Encryption

What does encryption mean in a simple term?

It is a technique to code or scramble data to prevent them from being read without authorization.

In other words, it simply means the process where a message in a readable form (the plain text) is transformed into second message with the help of a key thereby making it unreadable in that state (the ciphertex) except with the use of the right key. This makes it unreadable by unauthorised persons.

This is one of the best ways to obtain a cost-effective data confidentiality.

Note

Encryption must not be confused with data hiding or padding. Data hiding makes the data not visible to read while data padding involves padding of the network to avoid data sniffing while it is being transported on the network from one location to another.

Why data encryption?

i) For the security of information (confidentiality and integrity) and that of other infrastructures which is very important to the survival of any organisation.

ii) In line with "Defence-in-Depth" system of security. A single layer can be circumvented by bad guys.

iii) Because of any unknown vulnerabilities in the computer system. In a situation like that, the information becomes unreadable to the attacker.

IV) Laptops are vulnerable to theft and to protect the information in it from being accessed and used by the attacker.

Types of encryption

1) Symmetric (Private Key) cryptography

This is the type that uses the same key to encrypt (translate message to an unreadable form by the sender) and decrypt (translate an unreadable message to a readable form by the receiver).

The weakness in this is how to send the key from the sender to the receiver without falling into the hand of a third part who is not a party to the message being passed.

Also, because of the population of people involved in e-commerce, this is not suitable for e-commerce.

2) Asymmetric (Public Key) cryptography

To avoid the type of problem in a symmetric cryptography, a solution is found in the method known as Asymmetric cryptography. This method uses a pair of keys – the public and the private keys. The public key can be openly distributed to anyone wishing to communicate with the key owner while the private key must be kept secret by the key owner.

The advantages it offers

a) It is an added value authentication as the holders of the two keys that can effectively communicate by encrypting and decrypting of messages.

b) It offers confidentiality and integrity of data.

Its limitations

1) The major one is that it does not prevent the deletion of the data we are trying to protect.

2) Since it uses key, then the management of the key becomes the deciding factor of success or otherwise of the program.

Specific areas where it is used

i) Sensitive stored data (to maintain the privacy of customers/employees personal information)

ii) E-commerce (because of credit card information e.t.c.)

iii) Wireless network (because of its peculiar nature of data transmission which is unlike wired networks)

iv) Cell phone (this is almost of the same nature with the wireless network)

v) E-mail (this is becoming necessary because of the sensitive nature of business data being transmitted on the mail)

vi) VPN also uses encryption to connect the virtual sites before transferring data.