Data Encryption And PKI Basics
One of the complex subject for every system engineer or application developer is data security and integrating the security algorithms to encrypt the data. There are different terms to be understood in encryption. Encryption and Decryption of data is not tied to particular operating system or any application. My article would cover basics of encryption mechanisms and dive into Microsoft Certificate Authority implementation.
I would like to explain in simple terms which is understandable by engineers. Data encryption is a method of protecting the data from attacks, this protection is done with the combinations of algorithms and keys.
At the very least you need to have Algorithm and a key to protect the data or encrypt the data. Applications should take advantage of the available algorithms and usage of the keys to protect their data. There are 2 different types of algorithms
- Symmetric Algorithm
- Asymmetric Algorithm.
Both the above algorithm modes implements different techniques to protect / encrypt the data which we will discuss in the later sections of the article.
Terms: Understanding terms is important , so I have outlined few of them below which I would go in depth , but this helps engineers to understand the engineering behind encryption and decryption process.
Cryptography : A process to hide data from one form to another. The plain text data is converted into unreadable form and then decrypted back to the readable form using algorithms and keys.
Keys: This is one of the building block of encryption and forms an important aspect to understand its importance. Key is simply a integer number. Keys are used to encrypt or decrypt the data. Keys are generated either using algorithm / Random Number Generators. Key should always be long which makes attacker difficult to attack either using Brute Force attack mechanism. An Attacker who obtains the key can easily read the data being sent from source to destination.
Private Key : Key which cannot be published to different users
Public Key : Key which can be published to one or more users.
Symmetric Algorithm : This uses one single key for both encryption and decryption
Asymmetric Algorithm: This algorithm has one public key and one private key.
One important consideration is that public key can be
Distributed but private key cannot. So this distribution
Can be done through AD digital certificates method.
Hash Algorithm: This one is tricky because it accepts one input and produce 2
Mathematical output which is referred as hash value
Algorithm Types :
Symmetric Algorithms : DES , Triple DES , AES , RC4 and RC2 . I have covered major algorithms in use.
Asymmetric Algorithms : Diffie Hellman , DSA and RSA.
Hash Algorithms : MD5 and SHA1.
In this article we have understood the very basics of PKI infrastructure. We will further continue and explore more on the process and designing the PKI.
Cristina Satizábal , Juan Hernández-Serrano , Jordi Forné , Josep Pegueroles, Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks, Computer Communications, v.30 n.7, p.1498-1512, May, 2007
Bu-Sung Lee , Wing-Keong Woo , Chai-Kiat Yeo , Teck-Meng Lim , Bee-Hwa Lim , Yuxiong He , Jie Song, Secure communications between bandwidth brokers, ACM SIGOPS Operating Systems Review, v.38 n.1, p.43-57, January 2004