17. Security
1. Encryption
ncryption is a method of encoding/scrambling data using a key into ciphertext before being
E
transmitted across a network, so it cannot be understood by any eavesdroppers/anyone untinted, as it
can only be decrypted with the decryption key
Four main security concerns when data is transmitted:
● Confidentiality - only the intended recipient should be able to read/understand the data
● Authenticity - the need to identify who sent the data and verify that the source is legitimate
● Integrity - ensure the data has not been altered during transmission
● Non-repudiation - sender/recipient cannot deny they were part of the data transmission
laintext - the original data being sent (before encryption)
P
Ciphertext - the data after it has been through the encryption algorithm
Symmetric key encryption/cryptography:
● Uses the same secret key to encrypt and decrypt the message
● E.g. a 10-denary-digit encryption (which gives about 10 billion possibilities)
○ Secret key 4 2 9 1 3 6 2 8 5 6, would shift each letter +4, +2, +9 etc. places across alphabet
● Usually faster so suitable for encrypting large amounts of data
● Key distribution problem - since the sender first has to supply the key to the recipient, this key
could be intercepted, and would allow an eavesdropper to decrypt all the messages, since both
the sender/recipient use the same secret key
Asymmetric key encryption/cryptography:
● A matching pair of keys (public key and private key) are generated
○ Public key - made available to anyone who wishes to send that person data
○ Private key - unpublished/secret key known only to the specific person/computer - never
transmitted anywhere
● The sender obtains the public key of the recipient (which is made available to all users wishing to
send them data)
● The data/message/plaintext is encrypted using the recipient’s public key to create cipher text
● The cipher text is transmitted to the recipient
● The cipher text can only be decrypted using the recipient’s private key, which only the recipient
has access to
Symmetric vs asymmetric key cryptography:
● Asymmetric provides much stronger security, as only the private key can be used to decrypt the
message and this is never transmitted
● Asymmetric is more complex and typically slower than symmetric encryption - used for more
secure and smaller data transactions
● The length of the keys in symmetric encryption are (usually) shorter than those for asymmetric
(128/256 bits v 2048 bits)
1. Encryption
ncryption is a method of encoding/scrambling data using a key into ciphertext before being
E
transmitted across a network, so it cannot be understood by any eavesdroppers/anyone untinted, as it
can only be decrypted with the decryption key
Four main security concerns when data is transmitted:
● Confidentiality - only the intended recipient should be able to read/understand the data
● Authenticity - the need to identify who sent the data and verify that the source is legitimate
● Integrity - ensure the data has not been altered during transmission
● Non-repudiation - sender/recipient cannot deny they were part of the data transmission
laintext - the original data being sent (before encryption)
P
Ciphertext - the data after it has been through the encryption algorithm
Symmetric key encryption/cryptography:
● Uses the same secret key to encrypt and decrypt the message
● E.g. a 10-denary-digit encryption (which gives about 10 billion possibilities)
○ Secret key 4 2 9 1 3 6 2 8 5 6, would shift each letter +4, +2, +9 etc. places across alphabet
● Usually faster so suitable for encrypting large amounts of data
● Key distribution problem - since the sender first has to supply the key to the recipient, this key
could be intercepted, and would allow an eavesdropper to decrypt all the messages, since both
the sender/recipient use the same secret key
Asymmetric key encryption/cryptography:
● A matching pair of keys (public key and private key) are generated
○ Public key - made available to anyone who wishes to send that person data
○ Private key - unpublished/secret key known only to the specific person/computer - never
transmitted anywhere
● The sender obtains the public key of the recipient (which is made available to all users wishing to
send them data)
● The data/message/plaintext is encrypted using the recipient’s public key to create cipher text
● The cipher text is transmitted to the recipient
● The cipher text can only be decrypted using the recipient’s private key, which only the recipient
has access to
Symmetric vs asymmetric key cryptography:
● Asymmetric provides much stronger security, as only the private key can be used to decrypt the
message and this is never transmitted
● Asymmetric is more complex and typically slower than symmetric encryption - used for more
secure and smaller data transactions
● The length of the keys in symmetric encryption are (usually) shorter than those for asymmetric
(128/256 bits v 2048 bits)