Data Protection by Encryption

Encryption is a method to protect data against unauthorized access. Actually, encryption protects data that might be accessed, for example, in an IT environment by sniffing. By applying encryption methods to data, that data is turned into a form that is not easy to interpret without the decryption key. To turn encrypted data back into the original form you need to apply the appropriate decryption method. Thus, unauthorized persons may obtain encrypted data, but if they do not know the appropriate decryption method, they cannot access and use the original data. Of course, authorized persons must be the only persons who have access to the required decryption method.

Almost all encryption methods use a special parameter, the so-called key. To decrypt an encrypted message, you need to know which encryption method was used (or which corresponding decryption method is to be used) and additionally you need to know the correct key to make decryption work correctly. With modern encryption methods, the key is usually a character string of a defined length. For example, encryption methods may use 44-bit keys, 56-bit keys, 128-bit keys or even longer keys. The length of the key affects the security level of an encryption method. The most simple, but also a very time consuming way to crack a key is to try out each possible combination of characters. This method is called “brute force attack”. The longer the key, the more possible combinations you have to try out. That is why short keys are cracked more quickly than long keys. To reduce the time required to crack a key, some programs use a dictionary because most users build their keys or passwords from real words. But the design of an encryption method also plays an important role and some methods with shorter keys are harder to crack than other methods using longer keys. As computers become more and more powerful, the time required to try out a number of different combinations decreases and approved encryption methods become obsolete after some time. Basically, there are two kinds of encryption methods,

symmetric encryption methods and

asymmetric encryptions methods.

With symmetric encryption methods, the sender encrypts his message or data with the same key the receiver uses to decrypt the data. The problem with symmetric encryption methods is that the sender not only has to transfer the encrypted data to the receiver, but also the key which is required to decrypt the data. The transmission of the key from the sender to the receiver requires additional security measures.

With asymmetric encryption methods, two kinds of keys are used, one for the encryption of data and one for the decryption of data. Asymmetric encryption methods use a public key and a secret key, called the private key. Both keys are related to each other as the private key is used to generate the public key (but it is not possible to identify the private key if you just know the public key). Each participant of encrypted communication needs to have a public key and a private key. A participant publishes his public key and anyone who wants to send this participant encrypted data uses the public key of the participant to encrypt the data. The private key is kept by the participant and he uses it to decrypt arriving data. Compared to symmetric encryption methods, the advantage of asymmetric methods is that participants do not have to interchange secret keys to make communication work. With symmetric methods, the distribution of secret keys always requires additional security measures, because communication is no longer protected if the secret key is known by unauthorized persons. The public key of asymmetric methods is only used to encrypt data, but you cannot decrypt data with a public key. Thus the public key can be known by anyone and the distribution of public keys among the participants of a protected communication does not require any security measures.

No comments :

Post a Comment