The Art and Science of Encryption Technology

The Four Pillars of Cryptography:

Encryption focuses on four fundamental premises or pillars:

  • Authentication
  • Confidentiality
  • Integrity
  • Non-repudiation.

 

Authentication is a major part of cryptography and its main purpose is to verify the user. It provides the assurance as to the identity of users. Authentication can be achieved using either symmetric or asymmetric systems and can be done by any number of mechanisms from passwords, smartcards to biometrics. Or as they say, something you know, something you have, or something you are! For most of us authentication will happen when you’re trying to reach your favorite web site. In this case CHAP which stands for, Challenge Handshake Authentication Protocol (CHAP) for short is working behind the scene. CHAP encrypts your username and password and establishes the communication session to the remote server housing storing the content.

 

There are many different types of standardized protocol that can help in the authentication process, like Password Authentication Protocol (PAP) which can transmit your user name and password in clear text - not a great idea, or Extensible Authentication Protocol (EAP) which allows for a more custom method of authenticating a user across the web. Now there is mainly two types of encryption methodologies, one is symmetric and the other is asymmetric both encrypt a message but carry out the process differently.

 

The Symmetric methods can only provide confidentiality and uses only a single shared key which makes it difficult when you have to disturb many keys or scaling-up the process to authenticate a larger number of users. It is also an out-of-band exchange methodology meaning if a secure electronic channel is not available an off-line key distribution method channel must be used and might not be as secure. But the symmetric method is fast which is why it is used in many protocols over the web still today.

 

The Asymmetric method uses a key pair sets (one public key, and one private key), and works within an In-bank exchange. It’s very scalable and not only adds confidentiality, but integrity, authenticity and Non-repudiations. The drawback is it’s slower than the symmetric method and works best on small blocks of data. It’s also the preferred method in digital signatures, digital envelopes, and digital certificates which I will outline later in the paper.

 

Confidentiality Ensures secrecy and prevents unauthorized disclosure of data in transit, on disk or during transmission. Confidentiality can be achieved by encrypting data that is stored or in transit using logical or physical access controls, transmission protocols, database views, and controlled traffic flow. This also includes protecting the data from unauthorized modification or deletion. In short, confidentiality is the assurance that information is not disclosed to unauthorized people, processes or applications and only authorized people can change the data.

 

Integrity verifies that your data has not been altered or changed in any way except by authorized personal. Message integrity is enforced by a mean of an encrypted message digest you create and can be enforced by a public and or secret key cryptosystem. Remember the term message digest since we will also look into this, but can be called by many names: hash, hash value, CRC, checksum, and digital ID.  Most message digest are 128 bits or larger, but the longer the message the better the security. I will cover Hash functions later, but the most common ones are SHA, MD2, MD4, MD5 and HMAC to name but a few.

 

Now there are many forms of encryption, but the major thing to remember is it can be done either through symmetric or asymmetric methods. Moreover when it’s in transit you want to ensure that your data has not been altered in any way. One of the main methods of verifying the authentication of the messages is by creating a hash value or message digest guaranteeing the message sent is the same as the one received because confidentiality cannot exist without integrity.

 

Non-repudiation Ensures that a sender cannot deny sending a message. Some of the techniques used can be encryption, digital signatures, and notarization.

 

The Art and Science of Encryption Technology
It's an overview of all the different types of encryption technology used today on the web
Master_The Art and Science of Encryption[...]
Adobe Acrobat document [3.3 MB]
Print Print | Sitemap
© DigiBrains LLC