Encryption


The term encryption encompasses various procedures, methods, and approaches to protect sensitive data from third-party access and conduct secure digital communications between two or more users. The basic idea of ​​encryption is that data is converted to an unreadable format using a key before an exchange of information occurs between sender and recipient, or data is stored. The converted format is called ciphertext and the readable format is called plain text. Only those who know the right key (code) for the encryption algorithm have access to the plaintext and can encode it into its original form. The code must therefore be kept secret or distributed in a special way if data is to be safely transmitted or stored. Encryption is a part of cryptography where the technical implementation and the security of different encryption methods are also concerned.

General information

Encryption is used on the Internet, emailing, programming, and in infrastructures at different levels. In the context of industry 4.0 and the digital economy, the protection of information technology infrastructures, data transmission, and privacy is an important prerequisite for digital change.  Encryption methods can be found almost everywhere in digital communication including retrieving of emails, when you enter a password or load a website. It is applied at different places:

  • Transferring of data, which is called data in transit. Examples: end-to-end encryption in instant messaging services or client-server architectures.
  • In data storage, which is also described as data in rest. Examples: Internet service providers or cloud computing.

Encryption hides the message content through the encryption process by translating plaintext into ciphertext and rendering it unreadable for unauthorized persons, clients or infrastructures. This is done using encryption algorithms, the result of which is ciphertext.  An encryption algorithm is basically a mathematical function that contains input data along with a key. If the function is calculated with the correct key, ciphered data is generated as the output format.

If the message is to be decoded, it must be returned to its original form with a key. Only authorized transmitters and/or receivers have the knowledge of how the message and thus its content can be decrypted. Any key could be cracked in principle, but that would require a high degree of computing power and detailed knowledge about cryptography.

How encryption works

Depending on the encryption process, there are numerous algorithms, keys and models for the verification of transmitters and receivers. Encryption methods include not only one or more algorithms, but also key distribution principles and verification of the authenticity and integrity of data and communication participants.

The methods can be distinguished from one another by the type of key distribution:

  • Symmetric encryption / private key encryption: One and the same key is used for encryption and decryption, which must be exchanged securely between sender and receiver. Files, directories, and drives are often protected with this method. An example is the international AES standard, the key length of which can be up to 256 bits. AES is used in WLAN networks, IP telephoning or in PCs to protect sensitive data from access by third parties. The data is either decomposed into blocks and encrypted as block cipher or the strings are sequentially encoded as stream cipher.[1]
  • Asymmetric encryption / public key encryption: Two keys are used which are mathematically linked to each other and form a key pair. The public key can be shared with anyone, but the private key must remain confidential. Only one of the two keys is used for decryption, the other one is responsible for encryption. The private code deciphers the secret text and transmits it into a readable plaintext. The public code is used to encrypt and hide the content. How the codes or keys are specifically distributed depends on different factors such as the application case and the IT infrastructure. The best-known example of this encryption method is the RSA cryptosystem which can encrypt data and also check digital signatures. RSA is used in banking, telephone services, and in various transmission and network protocols such as Ipsec, SSL / TLS or SSH. RSA is considered to be safer in comparison to symmetric methods, but is also more complex and significantly slower in computer-aided processing.[2]
  • Hybrid encryption: Most modern encryption methods use a combination of these two methods. The data is encrypted symmetrically with a session key before this key is asymmetrically connected to a public key intended for the receiver. Because the receiver does not know the original key directly, but can decipher the ciphertext with the second key, this model utilizes advantages of both methods. The data can be encrypted quickly and the distribution problem is solved with an asymmetric key pair.

Other security targets

Encryption can protect certain types of data and content from being accessed by third parties, but whether a message or the sender is genuine cannot be determined through encryption. Therefore, some encryption methods fulfill additional objectives that result from key distribution problem.[3]

  • Integrity: The origin of a message can be verified.
  • Authentication: It can be determined whether a message has been modified after it has been sent.
  • Non-repudation: The sender of the message cannot deny the sending of it later.

These objectives are achieved through the use of different methods, approaches, and infrastructures, including certificates, digital signatures, and public-key infrastructures. They are supposed to ensure that the originator of a message, as well as the message itself cannot be falsified.

Partially, these methods are based on complex hash functions and values ​​that are tested against each other. For example, a password or a PIN can be stored as a hash value to compare the hash value of the current string with the stored hash value when entering the password. That way, the correctness of the password is checked without one of the communication users being able to see the plaintext.

Relevance for programming

The issue of encryption does not just concern programmers and IT professionals, but anyone using IT systems in some way. Companies must ensure that their customers’ data is encrypted. Users must ensure that their passwords are kept secure. Proven encryption methods, however, only provide a certain degree of protection since no IT system is fully proofed from attacks and exploits. Any system can be cracked. It depends on the computer performance and knowledge about the encryption algorithms. In practice, it has been shown that open-source systems seem to provide better protection than proprietary systems. The reason is that more developers work on such systems and subject them to continuous tests.

Only quantum computers are an exception here. Quantum computers represent a threat to asymmetric processes because they can compute much faster. However, this applies only to a limited extent for symmetrical processes. The reason is the proof that long keys can be protection to a degree even with the computing powers of quantum computers. The longer the key, the greater the required computing power to decipher it. Last but not least, the implementation of an encryption algorithm is of great importance. No one can anticipate all vulnerabilities when a system gets implemented.

References

  1. Understanding encryption and cryptography basics searchsecurity.techtarget.com. Accessed on 08/16/2016
  2. asymmetric cryptography searchsecurity.techtarget.com Accessed on 08/16/2016
  3. encryption searchsecurity.techtarget.com. Accessed on 08/16/2016