Sie sind auf Seite 1von 4

List the basic symmetric cryptographic algorithms and describe how asymmetric cryptography works.

Also explain how whole disk encryption works


Cryptography An important means of protecting information is to scramble the contents in a way that an attacker will not be able to understand the content even if he gets hold of the information. Basically it deals with the conversion of data into a secret code for transmission over a public network. Today, most cryptography is digital, and the original text "plaintext" is turned into a coded equivalent called "ciphertext" via an encryption algorithm. The ciphertext is decrypted at the receiving end and turned back into plaintext.
Some of the advantages of cryptography include: It can protect the confidentiality of information by ensuring only the authorized users can view it. It can protect the integrity of the information by ensuring the correctness and unaltered condition of the information. It can help ensure the availability of information for the authorized users. It can verify the authenticity of the sender. It can enforce non-repudiation, which typically means that once a user sends information over the network, that user cannot deny if sending that. In other words it helps to prove that a user has performed an action.

The original cryptographic algorithms for encrypting and decrypting are symmetric cryptographic algorithm. The symmetric cryptographic algorithm uses the same shared single key to encrypt and decrypt a document. It is imperative to keep the key private as the same key is used to for both encryption and decryption. The basic symmetric algorithms can de divided based on the amount of data it can process at a time. Stream Cipher: A stream cipher takes one character and replaces with another character at a time. There are some classifications among stream cipher algorithm. o Substitution Cipher: It is the simplest form of stream cipher and does the function only. It is also known as mono-alphabetic-substitution cipher. It can easily be broken because of its nature of formation. o Transposition Cipher: It is a more complicated stream cipher. It rearranges letters without changing them. It follows four steps, starting with determining a key, then assigns a number value to each letter in the key, record plaintext by row and finally extract by column number. Block Cipher: The block cipher is significantly than the stream cipher system. It manipulates an entire block of plaintext at a time to encrypt instead of one character at a time. The plaintext is generally divided into separate blocks of 8 to 16 bytes and encrypted independently. Also each block can be randomized for enhanced security.

The final step in symmetric ciphers is to combine cipher stream with plaintext using exclusive OR (XOR) binary logic. There is another method which is known as pad and sometimes referred to as one time pads (OTP). Data Encryption Standard: It is one of the widely popular symmetric cryptography algorithms. It initially had 128 bit key length which was later shortened to 56 bits. It uses block cipher encryption by

dividing the plaintext into blocks of 64 bits. It is currently not recommended for use at this moment as it was broken several times. Triple Data Encryption Standard: It was developed to replace DES. It uses 3 rounds of encryption instead of one in DES. The process starts with the first round of encryption. The ciphertext obtained from first round is used as the input for the second round. It uses a total of 48 iterations (3 iterations X 16 rounds). In the most advanced 3DES, different keys are used in each round to provide enhanced security. It works better in hardware than software. Currently its not considered to be one of the most secure encryption methods. Advanced Encryption Standard: A replacement for DES was established in the late 2000s, approved by NIST. It is also a block cipher encryption. The process for AES involves 3 steps on every block of plaintext. The number of rounds performed in each step is dependent on the key size, 9 rounds for 128 bit key, 11 rounds for 192 bit key and for AES-256, a 256 bit key, requires 13 rounds. Because of its complex substitution, rearrangement, special multiplication, no attacks have been successful against AES, to date. Other Symmetric Encryption Algorithm: There are some variations to symmetric encryptions used. Ron Rivest developed the Rivest Cipher (RC). It ranged from RC1 to RC6. RC2, RC5 and RC6 are block ciphers and RC4 is a stream cipher. The International Data Encryption Algorithm is a block cipher that is processes 64 bits with a 128 bit key with 8 rounds. Another popular block cipher encryption is Blowfish. It is designed to run on 32 bit computers and to date there has not been any evidence of significant weakness. A variation to Blowfish is Twofish which is not common. Asymmetric Cryptography Asymmetric cryptography is also known as private key cryptography. The basic difference between this cryptography to symmetric cryptography is the use of two different keys instead of one. These key are mathematically related and known as the private and public key. The public key, by its name, is available to everyone and is distributed freely. Similarly private key is individual and kept private by individual users. To send a message the sender uses the public key of the receiver to encrypt the message and upon receiving the message the receiver uses the private key to decrypt the message. Some important features of asymmetric encryption include, Key Pairs: A user has a pair of keys instead of only one in symmetric encryption. A public key which is available to anyone. A private key which is confidential and should be not be shared. Bi-Directional: The keys in this method are bi-directional. A message encrypted with public key can be decrypted using the private key and vice versa. Digital Signature: The use of digital signature in this encryption method serves multiple issues. It ensures sender identity, prevent nonrepudiation by the sender and maintain the integrity of the message. There is a separate authority which issues the digital signature or certification.

The steps in asymmetric encryption include the following: 1. 2. 3. 4. 5. 6. Sender creates a message for sending. Generate a hash algorithm for the message. It serves as the digital signature. Encrypt the hash with senders private key. Sends the hash and the encrypted message to the receiver. The receiver decrypts the message using senders public key. It reveals the hash algorithm. Receiver hashes the message with hash used by the sender.

7. If the hash results are equal then it is certain that the message was not compromised and is original. In step 5 if the receiver cannot decrypt the message using the public key of the sender, it means the message did not originate from the intended sender. This is because only a pair of private and public key can encrypt and decrypt a certain message. Please refer to Figure 1 for illustration of the asymmetric encryption process. Whole Disk Encryption Whole Disk Encryption (WDE) is a process which, by using hardware or software, encodes the information on a computer. Decoding the information requires a password or a pin, which prevents unauthorized access to the data on the computer. This form of cryptography is applied to an entire disk instead of a single file or folder in the system. This encryption protects the entire disk in the event of theft or accidental loss. It can only be accessed by authorized users. Generally there are different softwares available for WDE. Some of the most common and popular ones include, BitLocker, used in Microsoft Windows 7 and Vista. It encrypts the entire system volume, including Windows registry and temporary files. It provides security through booting from another operating system or by placing the hard drive in another computer. Other softwares include PGP. In this encryption a boot sequence executes during the startup process of the operating system. The boot loader looks at the boot record or partition table which is the logical area zero or the starting point of a disk. It modifies the zero point area for encryption. The process involves the user to provide authentication credentials in the form of passphrase. The credentials can be some token or smart card as well. Once the user puts the credentials in the disk is encrypted and the user can access the system. Generally all the drives are encrypted one at a time after initial disk encryption is completed. Decrypted data is never available on the disk. In case of lost authentication credentials, there are several methods of recovery, such as local self-recovery, recovery token and Administrator key.

References
http://www.pcmag.com/encyclopedia_term/0,2542,t=cryptography&i=40522,00.asp http://it.hms.harvard.edu/pg.asp?pn=security_wdefaqs#whatiswde

http://community.pepperdine.edu/it/content/how-wde-works.pdf

Das könnte Ihnen auch gefallen