How Encryption Works
 

Editor-in-Chief  :

Prof. Riazuddin
Editorial Board  :      

Fawad Saeed (IT)

 Adeel-ur-Rehman(IT)

 M. Jamil  Aslam(Physics)

 Ijaz Ahmed(Physics)
 

The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live and work. But a major concern has been just how secure the Internet is, especially when you're sending sensitive information through it. There's a whole lot of information that we don't want other people to see, such as:

Credit-card information
Social Security numbers
Private correspondence
Personal details
Sensitive company information
Bank-account information

Information security is provided on computers and over the Internet by a variety of methods. A simple but straightforward security method is to only keep sensitive information on removable storage media like floppy disks. But the most popular forms of security all rely on encryption, the process of encoding information in such a way that only the person (or computer) with the key can decode it.

Encryption Systems

Computer encryption is based on the science of cryptography, which has been used throughout history. Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. The existence of coded messages has been verified as far back as the Roman Empire. But most forms of cryptography in use these days rely on computers, simply because a human-based code is too easy for a computer to crack.

Most computer encryption systems belong in one of two categories:
Symmetric-key encryption
Public-key encryption

Symmetric Key


 In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires the knowledge about the computers which will be talking to each other so one can install the key on each one. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decode the message.
Think of it like this: A Coded message is created to send to another person in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". The code creator has already told a trusted person that the code is "Shift by 2". The trusted person gets the message and decodes it. Anyone else who sees the message will see only nonsense.

Public Key

Public-key encryption uses a combination of a private key and a public key. The private key is known only to one computer, while the public key is given by that computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything.

The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.

To implement public-key encryption on a large scale, such as a secure web-server might need, requires a different approach. This is where digital certificates come in. A digital certificate is basically a bit of information that says that the web-server is trusted by an independent source known as a certificate authority. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other.

Public Key: SSL
 A popular implementation of public-key encryption is the Secure Sockets Layer (SSL). Originally developed by Netscape, SSL is an internet security protocol used by internet-browsers and web-servers to transmit sensitive information. SSL has become part of an overall security protocol known as Transport Layer Security (TLS).
In the browser, one can tell when using a secure protocol, such as TLS, in a couple of different ways. A person will notice that the "http" in the address line is replaced with "https," and should see a small padlock in the status bar at the bottom of the browser window.
Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetry. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.