Encryption is the process of encoding messages (or information) in such a
way that eavesdroppers or hackers cannot read it, but that authorized parties
can. In an encryption scheme, the message or information (referred to as
plaintext) is encrypted using an encryption algorithm, turning it into an
unreadable ciphertext (ibid.). This is usually done with the use of an
encryption key, which specifies how the message is to be encoded. Any adversary
that can see the ciphertext should not be able to determine anything about the
original message. An authorized party, however, is able to decode the
ciphertext using a decryption algorithm, that usually requires a secret
decryption key, that adversaries do not have access to. For technical reasons,
an encryption scheme usually needs a key generation algorithm to randomly
produce keys.
There are
two basic types of encryption schemes:
Symmetric key and public key encryption. In symmetric-key schemes, the
encryption and decryption keys are the same. Thus communicating parties must
agree on a secret key before they wish to communicate. In public-key schemes,
the encryption key is published for anyone to use and encrypt messages.
However, only the receiving party has access to the decryption key and is
capable of reading the encrypted messages. Public-key encryption is a
relatively recent invention: historically, all encryption schemes have been
symmetric-key (also called private-key) schemes.
Encryption
has long been used by militaries and governments to facilitate secret
communication. It is now commonly used in protecting information within many
kinds of civilian systems. For example, the Computer Security Institute
reported that in 2007, 71% of companies surveyed utilized encryption for some
of their data in transit, and 53% utilized encryption for some of their data in
storage. Encryption can be used to protect data "at rest", such as
files on computers and storage devices (e.g. USB flash drives). In recent years
there have been numerous reports of confidential data such as customers'
personal records being exposed through loss or theft of laptops or backup
drives. Encrypting such files at rest helps protect them should physical
security measures fail. Digital rights management systems which prevent
unauthorized use or reproduction of copyrighted material and protect software
against reverse engineering (see also copy protection) is another somewhat different
example of using encryption on data at rest.
Encryption
is also used to protect data in transit, for example data being transferred via
networks (e.g. the Internet, e-commerce), mobile telephones, wireless
microphones, wireless intercom systems, Bluetooth devices and bank automatic
teller machines. There have been numerous reports of data in transit being intercepted
in recent years. Encrypting data in transit also helps to secure it as it is
often difficult to physically secure all access to networks.
Encryption,
by itself, can protect the confidentiality of messages, but other techniques
are still needed to protect the integrity and authenticity of a message; for
example, verification of a message authentication code (MAC) or a digital
signature. Standards and cryptographic software and hardware to perform
encryption are widely available, but successfully using encryption to ensure
security may be a challenging problem. A single slip-up in system design or execution
can allow successful attacks. Sometimes an adversary can obtain unencrypted
information without directly undoing the encryption. See, e.g., traffic
analysis, TEMPEST, or Trojan horse.
One of the
earliest public key encryption applications was called Pretty Good Privacy
(PGP). It was written in 1991 by Phil Zimmermann and was purchased by Symantec
in 2010.
Digital
signature and encryption must be applied at message creation time (i.e. on the
same device it has been composed) to avoid tampering. Otherwise any node
between the sender and the encryption agent could potentially tamper it. It
should be noted that encrypting at the time of creation only adds security if
the encryption device itself has not been tampered with.
Strengths
The
private keys used in symmetric-key cryptography are robustly resistant to
brute
force attacks. While only the one-time pad, which combines plaintext with a
random
key, holds secure in the face of any attacker regardless of time and computing
power,
symmetric-key algorithms are generally more difficult to crack than their
publickey
counterparts.
Additionally, secret-key algorithms require less computing power to be
created
than equivalent private keys in public-key cryptography.
Weaknesses
The
biggest obstacle in successfully deploying a symmetric-key algorithm is the
necessity
for a proper exchange of private keys. This transaction must be completed in a
secure
manner. In the past, this would often have to be done through some type of
faceto-
face
meeting, which proves quite impractical in many circumstances when taking
distance
and time into account. If one assumes that security is a risk to begin with due
to
the
desire for a secret exchange of data in the first place, the exchange of keys
becomes
further
complicated .
Another
problem concerns the compromise of a private key. In symmetrickey
cryptography,
every participant has an identical private key. As the number of
participants
in a transaction increases, both the risk of compromise and the consequences
of
such a compromise increase dramatically. Each additional user adds another
potential
point
of weakness that an attacker could take advantage of. If such an attacker
succeeds
in
gaining control of just one of the private keys in this world, every user,
whether there
are
hundreds of users or only a few, is completely compromised.
References
www.csc.villanova.edu
www.wikipedia.com
Santy Arlieza Wijayanti
C1L011021