Encryption has a long history dating back to ancient times. Various methods were used throughout history including cipher wheels, the Enigma machine, and public/private key cryptography. Modern encryption uses algorithms to scramble data into an unreadable format called ciphertext that can only be decrypted by someone with the proper decryption key. Encryption provides critical security benefits like protecting data privacy and integrity and ensuring compliance with regulations. As technology advances, new encryption methods like elliptic curve cryptography and homomorphic encryption aim to make encryption even stronger and more versatile.
2. History
About 1900 BC: Egyptian scribe used non-standard hieroglyphs in an
inscription.
First documented example of written cryptograph
1500 BC: ancient Assyrian merchants used intaglio, a piece of flat stone
carved into a collage of images and some writing to identify themselves in
trading transactions.
100-44 BC: Julius Caesar used a simple substitution with the normal alphabet
(just shifting the letters a fixed amount) in government communications.
1790 Thomas Jefferson invented his wheel cipher.
1917 William Frederick Friedman was employed as a civilian cryptanalyst at
Riverbank Laboratories and performed cryptanalysis for the US Government,
which had no cryptanalytic expertise of its own. WFF went on to start a school
for military cryptanalysts at Riverbank – later taking that work to Washington
and leaving Riverbank
http://www.sans.org/reading_room/whitepapers/vpns/history_of_encryption_730?show=730.php&cat=vpns
3. History Continued
1933-1945: The Enigma machine was taken over and improved upon
to become the cryptographic workhorse of Nazi Germany.
1976: A design by IBM based on the Lucifer cipher and with changes
by the US NSA, was chosen to be the U.S. Data Encryption Standard.
It has since found worldwide acceptance, largely because it has shown
itself strong against 20 years of attacks. Even some who believe it is
past its useful life use it as a component -- e.g., of 3-key triple-DES.
1991 Phil Zimmermann released his first version of PGP (Pretty Good
Privacy) in response to the threat by the FBI to demand access to the
cleartext of the communications of citizens. PGP offered high security
to the general citizen and as such could have been seen as a competitor
to commercial products like Mailsafe from RSADSI.
4. Encryption and Security:
Definitions
Encryption is a mechanism for hiding information by
turning readable text into a stream of gibberish in
such a way that someone with the proper key can
make it readable again.
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
5. Encryption Definition:
The action of disguising information so that it can be
recovered easily by the persons who have the key,
but is highly resistant to recovery by persons who do
not have the key.
encryption is the process of transforming information
(referred to as plaintext) using an algorithm (called
cipher) to make it unreadable to anyone except those
possessing special knowledge, usually referred to as
a key
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
6. Encryption Definition:
The encryption key may be changed from time to
time to make an intruder’s task more difficult.
Restoration of a ciphertext to cleartext is achieved by
the action of decryption using a decryption key.
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
7. Data Encryption
A message is cleartext (plaintext) is encrypted
(disguised) through the use of an encryption key to
create a Ciphertext.
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
8. Data Encryption
In symmetric (Single key):
The encryption and decryption keys are the same.
In asymmetric (two keys):
The encryption and decryption keys are different.
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
9. Comparison of Symmetrical and
Asymmetrical Cryptography
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
10. Encryption and Security:
Definitions
Encryption is a mechanism for hiding information by
turning readable text into a stream of gibberish in
such a way that someone with the proper key can
make it readable again.
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
11. Data Encryption :
Encryption is accomplished by scrambling the
bits,
characters, words, or phrases in the original
message. Scrambling involves two activities:
Transposition
Substitution
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
12. Data Encryption :
Transposition:
In which the order of the bits patterns, characters,
words or phrases is rearranged.
The word “hello” can be written backwards as
“OLLEH”.
Substitution:
In which new bit patterns, characters, words, or
phrases are substituted for the originals without
changing their order.
http://www.beagle-ears.com/lars/engineer/computer/crypto.htm
13. Why is it important?
Encryption used to be a word that people
linked with government and secret
operations, however with the use of
computers becoming more and more
common, it is necessary for data to be
disguised to help protect the user.
It keeps outsiders from viewing important
company documents
It keeps information from being shared
between users on the same server or network
It can be used to make “keys” to where only
certain people can view or access a
document
14. Cryptography
The study of encryption-the hiding of
information, converting it from its
“normal, comprehensible form into an
obscured guise, unreadable without
special knowledge.”
www.wikipedia.com
15. The Enigma machine
The first Enigma was
invented by German
engineer Arthur Scherbius
at the end of World War I.
This model and its
variants were used most
notably by Nazi Germany
before and during World
War II. A range of Enigma
models was produced, but
the German military
model, the Wehrmacht
Enigma, is the version
most commonly
discussed.
16. The Enigma Machine Continued
How it works:
http://russells.freeshell.org/enigma/
When a key is pressed, an electrical current is sent
through the machine. The current first passes
through the plug board, then through the three rotors,
through the reflector which reverses the current, back
through the three rotors, back through the plug board
and then the encrypted letter is lit on the display.
After the display is lit up, the rotors rotate. The rotors
rotate similar to an odometer where the right most
rotor must complete one revolution before the middle
rotor rotated one position and so on.
17. History of the Enigma Machine
1918: Albert Scherbius used his idea of “rotating rotors” to try to
come up with a cipher machine. He took his ideas to the German
military, but they weren’t interested. He then took his idea to a
German Company called Gewerkschaft Securitas, where his
patents were bought.
1920s: First enigma machine was produced. The rotating rotors
made it a better enciphering machine than any other because of its
rotating rotors.
1925: modifications began, and eventually the German Army made
modifications too.
1928: The Poles confiscated an Enigma machine in customs. It was
on its way to the German Embassy in Warsaw.
December 31, 1932: The Poles decrypted the german Enigma
signals
July 25, 1939: Poles gave the French and the British replicas of the
Polish made Enigmas together with the drawings and information
on the Enigma, the Bomba (the Polish version of the Enigma), and
the decryption information.
18. Morse Code
http://www.scoutnet.nl/~inter/morse/mor
seform.html
•A type of character encoding that transmits telegraphic information using
rhythm.
•Uses standardized sequence of short and long elements to represent the letters,
numerals, punctuation, and special characters of a given message.
•The short and long elements can be formed by sounds, marks, or pulses in on/off
keying.
•Measured in Words Per Minute
•Originally created for Samuel F. B. Morse’s electric telegraph in the early 1840s
•Also extensively used for early radio communication beginning in the 1890s.
•For the first half of the 20th century, the majority of high-speed international
communication was conducted in Morse code, using telegraph lines, undersea
cables, and radio circuits. However the variable length of the Morst characters
made it hard to adapt to automated circuits.
•Morse code is designed to be read by humans without a decoding device, making
it useful for sending automated digital data in voice channels.
• For emergency signaling, Morse code can be sent by way of improvised sources
that can be easily "keyed" on and off, making Morse code one of the most
versatile methods of Telecommunication in existence.
19. Types of Encryption:
3 Basic Types
Manual encryption
Completely provided by the user
Demands user’s active participation
Risky, but reliable
Transparent encryption
Performed at low-level during ALL operations permanently
Difficult to implement correctly
Generally doesn’t work well with networking
Easy to use, most secure
Semi-Transparent (“On the Fly encryption”)
Operates not permanently, but before/after access
May cause degradation of computer’s efficiency
If data to be encrypted is too great, can cause loss of data
http://services.devadvisers.net/cryprite/042ETYPE.HTM
20. Authentication and Encryption
Authentication and encryption are two intertwined
technologies that help to insure that your data remains secure.
Authentication is the process of insuring that both ends of the
connection are in fact who they say they are. This applies not
only to the entity trying to access a service (such as an end
user) but to the entity providing the service, as well (such as a
file server or Web site).
Encryption helps to insure that the information within a
session is not compromised. This includes not only reading the
information within a data stream, but altering it, as well.
While authentication and encryption each has its own
responsibilities in securing a communication session,
maximum protection can only be achieved when the two are
combined. For this reason, many security protocols contain
both authentication and encryption specifications.
21. Authentication: Three Types
• · Single factor authentication
• Password
• Easy to remember
• Easy to crack
• People are predictable…passwords are usually a pets name,
• a birth date, etc.
• · Two factor
• Password + token (security device for users to keep in possession)
• Safer and more complex than single factor
• · Three factor
• Password + token + biometric authentication (fingerprint, retinal scan)
• Safer and more complex than single or double factor types; used for high
• security purposes (ex. Government documents)
• A token is a security device for authorized users to keep in
possession. Some examples include:
• SecurID Card, Challenge/response method, and USB token
22. Symmetric key
(private key and public key)
Private Key Encryption: Each party has the
same key, only this key can decrypt the
message. They must keep this key private in
order for others to be unable to decrypt the
message.
Public Key Encryption: Each party has a
different key, the first party encrypts the
message, and the second party’s key is the
only one that can decrypt the message. If the
second party encrypts a message only the first
party’s key can decrypt the message.
Therefore, the keys may be put into the public
because the ones that are owned by either
party are the only copies.
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_pubki.html
23. SSL
Secure Sockets Layer
SSLs are “cryptographic protocols that
provide security and data integrity for
communications” over web sites.
(www.wikipedia.com)
A person running a web site may buy an SSL
certificate in order to ensure that visitors to
their website can trust them.
It encrypts information that is given to a
website and keeps others from viewing the
personal information.
24. http vs. https
HTTP (Hypertext Transfer Protocol) is an application-
level protocol for distributed, collaborative,
hypermedia information systems.
It operates “at the highest layer of the TCP/IP
Internet reference model and network security
protocol,” meaning that it works with the highest
capability to meet all protocol standards when it
comes to transferring information over the
internet, as well as working to keep information
secure from other users. Its security is not the
highest because it works to “encrypt an HTTP
message prior to transmission and decrypt a
message upon arrival.” This allows anyone to see it.
HTTPS (Hypertext Transfer Protocol Secure) is a
combination of http and a network security protocol.
This means that it strengthens security to keep
25. 5 Advantages of Using Encryption
Technology for Data Protection
1. Encryption Provides Security for Data at
All Times
Generally, data is most vulnerable when it is
being moved from one location to another.
Encryption works during data transport or at
rest, making it an ideal solution no matter where
data is stored or how it is used. Encryption
should be standard for all data stored at all
times, regardless of whether or not it is deemed
“important”.
26. 5 Advantages of Using Encryption
Technology for Data Protection
2. Encrypted Data Maintains Integrity
Hackers don’t just steal information, they also
can benefit from altering data to commit fraud.
While it is possible for skilled individuals to alter
encrypted data, recipients of the data will be
able to detect the corruption, which allows for a
quick response to the cyber-attack.
27. 5 Advantages of Using Encryption
Technology for Data Protection
3. Encryption Protects Privacy
Encryption is used to protect sensitive data,
including personal information for individuals.
This helps to ensure anonymity and privacy,
reducing opportunities for surveillance by both
criminals and government agencies.
Encryption technology is so powerful that some
governments are attempting to put limits on the
effectiveness of encryption—which does not
ensure privacy for companies or individuals.
28. 5 Advantages of Using Encryption
Technology for Data Protection
4. Encryption is Part of Compliance
Many industries have strict compliance
requirements to help protect those whose
personal information is stored by organizations.
HIPAA, FIPS, and other regulations rely on
security methods such as encryption to protect
data, and businesses can use encryption to
achieve
29. 5 Advantages of Using Encryption
Technology for Data Protection
5. Encryption Protects Data across Devices
Multiple (and mobile) devices are a big part of
our lives, and transferring data from device to
device is a risky proposition. Encryption
technology can help protect store data across
all devices, even during transfer. Additional
security measures like advanced authentication
help deter unauthorized users.
30. The Future of Encryption
As hackers continue to become more savvy and sophisticated,
encryption technology must evolve as well. Security
professionals are working on a few different exciting
technological advances in the encryption field, including Elliptic
Curve Cryptography (ECC), homomorphic encryption, and
quantum computation.
ECC is a method of cryptography that isn’t so much an
improvement of the encryption method itself, but a method that
allows encryption and decryption to take place much faster,
without any loss of data security.
Homomorphic encryption would be a system allowing
calculations on encrypted data without decrypting it. This
method would allow encryption across cloud systems, and
ensure greater privacy for users. As an example, a financial
institution could make assessments for individuals without
revealing personal information.