1.6 ENCRYPTION: A DEFENSIVE SYSTEM AGAINST THREATS

Encryption ensures the confidentiality requirements of a system. Sensitive Information must travel over the public channels (such as the Internet) can be defended by the encryption, or secret codes. Information security relies heavily on encryption. The goal of encryption is to make it impossible for a hacker who obtains a cipher text(encrypted information) as it passes on the network to recover the original message.

Encryption is the mutation of information in any form (text, video, and graphics) into a form readable only with the decryption key. A key is a very large number, usually a string of zeroes and ones. There are two main kinds of encryption known today: symmetric encryption and asymmetric encryption systems:

1.6.1 Symmetric Key Encryption Systems

Symmetric encryption systems, also known as secret or private key encryption systems/conventional encryption/single key encryption were the only type of encryption in use prior to the development of asymmetric key encryption systems. 

These types of systems rely on generating a common key called secret key for both encryption and decryption. In such a system, both the parties i.e., the transmitter and the receiver must trust each other and preserve a copy of the secret key to encrypt and decrypt the messages. They also must ensure that the key is not leaked or overheard in transmission such as local phones etc. Anyone having access to the key may misuse it for encrypting or decrypting the secret messages.

Let us take an example to understand better the concept of encryption. Assume you want to send a secret message to your friend in encrypted form. For encryption of message (MEET TODAY), we will use the following table1.


As, we want to convert this plain text to encrypted form. We will select a secret key to encrypt this plain text. As in this example we select a secret key is 3. So you have to add 3 in every positional value of alphabets (A, B, C, D………….X, Y, Z) to get encrypted form of the text. As you can see from the  Table1 shown, the respective position value of the alphabets (1, 2, 3, 4……..24, 25, 26). Now, every character will be read as the character comes on 3+ positions. In this case if we select A then it will be D.

Now, after encryption the message will be:

Cipner Text (Encrypted Message) = PHHW WRGDB

The text after encryption will be called Cipher text.

A symmetric encryption scheme has five ingredients as depicted in Figure 1. 2:

· Plaintext: This is the original intelligible message or data which is fed into the algorithm as input.

· Encryption Algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.

· Secret Key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key.

· Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. The ciphertext is apparently random stream of data and, as it stands, is unintelligible.

· Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.


Although such a system is easy to use because of the existence of a single key to be shared by both the parties, but it has some disadvantages which has resulted into nonacceptance of such systems frequently. A secret key encryption system suffers from the problems of key distribution, generation, transmission and storage of keys. Secure key distribution is cumbersome in large networks and practically infeasible for a vendor having several thousands of customers. It is also impractical for a large group of users which are previously unknown, further every customer is to be assigned a new secret key which can never be shared with any other customer/party.

More popular solution to widespread open network security is a newer, more sophisticated form of encryption, first developed in 1970 called Asymmetric key encryption.

1.6.2 Asymmetric Key Encryption Systems:

Asymmetric key encryption systems are also known as Public –key encryption systems. These systems use two keys, one key to encrypt the message and the other corresponding key to decrypt the message. The two keys are mathematically related so that the data encrypted by one can be decrypted by the other. This system is based on a pair of keys one of them is known as public key which can be made public to all the users, the other key is called private key which is always kept confidential and never exposed. Both the keys should however be protected for any modifications, since keys once modified can never be further used for encryption or decryption.

A public key encryption scheme has six ingredients:

Plaintext: This is the readable message or data that is fed into the algorithm as input.

· Encryption Algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.

· Public and Private Key: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the encryption algorithm depend on the public or private key that is provided as input.

· Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts.

· Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.

The essential steps are the following:

1) Each user generates a pair of keys to be used for encryption and decryption of messages.

2) Each user places one of the two keys in a public register called public key or other accessible file. The companion key is kept private called private key. Each user maintains a collection of public keys obtained from others.

3) If user A wishes to send a confidential message to user B then A encrypts the message using B’s public key.

4) When B receives the message, he decrypts it using his own private key. No other recipient can decrypt the message because only B knows his private key.

This process is also shown in Figure 1. 3.

With this approach, all participants have access to public keys, and private keys are generated locally by each participant and therefore need never be distributed. As long as the system controls its private key, its incoming communication is secure. At any time, a system can change its private key and publish the companion public key to replace its old public key. The following figures show the encryption and authentication processes in Public Key cryptography.

Public key crypto system can also be used for authentications which ensure that the message is only sent by the user A and it is a authenticated message by user A. In this case, user A encrypts the message and transmits over network. Now, this cipher text can only be decrypted by the public key of user A. Hence, it is a authenticated message only sent by user A. This process is show below in the Figure 1. 4.


Table summarizes the main differences and the important aspects of the symmetric and Asymmetric encryption systems:



Comments

Post a Comment

Popular posts from this blog

3.8 SECURE NETWORK DEVICES

 In this unit, we have already learnt that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around, your front door (or, firewall). Just as castlesweren't built with moats only in the front, your network needs to be protected at all of its entry points. Secure Modems, DialBack Systems If modem access is to be provided, this should be guarded carefully. The terminal server, or network device that provides dialup access to your network needs to be actively administered, and its logs need to be examined for strange behavior. Its passwords need to be strong not ones that can be guessed. Accounts that aren't actively used should be disabled. In short, it's the easiest way to get into your network from remote: guard it carefully. There are some remote access systems which have the feature of a twopart procedure to establish a connection. The first part is the remote user di...
Read more

3.5 SECURITY ISSUES FOR SMALL AND MEDIUM SIZED BUSINESSES

 Small and medium sized businesses use the Internet and networked applications to reach new customers and serve their existing ones more effectively. At the same time, new security threats and legislation puts increased pressure on business networks to be reliable and secure. Business Challenges According to recent studies, security is the biggest challenge facing small and mediumsized businesses. Everchanging security threats from both inside and outside the business network can wreak havoc on business operations, affecting profitability and customer satisfaction. Small and mediumsized businesses must also comply with new regulations and laws created to protect consumer privacy and secure electronic information. Security issues for small and medium – sized businesses are classified into 5 basic categories: Worms and Viruses As per research, Computer worms and viruses remain the most common security threat, with 75 percent of small and medium businesses affected by it.. Worms and v...
Read more

3.4 TOPOLOGIES

Image
 In computer networking, topology refers to the layout of connected devices. You can think of a topology as a structure of a network. This shape does not necessarily correspond to the actual physical layout of the devices on the network. Network Topology is the study of the arrangement or mapping of the elements (links, nodes, etc.) of a network interconnection between the nodes. It also determines the strategy for physically expanding the network, in future Topologies can be physical or logical. Physical Topology means the physical design of a network including the devices, location and cable installation. Logical Topology refers to the fact that how data actually transfers in a network as opposed to its design. Following are the considerations for choosing a Topology: · Costing: Some kind of topology may be less expensive compared to others in terms of installation (for example Bus topology). · Length of cable: It is needed to connect machines in a network. · Network scalability:...
Read more