Describe how encryption is
used and the forms it takes, to include symmetric-key encryption, public-key
encryption and the roles of key length and encryption strength. |
Try
This:
Think of a real-world situation
in which encryption would be directly relevant to you.
|
|
Ciphers
A cryptographic algorithm, also called a cipher, is
a mathematical function used for encryption or decryption. In most cases,
two related functions are employed, one for encryption and the other for
decryption.
Figure 2.4
Modern Cryptography
Today, the ability to keep encrypted information secret is
based not on a cryptographic algorithm (which is widely known),
but on a number called a key that is used with the algorithm to
produce the encrypted result or to decrypt previously encrypted information.
-
Decryption with the correct key is simple.
-
Decryption without the correct key is very difficult if not impossible.
There are two basic varieties of encryption techniques available.
These are:
-
Symmetric-Key Encryption
-
Public-Key Encryption
Each of these has strengths and weaknesses and each is appropriate for
particular circumstances. We will discuss these in some detail in the following
section.
Symmetric-Key Encryption
Symmetric-key encryption can be implemented very efficiently, so
that users do not experience any significant delay due to encryption and decryption.
It also provides a degree of authentication, since information
encrypted with one symmetric-key cannot be decrypted with any other symmetric key.
As long as the symmetric key is kept secret by the two parties using
it, each party can safely assume that each communication is bona fide as
long as the decrypted messages continue to make sense.
Figure 2.5
Naturally, symmetric-key encryption is effective only if the symmetric
key is kept secret by the parties involved. If anyone else discovers the
key, it affects both confidentiality and authentication.
Symmetric-key encryption plays an important role in the SSL protocol,
which is widely used for authentication, tamper
detection, and encryption over TCP/IP networks.
SSL also uses techniques of public-key encryption, which is described in the next section.
Public-Key Encryption
The most commonly used implementations of public-key encryption
are based on algorithms patented by RSA Data Security. Therefore,
this section describes the RSA approach to public-key encryption.
Public-key encryption (also called asymmetric encryption) involves
a pair of keys: a public key and a private key. Each
public key is published, and the corresponding private key is kept secret.
Data encrypted with a public key can be decrypted only with a private key.
The animation below shows a simplified view of the way public-key encryption
works.
Figure 2.6
|
|
This technique lets you freely distribute a public key, and only you
will be able to read data encrypted using this key. In general, to send
encrypted data to someone, you encrypt the data with that person's public
key, and the person receiving the encrypted data decrypts it with the corresponding
private key.
As it happens, the reverse of this scheme also works: data encrypted
with your private key can be decrypted only with your public key. While
this would not be desirable for encrypting sensitive data, it can be used
to guarantee that the origin of a message is bona fide since only the holder
of the private key could encrypt the message that is decoded with the public
key. This is very useful because you can use your private key to sign
data with a digital signature an important requirement for electronic commerce
and other commercial applications of cryptography.
Client software such as Communicator can then use a public key to confirm
that a message was signed with a private key and that it hasn't been tampered
with since being signed. Subsequent sections describe how this confirmation
process works.
Key Length and Encryption Strength
In general, the strength of encryption is related to the difficulty
of discovering the key, which in turn depends on both the cipher used
and the length of the key. For example, the difficulty of discovering
the key for the RSA cipher most commonly used for public-key encryption
depends on the difficulty of factoring large numbers, a well-known mathematical
problem.
Figure 2.7
Different ciphers may require different key lengths to achieve the same
level of encryption strength. The RSA cipher used for public-key encryption,
for example, can use only a subset of all possible values for a key of
a given length, due to the nature of the mathematical problem on which
it is based. Other ciphers, such as those used for symmetric key encryption,
can use all possible values for a key of a given length, rather than a
subset of those values. Thus a 128-bit key for use with a symmetric-key
encryption cipher would provide stronger encryption than a 128-bit key
for use with the RSA public-key encryption cipher.
This difference explains why the RSA public-key encryption cipher must
use a 512-bit key (or longer) to be considered cryptographically strong,
whereas symmetric key ciphers can achieve approximately the same level
of strength with a 64-bit key. Even this level of strength may be vulnerable
to attacks in the near future.
Because the ability to surreptitiously intercept and decrypt encrypted
information has historically been a significant military asset, the
U.S. Government restricts export of cryptographic software, including most
software that permits use of symmetric encryption keys longer than 40 bits.
|