Jump to content

Encryption

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 103.85.162.30 (talk) at 23:40, 26 June 2018. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Types

Symmetric key / Private key

In symmetric-key schemes,[1] the encryption and decryption keys are the same. Communicating parties must have the same key in order to achieve secure communication.

Public key

Illustration of how encryption is used within servers Public key encryption.

In public-key encryption schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that enables messages to be read.[2] Public-key encryption was first described in a secret document in 1973;[3] before then all encryption schemes were symmetric-key (also called private-key).[4]: 478 

A publicly available public key encryption application called Pretty Good Privacy (PGP) was written in 1991 by Phil Zimmermann, and distributed free of charge with source code; it was purchased by Symantec in 2010 and is regularly updated.[5]

Uses

Encryption has long been used by militaries and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems. For example, the Computer Security Institute reported that in 2007, 71% of companies surveyed utilized encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage.[6] Encryption can be used to protect data "at rest", such as information stored on computers and storage devices (e.g. USB flash drives). In recent years, there have been numerous reports of confidential data, such as customers' personal records, being exposed through loss or theft of laptops or backup drives; encrypting such files at rest helps protect them if physical security measures fail.[7][8][9] Digital rights management systems, which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering (see also copy protection), is another somewhat different example of using encryption on data at rest.[10]

In response to encryption of data at rest, cyber-adversaries have developed new types of attacks. These more recent threats to encryption of data at rest include cryptographic attacks,[11] stolen ciphertext attacks,[12] attacks on encryption keys,[13] insider attacks, data corruption or integrity attacks,[14] data destruction attacks, and ransomware attacks. Data fragmentation[15] and active defense[16] data protection technologies attempt to counter some of these attacks, by distributing, moving, or mutating ciphertext so it is more difficult to identify, steal, corrupt, or destroy.[17]

Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years.[18] Data should also be encrypted when transmitted across networks in order to protect against eavesdropping of network traffic by unauthorized users.[19]

Message verification

Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature. Standards for cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single error in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See, e.g., traffic analysis, TEMPEST, or Trojan horse.[20]

Digital signature and encryption must be applied to the ciphertext when it is created (typically on the same device used to compose the message) to avoid tampering; otherwise any node between the sender and the encryption agent could potentially tamper with it. Encrypting at the time of creation is only secure if the encryption device itself has not been tampered with.

Data erasure

Conventional methods for deleting data permanently from a storage device involve overwriting its whole content with zeros, ones or other patterns – a process which can take a significant amount of time, depending on the capacity and the type of the medium. Cryptography offers a way of making the erasure almost instantaneous. This method is called crypto-shredding. An example implementation of this method can be found on iOS devices, where the cryptographic key is kept in a dedicated 'Effaceable Storage'.[21] Because the key is stored on the same device, this setup on its own does not offer full confidentiality protection in case an unauthorised person gains physical access to the device.

See also

References

  1. ^ Symmetric-key encryption software
  2. ^ Bellare, Mihir. "Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements." Springer Berlin Heidelberg, 2000. Page 1.
  3. ^ "Public-Key Encryption - how GCHQ got there first!". gchq.gov.uk. Archived from the original on May 19, 2010.
  4. ^ Goldreich, Oded. Foundations of Cryptography: Volume 2, Basic Applications. Vol. 2. Cambridge university press, 2004.
  5. ^ "Symantec buys encryption specialist PGP for $300M".
  6. ^ Robert Richardson, 2008 CSI Computer Crime and Security Survey at 19.i.cmpnet.com
  7. ^ Keane, J. (13 January 2016). "Why stolen laptops still cause data breaches, and what's being done to stop them". PCWorld. IDG Communications, Inc. Retrieved 8 May 2018.
  8. ^ Castricone, D.M. (2 February 2018). "February 2, 2018 - Health Care Group News: $3.5 M OCR Settlement for Five Breaches Affecting Fewer Than 500 Patients Each". The National Law Review. National Law Forum LLC. Retrieved 8 May 2018.
  9. ^ Bek, E. (19 May 2016). "Protect Your Company from Theft: Self Encrypting Drives". Western Digital Blog. Western Digital Corporation. Retrieved 8 May 2018.
  10. ^ "DRM". Electronic Frontier Foundation.
  11. ^ Yan Li, Nakul Sanjay Dhotre, Yasuhiro Ohara, Thomas M. Kroeger, Ethan L. Miller, Darrell D. E. Long. "Horus: Fine-Grained Encryption-Based Security for Large-Scale Storage" (PDF). www.ssrc.ucsc.edu. Discussion of encryption weaknesses for petabyte scale datasets.{{cite web}}: CS1 maint: multiple names: authors list (link)
  12. ^ "The Padding Oracle Attack - why crypto is terrifying". Robert Heaton. Retrieved 2016-12-25.
  13. ^ "Researchers crack open unusually advanced malware that hid for 5 years". Ars Technica. Retrieved 2016-12-25.
  14. ^ "New cloud attack takes full control of virtual machines with little effort". Ars Technica. Retrieved 2016-12-25.
  15. ^ Examples of data fragmentation technologies include Tahoe-LAFS and Storj.
  16. ^ Burshteyn, Mike (2016-12-22). "What does 'Active Defense' mean?". CryptoMove. Retrieved 2016-12-25.
  17. ^ CryptoMove is the first technology to continuously move, mutate, and re-encrypt ciphertext as a form of data protection.
  18. ^ Fiber Optic Networks Vulnerable to Attack, Information Security Magazine, November 15, 2006, Sandra Kay Miller
  19. ^ "Data Encryption in Transit Guideline".
  20. ^ "What is a Trojan Virus - Malware Protection - Kaspersky Lab US".
  21. ^ iOS Security Guide

Further reading

Look up encryption in Wiktionary, the free dictionary.
Wikimedia Commons has media related to Cryptographic algorithms.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Encryption&oldid=847665784"