Usage: TLS, VPN, SSH Symmetric encryption: With this shared key, both parties now switch to symmetric encryption, which is faster and more suitable for handling large amounts of data. Anyone should be able to send us encrypted data, but only we should be able to decrypt and read it! Asymmetric encryption is usually employed to securely establish a common secret (key) between two parties communicating over an insecure channel. When applying encryption, the public key is used, whereas decrypting requires the private key. As their names suggest, the private key must be kept secret, whereas the public can be known to everyone. On the other hand, in asymmetric encryption algorithms, there are two keys in use: one public and one private. Only those who are authorized to access the data should have the single shared key in their possession. In symmetric encryption algorithms, a single secret (key) is used to both encrypt and decrypt data. Key re-use carries the security risk that if its confidentiality is circumvented the impact is higher because it “unlocks” more sensitive data.Įncryption is divided into two categories: symmetric and asymmetric, where the major difference is the number of keys needed. It should be used in a single context, avoiding re-use in a different context.The key’s value should be extremely difficult to guess in order to preserve confidentiality.The encryption key and any other cryptographic key should have some properties: To achieve that, encryption requires the use of a secret which, in cryptographic terms, we call a “key”.
What is Encryption?Įncryption is defined as the process of transforming data in such a way that guarantees confidentiality.
We’ll now define what is encryption, hashing, encoding and obfuscation focusing mostly on identifying which of the three cryptographic properties (confidentiality, integrity, authenticity) hold true for each of them. Authenticity is this example means that patient data should be tied to an identified individual, and that, when a doctor modifies the data - because they authorized to do so - it’s of vital importance to know which doctor did it in a way that they can’t repudiate. Its integrity must also be protected because tampering with such data can result in a wrong diagnosis or treatment with possible health risks for the patient. Integrity refers to protecting information from being altered, and authenticity has to do with identifying the owner of the information.Īs an example, personal medical data needs to be confidential, meaning that only doctors or medical personnel should access it. We’ll then compare and contrast encryption, hashing, encoding, and obfuscation, showing which of these operations provide which of the security properties.Ĭonfidentiality is about protecting information from being accessed by unauthorized parties or, in other words, is about making sure that only those who are authorized have access to restricted data. In this post, we’ll define the security pillars of cryptography: confidentiality, integrity, and authenticity. Some algorithms fall out of use due to flaws uncovered through cryptanalysis others, simply due to advances in computation which render them ineffective when facing state-of-the-art technology. This arms race between cryptography and cryptanalysis has incentivized the creation of stronger algorithms through the ages - from ancient Greece and Rome to our digital age and beyond. While modern cryptography aims to create mechanisms that protect information through the application of mathematical principles and computer science, cryptanalysis, by contrast, aims to defeat such mechanisms in order to obtain illegitimate access to the information. The discipline of cryptography, necessary for a variety of security applications, is no stranger to the arms race found in all other security disciplines.