Security - Encryption Technologies
Security. Explain the basic principles of security concepts and technologies
Encryption is the process of converting information, with the use of a cipher (algorithm), making it unreadable by other users unless they have the correct "key" to the information. Cryptography is the practice of hiding information. In a cryptosystem, information is protected by disguising it.
There are two main categories of encryption algorithms:
- Symmetric key: This encryption system employs a key shared between the receiver and the sender. It is quick and easier to implement than an asymmetric system. One logistical issue with symmetric keys is that the shared key must be communicated between the users securely before file transfer can commence. Items like WEP, WPA, Encrypting File System (EFS), BitLocker, Kerberos, AES, 3DES, and alike all belong to symmetric key technology.
- Asymmetric key: This system employs two keys, the public and the private one. Data is encrypted by users with the public key stored on the target computer. Upon receipt of the data, the target uses a private key to decrypt the data. One issue with asymmetric is ensuring that the public key is authentic; to be certain, organizations will use a PKI or public key infrastructure. RSA and ECC are both examples of asymmetric keys.
Another type of encryption is used for verifying the integrity of files that are downloaded; this is known as hashing. A hash is a mathematically generated number that ensures message integrity. Examples of hash algorithms include Secure Hash Algorithm (SHA) and Message-Digest algorithm 5 (MD5).
Encryption in Windows
There are a few different encryption technologies used in Windows. For example, whenever you log on to a Windows network, that authentication is secured with the Kerberos protocol. Another example is when you want to encrypt one or more files or folders. In this case Windows uses the Encrypting File System (EFS), a component of NTFS. Follow the steps below to encrypt a file in Windows:
- Locate the file, right-click it, and select Properties. This brings up the General tab within the file's Properties window.
- At the bottom of the General tab, click the Advanced button. This brings up the Advanced Attributes window.
- Check the box labeled Encrypt Contents to Secure Data.
- Click OK for both windows. (When you do so, the system should ask whether you want to encrypt the parent folder and the file or just the file. It's recommended that the file's parent folder be encrypted as well.)
The file should now appear green within Windows Explorer. To unencrypt the file and return it to normal, simply deselect the check box.
EFS is considered a symmetric key technology but actually uses symmetric and asymmetric keys. Any individual or program that does not have the correct key cannot read the encrypted file. If a file needs to be decrypted and the original user (owner of the key) isn't available, an EFS recovery agent will need to be used. In many cases, the default recovery agent is the built-in Administrator account. It is important to note a few more items: One is that EFS isn't designed to protect data while it is transferred from one computer to another; the other is that it is not designed to encrypt an entire disk.
To encrypt an entire disk, you need some kind of full disk encryption software. There are several currently available on the market; one developed by Microsoft is called BitLocker-available only on Vista Ultimate and Vista Enterprise. This software can encrypt the entire disk which, after complete, is transparent to the user.