17.1 Encryption

Encryption keys, plaintext and ciphertext

• 4 main security concerns when data is transmitted
  • Confidentiality: only the intended recipient should be able to read or decipher the data
  • Authenticity: the need to identify who sent the data and verify the source is legitimate
  • Integrity: data should reach its destination without any changes
  • Non-repudiation: neither the sender nor the recipient should be able to deny that they were part of the data transmission which just took place

• Original data being sent is known as plaintext

• After going through an encryption algorithm, it produces ciphertext

Symmetric encryption

• There is just one key

• Secret key shared by the sender and the receiver of a message

• The sender uses the encryption algorithm together with the key to encrypt some plaintext

• Receiver decrypts the ciphertext using the same key

Asymmetric encryption

• Two different keys are used, one for encryption, one for decryption

• Only one of those is secret

• Holder of the two keys wishes to receive a transmission

• A sender uses the public key to encrypt some plaintext and sends the ciphertext to the receiver

• The receiver is now the only person who can decrypt the message because the private and public keys are a matched pair

17.2 Quantum cryptography

• Utilises physics of photons and their physical quantum properties to produce a virtually unbreakable encryption system

• Protects the security of data being transmitted over fibre optic tables

• Qubit as the basic unit of quantum data

• The state of a qubit can be 0 or 1, but it can also be both 0 and 1 simultaneously

17.3 Protocols

Secure Sockets Layer (SSL)

• TCP is used to establish a connection between the client and the server

• A handshake takes place, thus enabling communication to begin between the client and server

• One part of the SSL protocol is to agree which encryption algorithms are to be used

• A web server requires an SSL digital certificate, which has to be obtained by the owner

Transport Layer Security (TLS)

• Formed of two main layers
  • Record protocol: can be used with or without encryption
  • Handshake protocol: permits the web server and client to authenticate each other and to make use of encryption algorithms

• Possible to add new authentication methods

• TLS makes use of session caching to improve the overall performance of the communication when compared to SSL, avoids the need to utilise as much computer time for each connection

• TLS separates the handshaking process from the record protocol where all the data is held

Process of retrieving web page from web server

1. Once the client types in the URL into the browser and hits the enter key, several steps will occur before any actual encrypted data is sent; known as the handshaking stage

2. The client’s browser now requests secure pages (https) from the web server

3. Web server sends back the SSL digital certificate (which also contains the public key), which is digitally signed by a third party called the certificate authority (CA)

4. Once the client’s browser receives the digital certificate, it checks
   1. the digital signature of the CA
   2. if the start and end dates shown on the certificate are still valid
   3. if the domain listed in the certificate is an exact match with the domain requested by the client in the first place

5. Once the browser trusts the digital certificate, the public key is used by the browser to generate a temporary session key with the web server; which is then sent back to the web server

6. The web server uses its private key to decrypt the session key and then sends back an acknowledgement that is encrypted using the same session key

7. The browser and web server can now encrypt all the data/traffic sent over the connection using this session key; a secure communication can now take place

17.4 Digital signatures and digital certificates

Digital signatures

• A way of validating the authenticity of digital documents and identifying the sender

• To identify the sender, we can use a generated numerical value known as a digest

• The plaintext message is put through a hashing algorithm

• The sender’s private key and digest are then put through an encryption algorithm to produce a digital signature

• The plaintext and digital signature are sent to the recipient as two separate files

• The recipient puts the plaintext through the same hashing algorithm, and also produces a digest

• If the two digests are the same, then the document has been sent correctly

Digital certificates

• An electric “document” used to prove the online identity of a website or an individual

• Contains a public key and other information identifying the owner of the certificate

• Issued by the certificate authority (CA)

• Items commonly found on a digital certificate:
  • Version number
  • Serial number of certificate
  • Name of certificate issuer
  • Validity
  • Public key
  • Digital signature