This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
All data pass through network is done either in clear text or in a format which requires that it be decoded to be viewed. HTTP, e-mail, FTP, and Microsoft Windows file-sharing can be accessed easily by internet hacker or network sniffer (John Mallery, jason Zann, patrick kelly, wesley Noonan - Hardening Network security, chapter 10, page-258 _ hardening Network Security).
Besides ASP.NET introduced a framework such as Authentication and Authorization using data encryption which determines the identity of authorized user and prevents unauthorized user to access the content.
Barry dorrans- Beginning ASP.NET
Data encryption defines a mathematical calculations and algorithmic schemes which convert plaintext into cyphertext which is non-readable to unauthorized parties.
`Reason for Encryption: Nowadays in all electronic communication there are a number of participants involved such as sender, receiver, carriers' service provider etc (network security_page 420).
Encryption is the best technique for ensuring the privacy of a message.
(Network security_practical approach_page 280)
It prevents hackers from listening in on private communications. Even if anyone success to capture the message, they can only see scrambled text because of encryption.
Encryption provides Secure Sockets Layer (SSL) which enables secure communications and user authentication over open and unsecured Internet such as financial transaction. Nowadays an international wireless security standard called Wi-Fi
Protected Access (WPA2) is being used to encrypt data transfer over wireless networks.
Digital television provides manage their subscriber access by encrypting video and audio signals.
Encryption is also very essential for national security of any country. Military communications use data encryption so that terrorists and anti social elements can not tapped message.
Some people think Encrypting decrypting messages consumes a lot of computing power which might slow down data communication. Another drawback of data encryption is using digital certificate for authentication which requires the development and maintenance of a PKI. This can be costly for a small organization. (Network security practical page 280)
Types of encryption:
Encryption always requires a key which determines the output of the algorithm. This key is usually piece of information, used as a parameter in encryption algorithm. Encryption schemes come in two categories: symmetric and asymmetric. (Beginning ASP.net Security_page 124)
Symmetric Encryption also known as single-key encryption is a type of encryption where a secret key is being shared to encrypt and decrypt information. A secret key can be a word, a character, or just a string of random letters. The sender and receiver both should know the secret key in order to retrieve or send information. Popular symmetric-key encryption algorithms are Blowfish, RC2, RC4, AES, and IDEA etc. Most of these operations are based on replacement and scrambling which means some bytes is replaced with other bytes according to algorithm rules.
The .NET framework provides various symmetric algorithms that share a common characteristics - they are all block ciphers (Beginning ASP.NET Security_page 124) which encrypts data by breaking it down into blocks (commonly 64 bits).
Asymmetric Encryption was developed to eliminate the sharing of key between sender and receiver. Asymmetric Encryption use two keys - one for encrypting (known as the public key) and one for decrypting (known as the private key). (Beginning ASP.NET Security_page 133)
In .NET framework, there is a RSACryptoServiceProvider class which supports this type of encryption. The key size of this class is 1024 bits.
When a user wants to forward a file, they just encrypt the information adding recipient's public key. Once the recipient receives the file they retrieve the information by using the private key.
Asymmetric Encryption works with digital signatures which allows recipient to validate the incoming data source. A certificate is a package of data or information which identifies a server or a user and contains information about it. E.g. organization name, user's email ID and location, the certificate issued by the organization, and the user's public key.
Comparison between symmetric encryption and Asymmetric encryption:
Symmetric encryption is very efficient algorithm. Hardware implementations of symmetric encryption can encrypt hundred of megabytes per second as well as software implementation.
Asymmetric encryption is on the order of 100-1000 times slower than symmetric encryption which makes it impractical during encryption of large amounts of data
As symmetric ciphers use keys of small size, the number of keys that are required increases dramatically with the number of communication entities, where a pair of public/private keys is only required for each entity in Asymmetric encryption.
The shared key must be exchanged securely between each pair of communicating entities in symmetric encryption. Knowledge of the public key of an entity is sufficient to communicate securely in asymmetric encryption.
In asymmetric encryption each entity needs to protect the secrecy of its own private key where the secrecy of the key must be protected in symmetric encryption as each key is being shared at both entities. (Network security, page 466, page 472)
Combining symmetric encryption and asymmetric encryption:
To maximize the advantage of both types of encryption scheme is to create a random symmetric key which will encrypt the data. Then it will encrypt the key asymmetrically. After that it can be added to the encrypted message. After the receiver receives the key, decrypts it using the private key, and then uses it to decrypt the message. This type of encryption is known as hybrid encryption. There are many protocols that uses hybrid manner by combining asymmetric and symmetric algorithms. Such as IPSec which provides integrity, privacy services for data diagram and web authentication.
Due to internet's open nature and the risk of web surfing, applying data encryption to the communication medium such as instant messaging and emailing is becoming very popular day by day. Without this encryption mechanism, anyone can easily capture and view the information, being transferred over the internet. Especially data encryption is well worth pursuing when considering crimes like identity theft are on the rise.