Does Encryption Work? Businesses and individuals use the internet for a great deal of daily activities. At or near the top of that list for most would be communication. Most of the communication is innocuous and maybe you wouldn’t mind having the conversation in public. However, businesses might need to send secret plans for their newest product across the internet to employees out in the field. A dissenter in a country ruled by a repressive regime may need to communicate privately without the government’s knowledge. In cases such as these, only the intended parties should have the ability to see the information. In communicating over the internet, our security goals are confidentiality, authentication, integrity and non-repudiation (Needham 993). In other words, we want to be sure our message is protected from unintended disclosure, we want to be sure the entity we are communicating with is who they claim to be, we want to be sure the messages we send and receive are not modified while in transit and we want to be protected from the sender denying they sent a message. Encryption, when used correctly, can help to accomplish all four. Cryptography is the study of mathematical techniques to achieve various goals in information security, such as confidentiality, authentication, integrity and non-repudiation (Lee). Important techniques are described below followed by the value they present to the organization and individual.
SYMMETRY KEY
Security relies on encryption, the process of encoding information so that only the intended recipient can decode it using a key (Lee). Computer encryption systems fall in two categories; private key encryption (symmetric) and public key encryption (asymmetric). Symmetric encryption uses three broad steps; key generation, encryption and decryption. Computers using symmetric-key encryption must share a single key generated by a security parameter. That secret key that is used to encrypt plaintext input known as a packet and output the ciphertext that will be sent to a destination over the internet. The sender must know who he will be communicating with so that each destination can set up the key. Destinations must have the key in order to decrypt the message once it is received. A popular early algorithm used for symmetric encryption was the Data Encryption Standard. DES is based on the Feistel Structure and was the worldwide standard for symmetric encryption for more than 20 years (Menezes 252). However, DES only had a 56-bit keyspace that, today, could easily be defeated by a brute force attack. It has since been replaced by the Advanced Encryption Standard (AES) which uses 128-, 192- or 256-bit keys.
PUBLIC-KEY ENCRYPTION Symmetric-key encryption is fast. However, key distribution can cause issues. In order to communicate, the two (or more) participants must agree on a key and keep it secret. Anyone who intercepts the key while in transit can examine and even change information that the key encrypted. How do you share the key without it being learned by an eavesdropper? Although it is slower, public-key encryption can fix this issue.
Public-key encryption is a two key system made up of a public key and a private key. The public key can be given out freely to any other computer that wants to communicate and the private key is kept on the user’s computer and not shared with anyone. The sending computer encrypts using the public key of the destination. To decrypt the receiver uses his private key. The big benefit of public-key encryption is that the sender and receiver can send and receive encrypted data without having to set anything up beforehand. One well known early public-key cryptosystem was RSA. RSA consists of generating a key pair and encrypting with one and decrypting with the other. Alfred J. Menezes et. al. explain the process in the textbook Applied Cryptography. In key generation, you choose two large prime numbers, p and q, and compute n=p*q and .