Encryption - An important component of CyberSecurity!
This article is originally posted on Peerlyst. You can read it here.
Humans share information since ages. Some information they share openly, and some they share secretly. The secret information has to be read only by the intended people and not by all. The shared secret information is interpreted by the recipient through some kind of a mechanism. Making the original information unreadable by scrambling it can be called encryption. The recipient can only be able to read the information by descrambling it exactly as the original message. And to descramble it, the recipient would have to use a mechanism which only the sender and the recipient knows.
According to Oxford dictionary Encryption is the act of putting information into a special code, especially in order to prevent people from looking at it without authority. The encrypted information is decrypted through a key which is shared with the recipient of the message. Encrypted data is known as cipher text and the unencrypted/decrypted data is known as plain text.
Encryption has taken new significance, as for as security of data is concerned, with the emergence of cloud and high adoptation of cloud. When you are on a public cloud or a hybrid cloud, your data resides in a third part data center. Cloud is basically someone else's computer which has huge capacities when it comes to RAM, harddisk, CPU, and other resources. These resources are shared by many tenants. Hence if one of your co-tenants is attacked, there is high probability that your data is also going to be exposed. So encrypting your data on cloud becomes very very important. Once you have encrypted your data, it is safe from the cloud providers prying eyes too.
Basically there are two types of encryption schemes - Symmetric encryption and Asymmetric encryption.
Symmetric encryption is a simple encryption method where only one secret key is used to encrypt and decrypt data. Same key is shared between the sender and the reciever.
Assymetric encryption uses a pair of public and private keys to encrypt and decrypt data. The public key is given to all, trusted or not. Where as the private key is kept as a secret. It works like this, when the public key is used to encrypt the data, it can only be decrypted with the private key. And when data is encrypted with a private key, it can only be decrypted with the public key. Confused!
Let me explain the concept in simple terms with three pairs of public - private keys. Let us suppose there are three users, user-1, user-2, and user-3. All the three users generate a pair of public and private key.
In Linux these keys can be generated by using command ssh-keygen. Now user-1 has public-user-1 and private-user-1, user-2 has public-user-2 and private-user-2, and user-3 has public-user-3 and private-user-3 key pairs.
The public keys will be broadcast by all the three to the world. So all the three will have the public keys. whereas the private keys private-user-1 remains with user-1, private-user-2 remains with user-2 and private-user-3 remains with user-3.
Now let us say user-2 wants to send a message to user-3. User-2 encrypts the data with his private key, private-user-2. Now the data can only be decrypted by public-user-2 key. But as user-1 also has public-user-2 key he needs to make sure that user-1 is not able to decrypt the message. Hence user-2 encrypts the message again with public-user-3 key. Now the message is decrypted by user-3 by first using private-user-3 key and then once again decrypt the message using public-user-3 key. Hence the message is safe from user-1. Hope you understood the concept.
Commonly used encryption algorithms are as follows
The Advanced Encryption Standard (AES): It is based on an algorithm developed by two Belgian cryptographers. It has three key sizes: 128 bit key, 192 bit key, and 256 bit key. Apart from this it has many rounds of encryption for each key size. 10 rounds of encryption for 128 bit, 12 rounds of encryption for 192 bit, and 14 rounds of encryption for a 256 bit key. AES is the trusted US Government encryption standard.
3DES (3 Data Encryption Standard): Also known as TripleDES was developed as the earlier version of DES was cracked in under 24 hours. Earlier the earlier verion of DES was supposed to be uncrackable, but with the increase in computing power and availability of the hardware at much lower costs has made the 56 bit key encryption very easy to crack. Hence 3DES was developed and it has three key options.
Option-1 is - all three keys are independent. each key size is 56 bit and the total key strength is 168 bit.
Option-2 is - first key and the second key are independent where as the third key is same as the first key. Here the effective key strength is 112 bit.
Option-3 is - all three keys are the same with an effective key strength of 56 bit.
RSA: This was developed by Ron Rivest, Adi Shamir, and Leonard Adleman. Hence the name is derived from the developers name. This is one the first public key algorithm. It is used in many protocols like SSH, SSL/TLS, OpenPGP, S/MIME and others. Many browsers use RSA to establish secure communications over insecure networks.
The key is either 1024 or 2048 bits long.
TwoFish: TwoFish has three key sizes, 128, 192, and 256 bits. It is one the fastest encryption algorithms available currently.
Hope you take away something from this article.