Encryption 101

Since the early ‘80’s and the acceptance of the personal computer into everyday life, humanity has grown ever more reliant on computer networks for communication, entertainment, and commerce. It doesn’t really matter if you are talking about a small home network of one computer and a few smartphones or a huge, decentralized network like the Internet, the protocols and procedures that govern how information is transmitted are largely the same. One of the biggest hurdles that needed to be overcome before people could feel comfortable using these computer networks was to find a way to secure the information so that only the parties that were the intended recipients of the data could read that data. This is where encryption comes in.

What is encryption?

In short, encryption is the method by which data is converted from a readable format to an encoded format that can only be read by another party that has the proper decryption key. For basic encryption to function two things are needed. First you need the data to be encrypted, this is commonly referred to as the Plain Text. Next you need an encryption algorithm (sometimes referred to as the cipher or key) that can be used to actually convert the data. When the plain text is run through the encryption algorithm the result is called ciphertext. To make this easier to visualize think of large room full of people, where the people are the endpoints (senders and recipients) and their words are the data to be transmitted (plain text). If you were a listener in that room you would be able to hear (or intercept) anything that was said, even if it wasn’t actually intended for you to hear. Now, if two individuals in that room decided to speak in a language that they knew nobody else could understand (encryption algorithm or cipher) they could communicate in that public area without having to fear that anyone else could understand what they were saying.

Encryption throughout history

Human beings have been using encryption to secure their communications dating all the way back to the Greeks and Romans. Ancient Greeks used a device called a Scytale to help secure communications. A scytale was nothing more than a stick or rod of a specific diameter. The sender would wrap a strip of parchment around the stick and write out their message. When the parchment was unwound the message would not make any sense as the letters would be out of order. The Romans used a similarly simple encryption method now known as the Ceasar’s Cipher where the alphabet was shifted a number of positions to the right or left. For example, if we use the cipher below the word “ROMAN” would be written “URPDQ”

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC

Made famous by Hollywood movie makers and nonfiction writers the Enigma algorithm, used most notably by Nazi Germany during World War II, successfully secured communications from its invention in 1919 to 1941 when it was cracked by elite British cryptographers. The algorithm was implemented through a series of mechanical rotors, alphabet rings, and plugboards called the Enigma Machine. A message could only be decrypted if the recipient knew how the machine was setup when the message was encrypted. In this case the specific settings for the rotors, rings, and plugboard would be analogous to the encryption key.

Modern Encryption

As technology advanced and the electronic computer came into being the need for more advanced forms of encryption grew. We moved away from mechanical systems of the past and started to implement the mathematical algorithms as computer programs. Modern encryption can be broken down into two different types: symmetric key and asymmetric key algorithms.

Symmetric key algorithms make use of related or identical encryption keys for both encrypting and decrypting data. For example, Bob wants to send a message to John, so Bob writes his message and places it in a lockbox (Plain Text). Bob then locks the box with a padlock to which he has a key (Encryption Key). Bob then mails the box to John. John opens the box with an identical key (Which he received from Bob at some earlier time) and reads the message. John can then reuse the box and padlock to send Bob his reply.

Asymmetric key algorithms, also known as public-key algorithms, build on earlier designs by allowing the use of multiple keys to perform the encryption and decryption. We can expand the example above to demonstrate asymmetric key encryption (This is a vast simplification but it does illustrate the main points). To make the previous example work for this situation we need to establish a few things first. The padlock from our earlier example will represent the public key and the physical key for that lock will represent the private key. Bob and John want to exchange information. Bob asks John to send his unlocked padlock (John’s public key) through the mail. Bob then writes his message, stores it in a box along with his opened padlock (Bob’s public key) and locks the box with John’s padlock. Bob sends the box back to John who can open it with his key (John’ private key). John can now read Bob’s message and respond by using Bob’s padlock to secure the return message.

Encryption in the Real World

When we talk about encryption for real world uses, not hyper-simplified examples, you end up seeing that multiple encryption algorithms end up being used together. This set of algorithms is called a Cipher Suite. Cipher suites are then used to implement a set of standards called an encryption or cryptographic protocol.

Encryption In Transit

Two of the most common encryption protocols in use today are Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL). While the term SSL still is rather common when referring to encryption, the SSL protocol has been proven to have vulnerabilities. TLS is a more modern protocol, built on top of SSL and is the current standard used for securing data while it’s in transit. If you are browsing through your banking site or buying something from an online retailer, chances are the communication is encrypted by TSL between your computer (Client) and the website (Server). If we simplify the protocol, an example of how it works would look like this:

1. You enter an address in your web browser

2. The browser contacts that websites server and starts the conversation to determine the highest level of security that works for both parties (Client and Server)

3. Once the two parties agree on a specific level of security a “key” exchange occurs, this happens much in the same way as in our asymmetric key algorithm example above. This step is usually repeated many times as each party may need to verify that it accepts the other parties security certificates, but this all depends on the level of security that was agreed upon

4. Lastly, once each party has received proper encryption keys from the other party, the actual exchange of information happens.

Encryption at Rest

Data stored is data at rest. What happens to the data when you save it to your laptop that was just stolen? If your laptop’s hard drive has not been encrypted, the thief can bypass your login by removing the drive from the computer and reading it from another device. If your laptop’s hard drive is encrypted, even if the thief is able to bypass your login, they will not be able to vie the data stored on your drive without the encryption key. This is why it is always important to encrypt the drives on your mobile devices.

Encryption must be commonplace and it isn’t onerous.

When in a room full of people and want to tell someone something in private, you don’t shout it across a room, you whisper it discretely in the person’s ear. Encryption allows you to do just that but with digital information over a crowded internet. Make sure your important online transactions are using one of the many forms of encryption that are readily available.