encryption Encryption refers to algorithmic

Document Sample
encryption Encryption refers to algorithmic Powered By Docstoc
					Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext, providing
privacy. The receiver of the encrypted text uses a "key" to decrypt the message, returning it to its original plain text
form. The key is the trigger mechanism to the algorithm.

Until the advent of the Internet, encryption was rarely used by the public, but was largely a military tool. Today, with
online marketing, banking, healthcare and other services, even the average householder is aware of encryption.

Web browsers will encrypt text automatically when connected to a secure server, evidenced by an address beginning
with https. The server decrypts the text upon its arrival, but as the information travels between computers, interception
of the transmission will not be fruitful to anyone "listening in." They would only see unreadable gibberish.

There are many types of encryption and not all of it is reliable. The same computer power that yeilds strong
encryption can be used to break weak encryption schemes. Initially, 64-bit encryption was thought to be quite strong,
but today 128-bit encryption is the standard, and this will undoubtedly change again in the future.

Though browsers automatically encrypt information when connected to a secure website, many people choose to use
encryption in their email correspondence as well. This can easily be accomplished with encryption programs that
feature plug-ins or interfaces for popular email clients. The most longstanding of these is called PGP (Pretty Good
Privacy), a humble name for very strong military-grade encryption program. PGP allows one to not only encrypt
email messages, but personal files and folders as well.

Encryption schemes are categorized as being symmetric or asymmetric. Symmetric key algorithms such as Blowfish,
AES and DES, work with a single, prearranged key that is shared between sender and receiver. This key both encrypts
and decrypts text. In asymmetric encryption schemes, such as RSA and Diffie-Hellman, the scheme creates a "key
pair" for the user: a public key and a private key. The public key can be published online for senders to use to encrypt
text that will be sent to the owner of the public key. Once encrypted, the cyphertext cannot be decrypted except by the
one who holds the private key of that key pair. This algorithm is based around the two keys working in conjunction
with each other. Asymmetric encryption is considered one step more secure than symmetric encryption, because the
decryption key can be kept private.

Strong encryption makes data private, but not necessarily secure. To be secure, the recipient of the data -- often a
server -- must be positively identified as being the approved party. This is usually accomplished online using digital
signatures or certificates.

As more people realize the open nature of the Internet, email and instant messaging, encryption will undoubtedly
become more popular. Without encryption, information passed on the Internet is not only available for virtually
anyone to snag and read, but is often stored for years on servers that can change hands or become compromised in any
number of ways. For all of these reasons encryption is a goal worth pursuing.




Public key encryption is considered very secure because it does not require a secret shared key between the sender
and receiver. Other encryption technologies that use a single shared key to both encrypt and decrypt data rely on both
parties deciding on a key ahead of time without other parties finding out what that key is. However, the fact that it
must be shared between both parties opens the door to third parties intercepting the key. This type of encryption
technology is called symmetric encryption, while public key encryption is known as asymmetric encryption.

A "key" is simply a small bit of text code that triggers the associated algorithm to encode or decode text. In public key
encryption, a key pair is generated using an encryption program and the pair is associated with a name or email
address. The public key can then be made public by posting it to a key server, a computer that hosts a database of
public keys. Alternately, the public key can be discriminately shared by emailing it to friends and associates. Those
that possess your public key can use it to encrypt messages to you. Upon receiving the encrypted message, your
private key will decrypt it.

Public Key Encryption Algorithm on wiseGEEK:
      A "key" is simply a small bit of text code that triggers the associated algorithm to encode or
       decode text. In public key encryption, a key pair is generated using an encryption program and
       the pair is associated with a name or email address.
      This is in response to an increase in computing power of hackers who could break weaker codes
       using brute force calculations. The complexity of the algorithms makes asymmetric key
       encryption very slow, and best suited for smaller messages such as sharing session keys used in
       digital signatures.

       Public key encryption is especially useful for keeping email private. Any stored messages on mail servers,
       which can persist for years, will be unreadable, and messages in transit will also be unreadable. This degree
       of privacy may sound excessive until one realizes the open nature of the Internet. Sending email
       unencrypted is akin to making it public for anyone to read now or at some future date. United States law
       does not recognize email as a protected or private form of communication, unlike a telephone call or letter

Private Key on wiseGEEK:

      The mail or message is then sent to the owner of the public key. Upon receipt of the mail, the
       private key will request a passphrase before decrypting. For maximum security this passphrase
       should be supplied manually, but software will allow a user to store the passphrase locally so that
       messages can be decrypted automatically.
      Key servers allow access to public key information for this specific purpose. Private key servers
       are much less relaxed. These servers contain the private half of an asymmetric encryption key or
       a decoding cypher for a symmetric system.
      PGP (Pretty good Privacy) is the most widely recognized public key encryption program in the world. It can
       be used to protect the privacy of email, data files, drives and instant messaging.



      Traffic on the Internet is susceptible to snooping by third parties with a modicum of skill. Data packets can
       be captured and stored for years. Even mail servers will often indefinitely store messages, which can be read
       now or at a future point, sometimes long after the author has changed his or her point of view. Email, unlike
       a phone call or letter, is not legally protected as private communication, and can therefore be read by third
       parties, legal or otherwise, without permission or knowledge of the author. Many privacy watchdog groups
       advocate, if you aren't using encryption, don't include anything in an email you wouldn't want to see
       published. Ideally this includes personal information as well, such as name, address, phone number,
       passwords, and so on.
      PGP encryption provides privacy missing from online communication. It changes plain, readable text into a
       complex code of characters that is completely unreadable. The email or instant message travels to the
       destination or recipient in this cyphered form. The recipient uses PGP to decrypt the message back into
       readable form. Whether you are concerned about protecting privacy rights, a corporate whistleblower, or a
       citizen that simply wants to chat with friends without allowing people to "listen in," PGP is the answer.

      The simple but ingenious method behind public key encryption is based around the creation of a customized
       key pair. The key pair consists of a public key and a private key. The public key encrypts messages, while
       the private key decrypts them.
      Using PGP, Mr. Wise would generate a key pair by entering a real name or nickname to be associated with
       the keys and a password. The two keys are interlocking algorithms that appear as small bits of text code. Mr.
       Wise can freely share the public key with anyone who wishes to send an encrypted message to him. For
       example, let's say Mr. Wise gives his public key to Ms. Geek. He can copy and paste it into an email and
       send it to her "in the clear."
      ManageEngine.com/PasswordManagerPro
      Ms. Geek receives the public key and copies it to her public key ring in PGP. After she writes an email to
       Mr. Wise, the email is encrypted using the associated public key, obtained from the key ring. The encrypted
       email is now sent. If someone captures the email en route, or even if it is stored on a server, it will be
       unreadable.
      www.formition.com
      When Mr. Wise receives the email, his private key decrypts the message. Thus the communication is kept
       private, even though it travels over public channels. The encryption and decryption can be done
       automatically, as PGP seamlessly interfaces with most major email clients.
   To send an encrypted email to someone using PGP, you only need his or her public key. Each public key is
    unique and works with the associated private key as a key pair. If you encrypt a message with the public key
    of someone other than the recipient, the recipient will not be able to decrypt the message.


Private Key

   When creating a key pair in PGP, the option exists for your public key to be sent to a public key server.
    This makes it possible for strangers to send you encrypted mail by simply looking up your public key. To
    avoid spam, you may choose instead to email your public key discretely to handpicked friends. Others attach
    their public key as part of their signature on public posts to newsgroups and Web chat boards.
   A PGP user can also use his or her private key to digitally sign outgoing mail so that the recipient knows that
    the mail originated from the named sender. A third party would not have access to the private key, so the
    digital signature authenticates the sender.
   Sensitive data files stored on your hard drive or on removable media can also be protected using PGP. You
    can use your public key to encrypt the files and your private key to decrypt them. Some versions of PGP also
    allow the user to encrypt an entire disk. This is especially useful for laptop users in the event the laptop is
    lost or stolen.
   Early versions of PGP were written by Philip Zimmermann and first offered to the public in 1991. PGP is
    open source and has several different versions available with prevailing attitudes about which is best. Some
    versions of PGP are free for personal use, while the newest "official" incarnations offered through PGP
    Corporation are shareware. Beginning with PGP Personal Desktop v. 9.0, users are offered a fully functional
    free trial run before the software reverts to a lesser-featured version, minus a purchased license. The lesser-
    featured version still allows encryption of email but some of the automation is crippled.
   Commercial versions of PGP are also available to use in networked multi-user environments. For detailed
    information, visit PGP Corporation.
What is a Protocol?
A protocol is a set of rules that governs the communications between computers on a
network. In order for two computers to talk to each other, they must be speaking the same
language. Many different types of network protocols and standards are required to ensure that
your computer (no matter which operating system, network card, or application you are
using) can communicate with another computer located on the next desk or half-way around
the world. The OSI (Open Systems Interconnection) Reference Model defines seven layers of
networking protocols. The complexity of these layers is beyond the scope of this tutorial;
however, they can be simplified into four layers to help identify some of the protocols with
which you should be familiar (see fig 1).

 OSI Layer         Name                             Common Protocols
     7           Application
      6          Presentation                  HTTP | FTP | SMTP | DNS
      5            Session
      4           Transport                  TCP                       SPX
      3            Network                     IP                       IPX
      2           Data Link
                                                        Ethernet
      1            Physical

Fig 1. OSI model related to common network protocols

Figure 1 illustrates how some of the major protocols would correlate to the OSI model in
order to communicate via the Internet. In this model, there are four layers, including:

              Ethernet (Physical/Data Link Layers)
              IP/IPX (Network Layer)
              TCP/SPX (Transport Layer)
              HTTP, FTP, Telnet, SMTP, and DNS (Session/Presentation/Application
               Layers)

Assuming you want to send an e-mail message to someone in Italy, we will examine the
layers "from the bottom up" -- beginning with Ethernet (physical/data link kayers).

Ethernet (Physical/Data Link Layers)
The physical layer of the network focuses on hardware issues, such as cables, repeaters, and
network interface cards. By far the most common protocol used at the physical layer is
Ethernet. For example, an Ethernet network (such as 10BaseT or 100BaseTX) specifies the
type of cables that can be used, the optimal topology (star vs. bus, etc.), the maximum length
of cables, etc. (See the Cabling section for more information on Ethernet standards related to
the physical layer).

The data link layer of the network addresses the way that data packets are sent from one node
to another. Ethernet uses an access method called CSMA/CD (Carrier Sense Multiple
Access/Collision Detection). This is a system where each computer listens to the cable before
sending anything through the network. If the network is clear, the computer will transmit. If
some other node is already transmitting on the cable, the computer will wait and try again
when the line is clear. Sometimes, two computers attempt to transmit at the same instant.
When this happens a collision occurs. Each computer then backs off and waits a random
amount of time before attempting to retransmit. With this access method, it is normal to have
collisions. However, the delay caused by collisions and retransmitting is very small and does
not normally effect the speed of transmission on the network.

Ethernet

The original Ethernet standard was developed in 1983 and had a maximum speed of 10 Mbps
(phenomonal at the time). The Ethernet protocol allows for bus, star, or tree topologies,
depending on the type of cables used and other factors .

The current standard at the 10 Mbps level is 10BaseT. The "10" stands for the speed of
transmission (10 megabits per second); the "Base" stands for "baseband" meaning it has full
control of the wire on a single frequency; and the "T" stands for "twisted pair" cable. Older
standards, such as 10Base2 and 10Base5, used coaxial cable, but these standards are seldom
used in new installations. Fiber cable can also be used at this level in 10BaseFL.

Fast Ethernet

The Fast Ethernet protocol supports transmission up to 100 Mbps. Fast Ethernet requires the
use of different, more expensive network concentrators/hubs and network interface cards. In
addition, category 5 twisted pair or fiber optic cable is necessary. Fast Ethernet standards
include:

              100BaseT - 100 Mbps over 2-pair category 5 or better UTP cable.
              100BaseFX - 100 Mbps over fiber cable.
              100BaseSX -100 Mbps over multimode fiber cable.
              100BaseBX - 100 Mbps over single mode fiber cable.

Gigabit Ethernet

Gigabit Ethernet standard is a protocol that has a transmission speed of 1 Gbps (1000 Mbps).
It can be used with both fiber optic cabling and copper. The 1000BaseT, the copper cable
used for Gigabit Ethernet (see the Cabling section for more information).

              1000BaseT - 1000 Mbps over 2-pair category 5 or better UTP cable.
              1000BaseTX - 1000 Mbps over 2-pair category 6 or better UTP cable.
              1000BaseFX - 1000 Mbps over fiber cable.
              1000BaseSX -1000 Mbps over multimode fiber cable.
              1000BaseBX - 1000 Mbps over single mode fiber cable.

The Ethernet standards continue to evolve. with 10 Gigabit Ethernet (10,000 Mbps) and 100
Gigabit Ethernet (100,000 Mbps),

                                Ethernet Protocol Summary
                   Protocol                    Cable                  Speed

               Ethernet             Twisted Pair, Coaxial, Fiber    10 Mbps

               Fast Ethernet        Twisted Pair, Fiber             100 Mbps

               Gigabit Ethernet     Twisted Pair, Fiber             1000 Mbps


LocalTalk

LocalTalk is a network protocol that was developed by Apple Computer, Inc. for Macintosh
computers many years ago. LocalTalk adapters and special twisted pair cable can be used to
connect a series of older computers through the serial port (current Macintosh computers
have Ethernet cards and/or wireless adapters installed). A primary disadvantage of LocalTalk
is speed. Its speed of transmission is only 230 Kbps.

Token Ring

The Token Ring protocol was developed by IBM in the mid-1980s. The access method used
involves token-passing. In Token Ring, the computers are connected so that the signal travels
around the network from one computer to another in a logical ring. A single electronic token
moves around the ring from one computer to the next. If a computer does not have
information to transmit, it simply passes the token on to the next workstation. If a computer
wishes to transmit and receives an empty token, it attaches data to the token. The token then
proceeds around the ring until it comes to the computer for which the data is meant. The
Token Ring protocol requires a star-wired ring using twisted pair or fiber optic cable. It can
operate at transmission speeds of 4 Mbps or 16 Mbps. Due to the increasing popularity of
Ethernet, the use of Token Ring in school environments has decreased dramatically.

IP and IPX (Network Layer)
The network layer is in charge of routing network messages (data) from one computer to
another. The common protocols at this layer are IP (which is paired with TCP at the transport
layer for Internet network) and IPX (which is paired with SPX at the transport layer for some
older Macintosh, Linus, UNIX, Novell and Windows networks). Because of the growth in
Internet-based networks, IP/TCP are becoming the leading protocols for most networks.

Every network device (such as network interface cards and printers) have a physical address
called a MAC (Media Access Control) address. When you purchase a network card, the MAC
address is fixed and cannot be changed. Networks using the IP and IPX protocols assign
logical addresses (which are made up of the MAC address and the network address) to the
devices on the network, This can all become quite complex -- suffice it to say that the
network layer takes care of assigning the correct addresses (via IP or IPX) and then uses
routers to send the data packets to other networks.

TCP and SPX (Transport Layer)
The transport layer is concerned with efficient and reliable trsansportation of the data packets
from one network to another. In most cases, a document, e-mail message or other piece of
information is not sent as one unit. Instead, it is broken into small data packets, each with
header information that identifies its correct sequence and document.

When the data packets are sent over a network, they may or may not take the same route -- it
doesn't matter. At the receiving end, the data packets are re-assembled into the proper order.
After all packets are received, a message goes back to the originating network. If a packet
does not arrive, a message to "re-send" is sent back to the originating network.

TCP, paired with IP, is by far the most popular protocol at the transport level. If the IPX
protocol is used at the network layer (on networks such as Novell or Microsoft), then it is
paired with SPX at the transport layer.

HTTP, FTP, SMTP and DNS
(Session/Presentation/Application Layers)
Several protocols overlap the session, presentation, and application layers of networks. There
protocols listed below are a few of the more well-known:

              DNS - Domain Name System - translates network address (such as IP
               addresses) into terms understood by humans (such as URLs)
              DHCP - Dynamic Host Configuration Protocol - can automatically assign
               Internet addresses to computers and users
              FTP - File Transfer Protocol - a protocol that is used to transfer and
               manipulate files on the Internet
              HTTP - HyperText Transfer Protocol - An Internet-based protocol for sending
               and receiving webpages
              IMAP - Internet Message Access Protocol - A protocol for e-mail messages on
               the Internet
              IRC - Internet Relay Chat - a protocol used for Internet chat and other
               communications
              POP3 - Post Office protocol Version 3 - a protocol used by e-mail clients to
               retrieve messages from remote servers
              SMTP - Simple Mail Transfer Protocol - A protocol for e-mail messages on
               the Internet

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:13
posted:5/6/2012
language:English
pages:7