Encryption Essentials for Exam

Encryption Overview

  • Definition: Encryption transforms plaintext into ciphertext; decryption uses the correct key to recover plaintext.
  • Core concepts: plaintext, ciphertext, encryption key, decryption key; note that in symmetric schemes the same key is used for both operations, while in asymmetric schemes different keys are used.

The Need for Encryption

  • Data Privacy: protect personal, financial, and medical information.
  • Secure Communication: prevent interception and reading of messages.
  • Compliance: meet GDPR, HIPAA, and other regulations.
  • Data Integrity: detect unauthorized modifications.

Methods of Encryption

  • Symmetric Encryption (Private Key)
    • Description: same key for encryption and decryption.
    • Examples: AES, DES.
    • Advantages: fast and efficient; low computational cost.
    • Disadvantages: key distribution challenge; if the key is compromised, all data protected with that key is exposed.
  • Asymmetric Encryption (Public Key Encryption)
    • Description: two keys (public and private); data encrypted with one key can be decrypted with the other.
    • Examples: RSA, ECC.
    • Advantages: secure key distribution; supports digital signatures.
    • Disadvantages: slower and more computationally intensive; more complex to manage.

Encryption Protocols

  • SSL/TLS: cryptographic protocols for secure network communication.
  • Handshake process: client and server exchange keys and agree on encryption methods.
  • Key usage: asymmetric encryption during the handshake to securely exchange a symmetric session key; thereafter, the session uses symmetric encryption.
  • Session security: data integrity checks and protection against replay attacks.
  • Usage: widely used for HTTPS websites, email, and client-server communications.

Uses of Encryption

  • Protection of data on hard disks: full disk encryption to protect data if disks are lost or stolen.
    • Examples: BitLocker, FileVault.
  • Email encryption: ensure only intended recipient can read the message.
    • Examples: PGP, S/MIME.
  • HTTPS websites: SSL/TLS to encrypt data in transit between browser and server.

Advantages and Disadvantages of Different Protocols and Methods

  • Symmetric Encryption
    • Advantages: fast and efficient.
    • Disadvantages: key distribution challenge; compromised key endangers all data.
  • Asymmetric Encryption
    • Advantages: secure key distribution; supports digital signatures.
    • Disadvantages: slower; more resource-intensive.
  • SSL/TLS Protocols
    • Advantages: widely used and trusted; provides robust security for internet communications.
    • Disadvantages: can be vulnerable if not properly configured (e.g., SSL stripping); requires ongoing maintenance and updates.