Key Takeaways
Encryption is a crucial technology for digital security, ensuring privacy by changing data into unreadable form for those without access.
Historical encryption techniques such as the Scytale, Polybius Square, and Caesar's Cipher have had a significant impact on modern encryption systems.
In the contemporary world, encryption operates through algorithms that depend on the factorization of exceedingly large numbers into prime numbers. This method ensures the protection of stored data, secures websites, and enables secure digital communication.
You may have come across the term "encryption" while browsing the internet. But what exactly is it? Encryption is perhaps the most crucial technology we possess. It serves as the foundation for numerous digital security measures, including safe browsing and secure email. Without encryption, our privacy would be completely compromised.
This article on Cybersecurity Awareness Week is sponsored by Incogni.
What Is Encryption?
By employing encryption, the content of a message or data undergoes alterations, rendering it comprehensible solely to individuals possessing the knowledge to restore it to its initial state. For anyone else, it will be perceived as nonsensical gibberish, comprising an assortment of characters and symbols devoid of significance.
This is particularly advantageous when sending sensitive or private information – a reliable encryption scheme ensures that the information remains inaccessible to unauthorized individuals. An encryption scheme simply outlines the process used to transform a message or data into an unreadable form. First, we will provide a few historical examples, and then delve into modern encryption methods.
The Scytale
Throughout history, individuals have employed various methods to protect private messages from being intercepted by unauthorized individuals. In ancient times, the Greeks devised a technique involving a scytale, a wooden rod, and a strip of parchment. By tightly wrapping the parchment around the rod and inscribing the message along its length, the writing on the unwrapped parchment became unintelligible. The parchment would then be entrusted to a messenger, who would deliver it to the intended recipient. To decipher the message, the recipient would wrap the parchment around their own scytale, matching the dimensions of the original rod. This practice is known as a transposition cipher.
It is a rudimentary method, yet it possesses components that can be found in contemporary encryption systems. Prior knowledge of the encryption scheme and its usage is essential for both the sender and the recipient. Moreover, they must have corresponding mechanisms in place to facilitate this process.
The Polybius Square
The ancient Greeks also utilized a Polybius square as another method. It consisted of a grid of letters, either five-by-five or six-by-six in size. Similar to the game battleships, each letter was identified by its coordinates. For instance, the first letter in the first row was designated as "11", while the fourth letter in the second row would be denoted as "42".
Naturally, there are various ways to populate the grid with letters. Without knowledge of the specific arrangement, deciphering becomes challenging. To overcome this hurdle, one can establish a system that incorporates multiple squares with different layouts. For instance, you could create seven squares and assign each square to a different day of the week. These systems, employing multiple alphabets, are known as polyalphabetic ciphers.
A Polybius square is a form of code. A code substitutes other characters for letters, in this example, digits. Ciphers replace letters with other letters.
Caesar's Cipher
Caesar's Cipher is named after Julius Caesar. It involves selecting a letter by rotating it a certain distance from the letter being encrypted. For example, with an offset of two, "A" would be encrypted as "C" and "D" would be encrypted as "F." To decrypt the message, the recipient needs to know the correct offset and subtract it from the received letters.
A special feature of Caesar's Cipher is the offset of 13, also known as "rotation 13" or ROT13. This offset is significant because it divides evenly into the 26 letters of the English alphabet. By applying this offset, you can decipher a message by simply encrypting it again. Encrypting the message twice will bring you back to the original text.
Content must be written in English:
When you select the letters "GEEK" from the uppercase alphabet and identify their corresponding letters in the lowercase alphabet, you will obtain "TRRX". By repeating this process with "TRRX" in the uppercase alphabet, you will retrieve the letters "GEEK" from the lowercase alphabet.
From a programming perspective, this simplifies the process as you only need to create an enciphering routine. There is no requirement for a deciphering routine, making the creation of a ROT13 implementation a popular exercise for programming beginners. However, it is important to note that ROT13 is widely regarded as a weak and ineffective form of encryption. To test it yourself, you can utilize an online ROT13 engine. Simply enter "Alaska Nynfxn" and input the generated result as the new input.
So, What is Encryption?
All of the examples we have discussed thus far may seem relatively simple to decode, but they effectively demonstrate a key commonality that is shared among them all, as well as all varieties of encryption. This commonality lies in the adherence to a specific set of guidelines designed to transform the original data, referred to as "plaintext," into its encrypted counterpart, known as "ciphertext." These guidelines are encapsulated within an algorithm, which essentially defines the process of encryption itself.
It's algorithms for privacy.
How Does Encryption Work Today?
In the digital age, individuals encounter similar challenges to those faced by individuals in ancient Greece when it comes to storing or transmitting private data. How can you safeguard the data from unauthorized access? And what measures can be taken to enhance its security?
The encryption system used in the past can be deciphered through understanding its mechanics. By utilizing a rod with a specific diameter, the scytale message can be made legible. As for Caesar's Cipher, experimentation with various offsets on the initial segment of the message can lead to its decryption. Considering there are only 25 possible offsets, it can be done relatively quickly.
Polybius squares present a greater challenge due to the unpredictable arrangement of letters within the square. If one is already familiar with the square's layout, it ceases to be a challenge. However, when the layout is unknown, one can attempt to decrypt the message by analyzing the ciphertext itself, which is known as cryptanalysis.
In simpler ciphers, tools such as letter frequency tables can be used to determine which ciphertext letter corresponds to each plaintext letter. For a encryption scheme to be considered secure, it should withstand cryptanalysis attacks regardless of how much knowledge individuals have about its inner workings. Additionally, the ciphertext must remain resistant to cryptanalysis.
Not Characters, Bits
Robust digital schemes don't work on letters and characters one at a time as serial ciphers do. They work through the data a chunk at a time and are called block ciphers.
The bits, represented by ones and zeroes, are manipulated within each block based on complex mathematical transforms incorporated in the encryption algorithms. When an algorithm utilizes a block size of 128 bits, it processes the data in chunks of 128 bits. In case the final chunk is smaller than 128 bits, it is padded to reach that size.
Numerous block encryption schemes exist, with the Advanced Encryption Standard (AES) serving as the official encryption standard for the U.S. government. These schemes employ diverse algorithms, block lengths, and combinations of mathematical transforms.
That all sounds very thorough, but how do we prevent an unauthorized person from using the same encryption scheme to decrypt our encrypted data?
Hash Strings
Let's start with a special scenario. There exists a possibility to encrypt data using a one-way transform. This stands in direct contrast to ROT13, as the resulting ciphertext cannot be converted back to plaintext. In fact, it cannot be decrypted within a reasonable amount of time. This type of encryption is commonly used in hashing functions where a sequence of plaintext is transformed into a corresponding sequence of ciphertext, known as the hash or hash string. All hash strings have the same length.
How does this have practical utility? Well, a secure website does not store your password in its original form. Instead, your password undergoes hashing, and only the resulting hash string is retained. Your original password is never stored. When you next attempt to log in and enter your password, it is hashed again, and the resultant hash string is compared to the stored hash string in your account details. If they match, you are granted access. However, if you enter an incorrect password, the two hash strings will not match, and you will be denied access.
This allows the website to employ authentication measures without the need to store passwords in plain text. In the event of a security breach, none of the passwords are at risk of being compromised. Additionally, hashing techniques can introduce a salt, which is unique, random data added to the passwords before they are hashed. Consequently, all password hashes are distinct even if multiple users happen to select the same password.
What is Encryption Used For?
Today, encryption is used for just about everything (or at least it should be). Here are a few of the examples you encounter almost every day.
Encrypted Storage Drives
In order to prevent unauthorized individuals from decoding data, a unique key is utilized to identify the encrypter and the authorized decrypter. This key is generated through a complex algorithm and consists of a lengthy sequence of bytes. Generally, the size of the key ranges from 128 to 2048 bytes, or even more. When encrypting the plaintext, the encryption algorithm relies on this key. It is important to note that the key size is not related to the block size.
For the protection of locally stored data, it is possible to encrypt entire hard drives. This encryption is closely tied to the user's login identity, and the key is automatically generated and applied. The user has no direct involvement with the key, and there is no need to share it with any other parties.
By linking the key to the user's login identity, detaching the hard drive from one computer and connecting it to another will not grant access to the data. This safeguard ensures the protection of static or "at rest" data.
This security measure is not limited to traditional computers. Modern mobile phones also encrypt their storage, and with valid justification. Our phones contain a wealth of personal and confidential information, and it is crucial to prevent unauthorized access by anyone who may come into possession of our device.
If your data must be transmitted you need to consider how you will safeguard your data "in transit."
Secure Websites
When you see a padlock symbol in the address bar of a website you connect to, it may give you the impression that the website is secure. However, the presence of the padlock simply indicates that the connection between your computer and the website is encrypted using SSL/TLS encryption.
While this encryption is a positive aspect, it does not guarantee the overall security of the website. The website could still have flawed security practices, such as storing passwords in plaintext or using a default admin password for the database. Nevertheless, the presence of the padlock does provide assurance that your communication with the website is encrypted.
The encryption is possible through the use of a shared encryption scheme between your browser and the website, involving multiple keys. When a connection session begins, both your browser and the website exchange public keys, which can decrypt data encrypted with private keys. By exchanging their public keys and utilizing their respective private keys for encryption, both ends of the connection can decrypt the information received from the other end without exposing their private keys.
Releasing a public key is secure as it cannot be used to maliciously encrypt data. Thus, obtaining a website's public key does not enable one to impersonate the genuine website because the private key is required. However, this raises concerns about the authenticity of the website. How can one ascertain that the website is the actual owner of the public and private key pair, and not an imposter who somehow acquired both keys from the genuine website?
To authenticate websites, certificates are utilized. Certification Authorities issue these certificates after verifying the identity of the applicant. During the initial connection session, the website sends the certificate as part of the handshake, allowing the web browser to verify the authenticity of the certificate.
The browser accomplishes this by establishing a connection with the Certificate Authority and decrypting specific certificate details. This procedure necessitates the use of additional keys. The browser already possesses public keys from prominent Certificate Authorities since they are included in its installation package. However, there are still more keys involved. Furthermore, apart from exchanging public keys, the browser and the website generate distinct session keys to enhance the security of their communication.
After confirming the site's authenticity and the encryption's robustness, the browser displays a padlock in the address bar.
Secure Email
The notion of public and private keys arises frequently in encryption. In the realm of securing emails during transmission, a common approach involves utilizing pairs of public and private keys. While public keys can be safely exchanged, private keys are kept confidential. Upon encryption, messages are encoded using the sender's private key. The recipient, on the other hand, applies the sender's public key to decipher and peruse the content. To send a response, the recipient can employ their own private key for encryption.
OpenPGP, a widely recognized encryption scheme, follows a similar model with a unique element.
In this model, the sender's email client creates a random key to encrypt the email message. Subsequently, the random key is encrypted using the recipient's public key. Both the encrypted message and the encrypted random key are transmitted to the recipient. The recipient's email program decrypts the random key using their private key, enabling them to decrypt the message using the decrypted random key.
The additional step serves the purpose of facilitating secure transmission of emails to multiple recipients. Instead of encrypting the entire email individually for each recipient, only the random key needs to be encrypted.
Naturally, secure email systems also grapple with the concern of ensuring authenticity. Establishing trust in the public key received is crucial. Public keys are linked to email addresses. Receiving the public key from the same email address with which you will be corresponding is a commendable initial measure. Majority of email clients are capable of displaying the associated email address for a public key.
Another way to verify the credibility of a public key is by acquiring it from a repository. These repositories ensure that the public keys they upload undergo verification before being made accessible to the public.
Encryption Underpins Our Digital Lives
Encryption is essential to our digital existence when used properly. It is important to avoid unsecured remote connections, whether for remote work or online shopping. Utilize email clients that can encrypt private messages, and opt for messenger apps that offer end-to-end encryption. As Caesar might have famously said, encryption is the way to go.