A secure computing would not be complete without using encryption technology. Encryption is used to protect secret and sensitive information, from financial details held on a computer to personal details transmitted over the Internet. In addition, encryption can be also used to protect high levels of security to network communication, files stored on hard drives, and other important information that requires protection. Besides that, encryption is a best idea when carrying out any kind of sensitive transaction, such as the discussion of a company secret between different departments in the organization. It is also used increasingly by the bank or financial industry to protect credit-card information and money transfers, and by companies to secure sensitive information. This technology has many advantages and benefits, but on the other hand can also be used to conceal criminal activity.
The term encryption refers to the procedure of transforming plaintext; on the other hand data that can be read by any users, to ciphertext, what is mean data that can only be read by users with a secret decryption key. (SecurityFocus.2008)
The goal of this paper is to present an introduction to encryption technology, the definition of encryption technology, history of this technology, describe encryption keys, explain how this technology works, and discuss the applications, the disadvantages of encryption technology.
Encryption is the process of converting message into an encrypted form, also called a ciphertext, so that cannot be easily understood by unauthorized people and it is intelligible only to user who knows how to 'decrypt' it to obtain the original message then can be read by the recipient. Furthermore, the root of the word encryption - crypt - comes from the Greek - Kryptos - which is mean secret or hidden. Moreover, encryption is commonly used in connection with electronic data, whether transmitted over an unsecured network such as the intranet and the Internet (Figure 1.1) or stored on a computer.
encryption_principle_small.png
Figure 1.1: Example of encrypted data and unencrypted data stored onto disk
(Sunoano.name)
Encryption is used by taking an original message or plaintext and converting an original message into ciphertext using an encryption key and an encryption algorithm. Historically, encryption acted on letters of the alphabet. The Caesar Cipher is one of the oldest techniques.
In a simple example, encryption of the word "SECRET" could result in "TERCES." Reversing the order of the letters in the plaintext generates the ciphertext. This is a very simple encryption; it is quite easy for an attacker to retrieve the original data. However, a better method of encrypting this message might be to create an alternate alphabet by shifting each letter by some arbitrary number. This method is known as a substitution cipher, a form of encryption that is still used in puzzle books these days. For example, the method of encrypting the word "secret" with an alphabet shifted by 3 letters to the right produces "vhfuhw" (Figure 1.2). A substitution cipher simply exchanges one letter or word with another. This particular algorithm is called the "Caesar Cipher". (SecurityFocus.2008)
Normal alphabet:
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Alphabet shifted by 3:
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
Figure 1.2: The Caesar Cipher and the encryption of the word "secret"
History of Encryption technology
History of encryption technology begins thousands of years ago; it has been the story of what might be called classic cryptography. Furthermore, Classic cryptography's one of the methods of encryption that was used by pen and paper, or may be simple mechanical aids. (wikipedia.2001)
In the past, people have been attempting to conceal sensitive information that they wanted to keep to their own possession by substituting parts of the information with numbers, pictures and symbols.
In addition, ancient Babylonian merchants used intaglio, a piece of flat stone carved into a collage of images and some writing to identify themselves in trading transactions. Using this mechanism, they are producing what today we know as 'digital signature.' The public knew that a particular 'signature' belonged to this trader, but only he had the intaglio to produce that signature.
Of course, technology today has evolved as such rapid pace that the need to protect information grows with the lessening reliability of older encryption techniques. Basic modern encryption is not much different from the ancient civilizations' substitution using symbols. Translation table lends itself very well in making a piece of data generally unreadable. However computers today are much too advanced that translation table is easily broken and thus no longer viable. Instead encryption today has grown into such specialised field that involve mathematical, non-linear cryptosystem that even a relatively powerful computers take months or even years to break the ciphertext. (ThinkQuest.1999)
Producer of Encryption Technology
According to the history of encryption technology, this technology begins thousands of years ago, but it was not developed as recently. Nowadays, High-tech encryption technology companies are starting to become more increasingly important in the multi-billion dollar worldwide computer security industry. Furthermore, these companies are trying to seek different kind of hardware and software to stay ahead of snoopers and hackers.
Computer maker Dell (http://www.Dell.com) is one the companies that focus on encryption, and recently announced a partnership with Seagate (http://www.Seagate.com) to ship laptop computers to consumers with a 160 GB self-encrypting hard drive. McAfee (http://www.McAfee.com) has also announced a partnership with Seagate Secure(TM) to provide enterprise level software to manage and secure corporate-owned notebook computers. Additionally, Philip Zimmermann is created a computer program that provides cryptographic privacy and authentication which is called Pretty Good Privacy (PGP). However, Pretty Good Privacy is used to increase the security of e-mail communications by encrypting and decrypting e-mails. (archive.2001)
Of course, there are several another companies that are focus also on creating encryption software and hardware, but in my paper, I give just a two names of the most famous companies, which produce data encryption software and hardware.
Encryption keys - Symmetric and Asymmetric
There are two general categories for key-based encryption which are symmetric encryption (also called secret key encryption) and asymmetric encryption (also called Public Key Cryptography).
public_key_encryption(1).jpg
Figure 1.4: Example of Encryption keys - Symmetric and Asymmetric
(Data-processing.2010)
Symmetric encryption
Symmetric encryption is the best-known and oldest technique. In addition, it uses a secret key which can be a number, a word, or just a string of random letters, to encrypt and decrypt the message. This means the person encrypting the message or sender must give that key to the recipient before they can decrypt it. However, as long as recipient and sender know the secret key, they can encrypt and decrypt all messages that use this key. This method is fast and easy to implement but has weaknesses; for example, if an attacker intercepts the key, they can so easy decrypt the messages. Furthermore, secret key encryptions tend to be easier for attacker to crack, which means that the algorithm that is used to encode the message is easier for snoopers to understand, enabling them to more easily decode the message.
Asymmetric encryption
Asymmetric encryption, also known as Public Key Cryptography. Additionally, it uses two different keys as follows a public key and a private key. The public key is used to encrypt the message, and the private key is used to decrypt it. This allows a user to freely distribute his public key to people who want to communicate with him without worry of compromise because only person who has the private key can decrypt a message. Besides that, to secure information between two users, the sender encrypts the message using the public key of the receiver. The receiver uses the private key to decrypt the message (Figure1.5). Actually, the only problem that we can say about asymmetric encryption technique, it is slower than symmetric encryption, even on fast computers. Moreover, unlike with shared or single keys, in the asymmetric key system only the recipient can decrypt a message; once the sender has encrypted the message he cannot decrypt it, in the other words, an attacker cannot intercept a key that decrypts the message because the private key is never distributed. (securityfocus.2008)
keys.gif
Figure 1.5: Example of Asymmetric encryption
(msdn.microsoft.2010)
How does Encryption work?
One means of securing computing environment is to use encryption to protect against many threats through the Internet when transmitting sensitive information. Encryption works for sending and storing sensitive information such as password to make sure that attackers cannot understand them. Encryption works as well to protect commerce on the Internet and credit card information during transmission when we use the Internet to order and buy something online, whether it is a CD, a book or anything else from an online vendor, because it is easy to buy and sell goods over the world while we are just sitting in front of a computer. Furthermore, security is a main concern on the Internet, especially when we are using the internet to send sensitive information such as:
Credit-card information
Personal details
Bank-account information
Sensitive firm information
Security numbers
Besides that, information security is provided over the Internet and on computers by a different of methods. But the most popular forms of security all rely on encryption, the process of encoding sensitive information and personal details in such a way that only the user with the key can decode it.
Keys are the heart of encryption which are used to encrypt and decrypt messages. If any person encrypts a message, only person with the correct key will be able to decrypt the message. (SSUET.1997-2009)
An algorithm is used to perform a hash function. This process produces a message digest unique to the message. The message digest is encrypted with the sender's private key which results in a digital fingerprint. (SSUET.1997-2009)
Data Encryption Standard (DES) is a secret-key system; there is no public key component. Both the sender and the receiver know the secret code word. This method is not feasible for conducting business over the Internet. (SSUET.1997-2009)
RSA is a public-key system. RSA uses key pairs to encrypt and decrypt messages. Each user has a public key, available to anyone on a public key ring, and a private key, kept only on their computer. Data encrypted with someone's private key can only be decrypted with their public key; and data encrypted with their public key can only be decrypted with their private key. Therefore, RSA requires an exchange of public keys; this can be done without a need for secrecy since the public key is useless without the companion private key. (SSUET.1997-2009)
PGP, Pretty Good Privacy is a popular method used to encrypt data. It uses MD5 (message-digest 5) and RSA cryptosystems to generate the key pairs. Pretty Good Privacy is a popular program that can run on UNIX, DOS, and Macintosh platforms. (SSUET.1997-2009)
diagram_encryption.jpg
Diagram of the SSL Encryption/Decryption Process
(Oregon.gov.2006)
Methods of Encryption technology
Transposition
A transposition is methods of encryption by which the positions held by units of plaintext are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. A transposition has many different forms such as Rail Fence, Route and Columnar transposition.
Example:
PlainText
CipherText
PASSWORD
APSSOWDR
Substitution
In this method, each character or letter found in the plaintext is replaced with another one or a letter in the ciphertext. There are a number of different types of substitution cipher. First of all, a simple substitution cipher type, if the cipher operates on single letters; next a cipher that operates on larger groups or multipe of letters is termed polygraphic. A monoalphabetic cipher uses fixed substitution over the entire message, whereas a polyalphabetic cipher uses a number of substitutions at different times in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice-versa.
Expansion
Expansion is one of the simplest encryption methods. In this method, a special characters like (*; ? ; !; & ) or an alphabet letter is inserted before each letter found in the plaintext.
Example:
PlainText
CipherText
PASSWORD
*P*A*S*S*W*O*R*D
Compaction
Compaction is one of the best encryption methods. In this method, letter found at the particular position in the plaintext are removed and stored in separate file. During the time of the decryption, the encrypted text will be convert to the plaintext, will the help of the "separate file".
Example:
PlainText
CipherText
PASSWORD
1 2 31 2 3 1 2 (Remove the third letter)
PASWRD
Common Uses of Encryption
Authentication
Authentication is the process of signing on, it happens when the user logging on website or network by using the username and password. Moreover, encryption is used when the person want to sign on his or her account over internet. That is to say, if there is no encryption technology works to protect this kind of information over internet, a snooper could capture the information easily.
Data Protection
The data protection is the most used application of encryption technology. In addition, file and email encryption are the most practical uses of encryption for data protection, especially for those people who are working in small offices and home offices. Moreover, encryption of files is used to protect the data information that is stored in the hard disk on the computer. However, if there are multiple employees working in the office. File encryption will become difficult to manage and use because each one of employees needs the encryption key. For this reason, protection of the key will become a more difficult task. Besides that, email encryption can be more easily than file encryption because each employee has a separate mailbox in office environments. An email message can be encrypted for each employee individually.
Security, Encryption and the Small Office/ Home Office User
Encryption technology is used to provide a higher level of security during storage a data, from viruses, network attacks, and system compromise. Furthermore, Encryption can be useful to protect information transmitted from one computer to another one, and when communicating information between parties; however, encryption technology alone does not guarantee security without using other security measures. (securityfocus.2008)
Encryption and Viruses
Computers can be infected by different kinds of viruses, and there are several different ways that viruses are used to infect and to damage computers such as via file transfer from one computer to another one and emails. However, encryption can provide a higher level of trust to users when they receive files, emails, download programs from unknown website, and information from other users over internet by ensuring that the contents of the email or message are safety and trusted. Unfortunately, encryption does not necessarily solve the problem and the dangers completely though a trusted source may unsuspectingly send an already infected file that is then validated. (securityfocus.2008)
Applications of Encryption
Private use
Pretty Good Privacy (PGP) is the free electronic mail encryption packages that available since 1991 and supported by most electronic mail vendors. Most of an encryption software packages are available to download from numerous websites over the internet and also available commercially.
Securing networks
Unsecured networks such as the internet, extranet or intranet need an encryption protocol that enables secure and protect user authentication, also communications over the internet. Therefore, Secure Sockets Layer (SSL) is the best choice of an encryption protocol that is used to protect unsecured and private networks. Furthermore, Secure Sockets Layer (SSL) is usually indicated in web browsers by a small padlock icon, for instance when a person use credit card details over the internet. Besides protecting data, Secure Sockets Layer (SSL) system will verifies the username and the password of the person.
Wireless (or Wi-Fi)
Wi-Fi Protected Access (WOA2) is an international security standard that is used to encrypt data information which sent over the internet and wireless networks. In addition, networks are vulnerable to interception.
Access control
A control subscriber access is a system that is provided by digital television for encrypting audio and video signals. Subscriber access is equipped with a descrambling device comprising the decryption key and the decryption algorithm, which can be together worked to decrypt sound and pictures.
The Disadvantages of Encryption
Encryption technology is one of the most important technologies that is used to protect sensitive information; however there are various reasons that encryption technology has not been accepted by several companies. To begin with, the first reason is been due to poor data performance; next the inability to recover stored data that has been encrypted as well as high levels of complexity and maintenance. Therefore, in the case of lost encryptions keys that mean data information would become unrecoverable.
Besides that, Encryption technology is used to protect and safe personal data and sensitive information such as bank details, personal information etc. On the other hand, it is also used to protect drug dealers who make deals from having their messages intercepted, terrorists planning attacks and paedophiles peddling child pornography. (SpectrumData.2010)
Conclusion
Nowadays, encryption technology become more popular because of the dangers of internet surfing and a lot of problem can be happen over using the internet especially if users are looking to buy something through the internet or important communications in office environment such as emailing and instant messaging. Besides that, without this security technology, anyone from snoopers or hackers can be easily viewed and captured information transferred. Therefore, encryption technology is the only way to ensure the protection of sensitive data information on hard drive and computers.
