decrypt messages sent between them. It is a symmetric algorithm that uses same key for encryption and decryption.

  • AES Advanced Encryption Standard is a specification for the encryption of electronic data. It was developed by two Belgian cryptographers, Joan Deaemen and Vincent Rijmen .It belongs to a family of ciphers called the Rijndeal cipher, with different key and block sizes. Each with a block size of 128 bits, but different key lengths: 128, 192, 256 bits. AES is based on the principle known as substitution permutation network.

As mentioned before data can  be encrypted either in transit or at rest. Such methods can take in any of the following forms:

  1. End-to end encryption (in transit)
  2. Full disk encryption (at rest)
  3. File encryption (at rest)
  4. Encrypted web connections (in transit)
  5. Encrypted mail connections (in transit)

It is worth mentioning that for encryption and decryption of data, keys used in scrambling or unscrambling such data must not be accessible to any one not meant to have access to it. Hence key management is of utmost importance in the encryption process.

No comments:

Post a Comment