HCI Data Ltd
Understanding Modern Encryption Techniques
Home Internet tools
 

This article will give an overview of modern encryption techniques.

First, we need to understand the difference between encoding and encryption.

Encoding

Encoding is an easily reversible process. This is the type of system Mary Queen of Scots used to send secret message while she was held in the Tower of London. It is the same system that is often used by school children. In its simplest form, every letter of the alphabet is converted to another letter. For example, M is converted to X, A is converted to Z, R is converted to S and Y is converted to W. The encoded value of 'MARY' would be 'XZSW' using this lookup table. Thus, it is easy to decode by simply reversing the process as X is converted to M, Z is converted to A, S is converted to R and W is converted to Y.

A more advanced form of encoding that is used extensively for sending e-mails from computer to computer is Base 64 encoding. Base 64 encoding does not convert a single letter to a different single letter. It takes groups of three letters and converts then to a group of four letters. To decode a Base 64 message is simply reversing the process that was used to encode the message.

So, using encoding to 'encrypt' a message, to decode the message the process is simply reversed.

Nowadays, encoding is not used to protect sensitive information as it is too easy to crack.

Encryption

Encryption is somewhat different. There are two flavours of encryption. These are one way encryption and two way encryption.

One Way Encryption

One way encryption is a process whereby information is encrypted using an encryption algorithm but there is no algorithm to decrypt the message. This may appear strange.

Why would anyone want to encrypt information when it cannot be decrypted? The answer is when the information is not important, but the knowledge of information is very important. A typical example is passwords. A password has no use except as a key to unlock a door to some secure area which could be a room, a computer or secure data.

To explain how it works, consider a password that is not encrypted. In this example we will use people but this could easily be a person and a computer. King Richard wants to keep his crown jewels safe from his brother Prince John. So he gives the box of crown jewels to his friend Robin Hood and says that only those who can provide the password 'Encrypt' can have access to the box. As, Robin has many other things to do, he writes the password 'ENCRYPT' on a piece of paper that he keeps on his person. The crown jewels remain safe as only the King knows the password and Robin checks his piece of paper to remind him of the password every time someone comes to access the crown jewels. Unknown to Robin, the pad of paper he wrote 'ENCRYPT' on has found its way to John. He uses that well known technique of rubbing a pencil over the pad to reveal the words written on the previous sheet of paper that Robin used. Now John knows the password is 'ENCRYPT'. John sends his spy to Robin. The spy gives Robin the password of 'ENCRYPT'. Robing verifies that 'ENCRYPT' is the correct password and gives the crown jewels to the spy. So, having a password that has not been encrypted is not very secure.

If Robin had an one way encrypted password, it would have been harder for John to have stolen the crown jewels. Using the example above, King Richard wants to keep his crown jewels safe from his brother John. So he gives the box of crown jewels to his friend Robin and says that only those who can provide the password 'Encrypt' can have access to the box. Robin still has many other things to do but he does NOT write the password 'ENCRYPT' on a piece of paper. He writes down an algorithm (a formula) that will convert the word 'ENCRYPT' to something quite different that he keeps on his person. The encrypted password is now 'q9qphAyRRGUDg'. Robin writes down these characters in addition to the algoriithm. The crown jewels remain safe as only the King knows the password and Robin checks his piece of paper to remind him of the encrypted password and how to encrypt the password every time someone comes to access the crown jewels. Unknown to Robin, the pad of paper he wrote the algorithm and the encrypted password has found its way to John. He uses that well known technique of rubbing a pencil over the pad to reveal the words written on the previous sheet of paper that Robin used. Now John knows the algorithm and the encrypted password. John does not know the actual password. John sends his spy to Robin. The spy gives Robin the encrypted password but Robin says -"I need the actual password". The spy makes a few guesses but every time Robin encrypts the spy's guess the resultant encrypted password does not match the 'q9qphAyRRGUDg' that Robin has on his piece of paper. The crown jewels are safe.

When the King comes to collect his crown jewels he gives Robin the password 'ENCRYPT'. Robin using the algorithm he wrote down on his piece of paper and the result is 'q9qphAyRRGUDg'. As this matches the encrypted password he wrote down on his piece of paper, the King must have given the correct password.

So, by using one way encryption the actual password can be verified by encrypting the guess and if the result matches the previously encrypted password, the guess can be validated as being the correct password.

John still wants to get the crown jewels. He has the algorithm and the encrypted password. Can he decode the encrypted password to discover the actual password? If the algorithm is a one way encryption algorithm then John cannot reverse the process. A typical non-reversable technique is to divide a number by a prime number and use the remainder - that is, the modulus. For example, 10 modulus 3 is 1 and 20 modulus 7 is 6. So, if, as part of the reverse process it was necessary to reverse the step

  'step 30 input' = 'step 29 output' modulus 29

and you knew that 'step 30 input' was 15, then 'step 29 output' could be 15, 44, 59, 74, 89, 104, etc.

Then only way John can find the password is to try every combination of password until the encrypted value matches the encrypted value of actual password. Nowadays this is a lot easier with computers. As an exercise, a 3Ghz Pentium 4 was set the task of finding the password that when encrypted gives a value of 'q9qphAyRRGUDg'. It took less than 2 seconds as this was a dictionary word!. It would have taken a lot longer had the password contained a mixture of upper an lower case letters plus a few numbers.

Two Way Encryption

This encryption method is used when the encrypted information needs to be restored (decrypted) back to the original information.

Before it is explained how this works, it is necessary to understand the problem it is trying to solve. Again we will use people as an analogy.

King Richard needs to send a secret message to Robin. John wants to intercept the message discover what the King is doing or else to replace the message with one that will lead Robin into a trap.

The old method of sending a secret message was to put the message in a box and lock it with a key. The King and Robin would both have a key to lock and unlock the box. The first problem is how do both the King and Robin have copies of the same key? If the King makes a copy of his key he must send the copy to Robin. But the key could be intercepted and another copy made of it and given to John. The King and Robin could send secret messages which they locked in a box but, unknown to them John intercepts the box and uses his copy of the key to unlock the box to read the message and maybe replace the message. Indeed, as John has a key, he could write his own messages and send them to Robin as if they had come from the King.

This system is known as single key encryption. Its failings are:

  • neither party knows if the encryption key has been copied by a third party
  • the receiving party does not know if the sender's encrypted message has been decrypted and viewed by a third party
  • the receiving party does not know if the sender's encrypted message has been decrypted, tampered with and re-encrypted by a third party
  • the receiving party does not know if the encrypted message came from a third party

What the King and Robin need is dual key encryption - better known as private/public key encryption.

Again we will use people as an analogy.

King Richard has a box made which takes two keys. One key will lock the box but will not unlock the box. The other key will only unlock the box - it cannot lock the box. The crucial point to note here is that the King will keep the key that only unlocks the box. This is known as his private encryption key. He will send the key that will only lock the box to Robin - this is the public encryption key. We will assume that John has intercepted this public key and made a copy.

When Robin needs to send a secret (encrypted) message to the King he write the message and locks it in the box with the King's public key. The locked box - the encrypted message - is sent to the King.

If John intercepts the box, he cannot open it using the copy of the Kings public encryption key as that key will only lock the box.

When the King receives the box - the encrypted message - he uses his private key to unlock - decrypt - the message.

The benefits of the private/public encryption key is:

  • it does not matter if the public encryption key has been copied by a third party as it cannot decrypt (open the box) messages
  • the receiving party knows that the sender's encrypted message has not been decrypted and viewed by a third party as that requires the private key of which the receiver has the only copy
  • the sender's encrypted message has not been decrypted, tampered with and re-encrypted by a third party as that would required both the private and public keys

The only failing is that the receiving party does not know if the encrypted message came from a third party as anyone with the public key can encrypt a message. This is overcome with digital signatures.

Digital Signatures

This is similar to encrypting messages in that there is a private key and a public key. The sender using their private key to generate a block of characters. The block of characters depends on the content of the message and the private key. This means that some unique identification can be obtained from the digital signature when it is decrypted using the public key. When the digital signature is verified using the public key it also verifies that the message text was used to generate the digital signature. This prevents a third party making changes to a message.

There is more that could be said about digital signatures and one day I will get around to writing it!




HCI Data Ltd is a member of the Federation of Small Businesses
Last Updated: Saturday, 23-Jan-2016
HCI Data Ltd.