Encryption

Published on January 2017 | Categories: Documents | Downloads: 69 | Comments: 0 | Views: 1282
of 10
Download PDF   Embed   Report

Comments

Content

In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). The reverse process, i.e. to make the encrypted information readable again is referred to as decryption, (i.e. to make it unencrypted). In many contexts, the word encryption may also implicitly refer to the reverse process, decryption e.g. “software for encryption” can typically also perform decryption .[citation needed] Encryption has long been used by militaries and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems. For example, the Computer Security Institute reported that in 2007, 71% of companies surveyed utilized encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage.[1] Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives). In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encrypting such files at rest helps protect them should physical security measures fail. Digital rights management systems which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering (see also copy protection) are another somewhat different example of using encryption on data at rest. Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years.[2] Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature. Standards and cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single slip-up in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See, e.g., traffic analysis, TEMPEST, or Trojan horse. One of the earliest public key encryption applications was called Pretty Good Privacy (PGP). It was written in 1991 by Phil Zimmermann and was purchased by Symantec in 2010.[3] Digital signature and encryption must be applied at message creation time (i.e. on the same device it has been composed) to avoid tampering. Otherwise any node between the sender and the encryption agent couIn cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during

decryption. Keys are also used in other cryptographic algorithms, such as digital signature schemes and message authentication codes.ld potentially tamper it. Need for secrecy

In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This principle is known as Kerckhoffs' principle — "only secrecy of the key provides security", or, reformulated as Shannon's maxim, "the enemy knows the system". The history of cryptography provides evidence that it can be difficult to keep the details of a widely-used algorithm secret (see security through obscurity). A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret. Keeping keys secret is one of the most difficult problems in practical cryptography; see key management. An attacker who obtains the key (by, for example, theft, extortion, dumpster diving or social engineering) can recover the original message from the encrypted data. Encryption algorithms which use the same key for both encryption and decryption are known as symmetric key algorithms. A newer class of "public key" cryptographic algorithms was invented in the 1970s which uses a pair of keys, one to encrypt and one to decrypt. These asymmetric key algorithms allow one key to be made public while retaining the private key in only one location. They are designed so that finding out the private key is extremely difficult, even if the corresponding public key is known. A user of public key technology can publish their public key, while keeping their private key secret, allowing anyone to send them an encrypted message. [edit]Key sizes

Main article: Key size For the one-time pad system the key must be at least as long as the message. In encryption systems that use a cipher algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations. A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the key size article for a fuller discussion. The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security

equivalent to a 128 bit symmetric cipher. Elliptic curve cryptography may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. As of 2004, a message encrypted using a 109-bit key elliptic curve algorithm had been broken by brute force. [1]The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random one-time pad, the security of these systems has not (as of 2008) been proven mathematically, so a theoretical breakthrough could make everything one has encrypted an open book. This is another reason to err on the side of choosing longer keys. [edit]Key choice

To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. The problem of how to safely generate truly random keys is difficult, and has been addressed in many ways by various cryptographic systems. There is a RFC on generating randomness (RFC 1750, Randomness Recommendations for Security). Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high quality randomness. When a password (or passphrase) is used as an encryption key, well-designed cryptosystems first run it through a key derivation function which adds a salt and compresses or expands it to the key length desired, for example by compressing a long phrase into a 128-bit value suitable for use in a block cipher.

A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program. Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects: Key agreement or establishment Entity authentication Symmetric encryption and message authentication material construction Secured application-level data transport Non-repudiation methods

For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an applicationlevel data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support. There are other types of cryptographic protocols as well, and even the term itself has various readings; Cryptographic application protocols often use one or more underlying key agreement methods, which are also sometimes themselves referred to as "cryptographic protocols". For instance, TLS employs what is known as the Diffie-Hellman key exchange, which although it is only a part of TLS per se, DiffieHellman may be seen as a complete cryptographic protocol in itself for other applications. Cryptographic protocols can sometimes be verified formally on an abstract level. When it is done, there is a necessity to formalize the environment in which the protocol operate in order to identify treats. This is frequently done through the Dolev-Yao model Advanced cryptographic protocols

A wide variety of cryptographic protocols go beyond the traditional goals of data confidentiality, integrity, and authentication to also secure a variety of other desired characteristics of computermediated collaboration. Blind signatures can be used for digital cash and digital credentials to prove that a person holds an attribute or right without revealing that person's identity or the identities of parties that person transacted with. Secure digital time-stamping can be used to prove that data (even if confidential) existed at a certain time. Secure multiparty computation can be used to compute answers (such as determining the highest bid in an auction) based on confidential data (such as private bids), so that when the protocol is complete the participants know only their own input and the answer. Undeniable signatures include interactive protocols that allow the signer to prove a forgery and limit who can verify the signature. Deniable encryption augments standard encryption by making it impossible for an attacker to mathematically prove the existence of a plaintext message. Digital mixes create hard-to-trace communications. [edit]Examples

Internet Key Exchange IPsec Kerberos Point to Point Protocol Transport Layer Security

Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" (or whole disk encryption) is often used to signify that everything on a disk is encrypted, including the programs that can encrypt bootable operating system partitions. But they must still leave the master boot record (MBR), and thus part of the disk, unencrypted. There are, however, hardware-based full disk encryption systems that can truly encrypt the entire boot disk, including the MBR. Disk encryption and Trusted Platform Module

Trusted Platform Module (TPM) is a secure cryptoprocessor embedded in the motherboard that can be used to authenticate a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system. A limited number of disk encryption solutions have support for TPM. These implementations can wrap the decryption key using the TPM, thus tying the hard disk drive (HDD) to a particular device. If the HDD is removed from that particular device and placed in another, the decryption process will fail. Recovery is possible with the decryption password or token. Although this has the advantage that the disk cannot be removed from the device, it might create a single point of failure in the encryption. For example, if something happens to the TPM or the motherboard, a user would not be able to access the data by connecting the hard drive to another computer, unless that user has a separate recovery key. [edit]Implementations

Main article: Comparison of disk encryption software There are multiple tools available in the market that allow for disk encryption. However, they vary greatly in features and security. They are divided into three main categories: software-based, hardwarebased within the storage device, and hardware-based elsewhere (such as CPU or host bus adaptor). Hardware-based Full Disk Encryption within the storage device are called self-encrypting drives and have no impact on performance whatsoever. Furthermore the media-encryption key never leaves the device itself and is therefore not available to any virus in the operating system. The Trusted Computing Group Opal drive provides industry accepted standardization for self-encrypting drives. External hardware is considerably faster than the software-based solutions although CPU versions may still have a performance impact, and the media encyption keys are not as well protected. All solutions for the boot drive require a Pre-Boot Authentication component which is available for all types of solutions from a

number of vendors. It is important in all cases that the authentication credentials are usually a major potential weakness since the symmetric cryptography is usually strong. [edit]Password/data recovery mechanism

Secure and safe recovery mechanisms are essential to the large-scale deployment of any disk encryption solutions in an enterprise. The solution must provide an easy but secure way to recover passwords (most importantly data) in case the user leaves the company without notice or forgets the password. [edit]Challenge/response password recovery mechanism Challenge/Response password recovery mechanism allows the password to be recovered in a secure manner. It is offered by a limited number of disk encryption solutions. Some benefits of challenge/response password recovery: No need for the user to carry a disc with recovery encryption key. No secret data is exchanged during the recovery process. No information can be sniffed. Does not require a network connection, i.e. it works for users that are at a remote location. [edit]Emergency Recovery Information (ERI) file password recovery mechanism An Emergency Recovery Information (ERI) file provides an alternative for recovery if a challenge response mechanism is unfeasible due to the cost of helpdesk operatives for small companies or implementation challenges. Some benefits of ERI file recovery: Small companies can use it without implementation difficulties No secret data is exchanged during the recovery process. No information can be sniffed. Does not require a network connection, i.e. it works for users that are at a remote location. [edit]Security concerns

Most full disk encryption schemes are vulnerable to a cold boot attack, whereby encryption keys can be stolen by cold-booting a machine already running an operating system, then dumping the contents of memory before the data disappears. The attack relies on the data remanence property of computer

memory, whereby data bits can take up to several minutes to degrade after power has been removed.[1] Even a Trusted Platform Module (TPM) is not effective against the attack, as the operating system needs to hold the decryption keys in memory in order to access the disk.[1] All software-based encryption systems are vulnerable to various side channel attacks such as acoustic cryptanalysis and hardware keyloggers. [edit]Full disk encryption

[edit]Benefits Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of disk encryption: Nearly everything including the swap space and the temporary files is encrypted. Encrypting these files is important, as they can reveal important confidential data. With a software implementation, the bootstrapping code cannot be encrypted however. (For example, BitLocker Drive Encryption leaves an unencrypted volume to boot from, while the volume containing the operating system is fully encrypted.) With full disk encryption, the decision of which individual files to encrypt is not left up to users' discretion. This is important for situations in which users might not want or might forget to encrypt sensitive files. Immediate data destruction, as simply destroying the cryptography keys renders the contained data useless. However, if security towards future attacks is a concern, purging or physical destruction is advised. [edit]The boot key problem One issue to address in full disk encryption is that the blocks where the operating system is stored must be decrypted before the OS can boot, meaning that the key has to be available before there is a user interface to ask for a password. Most Full Disk Encryption solutions utilize Pre-Boot Authentication by loading a small, highly secure operating system which is strictly locked down and hashed versus system variables to check for the integrity of the Pre-Boot kernel. Some implementations such as BitLocker Drive Encryption can make use of hardware such as a Trusted Platform Module to ensure the integrity of the boot environment, and thereby frustrate attacks that target the boot loader by replacing it with a modified version. This ensures that authentication can take place in a controlled environment without the possibility of a bootkit being used to subvert the pre-boot decryption. With a Pre-Boot Authentication environment, the key used to encrypt the data is not decrypted until an external key is input into the system. Solutions for storing the external key include:

Username / password Using a smartcard in combination with a PIN Using a biometric authentication method such as a fingerprint Using a dongle to store the key, assuming that the user will not allow the dongle to be stolen with the laptop or that the dongle is encrypted as well. Using a boot-time driver that can ask for a password from the user Using a network interchange to recover the key, for instance as part of a PXE boot Using a TPM to store the decryption key, preventing unauthorized access of the decryption key or subversion of the boot loader. Use a combination of the above All these possibilities have varying degrees of security, however most are better than an unencrypted disk. Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on (or sectors of) hard drives and removable media, email messages, or in the form of packets sent over computer networks. Security

Encryption software executes an algorithm that is designed to encrypt computer data in such a way that it cannot be recovered without access to the key. Software encryption is a fundamental part of all aspects of modern computer communication and file protection and may include features like file shredding. The purpose of encryption is to prevent third parties from recovering the original information. This is particularly important for sensitive data like credit card numbers. [edit]Encryption choices

Many encryption algorithms exist. The more popular options were submitted to the National Institute of Standards and Technology or NIST for the Advanced Encryption Standard (AES) competition. The winner, Rijndael, got 86 votes while Serpent got 59 votes, Twofish 31 votes, RC6 23 votes and MARS 13 votes. NIST chose Rijndael as its standard. Serpent and Rijndael are in fact somewhat similar; the main difference is that Rijndael is faster (having fewer rounds) but Serpent is more secure[citation needed]. [edit]Choosing encryption

There are several factors that affect the choice of an encryption algorithm including speed and security. The simplest method would be an XOR operation, with a constant value k, of each byte of plain text b, to produce a cipher value c.

Ciphers can be categorized into two general types: public key ciphers and symmetric key ciphers. Public key systems are based upon algorithms that are at least strongly believed to be "one-way" operations. That is, encryption with one member of a key pair is only easily reversed (decrypted) using the other member of the pair. Further, one member of the pair (the public key) cannot be easily used to determine the other (the private key). Provided the problems posed by the system to cryptanalyst are effectively unsolvable, the system is effectively secure. Such systems are used for key exchanges (for subsequent use of symmetric key ciphers), digital signatures and the like. Symmetric key ciphers (also referred to as secret key ciphers) are called such because the same key is used for both encryption and decryption. Thus, in order for messages encrypted with a symmetric key cipher to remain secure, the key used must remain secret. Symmetric key ciphers can be further subdivided into stream ciphers and block ciphers. Stream ciphers typically encrypt plaintext a bit or byte at a time, and are most commonly used to encipher real-time communications, such as audio and video information. The key is used to establish the initial state of a key-stream generator, and the output of that generator is used to encrypt the plaintext. Block cipher algorithms encrypt blocks of bytes of plaintext a block at a time. The Advanced Encryption Standard algorithm (AES - derived from the Rijndael cipher algorithm) is a block cipher that processes 16 bytes at a time, while its predecessor, the Data Encryption Standard algorithm (DES) encrypted blocks of eight bytes. A common mistake made by amateur cryptographers is the assumption that because the method is secret, the cipher is secure. This is not usually true. Many "home grown" encryption algorithms reveal the key quite easily when fed a string of identical bytes (e.g., nulls). The purpose of disseminating an encryption method is to allow the community to evaluate it. If it is indeed secure, then its power lies in the fact that its method has been subjected to scrutiny and found to be sound, not that it is secret. [edit]Applications

Encryption can be applied to data in many ways. Common categories are:

Disk encryption software (also known as OTFE software) File/folder encryption Database encryption Communication encryption software Network traffic encryption tools Generic IPSec based Each of these categories define the range and location of the data to be encrypted, but the process is the same for each.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close