Page 67 - Cyber Defense eMagazine September 2018
P. 67
67
However, there are measures of protection that may be administered to alleviate the risks associated with
private information. Organizations should follow the law and establish policies to take responsibility. People
and companies should follow best practices. Then we have the implementation of cryptography through the
process of encryption.
What exactly is Encryption and Cryptography?
Encryption is the scrambling of information so that it cannot be read and only people with a certain key can
access it. Encrypted data is what has been translated from plaintext to cipher text. In getting it to work
backwards, we decrypt the message by changing the scrambled message back to the original text.The terms
encryption and decryption are what sum up the process of the broader term called Cryptography. The primary
purpose of Cryptography is to secure digital information confidentially, as it is stored on systems at rest and
as well as transported through the web or other interconnected networks. In our day and age, Cryptography
is the most effective and favored information security approach administered by managements. Cryptography
can accommodate and administer to several necessities when it comes to information systems security.
Through confidentiality, it ensures those who have been authorized by having been given the key can only
see encrypted data. Integrity is ensured, as the data cannot be modified with the exception of the authorized
accounts who have access to the key. Through availability, only privileged users are given the decrypting key
to get the data. Lastly, the concept of nonrepudiation is also a trait it can push through as it prevents individuals
from denying they were involved.
While Cryptography may seem like a treacherous, daunting and complicated task, it is an essential in
computer security. However, it is a form of art with dashes of arithmetic. Let me see if I can break it down for
you to comfortably digest. Now, Encryption at its core is a conglomerate of logic called a formula with a key
to encode the data. It is an algorithm that utilizes mathematical formulas. The way it works is an encrypted
key is composed of a huge number that is then applied to encrypt and decrypt the data. How long the key is
dictates how secure the information will be. So, concisely, the more elongated the key is the better the data
will end up secure. The majority of encryption algorithms used have a length between 40-128 bit or more. This
is great since most internet browsers do support this key length range.
Symmetric or Asymmetric?
There exist two main categories in data encryption symmetric encryption and asymmetric encryption also
referred to as public key encryption.
Symmetric encryption, also referred to as single-key encryption, is the process of using only one key to decrypt
and encrypt your information. Both parties, the sender and receiver use the same exact key. The most
comprehensively used standard for this encryption process is Data Encryption Standard (DES). This method
is broken up into 64-bit blocks and then transferred. It is then manipulated in the process of 16 encryption
steps implementing a 56-bit key. It then becomes scrambled by a substitution algorithm and finally transposed
for one last time. That was then, but this is now and DES has been replaced with Advanced Encryption
Standard (AES), which was officially chose by the U.S. government as the replacement and has become the
most popular symmetric key algorithm. Nonetheless, there is a major dilemma with symmetric key process.
How do you transfer the key? The correct answer is, hopefully guessed it, public key encryption. That major
issue of distributing the keys in symmetric encryption is why public key encryption is preferred. Since, the
mere loss or leak of the symmetric key will lead to a significant problem of giving someone else the opportunity
to decrypt secure messages.