Digital Media Concepts/The process of Encryption

Introduction[edit | edit source]

Encryption is a process where data through mathematical formulas and can only be accessed by people with permission. For example, in an encrypted text message between two people, the texts are protected so that only the sender and recipient can see the texts. ^[1]

The beginnings of encryption[edit | edit source]

Contrary to popular belief, encryption isn't just related to the digital processes that keep our text messages or emails safe. The basis for encryption is cryptography. Cryptography is defined as enciphering messages and information so that only the intended receiver can translate the message. The Spartans were the first recorded civilization that used cryptography. Spartan commanders wrote messages on a strip of cloth that was winded around a pole. When it was taken off the pole, the message was unreadable but when it was winded around a pole of the same size as the first pole, the message could be read. ^[2]

Soon, cryptography became more advanced when manual cryptography was introduced in WWI. Countries used code sheets to translate messages so they were unreadable. Oftentimes, it was just a simple substitution cipher, such as the letter “A” translating to 1. ^[3]

Cryptography soon progressed in WWII, when complex machines were introduced that both decrypted and encrypted messages. The last stage of encryption is the one that we are most familiar with. That is cryptology related to digital information. Instead of messages being encrypted using mechanical devices, messages are now encrypted using electronic devices.

How encryption works[edit | edit source]

Data encryption in the modern sense is the process by which your digital data is changed so that the information sent becomes unrecognizable. It does through the use of complex algorithms, which are basically long sets of instructions that the computer system must follow. For example, when baking a cake, the recipe is essentially the algorithm. The recipe lays out the instructions that you must follow to turn the ingredients into something completely different; a cake. The computer takes the information and through that algorithm it changes the data into something completely different and scrambled called ciphertext. Only the receiver can translate that scrambled information into plaintext so that it could be readable again. Encryption is important because it protects information being sent and received by two individuals from being viewed by unwanted parties such as the government, companies, or people. Encryption is necessary in the digital world because oftentimes, sensitive information is passed between networks all the time. Companies taking your credit info must encrypt that information so that nobody else can gain your credit info. ^[4]

The different types of encryption[edit | edit source]

There are multiple types of encryption, with the major ones being Data Encryption Standard(DES), Advanced Encryption Standard(AES), and Rivest-Shamir-Adleman (RSA).

Data Encryption Standard(DES)[edit | edit source]

Data Encryption Standard is an encryption method that uses symmetric key encryption to protect data. Symmetric encryption is a form of encryption where the same key is used both to encrypt and decrypt data. A key is a string of characters that are passed through a complex algorithm to encode or decode information. Through the use of that special and unique key and a complex algorithm, data is then turned into ciphertext. This ciphertext can only be decrypted or turned to the normal text if the correct key is input. DES encrypts data in blocks or groups of 64 bit, but with only 56 bits being used for the actual encryption. Bits are the binary equivalent for each letter. For example, the letter "a" would be equivalent to 01000001 in binary, which is 8 bits in length. The algorithm then rearranges the bits and then substitutes the bits based on the key. The problem with this type of encryption is that both the sender and receiver use the same key to encrypt and decrypt, so if one key is cracked, both sender and receiver are compromised. In addition, it is relatively easy to crack the key using brute force hacking than other types of encryption. Brute force hacking is when the hacker tries as many combinations as possible till the hacker gets the right one. There are 2^56 or around 72 quadrillion possible combinations for they correct key. At first, this seems like alot but the recent advancement of technology has rendered this encryption method obsolete. In the 90's, it took around 22 hours to crack a DES key.^[5]

Advanced Encryption Standard(AES)[edit | edit source]

Advanced Encryption Standard is an encryption method that uses symmetric key encryption to protect data, just like DES. The biggest difference between AES and DES is the bit size of the key. The key length can be 128, 192, or 256 bits long, depending on the types of messages sent. For normal use, a 128 bit key length is sufficiently secure. ^[6]The difference in key length for AES compared to DES drastically strengthens the security of the key. There are a total of 3.4 x 10^38 different key combinations in a 128 bit key, which would take around 36 quadrillion years to crack. This is a major upgrade from a DES key, which was cracked most recently in 362 seconds. Imagine how long it would take to crack the 256 bit key that the military uses. ^[7]In addition be extremely secure and impenetrable, AES is also much more efficient than DES. There are a host of reasons, but the main reason why AES is much faster is that it undergoes less rounds than DES. A round is the list of steps needed to turn plaintext into ciphertext. These steps would include substitution, permutation and shifting positions of bits. DES undergoes 16 rounds whereas AES undergoes 10 rounds. In addition, AES encrypts in larger block sizes than DES as well, so for a given amount of data, less blocks of data are encrypted and thus less rounds occur. In a world where large amounts of data are transferred every second, the difference in rounds of encryption makes AES much faster than DES. In addition to less rounds needed, AES also works faster and more efficient on software than DES. DES was originally designed for old hardware back in the 70s, whereas AES was made and designed for software. Today, there is very little hardware support for DES. These reasons are what makes AES 6 times more efficient than DES. ^[8]

Rivest-Shamir-Adleman (RSA)[edit | edit source]

RSA is an encryption method that uses asymmetric key encryption to protect data. Asymmetric key encryption is a different kind of encryption where two different types of keys are used. This method uses a public and private key to encrypt and decrypt data. The public key is accessible to anyone and is used to encrypt data being sent out. The private key however is only known by the receiver and is used to decrypt the data. The two keys are mathematically linked, but knowing the public key won't help you find out the private key. The reason why this is done is because it makes the transfer of keys so much more secure than symmetric encryption. If you are in a different location then the person you are sending messages to, it isn't safe or secure to send the encryption keys. It can be intercepted and cause a security breach. With a public key, that key can safely be sent to a person in another location for the purpose of encrypting messages. Even if the public key is discovered, it doesn't matter because that key can't decrypt data. Through some kind of mathematical formula, that public key can encrypt data but can't reverse the process and decrypt the data. ^[9]The public key is based off the product of two massive prime numbers, with a length of 1024, 2048, or 4096 bits. Right now, there is no way to discover the two numbers though brute force or cracking. Despite its high level of security, RSA isn't used to send large amounts of data, since it's terribly inefficient and slow. Protecting data using asymmetric encryption requires alot of computational power and resources. Instead, a combination of both AES and RSA are used in what's called an SSL/TLS handshake. The handshake's main purpose is to secure the network for symmetric encryption. It establishes the connection between the 2 parties, and verifies both the public and private key though asymmetric encryption. Once the receiver is verified, and no interference is detected, a key is created that is used for symmetric encryption. Essentially, asymmetric encryption is used to safely verify the identity of the receiver and create a master key. Then, that key is used to securely encrypt data using symmetric encryption. ^[10]

Encryption usage in the real world[edit | edit source]

Encryption is used in many different ways. For example, the SSL/TLS handshake is used whenever you search something on google or duck duck go. The handshake helps establish the connection between the browser and the server so your internet connection is secure. When you see https instead of http on your web browser, that means TLS is in action. AES is used in a variety of ways, such as in VPNs, wifi networks, and password savers. Once again, VPN's use a combination of AES and RSA to securely encrypt data. Using RSA, an AES key is sent to the person using the VPN, then that key is used to do the transfer of information. ^[11]There are few different types of wifi certifications. WiFi Certificates protect log in credentials of the user from hackers through encryption.The wifi certifications are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and WPA3. WPA2 is the most used wifi network of all of them and uses AES encryption. Some of the infrastructure is vulnerable and can be attacked when you're connecting. WPA3 is the most secure certificate, but requires new hardware which isn't freely available to all.^[12]

Encryption and the Dark Web[edit | edit source]

The high level of security that encryption offers also opens up doors for crime to flourish via the dark web. Since encryption can be used to hide data, criminals often use encrypted networks to hide their activity and identity. One of these places where crime can go unnoticed is the Dark Web. The Dark Web is just another term for networks accessible through secure tools. One of the most common tools used to access this place is the Tor browser. Using encryption, the Tor browser encrypts your network traffic and runs your IP address through a series of nodes in order to hide it. A great advantage of the Tor browser is it is open source. What this means is that the source code for the browser is available for anyone to look at. Its security has been verified both by the creators of the code and by other people on the internet. The silk road is a famous site on the dark web that sold drugs guns, hacking and hitman services, etc. It allowed drugs to be delivered to your door through USPS in a matter of days! This was unheard of at that time because no seller wanted to risk having the package intercepted and the government coming to their house. The silk road protected the identity of the buyers, and the seller. The site was eventually busted in 2013 by the FBI, but not without bring in millions of dollars worth of revenue. ^[13]However, the Tor browser isn't entirely a bad thing. Oftentimes, security professionals will use the Tor browser to protect the computer from downloading any viruses or malware. Using the Tor browser alongside other security tools, these security professionals can prevent their activity from being traced back to the computer they are working on. This makes it extremely hard for any malicious software from attacking the computer. ^[14]

Journalists are also a common user of the Tor browser. For journalists doing work in oppressive countries, it is important that they remain anonymous so the government can't track them down and silence them. Journalists use the Tor browser and a VPN to publish their articles, and prevent the government from shutting them down. During the Arab Spring, the Tor browser was used to safely transfer news from the oppressed countries to international news agencies. The anonymity and safety this software provides allows journalists to inform news agencies of events happening in foreign countries, which brings important foreign matters to the publics attention.^[15]

References[edit | edit source]

1. ↑ Chen, J. (2021, September 15). Encryption. Investopedia. Retrieved September 21, 2021, from http://www.investopedia.com/terms/e/encryption.asp.
2. ↑ "cryptology - History of cryptology". Encyclopedia Britannica. Retrieved 2021-09-25.
3. ↑ "World War I cryptography". Wikipedia. 2021-03-15. https://en.wikipedia.org/w/index.php?title=World_War_I_cryptography&oldid=1012341486. 
4. ↑ "Encryption". Investopedia. Retrieved 2021-10-06.
5. ↑ "What is Data Encryption Standard?". SearchSecurity. Retrieved 2021-10-06.
6. ↑ "What is the Advanced Encryption Standard (AES)? Definition from SearchSecurity". SearchSecurity. Retrieved 2021-10-06.
7. ↑ "What is AES Encryption and How Does It Work?". CyberNews. 2020-12-11. Retrieved 2021-10-06.
8. ↑ "DES vs AES: Everything to Know About AES 256 and DES Encryption". InfoSec Insights. 2020-06-02. Retrieved 2021-10-06.
9. ↑ "What is RSA encryption and how does it work?". Comparitech. 2018-12-10. Retrieved 2021-10-06.
10. ↑ "How SSL works". www.tutorialsteacher.com. Retrieved 2021-10-06.
11. ↑ "VPN Encryption: How does it work? What types are there?". Privacy.net. 2020-05-12. Retrieved 2021-10-08.
12. ↑ "WPA2: What is the difference between AES and TKIP?". Comparitech. 2018-09-13. Retrieved 2021-10-08.
13. ↑ "Silk Road Definition". Investopedia. Retrieved 2021-10-12.
14. ↑ Patterson, Dan. "How the Dark Web works". ZDNet. Retrieved 2021-10-12.
15. ↑ "Four ways journalists can protect sources using the "deep web" | Media news". www.journalism.co.uk. 2021-02-25. Retrieved 2021-10-12.