Encryption Exploitation Technologies - Research Paper Example

? Encryption Exploitation Technologies of Encryption Exploitation Technologies Introduction Encryption is a term in data security and privacy which refers to the processes through which original information (plain text) is converted into ciphertext, which is a form of data that is difficult to interpret (Dent, 2008). Encryption is achieved by the use of an encryption algorithm which composes of a set of formulae that converts plain text into the ciphertext format (Bhargava, Shi & Wang, 2007). With advancement in information and communication technology and the implementation of information systems within organizations, data security has become a serious issue. It is in this regard that organizations have come up with security policies which define how data should be secured for confidentiality, authenticity, privacy, integrity, access control and nonrepudiation (Knott & Steube, 2011). The process of encryption employs different methods with a view of ensuring that information in its original and natural format is altered or converted into formats which cannot be read by systems attackers. Hence encryption is basically viewed at ascertaining that it is only the intended receivers who are able to read the message. This research paper gives a critical discussion of the nature and approaches of execution of the common methods that are used in the exploitation of encryption technologies. Symmetric Encryption Symmetric encryption is one of the major methods that are used in computer security in the exploitation of encryption technologies. In symmetric encryption, both the receiver and the sender of data or information have the same key or encryption key (Ackerman, 2008). In this regard, symmetric encryption is also known as shared secret encryption or shared key encryption (Lian, Liu, Ren & Wang, 2007). The encryption key in symmetric encryption method is applied both when encrypting and decrypting data. The security behind symmetric encryption lies in the fact that it is only the individuals with the same key who are able access and read data, information or messages which have been encrypted by the use of the symmetric key (Knott & Steube, 2011). Symmetric encryption has existed as the oldest methods on utilizing encryption technologies. It is essentially used for secure transmission of data. As a result, data that has been transmitted through the symmetric encryption is said to be confidential (Bhargava, Shi & Wang, 2007). In this sense confidentiality means that the understanding of meaning which is carried within the data can only be achieved by systems or individuals that share the same key. In this regard, it is evident that symmetric encryption is aimed at preventing unauthorized entities from understanding data rather than preventing them from accessing it (Dent, 2008). Therefore even if attackers access data, they are not able to understand its meaning since it is encrypted (Ackerman, 2008). Figure 1: Symmetric Encryption (PacketLife.net, 2010) It is important to note that encrypted data remains to be data. What changes is the inability for unauthorized entities to have and understanding or acquires the meaning that is contained therein (Moore, 2007). Due to encryption, the purpose of messages serves only the intended recipients (Al-Riyami, Malone-Lee & Smart, 2009). Symmetric encryption makes use of various algorithms. An encryption algorithm the word used to describe the mathematical formula which is employed in both the encryption and decryption of data files during the process of electronic data transfer or communication (Toubba, 2008). It is therefore the function of the encryption algorithm to convert electronic formats of data into formats that are difficult to understand by the unintended audience. Since the intended receivers have the same key as the sender, symmetric methods in encryption allows them to read and comprehend the encrypted data. This is made possible by the use of the key and the symmetric algorithm to reconvert the data into its readable format or decrypt it for the receiver (Dent, 2008). The commonly used algorithms in symmetric encryption include 3DES, DES, RC4 and AES (Tian, Sun & Wang, 2007). The common application of AES, 3DES and DES is within VPNs such as IPsec (Al-Riyami, Malone-Lee & Smart, 2009). RC4 on the other hand is commonly deployed within wireless computer networks (Tian, Sun & Wang, 2007). The wide application of symmetric encryption in the utilization of encryption technologies is due to its advantages. Firstly, symmetric encryption through deployment of its algorithms is an extremely fast method on encrypting and decrypting data (Lian, Liu, Ren & Wang, 2007) secondly, symmetric encryption is a relatively less complex method of utilizing encryption techniques (Bhargava, Shi & Wang, 2007). Because of this, symmetric encryption is easy to implement within computer hardware. Nonetheless, symmetric encryption has one disadvantage. This is related to the fact that in symmetric encryption, all hosts or computer systems that are participating within the encryption processes must be configured accordingly with the secret key by the user of specific external means (Tian, Sun & Wang, 2007). Asymmetric Encryption Asymmetric encryption is another major method through which encryption technologies are utilized. This method is also referred to as public key cryptography (Ackerman, 2008). This method of encryption became necessary and was an innovation which was aimed at solving the problem of data communication via the internet. This is due to the fact that exchanges of data via the internet have a high likelihood of falling into the hands of the unintended audience or recipients (Al-Riyami, Malone-Lee & Smart, 2009). In this sense, it is argued that asymmetric encryption was necessitated by the disadvantage of symmetric encryption where any individual who knew the secret key is able to decrypt and understand the encrypted message (Bhargava, Shi & Wang, 2007). The answer to the problem with symmetric encryption is asymmetric encryption. This is due to the fact that with asymmetric encryption, there are two different but related keys (Zhu, Hu, Ahn, Wang & Wang, 2011). The pair of keys in asymmetric encryption is composed of public and private keys (Lian, Liu, Ren & Wang, 2007). The public key is made available to individuals who would like to send an encrypted message (Zhu, Hu, Ahn, Wang & Wang, 2011). The private key on the other hand is secret and only known by the recipient of the message (Lopriore, 2012). Figure 2: Asymmetric Encryption (PacketLife.net, 2010) It is notable that the difference between symmetric and asymmetric encryption lies in the fact that two different keys are used in asymmetric encryption (Knott & Steube, 2011). The public key is used to encrypt data while the private key is used by the receiver to decrypt it and comprehend what it means (Pendegraft, 2009). RSA is the commonly used algorithm in the use of asymmetric encryption method within the process of utilizing encryption technologies (Al-Riyami, Malone-Lee & Smart, 2009). However there are two disadvantages of asymmetric encryption when compared with symmetric encryption. Firstly, asymmetric encryption imposes a relatively high computational burden to the users (Bhargava, Shi & Wang, 2007). Secondly, asymmetric encryption is slower as compared to symmetric encryption (Toubba, 2008). The major advantage of asymmetric encryption is based on the fact that it provides a method of establishing a secure data communication channel within an unsecure medium such as the internet (Ackerman, 2008). In this regard, asymmetric encryption method is applied in the protection of payload data (Toubba, 2008). Since, it is only the private and unshared key which decrypts data; asymmetric encryption is therefore reliable in preserving the confidentiality of data that is transmitted via the internet (Al-Riyami, Malone-Lee & Smart, 2009). Hybrid/Robust Methods In order to utilize the advantages of both asymmetric and symmetric methods of encryption, robust methods were invented (Dent, 2008). These methods which are also referred to as hybrid encryption methods combines the strengths asymmetric and symmetric methods to enhance the confidentiality, privacy, authenticity, access control, integrity and nonrepudiation of sent data (Knott & Steube, 2011). This method is especially useful in transmission of electronic data via the internet. This method of exploiting encryption techniques uses a session key. The session key is a symmetric key which is distributed over an insecure channel through the use of asymmetric method (Bhargava, Shi & Wang, 2007). Therefore asymmetric method ensures that security of data is enhanced in robust methods. On the other hand, symmetric methods make bulk encryption possible in robust methods of encryption (Al-Riyami, Malone-Lee & Smart, 2009). Hashing Hashing is another main method that is employed in utilizing encryption technologies. Nonetheless, this method is distinct from encryption in its approach. In hashing, the message to be sent is condensed into a hash which is a form of irreversible and fixed length value (Ackerman, 2008). It is therefore evident that hashing differs from encryption processes which involve two steps of encryption and decryption of a message (Panfilov & Cherepniov, 2008). In addition, hashing is applied in the verification of data for authenticity (Knott & Steube, 2011). The significance of hashing is demonstrated by the fact that the hash alone cannot be used to retrieve the original message. Instead, a secret key is also required in the verification of data. This method is most appropriate in checking whether there are errors in messages which would be indicative of security breaches (Dent, 2008). The commonly used algorithms in hashing include SHA-1 and MD5 (Bhargava, Shi & Wang, 2007). Figure 3: Hashing (PacketLife.net, 2010) Conclusion In the light of the above discussion, it is conclusive that encryption is very important in securing data and messages from unauthorized access and use. This is attributed to the fact that encryption ensures that it is the intended receiver who is able to comprehend the message. The disadvantages and advantages of symmetric and asymmetric methods demonstrate that robust or hybrid methods of utilizing encryption technologies are most effective. This is so due to the fact that hybrid methods utilize the advantages of both symmetric and asymmetric methods. More significantly, it is important to note that encryption allows electronic data communication maintain privacy, authenticity, integrity and accountability of data. References Ackerman, W. M. (2008). Encryption: A 21st century national security dilemma. International Review of Law, Computers & Technology, 12(2), 371-394. Al-Riyami, S., Malone-Lee, J., & Smart, N. P. (2009). Escrow-free encryption supporting cryptographic workflow. International Journal of Information Security, 5(4), 217-229 Bhargava, B., Shi, C., & Wang, S. (2007). MPEG video encryption algorithms. Multimedia Tools and Applications, 24(1), 57-79 Dent, A. W. (2008). A survey of certificateless encryption schemes and security models. International Journal of Information Security, 7(5), 349-377. Knott, C. L., & Steube, G. (2011). Encryption and portable data storage. Journal of Service Science, 4(1), 21-30 Lian, S., Liu, Z., Ren, Z., & Wang, Z. (2007). Multimedia data encryption in block-based codecs. International Journal of Computers & Applications, 29(1), 18-24 Lopriore, L. (2012). Reference encryption for access right segregation and domain representation. Journal of Information Security, 3(2), 86-90. Moore, A. (2007). Privacy and the encryption debate. Knowledge, Technology, & Policy, 12(4), 72-84 PacketLife.net. (2010). Symmetric encryption, Asymmetric encryption and hashing. Panfilov, B. A., & Cherepniov, M. A. (2008). A symmetric cryptosystem involving a mixed-base notation. Journal of Communications Technology & Electronics, 53(10), 1240-1242 Pendegraft, N. (2009). An inexpensive device for teaching public key encryption. Journal of Information Systems Education, 20(3), 277-280 Tian, H., Sun, X., & Wang, Y. (2007). A new public-key encryption scheme. Journal of Computer Science and Technology, 22(1), 95-102 Toubba, K. (2008). Employing encryption to secure consumer data. Information Systems Security, 15(3), 46-54 Zhu, Y., Hu, H., Ahn, G., Wang, H., & Wang, S. (2011). Provably secure role-based encryption with revocation mechanism. Journal of Computer Science and Technology, 26(4), 697-71 Read More