Security through encryption
Dec 1, 2002 12:00 PM, By Kevin McNamara, CNE
Sometimes it is necessary to keep certain data files private,whether the files are on a disk or perhaps sent over a network throughe-mails. Financial institutions, large corporations and governmentagencies routinely employ complex data encryption methods to hidesensitive and potentially damaging information stored on workstationsand servers throughout the world.
Data encryption is simply a more advanced form of the secret codesor cryptology, used by the military for nearly the last century,essentially scrambling information is such a way that can only be readby the intended recipient.
Any computer connected to the Internet can be fair game for amotivated hacker that desires to read, or worse modify or destroy,important information. The function of data encryption algorithms is topermit the seamless transfer of sensitive information between twoparties and to maintain that information on a storage medium that canread by only an authorized user.
What's in a name?
While we call these data encryption algorithms, the actual processdepends on encryption and decryption methods. The more appropriate termwould be cryptographic algorithms.
Fundamentally all data cryptography methods need at least twocomponents:
- The algorithm defines the specific encryption method.
- The key identifies a specific instance of the algorithm.
Most data cryptography use these components and are also calledkey-based algorithms. Another method, called a restricted algorithm,does not use a key, but rather defines a specific encryption anddecryption mechanism that is embedded between the source and thedestination. The assumption with restricted algorithms is that thecoding is kept secret and can not broken by outsiders. In contrast,files protected by key-based cryptographic schemes may use any numberof encode algorithms, providing the proper key exists at thedestination in order to decode the files properly.
There are two types of key-based cryptographic encryptionalgorithms: symmetric and asymmetric.
Symmetric key method
Symmetric key, also called secret-key, is the most popular form ofdata cryptography in use today. This method uses a single key for thesender and recipient. How does the recipient get the secret key? Itmust be sent separately through a trusted and secure channel.
The most popular implementations of symmetric algorithmsinclude:
- DES, or data encryption standard, was originally developed by IBM in1974, was adopted by the National Institute of Standards (NIST) in 1977as a national standard to address the need for protectingnon-classified data. DES uses a key length of 56 bits. While DES isstill widely used throughout the world, it has been determined that a56-bit key is not sufficiently large enough to be impervious tohackers. DES is applied to data in blocks of 64 bits � i.e. 64bits of incoming text is converted to 64 bits of encoded text. Themaximum key length is limited to 56 bits because the least significantdigit (in binary) is used as a parity bit and ignored, leaving only theseven most significant digits yielding a maximum length of 56 bits.
- Triple DES is a stronger form of DES using three 64-bit keys for atotal key length of 192 bits. The 192-bit key breaks the key into threeseparate keys. From here the process is essentially the same asstandard DES, however the data is first encrypted with the first key,decrypted with the second key and finally encrypted for a second timewith the third key. While triple DES is far more secure, it operatesabout three times slower than single DES.
- Advanced encryption standard (AES) became effective as a standard onMay 26, 2002. AES specifies three key lengths: 128 bits, 192 bits and256 bits. Data encoded with the AES 128-bit key is 1,021 times strongerthan the traditional 56-bit DES scheme.
- Blowfish, developed in 1993, uses variable key lengths from 32 bitsto 448 bits. It is gaining popularity as an alternative to DES.
- International data encryption algorithm (IDEA) uses a key length ofas much as 256 bits. The key phrase is applied to another algorithmknow as MD-5 (MD stands for message digest) which digitally creates a128-bit key. IDEA is not freely distributed commercially, but is usedwith the popular data encryption program PGP (pretty good privacy).
Asymmetric key methods
Cryptography based on the asymmetric key method is also known as apublic-key infrastructure (PKI) algorithm. PKI uses public and privatekeys to maintain a high level of security for files that are typicallysent via a public or private network. Each user has access to the listof public keys for the other users across the network. To establish asecure connection between two users, the originating user must find thepublic key for the destination. The file is encrypted using the publickey assigned to the user at the destination. The user at thedestination can decrypt the file using his private key. One popularimplementation of PKI is called RSA.
RSA, developed in 1977, uses encryption and digital signatures tocreate highly secure crypto text. Its function is complex, but the RSALaboratories website explains it well. Further information can be foundat the RSA Securities website at www.rsasecurity.com.
This is only a brief overview of methods available to secure yourdata. The Web provides a rich source of information to research theseand other methods.
National Institute of Standards
International data encryption algorithm
McNamara, Radio's consultant on computer technology, is presidentof Applied Wireless Inc., New Market, MD.
All of the Networks articles have been approved by the SBECertification Committee as suitable study material that may assist yourpreparation for the SBE Certified Broadcast Networking Technologistexam. Contact the SBE at (317) 846-9000 or go towww.sbe.orgfor moreinformation on SBE Certification.