Encryption Foundation Notes

Encryption Foundation

Approaches to Encryption

  • Two main approaches:
    • Encryption at rest
    • Encryption in transit

Encryption at Rest

  • Protects against physical theft and tampering.
  • Example: Encrypted laptop.
    • Data written to storage is encrypted/scrambled.
    • Data read from storage is decrypted.
    • A secret key is used for encryption/decryption (e.g., password).
  • If the laptop is stolen without the passcode, the data is useless.
  • Used in cloud environments where data is stored on shared hardware in encrypted form.
  • Generally used when only one party is involved, who knows the encryption/decryption key.

Encryption in Transit

  • Protects data while being transferred between two places.
  • Example: Internet banking.
    • Data is encrypted before leaving the laptop and decrypted by the bank, and vice versa.
  • Applies an encryption wrapper or tunnel around the raw data.
  • Anyone looking from the outside sees scrambled data.
  • Generally used when multiple individuals or systems are involved.

Encryption Concepts

Plain Text

  • Unencrypted data.
  • Can be text, images, or applications.
  • Data that can be loaded into an application and used immediately.

Algorithm

  • A piece of code or mathematics that takes plain text and an encryption key to generate encrypted data.
  • Examples: Blowfish, AES, RC4, DES, RC5, RC6.

Key

  • At its simplest, a password but can be more complex.

Ciphertext

  • Encrypted data.
  • Not always text data.

Encryption Process

  • Takes plain text, an algorithm, and a key to create ciphertext.

Decryption Process

  • Takes ciphertext, a key, and generates plain text.

Symmetric Encryption

  • Uses a symmetric key for both encryption and decryption.
  • Problem: Key exchange between parties.
    • Transferring electronically is risky.
    • In-person meetups can be intercepted.
    • Encrypting the encryption key requires another key to be transferred securely.
  • Good for local file encryption or disk encryption but complex for remote data transfer.
  • If the transit of the encryption key needs to happen in advance, and the data is very time sensitive, that becomes complex.

Example Scenario

  • Cat supreme ruler and robot general want to exchange battle plans securely.
  • Agree on algorithm AES 256.
  • Cat Ruler generates symmetric encryption Key and keeps it safe
  • Symmetric encryption algorithm accepts the key and plain text battle plans.
  • Performs encryption and returns ciphertext (encrypted battle plans).
  • The ciphertext is secure because it'S encrypted with the key

Asymmetric Encryption

  • Addresses key exchange problems.
  • Keys are asymmetric, consisting of a public key and a private key.
  • First stage is to agree on an an asymmetric algorithm to use. Each side needs to make both public and private keys, so they are then able to send and receive encrypted information to each other.
  • Public key encrypts data that only the corresponding private key can decrypt (the public key cannot decrypt).
  • Private key must be guarded carefully.
  • Public key can be freely distributed.
  • No need to exchange keys in advance.

Process

  • Robot general uploads his public key.
  • Cat ruler downloads the robot general's public key.
  • Asymmetric algorithm uses the general's public key and the plain text battle plans to generate ciphertext.
  • Ciphertext is transmitted to the robot general.
  • Robot general uses his private key to decrypt the ciphertext back into plain text.

Use Cases

  • Generally used when two or more parties are involved and have never met before.
  • PGP (email and file encryption).
  • SSL/TLS (browser communications).
  • SSH (secure server access).
  • Computationally more intensive than symmetric encryption.
  • Often used to initially agree on a symmetric key, which is then used for further communication.