Symmetric & Asymmetric Encryption (SSL)

Objectives : Student should be able to -

►   Securing of Data with Encryption

Q1. a)  Describe  Encryption  and explain what security it provides.

⇒  Encryption converts human readable meaningful plaint text into meaningless cipher text.

⇒  It works by scrambling data into grabbled code using an encryption algorithm and a secret encryption key.

⇒  Even if data is stolen, it cannot be understood by the hacker.

⇒  Only authorized person who has the secret decryption key will be able to decrypt and read the data.

b)  Give 3 circumstances where encryption would be used.

  1. Any file containing confidential data, like bank account or credit-card details.
  2. When buying items on the Internet by sharing credit-card details.
  3. Email or SMS that you wish to remain private and confidential.
  4. While doing online bank transactions, because Internet is a public network and anyone can trap your outgoing traffic and steel your data.
Data Packet structure
Figure : Encryption - conversion of Plaintext to Ciphertext.

c)  Describe the following key components of encryption.

✬  Plain Text : Meaningful data or information is called plain text.

✬  Cipher Text : Encrypted data or meaningless data is called cipher text.

✬  Cryptographic or Encryption Algorithm : A mathematical procedure for performing encryption on data.

✬  Encryption Key : A piece of information that determines the functional output of a cryptographic or encryption algorithm.
It specifies the transformation of plaintext into ciphertext, and vice versa.

d)  State  how the strength of the encryption can be improved. 

  1. Increase the length of the encryption key.
    The longer the key length, the more possible combinations of bits need to be tried to determine the key.
  2. Uses a more complex encryption algorithm.

Symmetric Encryption

Q1.  Describe what is meant by  Symmetric Encryption .

⇒  Symmetric encryption is a cryptographic algorithm that uses the same encryption key (a secret key) to encrypt the plaintext and decrypt the ciphertext.

⇒  While encrypting data, the plaintext is scrambled into grabbled code using an encryption algorithm and a secret key.

⇒  If encrypted data is stolen, it cannot be understood by the hacker.

⇒  It is extremely fast, relatively less complex and hence efficient for large amounts of data.

⇒  The secret encryption key has to be shared with the recipient, so that it can be used to decrypt the message.

Symmetric cryptography

Q2.  The following data given below need to be encrypted using  Symmetric Encryption .

COMPUTER SCIENCE IS EXCITING

a)  Describe how the above data could be  encrypted  using 10 digit denary symmetric key 4291362856.

⇒  To convert the meaningful plaintext to meaningless ciphertext, shift each character of the alphabet by +4, +2, +9, . . . so on, places towards right. Like -

Plaintext : C O M P U T E R   S C I E N C E   I S   E X C I T I N G
Symmetric Key : 4 2 9 1 3 6 2 8   5 6 4 2 9 1 3   6 2   8 5 6 4 2 9 1 3
Cipher Text : G Q V Q X Z G Z   X I M G W D H   O U   M C I M V R O J

⇒  If encrypted cipher-text "GQVQXZGZ XIMGWDH OU MCIMVROJ" is stolen, it is impossible for hacker to read without decrypting, using the same encryption key.

b)  Describe how the above encrypted ciphertext could be  decrypted  using the same symmetric key 4291362856.

⇒  To convert the meaningless ciphertext to meaningful plaintext, reverse the algorithm, shift each character of the alphabet by - 4, - 2, - 9, . . . so on, places towards left. Like -

Cipher Text : G Q V Q X Z G Z   X I M G W D H   O U   M C I M V R O J
Symmetric Key : -4 -2 -9 -1 -3 -6 -2 -8   -5 -6 -4 -2 -9 -1 -3   -6 -2   -8 -5 -6 -4 -2 -9 -1 -3
Plaintext : C O M P U T E R   S C I E N C E   I S   E X C I T I N G

c)  Comment on the strength of the encryption key used.

⇒  The encryption key of length 10 digits gives 1010 possible combination of codes, which is very difficult for hackers (also called eavesdropper) to guess.

⇒  The longer the key length, the more possible combinations of codes need to be tried to determine the key.

Q3.  Selma has some important personal information that she needs to email to her employer.

She wants to make sure that if the personal information is intercepted, it cannot be understood.

a)  State how Selma could email her personal data more securely.

⇒  Selma could use Symmetric Encryption.

b)  Describe how your chosen solution works.

⇒  Selma has to use a Symmetric Encryption Algorithm.

⇒  Make use of an encryption key (secret code) to encrypt her confidential data.

⇒  Encryption converts human readable plain text to meaningless grabbled code called cypher text.

⇒  Email her encrypted cypher text and send the encryption key separately through other channel like mobile phone, to Selma to decrypt and read it.


Asymmetric Encryption

Q1.  Describe what is meant by  Asymmetric Encryption .

⇒  Asymmetric encryption is an encryption algorithm that uses public-key to encrypt and private-key to decrypt the message.

⇒  The Public-key is shared between sender and receiver and made available to everybody.

⇒  The secret Private-key will not be shared with the recipient.

⇒  Both Public and Private keys are needed to encrypt and decrypt the message.

⇒  It uses very complex mathematical algorithm, so it is slower than symmetric encryption.

Asymmetric cryptography

The following routine or algorithm shows, how the sender and recipient end up with the required encryption-key without sharing their secure private key.

Stage Sender Recipient
1 The sender uses an encryption algorithm and choose a value.
e.g. X = 2 (this is kept secret as Private-key)		 The recipient uses the same algorithm and also chooses a value.
e.g. Y = 4 (this is also kept secret as Private-key)
2 This value of 'X' is put into a simple algorithm : 7X(MOD 11)
Note :
MOD gives the remainder when dividing a number by 11.

This gives : 72 (MOD 11) = 49 (MOD 11) = 5		 This value of 'Y' is put into a simple algorithm : 7Y(MOD 11)
Note :
MOD gives the remainder when dividing a number by 11.

This gives : 74 (MOD 11) = 2401 (MOD 11) = 3
3 The sender now sends the value just calculated as Public-key
e.g. 5 to the recipient.		 The recipient now sends the value just calculated as Public-key
e.g. 3 to the sender.
4 The sender puts the recipient's public-key 3 into the same algorithm in place of '7' e.g. 3X(MOD 11))

This gives : 32 (MOD 11) = 9 (MOD 11) = 9		 The recipient puts the sender's public-key 5 into the same algorithm in place of '7' e.g. 5Y(MOD 11))

This gives : 54 (MOD 11) = 625 (MOD 11) = 9
  Thus both sender and recipient end up with the same encryption and decryption key of 9.
This gives us the basis ofhow an encryption key can be generated.

Even though the public key and the private key are not the same thing, but they are related. The sender creates the message then encrypt it with his own private and recipient’s public key. After that, if the recipient wants to decrypt the message he/she would have to do it with his/her private key.

✬  Public key is provided by recipient. It is made available to anyone who wishes to send encrypted message to the recipient. Safe to share as it can only encrypt the data, not decrypt the message.

✬  Private key remains private on the computer, never sent or shared. Only private key can decrypt the data encrypted using public-key.

Q2.  Give  different stages of Asymmetric encryption  when  User-A  wants to send a private message to  User-B  over Internet.

Asymmetric encryption is used to encrypt a symmetric encryption key, thus resolving the key distribution problem.

It is better to ultimately transmit data using symmetric encryption because it is faster.

  1. User A applies a symmetric key to encrypt the message.
  2. The symmetric key is then encrypted using the public key known to both A and B (generated by recipient, usually sent via SSL certificate).
  3. User A sends the encrypted message with encrypted symmetric key over the internet (unreadable if intercepted).
  4. User B decrypts the symmetric key by his own private key.
  5. The decoded symmetric key is now used to decrypt the message sent by user A.
Stages of Asymmetric cryptography
Note : The encryption keys are often generated by using a HASHING ALGORITHM that takes message of any length and produces a HASH value of fixed length usually in hex digits.

Q3.  Data encryption is of two types, Symmetric and Asymmetric (or Public key) Encryption.

Give the difference between  Symmetric  and  Asymmetric encryption  .

Symmetric Encryption
Asymmetric (Public-key) Encryption
Only one key (symmetric key) is used. Two different cryptographic keys (asymmetric keys) are used, called Public and Private keys.
The same key is used to encrypt and decrypt the message. Public key is used to encrypt and Private key is used to decrypt message.
The secret Encryption key need to be shared with the receipient. The secret Private-key will not be shared with the recipient.
Uses less complex algorithm, so it is extremely fast. Uses very complex algorithm, so it is slower than symmetric encryption.
It is mostly used when large amount of data need to be transferred. It is used in smaller transactions, primarily to authenticate and establish a secure communication channel prior to the actual data transfer.


►   SSL (Secure Socket Layer)


Q1. a)  Describe  SSL (Secure Socket Layer)  used for online transactions.

⇒  Secure Socket Layer (SSL) is a standard security technology used for establishing encrypted link between a web-server and web-browser.

⇒  SSL is a secure protocol that uses asymmetric encryption to encrypt data.
(which only web browser and web server are able to make sense of what is being transmitted).

⇒  It uses 'https' protocol that ensures the exchange of data to remain confidential.

⇒  It activates a small pad-lock to be displayed at the top-left of the address bar of the browser.

⇒  It uses digital SSL Certificates, which is sent by the web-server to the user’s web-browser when it is requested.

⇒  SSL certificate contains public key and website or organization details.

⇒  The user’s web-browser checks whether the SSL certificate is trustworthy or not, and sends a message to the web-server.

⇒  And web-server sends back an acknowledgement to start an SSL encrypted session.

b)  State what is meant by  SSL Certificate. 

⇒  SSL Certificate is a small data file that digitally binds the web-site's public key to it's organizational detail that identifies the owner of the web-site or company.

⇒  It is send by the web-server to the web-browser to estanlish encrypted link between web-server and web-browser.

⇒  An SSL certificate is used to validate the authenticity of the web-server. It is like an ID card that proves someone who claims to be.

c)  State the  purpose of SSL Certificate .

  1. An SSL certificate is used to validate the authenticity of the web-server.
  2. To ensure that the exchange of information remains private between the intended parties only.

Q2.  Describe  what happens between web browser  and  web server  when a user wishes  to access a website  which uses  SSL certification. 

Following are the list of stages, a web-browser goes through when attempting to connect a web-site which is secured by SSL (Secure Socket Layer).

  1. The web-browser attempts to connect to a website which is secured by SSL.
  2. The web-browser requests the web-server to identify itself.
  3. The web-server sends a copy of its SSL Certificate to the web-browser.
  4. The web-browser checks whether the SSL certificate is trustworthy or not.
  5. If it is trustworthy then the web-browser sends a positive message to the web-server.
  6. The web-server will then send back some form of acknowledgement to allow the SSL encrypted session to begin.
  7. The encrypted data is then shared securely between the web-browser and the web-server.
Secure Socket Layer (SSL)

Q3.  Give 3 examples  where SSL would be used .

  1. Online banking and all online financial transactions.
  2. Online shopping.
  3. When sending confidential documents out to a restricted list of users.
  4. Sending and receiving emails.
  5. Using Cloud storage facilities.
  6. Voice over Internet Protocols (VoIP) when carrying out video chatting.
  7. When making use of Social networking site and in instant messaging.

REVISION : Statements and its key computing terms.

Encryption the process of making data meaningless using encryption keys; without the correct decryption key the data cannot be decoded (unscrambled).
Plaintext the original text/message before it is put through an encryption algorithm.
Ciphertext encrypted data that is the result of putting a plaintext message through an encryption algorithm.
Encryption algorithm a complex piece of software that takes plaintext and generages an encrypted string known as ciphertext.
Symmetric encryption a type of encryption in which the same encryption key is used both to encrypt and decrypt a message.
Asymmetric encryption a type of encryption that uses public keys and private keys to ensure data is secure.
Public key a type of encryption key that is known to all users.
Private key a type of encryption which is known only to the single computer/user.
Secure socket layer (SSL) a security protocol used when sending data over a network (such as the internet)
SSL certificate a form of digital certificate which is used to authenticate a website; providing the SSL certificate can be authenticated, any communication or data exchange between browser and website is secure.


Number of views : 540
* * * * * * * * *
* * * * * *
* * *
*