Data encryption is extremely vital for the protection of privacy. We take a look at the different types of encryption techniques which are used to secure data today.
Did You Know?
Back in the days of the Roman empire, encryption was employed by Julius Caesar to make letters and messages unreadable. This played a major role as an important military tactic, especially during wars.
As the capabilities of the Internet continue to grow, more and more of our businesses are being conducted online. Among these are important and highly sensitive ones, such as net banking, online payment, emails, interchange of private multimedia, etc., which involve the exchange of confidential data and information.
If these private entities are allowed to fall into the wrong hands, it could spell doom, not just for the user but for the entire online system of businesses as well.
To prevent this from happening, certain network security measures have been adopted to safeguard the transmission of private data. Chief among them are the processes of data encryption and decryption, which are together known as cryptography.
There are three basic encryption techniques used in most of the systems today: hashing, symmetric, and asymmetric encryption. In the following lines, we shall explore each of these types of encryption (cryptography) techniques in greater detail.
Types of Encryption
In symmetric encryption, normal readable data, known as plain-text, is scrambled, so that it becomes unreadable. This scrambling of data is done with the help of a key. Once the data is encrypted, it can be safely transmitted to the receiver. At the receiver’s end, the encrypted data is decoded with the help of the same key that was used for encoding it.
Clearly, therefore, the key is the most important part of symmetric encryption. It must be kept hidden/secured, as anyone with access to it would be able to decrypt the private data. This is why this type of encryption is also known as ‘private key’ encryption.
In modern systems, the key is typically a string of data which is derived from a strong password, or from a completely random source. It is fed into the symmetric encryption software, which uses it to scramble the data provided as input.
Data scrambling is achieved using a symmetric encryption algorithm, such as Data Encryption Standard (DES), Advanced Encryption Standard (AES), or International Data Encryption Algorithm (IDEA).
The weakest link in this type of encryption is security of the key, both in terms of storage and transmission to the authenticated user’s end. If a hacker is able to get his hands on this key, he can easily decipher the encrypted data, defeating the entire purpose of encryption.
Another drawback results from the fact that, the software which process data cannot work with encrypted data. Hence, for being able to use these software, the data first has to be decoded. If the software system itself is compromised, then a hacker will be able to obtain the data easily.
Asymmetric key encryption works similar to symmetric key encryption, in that, it uses a key to encode the message to be transmitted. However, instead of using the same key, it makes use of a completely different key for decoding this message.
The key used for encoding is made available to any and everyone on the network. As such, it is known as a ‘public’ key. On the other hand, the key used for decoding is kept secret, and is meant to be used privately by the user. Hence, it is known as a ‘private’ key. Asymmetric encryption is also known as public key encryption.
Since, in this method, the private key needed for decoding the message isn’t required to be transmitted every time, and is typically only known to the user (receiver), the chances of a hacker being able to decode a message are significantly lower. Diffie-Hellman and RSA are examples of algorithms that employ public key encryption.
Many hackers use the man-in-the-middle form of attack to get through this type of encryption. In asymmetric encryption, you are given a public key which you use to communicate securely with another person or service. However, hackers use network trickery to get you to communicate with them instead, while you are led to believe that you are on a secure line.
To better understand this type of hack, consider two communicating parties Jimmy and Lola, and a hacker Harold intent on intercepting their conversation. First, Jimmy sends a message over the network intended for Lola, asking her for her public key.
Harold intercepts this message and obtains the public key associated with it, and uses it to encrypt and send a false message to Lola containing his public key instead of Jimmy’s.
Lola, thinking that this message has come from Jimmy, now encrypts her reply using Harold’s public key, and sends it back. This message is again intercepted by Harold, deciphered, altered (if desired), encrypted once again using the public key that Jimmy had initially sent, and delivered back to Jimmy.
Thus, when Jimmy receives this message, he is led to believe that it has come from Lola, and continues on without suspecting any foul play.
The technique of hashing uses an algorithm known as a hash function to generate a special string from a given data, known simply as a hash. This hash has the following properties:
1) The same data always produces the same hash.
2) It is impossible to generate the original data from the hash alone.
3) It is impractical to try out different combination of input data to try to generate the same hash.
Thus, the main difference between hashing and other two forms of data encryption is that, once the data is encrypted (hashed), it cannot be obtained back in its original form (deciphered). This fact ensures that even if a hacker gets his hands on a hash, it would be of no use to him, since he won’t be able to decipher the content of the message.
Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA) are the two commonly used hashing algorithms.
As mentioned earlier, it is nearly impossible to decipher data out of a given hash. However, this only holds true if the hashing implementation is strong. In case of a weakly implemented hashing technique, using sufficient resources and brute-force attack, a persistent hacker may in-time find the data that coincides with the hash.
Each of these three encryption techniques suffer from some disadvantages. However, when used in combination, they form a robust and highly effective encryption system.
Most commonly, the secret key and the public key techniques are combined and used together. The secret key method allows for the fastest decryption.
The public key method offers a safer and more convenient way for transmission of the secret key. This combination method is known as the ‘digital envelope’. The PGP e-mail encryption program is based on the digital envelope technique.
Hashing finds application as a means of checking and verifying a secure password. If a system stores a password hash instead of the actual password, it will be more secure, as even if a hacker were to get a hold of this hash, he wouldn’t be able to comprehend (read) it.
During verification, the system would hash an incoming password, and see if the result matches with the one it has stored. Thus, the actual password would only be visible in the brief moments when it needs to be changed or verified, which will significantly reduce chances of it falling into the wrong hands.
Hashing is also used to authenticate data with the help of a secret key. The hash is generated using the data and this key. Therefore, only the data and the hash are visible, while the key itself isn’t transmitted. Thus, if modifications were to be made either to the data or the hash, they would be easily detected.
In conclusion, these techniques can be used to effectively encode data into an unreadable format, which can ensure that it remains secure. Most modern systems usually use a combination of these encryption techniques along with strong implementation algorithms for increased security.
In addition to security, these systems also provide numerous additional benefits, such as verification of user identity, and ensuring that the received data cannot be tampered with.