7.2. What Is Encryption?
Encryption (sometimes called enciphering) transforms original information, called plaintext or cleartext, into transformed information, called ciphertext, codetext, or simply cipher, which usually has the appearance of random, unintelligible data. The transformed information, in its encrypted form, is called the cryptogram.
When encryption is used to send messages, it is reversible. After transmission, when the information has reached its destination, the inverse operation (decryption, sometimes called deciphering) transforms the ciphertext back to the original plaintext. (There are cases in which encryption is one way only. These will be explained later.)
The technique or rules selected for encryptionknown as the encryption algorithm determines how simple or how complex the process of transformation will be. Most encryption techniques use rather simple mathematical formulas that are applied a number of times in different combinations. Most also use a secret value called a key to encrypt and decrypt the text. The key is a kind of password, usually known only to the sender and the recipient of encrypted information. The encryption algorithm mathematically applies the key, which is usually a long string of numbers, to the information being encrypted or decrypted.
Unlike a regular password, a key doesn't directly give you access to information. Instead, it's used by the algorithm to transform information in a particular way. With the key, information that's been locked (encrypted) by the key can readily be transformed; without the key, that information is inaccessible. The examples shown later in this chapter will help make encryption keys more understandable.
The type of encryption algorithm, the secrecy of the key, and a number of other characteristics together form what's called the strength of the encryption; cryptographic strength determines how hard it is to break an encrypted message.
An important consideration in assessing the strength of any encryption algorithm is not whether it can be broken (given sufficient pairs of plaintext and ciphertext, any secret messageexcept one encoded with a so-called "one-time pad," described later in this chaptercan theoretically be decrypted) but how likely it is that decryption can be performed in a reasonable amount of time. A message that can be broken, but only with a network of supercomputers grinding away for decades, is very safe indeed.
Early cryptographic systems depended on the secrecy of the encryption algorithm to provide security. Gradually, cryptography has come to depend upon the secrecy, and usually the length, of the key to keep messages secret. The most reliable cryptographic algorithms, in fact, are now expected to pass through several rounds of public scrutiny before most organizations will trust them. The most secret codes, of course, have secure algorithms as well as secret keys. There is no point in giving the opponent a head start. It is tremendously difficult to create reliable algorithms and to be able to test them thoroughly, however. Only a few nations have such a capability.
Remember that a poorly chosen, or improperly protected, encryption key opens the door to an intruder, just as a shared or stolen password does. If an intruder gets access to an encryption key, even the strongest encryption algorithm won't protect your data. Also, public key encryption, to be discussed later, depends on the mathematical difficulty of deriving a private key when presented with a public one. Certain efforts to increase the strength of encryption keys have led to research in a number of areas. Most current codes deal with the relationship between prime factors of very large numbers. Others depend on a relationship established by elliptic curves crossing an axis. One field, called quantum encryption, uses the curious relationship of spinning photons of light to increase security and make it easier to detect if a message has been read.
Figure 7-2 shows simple encryption and decryption.
Figure 7-2. Simple encryption and decryption
7.2.1. Why Encryption?
Encryption provides security in three of the four security categories introduced in Chapter 1. (Encryption is not a particularly effective way to achieve the fourth category, availability.)
7.2.2. Transposition and Substitution Ciphers
There are two basic types of encryption ciphers:
With a very simple transposition cipher (shown in Figure 7-3), the letters of the original text (the plaintext) are scrambled. With this type of cipher, the original letters of the plaintext are preserved; only their positions change.
Figure 7-3. A simple transposition cipher
With a very simple substitution cipher (two variations are shown in Figure 7-4), the letters of the plaintext are replaced with other letters, numbers, or symbols. With this type of cipher, the original positions of the letters of the plaintext are preserved, but the letters themselves change.
Figure 7-4. Simple substitution ciphers
188.8.131.52. More about transposition
In the fifth century B.C., the Spartans used a particularly interesting type of transposition cipher. During the Peloponnesian War, Spartan rulers encoded official messages by writing them on a long strip of parchment wound in a spiral around a wooden staff called a skytale. A message written in this fashion could be deciphered only by an official Spartan reader who had been given a baton of identical diameter. Thucydides, Plutarch, and Xenophon all have written about the use of this early cryptographic device.
Figure 7-5 shows another example of a transposition cipher.
Figure 7-5. Another transposition cipher
184.108.40.206. More about substitution
Although earlier substitution ciphers existed, Julius Caesar's military use of such a cipher was the first clearly documented case. Caesar's cipher, shown in Figure 7-6, was a simple form of encryption in which each letter of an original message is replaced with the letter three places beyond it in the alphabet.
Figure 7-6. The Caesar substitution cipher
The cipher used in Edgar Allan Poe's short story, "The Gold Bug," is a good example of a substitution cipher. Another example from literature is the cipher used in Sir Arthur Conan Doyle's Sherlock Holmes tale, "The Adventure of the Dancing Men."
Usually, cipher alphabets are much more complex than these examples. Sometimes an alphabet will have multiple substitutes for a letter, sometimes the alphabet will include substitutes that mean nothing, and sometimes several alphabets are used in rotation or combination. This is called a polyalphabetic cipher.
The Enigma machine described earlier in this chapter used substitution to encrypt communications.
7.2.3. Cryptographic Keys: Private and Public
More complex ciphers do not use simple substitutions or transpositions. Instead, they use a secret key to control a long sequence of complicated substitutions and transpositions. The key and the algorithm work together to change the original information into an encrypted version of itself. In most cases, the operation of the encryption algorithm is fixed and well known. It is the key that produces the unique encrypted version of the information.
Modern cryptographic systems fall into two general categories (identified by the types of keys they use): private key and public key systems.
220.127.116.11. Private key cryptography
Private key (sometimes called symmetric key, secret key, or single key) systems use a single key. That key is used both to encrypt and to decrypt information. (See Figure 7-7.) A separate key is needed for each pair of users who exchange messages, and both sides of the encryption transaction must keep the key secret. The security of the encryption method is completely dependent on how well the key is protected. The Data Encryption Standard (DES) algorithm, described later in this chapter, is a private key algorithm.
Figure 7-7. Private key encryption/decryption
18.104.22.168. Public key cryptography
Public key (sometimes called asymmetric key or two key) systems use two keys: a public key and a private key. Within a group of usersfor example, within a computer networkeach user has both a public key and a private key. A user must keep his private key a secret, but the public key is publicly known; public keys may even be listed in directories of electronic mail addresses.
Public and private keys are mathematically related. If you encrypt a message with your private key, the recipient of the message can decrypt it with your public key. Similarly, anyone can send anyone else an encrypted message, simply by encrypting the message with the recipient's public key; the sender doesn't need to know the recipient's private key. When you receive a message encrypted with your public key, you, and only you, can decrypt it with your private key. The RSA cryptographic algorithm, described later in this chapter, is an example of a public key algorithm.
In addition to providing an encryption facility, some public key systems provide an authentication feature which ensures that when the recipient decrypts your message he knows it comes from you and no one else.
In Figure 7-8, a banker named Joe uses his private key (known only to him) to encrypt a message. When the message is sent to the bank clearinghouse, the clearinghouse officer applies Joe's public key (known to everyone within the bank). Because decryption produces an intelligible message, the officer knows that only Joe could have created the message, and proceeds to follow Joe's instructions.
Figure 7-8. Public key encryption/decryption
This example shows one of the disadvantages of public key encryption. Using a private key to encrypt a message and a public key to decrypt it proves that the message originated with who it is claimed, but anyone who can access the public key can decrypt the message. This provides authenticity without confidentiality. On the other hand, encrypting a message with a public key and decrypting it with a private key means that the message is secure (only the private key can decrypt it), but because anyone could have obtained the public key, it does nothing to demonstrate authenticity.
The solution lies in combining a little bit from each, as shown in Figure 7-9. The sender can encrypt the message using his own private key, and then encrypt the result using the intended receiver's public key. Since only the receiver's private key can be used to decrypt the final result, secrecy is maintained. The receiver uses her private key to decode the doubly encrypted message and thereby obtains the message originally encrypted by the sender's private key. She then uses the sender's public key to decode that message, thereby obtaining the original message. She is confident in the authenticity of the message because if the message can be decrypted with a given public key, the message was encoded by the corresponding private key. It is assumed, of course, that the sender still has control of the private key or the computer or equipment that contains it, and that the sender was operating the equipment intentionally, and not under duress.
Figure 7-9. Public and private key encryption used together
Encoding and decoding the entire message two times is unnecessarily burdensome. And as long as the security is being provided by the sender using the recipient's public key, only a small portion of the message need be encoded using the sender's private key to show authenticity. In fact, using a snippet in this way is the principal behind digital signatures.
7.2.4. Key Management and Distribution
A major problem with encryption as a security method is that the distribution, storage, and eventual disposal of keys introduces an expensive and onerous administrative burden. This is called the key distribution problem. Historically, cryptographic keys were delivered by escorted couriers carrying keys or key books in secure boxes. In some cases, this is still the way it's done. With most modern high-security cryptographic products, government agencies do the actual key distribution, delivering the keys on magnetic media or semiconductor media to individual sites.
Another approach is to distribute a master key, which is then used to generate additional session keys. A site must follow strictly enforced procedures for protecting and monitoring the use of the key, and there must be a way to change keys at every site that will be receiving the encrypted messages, preferably at the same time. Even with all these restrictions, there's always a chance that the key will be stolen or compromised. Keys are kept in secure areas in safes. Instructions given to couriers for modern mobile encryption units usually require that the security modules of these devices never leave the sight of cleared individuals. This includes trips to the restroom. Fortunately, the secure modules are usually pocket-sized, and can be detached from the actual encryption units.
Of course, if a key is lost, there's another problem. Because deciphering encrypted information depends on the availability of the key, the encrypted information will be lost forever if you can't locate the key.
The difficulty of key distribution, storage, and disposal has limited the wide-scale usability of many cryptographic products in the past. Automated key variable distribution is problematic because it's difficult to keep the keys secure while they're being distributed, but this approach is finally becoming more widely used. The Department of Defense-sponsored Secure Telephone Unit (STU-III) project is an example of a system that uses automated key distribution.
Standards for key management have been developed by the government and by such organizations as ISO, ANSI, and the American Banking Association (ABA).
7.2.5. One-Time Pad
One approach for encryption, called a one-time pad (see Figure 7-10) or a one-time cipher key, can be proven mathematically to be foolproof. As its name indicates, the pad is used only once, and the key must then be discarded or destroyed.
Figure 7-10. A one-time pad
With a one-time cipher, you create two copies of a pad containing a set of completely random numbers. (These are numbers produced by a secure random number generator, possibly one based on some physical source of randomness. Sometimes, one-time pads are based on the process of nuclear radioactive decay.) The set contains at least as many numbers as the number of characters in your message. The sender of the message gets one copy of the pad; the recipient gets the other. On a computer system, one way to encrypt or decrypt a one-time message is to use a mathematical function called an exclusive OR, or XOR. When the sender XORs the message with the first copy of the pad, the process creates the encrypted message. When the recipient XORs the encrypted message with the second copy of the pad, the process recreates the original message. This method of encryption is also known as the Vernam Cipher, named for its inventor, Gibert Vernam, who developed the cipher in 1918 for use with telegraphy.
One-time pads are sometimes used to encrypt important diplomatic communications, but they're not practical for most communications because of the difficulty of key distribution. (For each possible pair of users who might wish to communicate, a key has to be generated and distributed to those users; the key must be longer than all the messages they might wish to exchange.) One-time pads must never be reused. Most of the successful cryptographic attacks against these systems have involved operators attempting to reuse old pads.
Modern military communications equipment is often equipped with a long list of keys, up to several hundred. This may allow secure communications for up to a period of years. The keys reside with the unit and are never transmitted, but indexing messages communicate to the receiving system which of the keys it should start with, and how the keys increment thereafter. These units also come with instructions to operators instructing them to never leave the unit out of the care of the cleared person. An "overrun" command allows emergency erasure of the keys in the event the unit appears about to fall into untrusted or enemy hands.
7.2.6. End-to-End and Link Encryption
There are two basic communications levels at which encryption can be performed. With end-to-end encryption (sometimes called off-line encryption), a message is encrypted when it is transmitted and is decrypted when it is received. The network may not even need to be aware that the message is encrypted. This type of encryption may sometimes be selected as an option by the user. The message remains encrypted through the entire communications process, from start to finish. This has the advantage of not depending on secure waypoints at every stage in the message path. This is the principle used by tunnel-style message encryption systems such as SSL, or TLS as it is known today.
With link encryption (sometimes called online encryption), a message is encrypted when it is transmitted, but is decrypted and then encrypted again each time it passes through a network communications node. The message may therefore be encrypted, decrypted, and reencrypted a number of times during the communications process, and the message is exposed within each node. With link encryption, the encryption is performed just before the message is physically transmitted. Encryption is typically invisible to the user; it is simply part of the transmission process.
There are advantages and disadvantages to each method of encryption. Advantages of end-to-end encryption are as follows:
Disadvantages of end-to-end encryption are as follows:
Advantages of link encryption are as follows:
Disadvantages of link encryption are as follows: