Cryptography. (Technote).Cryptography is the technology of keeping information secure. Only authorized individuals should have access to sensitive information.
For many centuries, various techniques were used to hide the contents of messages (encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. ) from message carriers while also providing a way for the intended recipient to convert the hidden message to one that was readable (decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. ). For example, Julius Caesar Julius Caesar: see Caesar, Julius. devised a method for encrypting messages by substituting each letter in the text by the third letter that follows it in the alphabet. Using the English alphabet The modern English alphabet consists of the 26 letters of the Latin alphabet:
Majuscule Forms (also called uppercase or capital letters)
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Minuscule Forms (also called , the letter `A' would become `D,' `B' would become `E,' `Z' would become" D" and so on. The following example shows the English clear text message and its encrypted en·crypt
tr.v. en·crypt·ed, en·crypt·ing, en·crypts
1. To put into code or cipher.
2. Computer Science form (cipher- text) using the Caesar Cipher
In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher, Caesar's code or Caesar shift method.
Clear Text: I came. I saw. I conquered.
Cipher cipher: see cryptography.
(1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. Text: L fdph. L vdz. L frqtxhuhg.
The secret in this encryption scheme is the algorithm for substituting one character for another in order to encrypt See encryption. and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. a message; and both sender and recipient of a message must know the algorithm. So long as the algorithm is kept secret from those who should not read it, the message is safe. Otherwise, the algorithm is compromised and can no longer be used to encrypt messages.
An encryption scheme is made more secure by changing the secret. Instead of the secret being the algorithm, it can be made a parameter to the algorithm called the encryption key. A message can then be encrypted only if the user has both the algorithm and the key. In this case, even if an unauthorized person knows the algorithm, that person could not decrypt a message without the key (which can be different for each message).
In the case of the Caesar Cipher method, the key could be the numeric position within the alphabet of the letter substituted for each clear-text letter. In the original example, the key is "3" If the key is changed to "7", the cipher text would be:
Cipher Text: P jhtl. P zhd. P jvuxblylk.
While more secure than the basic Caesar Cipher method, this technique is still very weak since there are only twenty-five possible keys that could be used. Cryptographic algorithms make use of this concept of a secret key with a public algorithm. The strength of the encryption lies in the difficulty of guessing the key for a particular message.
In the last example, it can be simple to guess the key for a given message because it is a single character and there are only twenty-five possibilities. Each possible key could be tried on a portion of the cipher-text until meaningful clear text is decrypted. This method of trying all the possible keys is called a brute force attack The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext. See dictionary attack. See also brute force programming. .
Modern algorithms, such as the Data Encryption Standard See DES.
Data Encryption Standard - (DES) The NBS's popular, standard encryption algorithm. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in FIPS 46-1 (1988) (which supersedes FIPS 46 (1977)). (DES), use longer, more complex keys, resulting in many more key possibilities. The key length is expressed as the number of binary digits See bit. required to store the key. DES, for example, uses a 56-bit key which produces 211--or 72 quadrillion--possible keys. This makes a brute force attack vastly more difficult.
The other factor affecting the strength of an algorithm is how quickly a single key can be tried in a brute force attack. The more quickly a key can be created and tested (for example, by using a faster computer), the more quickly all possible keys can be tried. Thus, as computing power increases, the strength of the key must increase to preserve the same level of security and ensure that brute force attacks remain computationally infeasible.
This method of encryption uses symmetric keys--the same key is used for both encryption and decryption. A further problem with symmetric keys is that both sender and recipient must know the key and yet the key must remain secret from unauthorized users. It can be difficult to maintain security of the key when it must be transmitted at least once by some method from the sender to the receiver.
Public-Key Cryptography public-key cryptography - public-key encryption
To solve the problem of maintaining privacy of encryption keys, a new class of encryption algorithms A formula used to turn ordinary data, or "plaintext," into a secret code known as "ciphertext." Each algorithm uses a string of bits known as a "key" to perform the calculations. The larger the key (the more bits), the greater the number of potential patterns can be created, thus making was devised based on two keys that are mathematically related to each other. In this method, a message encrypted by one key of the pair can only be decrypted using the other key of the pair. These keys are asymmetric A difference between two opposing modes. It typically refers to a speed disparity. For example, in asymmetric operations, it takes longer to compress and encrypt data than to decompress and decrypt it. Contrast with symmetric. See asymmetric compression and public key cryptography. because the key that encrypted the message cannot decrypt it.
Asymmetric keys are often called public/private key pairs because of the way in which they are typically used. The "owner" of the key pair makes one of the keys publicly available and keeps the other secret (private). It does not matter who has access to this public key because it requires both keys to successfully encrypt and decrypt a message. The sender of a message uses the public key of the recipient to encrypt the clear text. The message can then be decrypted only with the private key, which is known only by the recipient.
This adds much greater complexity to the encryption scheme, increasing the difficulty of a brute force attack.
Hybrid Cryptosystems In cryptography, public-key cryptosystems are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely (among other useful properties).
A hybrid cryptosystem combines symmetric key and public-key cryptography to gain the multiple benefits, while removing the limitations, of both types of cryptography.
Public-key algorithms are orders of magnitude slower in execution than symmetric key algorithms. For this reason, symmetric key algorithms are used for most encryption operations. Yet the problem of distributing the symmetric key without revealing it to anyone but the intended recipient remains.
The solution is to send the symmetric key in a message that is encrypted with the public key of the recipient. Since only the recipient knows the corresponding private key, the symmetric key is kept confidential. Once the symmetric key exchange has been completed securely, the sender's messages can be encrypted using the more efficient symmetric key algorithms.
Editorial Note: The above notes have been abstracted from a comprehensive White Paper entitled E-Business Data Exchange: Surviving The Security Audit produced by Sterling Commerce to illustrate the application of their `Connect' software security system for data transfer. Further details from www.sterlingcommerce.com