Chapter 15. Data Encryption
Data encryption, or cryptography, is the science of secrecy. Its purpose is to keep information in the hands of those who should have it and out of the hands of those who should not. Considering such a statement, it probably comes as no surprise that cryptographic algorithms, called ciphers , historically have had profound political, social, and ethical implications. Data encryption, like data compression, is another product of information theory, an area of mathematics that addresses various ways to manage and manipulate information. Data encryption entails two processes: in one process we encipher recognizable data, called plaintext, into an unrecognizable form, called ciphertext ; in a second process we decipher the ciphertext back into the original plaintext. The main idea behind a cipher is that the transformation from ciphertext to plaintext should be easy if we are allowed to read the data, yet impractical if we are not.
Ciphers use a special piece of information, called a key, for security. Once a key has been used to encipher some data, only someone who knows the correct key can decipher it. In fact, a fundamental characteristic of any good cipher is that its security revolves around a key, or even several. Furthermore, the security of a good cipher does not rely on keeping the cipher’s algorithm a secret. This idea is similar to the security offered by a safe: even though everyone knows how a safe works, we cannot get inside without the combination that opens the door.
One way to classify modern ciphers is by how they use keys. In this regard, a cipher is either symmetric or asymmetric. In symmetric ciphers, the same key is used both to encipher and decipher data. Consequently, anyone who knows the key is able to encipher data as well as decipher it. In asymmetric ciphers, usually called public-key ciphers , the key used to encipher data is different from the key used to decipher it. The key used to encipher data is called the public key ; the key used to decipher data is called the private key. The public and private keys work together so that only a specific private key deciphers the data enciphered using a specific public key. Thus, just because a party knows how to encipher data does not necessarily mean it can decipher data; it must possess the correct private key. Example 15.1 is a header for the ciphers presented in this chapter.
This chapter covers:
- DES (Data Encryption Standard)
One of the most popular symmetric ciphers. Today it is considered reasonably secure, but increases in the speed of computers continue to make this method less and less secure over time. DES is considered a very efficient cipher, even when implemented in software.
- RSA (Rivest-Shamir-Adleman)
One of the most popular public-key ciphers. RSA is considered very secure. However, it is much slower than DES. Thus, it is often used to encrypt smaller amounts of data, such as keys for other types of encryption, and digital signatures.
Some applications of data encryption are:
- Digital cash
A means of conducting financial transactions so that they can be authenticated but not traced. Transactions must be authenticated so that parties involved in the transaction are not cheated. They must be untraceable so that the privacy of each party is protected. In practice, these are difficult requirements to support in tandem without special protocols.
- Authentication servers
Servers charged with solving the problem of two parties at different ends of a network talking securely. The parties must be able to exchange keys while at the same time being sure that they are talking to one another rather than an impostor. Authentication servers accomplish this with a variety of protocols that rely on encryption.
- Electronic mail
Data in email is typically sent across insecure channels, such as the Internet. The widespread use and abuse of the Internet has made encrypting sensitive electronic messages especially important in recent years.
- National security
Matters of diplomacy and national defense. Historically, encryption has played a critical role in a great number of military matters. Embassies constantly transmit and receive sensitive diplomatic information, which must be kept secret, using encryption. National security has long been the main argument cited by the U.S. government for treating encryption technologies much like munitions, with strict controls over exportation.
- Digital signatures
A method of validating to whom data really belongs, much like signing a name to a document. One method of creating a digital signature is with a public-key cipher. To do this, party A enciphers some data using its private key and sends it to another party B. B, thinking the data is from A, validates this by deciphering the data with A’s public key. If this deciphers the data, the data must be from A.
- Computerized elections
A futuristic concept in which voting must be secure. Secure voting has several interesting requirements, many of which require varying degrees of secrecy. For example, no one should be able to determine for whom someone else voted, but it may be important to know whether someone voted at all.
- Smart cards
Small plastic cards containing miniature computers and small amounts of memory. Typically, smart cards are used for various forms of credit, such as in paying for phone calls, train rides, or postage stamps. Other smart cards provide access to computers and open doors to buildings. Smart cards use encryption because they can do potentially powerful things like alter bank accounts and provide access to secure environments.
/***************************************************************************** * * * ------------------------------- encrypt.h ------------------------------ * * * *****************************************************************************/ #ifndef ENCRYPT_H #define ENCRYPT_H /***************************************************************************** * * * In a secure implementation, Huge should be at least 400 decimal digits, * * instead of the 10 below (ULONG_MAX = 4294967295). * * * *****************************************************************************/ typedef unsigned long Huge; /***************************************************************************** * * * Define a structure for RSA public keys. * * * *****************************************************************************/ typedef struct RsaPubKey_ { Huge e; Huge n; } RsaPubKey; /***************************************************************************** * * * Define a structure for RSA private keys. * * * *****************************************************************************/ typedef struct RsaPriKey_ { Huge d; Huge n; } RsaPriKey; /***************************************************************************** * * * --------------------------- Public Interface --------------------------- * * * *****************************************************************************/ void des_encipher(const unsigned char *plaintext, unsigned char *ciphertext, const unsigned char *key); void des_decipher(const unsigned char *ciphertext, unsigned char *plaintext, const unsigned char *key); void rsa_encipher(Huge plaintext, Huge *ciphertext, RsaPubKey pubkey); void rsa_decipher(Huge ciphertext, Huge *plaintext, RsaPriKey prikey); #endif