Subtopic Notes
17.1 Encryption, Encryption Protocols and Digital Certificates
17. Security
Encryption
- Encryption is the process of converting data into an unreadable form to prevent unauthorized access.
- Plaintext: Original text
- Ciphertext: Encrypted Text
- Public key: Publicly available key that is used to encrypt message
- Private Key: Key only known to owner used to decrypt data encrypted with corresponding public key
- Symmetric Encryption/Symmetric Key Cryptography:
- Same key is used for both encrypting and decrypting
- Key must be shared securely in advance
- Asymmetric Encryption/Asymmetric Key Cryptography:
- Uses a public key and a private key
- The sender encrypts the message with the receiver’s public key
- Data is decrypted using the private key
Quantum Cryptography
Uses the properties of photons to create an encryption system that is extremely difficult to break.
| Advantages | Disadvantages |
|---|---|
| Provides very high security | Effective only over short distances |
| Any eavesdropping attempt can be detected | Does not yet support features like digital signatures or certified mail |
| Supports longer encryption keys | Very expensive to set up and maintain |
| Almost impossible to hack | High error rate since the technology is still developing |
| Data cannot be copied and decrypted later | Light polarization may change during transmission. |
Secure Socket Layer (SSL)/Transport Layer Security (TLS)
Purpose of SSL/TLS
- Provide a secure communication channel between client and server over the internet
- Ensures
- Authentication: Verifies that the server (and sometimes client) is genuine.
- Encryption: Data is scrambled so attackers cannot read it.
- Integrity: Ensures data is not altered during transmission.
- TLS is the updated, more secure version of SSL.
SSL/TLS in client-server communication
- Used in HTTPS (HyperText Transfer Protocol Secure).
- Used in client-server application by the use of encryption and using digital certificates
- Process:
- Client (browser) sends a request to server to initialize a SSL/TLS connection
- The session begins with a handshake.
- Server responds by sending its digital certificate
- Client verifies the certificate through a Certificate Authority (CA)
- Client generates a session key and encrypts it using server’s public key
- The session key is sent to server and it is used for encrypting and decrypting all the data that is transferred between the two nodes
Uses of SSL/TLS
- Online banking
- E-commerce sites
- Email communication
- Cloud storage/file transfer
- Login pages
Digital Certificate
- An electronic document verifying the identity of an entity
- Contains
- Unique serial number of the certificate
- Certificate Authority (CA) that issued the certificate
- Certificate Authority that issued the digital signature
- Name of the company, organization, individual, or owner of the certificate
- Validity period of the certificate (start and end dates)
- Public key
- Hashing Algorithm
Acquiring Digital Certificate
- The user starts an application for a digital certificate on their computer.
- A key pair (public key and private key) is generated on the user’s computer.
- The user submits the application to the Certificate Authority (CA), sending the public key and other required data, encrypted with the CA’s public key.
- The CA creates a digital certificate containing all necessary details and signs it using the CA’s private key.
- The CA sends the completed digital certificate back to the user.
Digital Signature
- Sender’s side
- Hash the message to produce a digest.
- Encrypt the digest with the sender’s private key, this creates the digital signature
- Send the message along with the digital signature to the receiver
- Receiver’s side
- Receive the message and digital signature
- Decrypt the digital signature with the sender’s public key to recover the original digest.
- Hash the received message using the same algorithm to create a new digest
- Compare the two digests:
- If they match, the message is authentic and untampered.
- If there is a mismatch, the message has been altered.