The electronic age has brought forth many technological advances. With theseadvances came the need for security and tighter control on how we sendinformation electronically over the Internet or through a network. Dateencryption is, in its simplest terms, the translation of data into a secretcode.
In order to read an encrypted file, the receiver of the file must obtain asecret key that will enable him to decrypt the file. A deeper look intocryptography, cryptanalysis, and the Data Encryption Standard (DES) will providea better understanding of date encryption. Cryptographic Methods There are twostandard methods of cryptography, asymmetric encryption and symmetricencryption. Data that is in its original form (unscrambled) is called plaintext.Once the data is scrambled and in its encrypted form it is called ciphertext.The ciphertext, which should be unintelligible to anyone not holding theencryption key, is what is stored in the database or transmitted down thecommunication line.
Asymmetric encryption (also know as public key encryption)uses two separate keys, a public key and a private key. The private key isavailable only to the individual receiving the encrypted message. The public keyis available to anyone who wishes to send data or communicate to the holder ofthe private key. Asymmetric encryption is considered very safe but issusceptible to private key theft or breaking of the private key (this isvirtually impossible and would constitute trying billions of possible keycombinations) (4). Types of public key algorithms include Riverst-Shamir-Adelman(RSA), Diffie-Hellman, Digital Signature Standard (DSS), EIGamal, and LUC (5).
Symmetric encryption uses only one key (a secret key) to encrypt and decrypt themessage. No public exchange of the key is required. This method is vulnerable ifthe key is stolen or if the ciphertext is broken (4). Types of symmetricalgorithms include DES, Blowfish, International Data Encryption Algorithm(IDEA), RC4, SAFER, and Enigma (5). Cryptanalysis Cryptanalysis is the art ofbreaking cryptography. Methods of cryptanalysis include: „h Ciphertext-onlyattack ?V the attacker works from ciphertext only.
The attacker does not knowanything about the message and is merely guessing about the plaintext (6). „hKnow-plaintext attack ?V the attacker know the plaintext. Knowing thisinformation, the attacker can attempt to decrypt the ciphertext (6). „h Chosenplaintext attack ?V the attacker can have a message encrypted with the unknownkey. The attacker must then determine the key used for encryption (6). „hMan-in-the-middle attack ?V the attacker intercepts the key that is beingexchanged between parties (6).
Data Encryption Standard (DES) In 1977 theNational Institute of Standards and Technology (NIST) and IBM developed the DataEncryption Standard, or DES, to provide a means by which data could bescrambled, sent electronically to a destination, and then unscrambled by thereceiver. DES was developed to protect data in the federal computer systemsagainst passive and active attacks (3). Every five years the NIST reviews theDES and determines whether the cryptographic algorithm should be revised, isacceptable, or completely withdrawn. DES uses a very complex algorithm, or key,that has been deemed unbreakable by the U.
S. government. There are72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys thatcan be used. It applies a 56-bit key to each 64-bit block of data. This processinvolves 16 rounds of operations that mix the data and key together usingoperations of permutation and substitution.
The end result is a completelyscrambled data and key so that every bit of the ciphertext depends on every bitof the data plus every bit of the key (a 56-bit quantity for DES) (2).Conclusion Sending secure electronic information is vital for businesses today.Although the electronic age has made it easier for companies to send and receiveinformation, it has also increased the need for security. Data encryption initself will not assure any business of sending secure information, butunderstanding it will surely benefit the company. Businesses who understandcryptography, cryptanalysis, and Data Encryption Standard are on their way tounderstanding data encryption. Bibliography1.
Bay Networks, Inc. (1997). Configuring Software Encryption. www.
baynetworks.com2. Biasci, L. (1999). Cryptology. www.
whatis.com.3. Frazier, R.
E., (1999). Data Encryption Techniques. www.
softstrategies.com.4. Litterio, F.
, (1999). Cryptology: The Study of Encryption. www.world.
std.com.5. SSH Communications Security, (1999). Cryptographic Algorithms.
www.ipsec.com.6. SSH Communications Security, (1999).
Introduction to Cryptography.www.ipsec.com.