Insight Guide. Encryption: A Guide

Size: px

Start display at page:

Download "Insight Guide. Encryption: A Guide"

Basil Freeman
8 years ago
Views:

1 Encryption: A Guide for Beginners

2 If you read anything about information security, you re likely to have come across the word encryption. It s a fundamental building block when it comes to securing your sensitive data. But do you actually know what it entails? Cryptosoft s Beginners Guide to Encryption is designed to help you understand the basics of how encryption works, why it matters, and what challenges are facing encryption in the new landscape of the Internet of Things (IoT).

But do you actually know what it entails?

3 An Old Idea The basic principles of encryption are thousands of years old. The Roman Emperor Julius Caesar used a simple form of encryption to protect the messages he sent to his legions more than 2000 years ago, and it remains a useful model for understanding how the basics of encryption work. Caesar s encryption replaced each letter of his messages with the letter three places along in the alphabet. A became D, B became E and so on. By applying this formula, or algorithm, Caesar could turn legible messages those written in so-called plaintext, into a secret form, called ciphertext, that remained illegible even to those who spoke his language. In this instance, the key to the algorithm is the number three. The key is required to both encrypt the message to turn it into ciphertext and to decrypt it to turn it back into plaintext. Both the sender and the receiver of the message need to know this key. Caesar s Cipher Algorithm: Ciphertext = Plaintext + 3 Key: 3 Sample encryption: CAESAR becomes FDHVDU We can see, then, that encryption at its most fundamental level is a form of substitution, replacing legible text with a secret form. In order to be reverted accurately to its original form by an authorised reader, this substitution must follow a mathematical formula. Breaking the encryption depends on knowing that formula, and the key that plugs into it.

basics of encryption work. Caesar s encryption replaced each letter of his messages with the letter three places along in the alphabet. A became D, B became E and so on.

4 Advancements of the Digital Age These basic rules still apply to encryption today. However, now that it is a widely used process, a piece of paper, a pen and some patience is all that s required to crack a message written using Caesar s cipher. A computer could carry out the required calculations in a millisecond. As such, encryption for the digital age has become far, far more sophisticated. Some of the ways in which encryption has been made more complex include: Transposition swapping the order of characters so that the plaintext letters are not merely substituted, but jumbled up. Asymmetry rather than a single key being used by both the sender and the receiver of a message, one key is used to encrypt (a public key) and another used to decrypt (a private key). This means that if a public key is intercepted, stolen or lost, it can only be used to encrypt a message, not decrypt one. Authentication like a watermark on a physical letter, authentication proves that a message hasn t been altered in transmission, by mathematically deriving a message digest from the message, and transferring it along with the encrypted information. Once the message arrives, another digest is created directly from it, and compared with the original digest for discrepancies.

A computer could carry out the required calculations in a millisecond. As such, encryption for the digital age has become far, far more sophisticated.

5 All these methods are used in modern digital encryption. However, the most important advancement of digital encryption is the ability to use much, much longer keys than the single-digit 3 of Caesar s Cipher. Because computers operate in binary, all numbers (and letters) are represented by series of ones and zeros, called bits, or binary digits. Modern keys are therefore measured in bits. Three of the best-known algorithms in use in encryption today use keys of 56, 128 and 162 bits even the smallest of these is equivalent to over a trillion in decimal numbers. Encryption under Attack Computers have therefore enabled the development of encryption algorithms that are far too complex for humans alone to unravel. But what computers have created, computers can break. A cryptanalyst someone whose job it is to break encryption can, for example, launch a known plaintext attack against encrypted text very easily. Nevertheless, strong encryption, with key lengths of 56 or more bits, is usually easily able to resist such an attack. But modern cryptanalysis is far more sophisticated than this.

Because computers operate in binary, all numbers (and letters) are represented by series of ones and zeros, called bits, or binary digits. Modern keys are therefore measured in bits.

6 New Challenges Modern enterprises have vastly complex network architectures. One of the greatest challenges for IT directors is knowing who is on these networks not just authorised individuals but also authorised devices. Historically, corporate IT security has been based around user profiles and sanctioned login credentials but this approach does not check the integrity and security of the individual devices being operated by those users. This wasn t a problem in an age when employees would use only business-supplied devices. But the bring-yourown-device (BYOD) phenomenon, closely followed by the Machine to Machine (M2M) and the Internet of Things (IoT) landscape in which myriad devices can technically, if not always legitimately, access the corporate network, have presented IT directors with a challenging new security environment. Establishing the Chain of Trust Today s IT departments need to ensure the security of data in transit, as it is transferred between thousands of different devices, but also the integrity and legitimacy of each of those devices as they connect to the corporate network. In other words, information security doesn t just begin once data is transmitted it has to begin at the point of creation, in the device itself. What is often called the chain of trust has expanded to include not just the transmission of data, but its creation identifying the devices sending or receiving, enforcing the organisation s policies and storage too. Encryption for the IoT world needs to work at every stage of this chain, not just in transit.

Historically, corporate IT security has been based around user profiles and sanctioned login credentials but this approach does not check the integrity and security of the individual devices being

7 Crypto Taxonomy Insight Guide Algorithm: The mathematical formula or rules on which a particular form of encryption is based. Asymmetric (or public key) encryption: Encryption where a different key is used to encrypt and decrypt information. The key used to encrypt the information may be publicly available. Authentication: Similar to a watermark for digital documents, a process used to ensure that a message has not been accessed or tampered with in transit. Ciphertext: Coded (encrypted) text. Cryptanalysis: The process of codebreaking. Cryptography: The process of creating codes. Decrypt (or decipher): Turn ciphertext into plaintext. Encrypt (or encipher): Turn plaintext into ciphertext. Message digest: The mathematical summary of an encrypted message formed during authentication. Key: The digits plugged into an algorithm to encrypt or decrypt text. Plaintext: Decoded (decrypted) text. Substitution: An element of encryption whereby characters in plaintext are substituted with other characters. Transposition: An element of encryption whereby the order of characters in text are mixed up. Symmetric encryption: Encryption where the same key is used to encrypt and decrypt information. If the key is shared, compromised or stolen, encrypted text may be at risk.

Authentication: Similar to a watermark for digital documents, a process used to ensure that a message has not been accessed or tampered with in transit. Ciphertext: Coded (encrypted) text.

8 Security for every IoT Ecosystem Cryptosoft has been built from the ground up over the last three years based on our experience of the challenges faced by organisations to secure their information assets in an automated, transparent, scalable fashion. We have responded to a gap in the market and deliver a data centric approach to securing information within IoT, eliminating today s dependency placed on inadequate transport level security models. We do this without disrupting existing workflows or re-coding existing applications, using a standards-based platform that delivers same day value Cryptosoft. All rights reserved.

We have responded to a gap in the market and deliver a data centric approach to securing information within IoT, eliminating today s dependency placed on

Network Security. Security Attacks. Normal flow: Interruption: 孫宏民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國立清華大學資訊工程系資訊安全實驗室

Network Security. Security Attacks. Normal flow: Interruption: 孫宏民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國立清華大學資訊工程系資訊安全實驗室 Network Security 孫宏民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國立清華大學資訊工程系資訊安全實驗室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination