DS

Security and Intended Use

  • Encryption on the internet serves to secure data transmission, protect privacy, prevent unauthorized access, and ensure data integrity.

  • It is important to safeguard sensitive information, maintain confidentiality, and establish secure communication channels.

Building on what we know about encryption and how it utilizes algorithmic keys, we’ll now look at how those keys can be distributed and managed for private communication. There are two main approaches for distributing and managing keys: the symmetric key system and the asymmetric key system.

For this exe

  • Symmetric Key System:

    • Uses a single key for encryption and decryption.

    • Faster and more efficient.

    • Requires secure key exchange.

  • Asymmetric Key System:

    • Uses a pair of keys (public and private).

    • Slower but more secure.

    • Eliminates the need for secure key exchange.

rcise, you’ll read about these encryption methods, answer a couple of sample AP-style multiple choice questions on the topic, then submit a short written response.

Symmetric Key Systems

Early key systems, like the Caesar Cipher, relied on the fact that both the sender and the recipient had the same key. One could use the key to encrypt the message, and the other could use it “in reverse” to decrypt it. This describes a symmetric key system, an encryption method that uses the same algorithmic key to encrypt and decrypt. Symmetric key systems can also be referred to as secret key encryption.

In a symmetric key system, each pair of users share a secret key. In the Alice, Bob, and Eve scenario, this would mean only Alice and Bob have the secret key. Eve or anyone else would not know the key.

The major flaw in symmetric key systems is that securely exchanging the keys themselves can be challenging. A pair could exchange their secret keys in several ways - in person, over email, through direct mail. In each of these scenarios, a third party could gain access to the secret key by intercepting or overhearing the message.

Asymmetric Key System

The asymmetric key system is an encryption method that uses different keys to encrypt and decrypt. Public-key cryptography is an example of an asymmetric key system. This requires a singular user to possess two separate keys, a public key and a private key, instead of one.

How does it work? Messages intended for a particular recipient are encrypted with the recipient’s public key. Then, the only way to decrypt the message encrypted with the recipient’s public key is to use their private key. In this case, only the intended recipient will be able to read the message.

So, imagine Alice and Bob are sending messages to each other, and each has a public key and a private key. Alice would encrypt a message using Bob’s public key, then Bob would decrypt that message with his private key. So, only Bob has access to the message from Alice.

This method is actually how modern secure message passing happens. This is called Secure Sockets Layer (SSL) and is typically indicated by a padlock icon in the browser’s address bar. SSL is considered an asymmetric key system, where certificate authorities (CAs) issue digital certificates that validate the ownership of encrypted keys used in secured communications. Any exchange happening on a site with SSL is based on a trust model that ensures the verification of one’s identity when a transaction or event occurs. For a user, encryption methods like SSL instill trust that the information he or she shares is protected. However, for all exchanges occurring on the Internet, - even those that seem secure - it is important for users to consider the privacy and security tradeoffs related to sharing personal or private information.

One-way functions are important for encryption algorithms because they are easy to compute in one direction but computationally infeasible to reverse, providing secure encryption.