Table of Contents

Threats loom ever present in our digital world, which is why methods of securing data are constantly advancing. Tactics like encryption are used every day on sensitive data-at-rest or in-motion. Encryption is the process of putting data in the form of plaintext into an encryption algorithm, and producing a ciphertext. Ciphertext is a form of data where all the patterns of letters that create words in the plaintext are scrambled into a new text that cannot be read without decrypting the data. Encryption uses a key to ensure the ciphertext cannot be deciphered by anyone but the authorized recipient.

Signing of data works to authenticate the sender of the data and tends to implement a form of encryption in its process. The process of signing emails, sensitive data, and other information has become necessary, as it verifies the identity of the sender and ensures the data has not been altered in transit. If a Man in the Middle attack occurred and the data was altered or compromised by the attacker, the recipient of the information would know that this has occurred. The attacker could alter the data, but as they do not have the key used by the sender to sign the data, the recipient of the data will know not to trust the sent data when analyzing the key and data.

How does digital signing work?

The process of digital signing works similarly to encryption. Encryption comes in two types, asymmetric and symmetric encryption. The process of asymmetric encryption works by creating a key pair with a public and private key. The private key is kept secret from everyone but the creator of the key, while the public key is available to everyone. The data is encrypted with the private key, and decrypted when needed with the public key. Symmetric encryption only uses one key for both encryption and decryption. As asymmetric encryption is more secure than symmetric encryption, it tends to be used more often. When sending data to a recipient, the correct method of encryption is to encrypt the data with the recipient’s public key, as this means only the owner of the key pair can decrypt that data.

Digital signing works oppositely. The data is signed by hashing the message with a hashing algorithm and the sender’s private key. This produces a hash digest, which can only be recreated through use of one of the keys in the key pair created by the sender. The recipient then receives the message, the hash digest, and the public key, if they did not already have it. The recipient then uses the sender’s public key to hash the message they have received. If the resulting hash digest matches the hash digest that has been sent along with the message, then the identity of the sender has been confirmed. This also confirms that the data has not been changed in transit. However, signing alone does not ensure the data has not been intercepted and read.

Encryption and Signing

To protect data from compromise and authenticate the sender at the same time, encryption and digital signing are used together. They are also both used in tandem to fulfill compliance standards for companies. Standards, like the Federal Information Processing Standards (FIPS) or the General Data Protection Regulation (GDPR), require companies to protect data as securely as possible along with authenticating data received from others. Encryption and digital signing ensures these standards are reached, and that users can be secure in the knowledge that data that is sent to and from them will not be compromised.

Confidential or sensitive data should always be encrypted and signed for its own safety. The use of encryption and signing together ensures that the main goals of cryptography, Confidentiality, Integrity, Authenticity, and Non-Repudiation are all met. Confidentiality and integrity are reached when data is encrypted asymmetrically, as only the intended recipient can decrypt the message. Non-repudiation and authenticity occur due to digital signing. Non-repudiation means that using the technique of digital signing, the sender of any information cannot, in the future, say they did not send the data, as the use of their private key confirms that they sent the data.

Common Encryption and Signing Algorithms

Symmetric Encryption Algorithms:

Asymmetric Encryption Algorithms:

Signing Algorithms:

  • RSA
  • ElGamal Encryption System
  • Digital Signing Algorithm (DSA)
  • ECDSA

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

The Digital Age we live in requires more and more data to be sent at one time, but this can quickly become an issue for the hardware sending the data. If too much data is sent across a connection, it could take hours or days to transfer, when the recipient needs it in minutes. This is where compression comes in. Compression uses patterns in data to shorten the size of the data, saving bandwidth and storage space in the process. This works well, but what if the compressed data is stolen in transit? Compression is not complicated to reverse so retrieving the original would be easy. This is why many people use encryption and compression together when sending messages.

Encryption and Compression

Encryption can be either symmetric or asymmetric. Symmetric encryption is the less complicated of the two, using one key to encrypt and decrypt data. Symmetric encryption is much faster than asymmetric encryption, but is not as secure. Only one key needs to be compromised to compromise the original data. Asymmetric encryption uses a public and private key pair to encrypt plaintext data. The plaintext is run through the encryption algorithm along with a private key, which only the sender knows. The data is then sent to the recipient, who uses the public key to decrypt the data. This ensures the identity of the sender of the data, as the public key only decrypts data encrypted with the private key in that pair.

Using encryption and compression, larger portions of data can be sent across the Internet securely. If only compression is used, the security of the data is at risk. A Man in the Middle attack could retrieve the data, decompress it, and read the original message. On the other hand, if only encryption were used, there is a limit to how big a message that is encrypted can be. This is why the majority of messages are both encrypted and compressed. The next question to answer is do you compress the data and then encrypt the data, or vice versa?

Encryption or Compression first?

The choice of encrypting or compressing data first depends on the types of attacks you need to circumnavigate. Initially, it was thought that the only way to combine encryption and compression was to compress the data before encryption. This is due to the fact that compression relies on patterns in data to function, while encryption attempts to destroy these patterns in data. The method of compression then encryption has been found to be weak to side channel attacks. These types of attacks use JavaScript code to perform a brute force attack on the victim’s browser, allowing the attacker to infer what the transmitted data is based on the size of that compressed data.

Though this issue was found with the method of compression then encryption, encryption then compression has many more issues comparatively. This method is more difficult than the previous method, because compression needs patterns in data to work correctly. This means the value of compressing data will not exist, as there should be no patterns in encrypted data. Due to this, differential cryptanalysis can be used against this method to determine the sensitive data’s value. Compression then encryption is much more resilient to differential cryptanalysis.

Common Encryption and Compression Algorithms

Symmetric Encryption Algorithms:

Asymmetric Encryption Algorithms:

Hashing Algorithms:

  • Deflate
  • Huffman Coding
  • LZ77

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

Rivest Cipher 4, or RC4, is a stream cipher created in 1987. A stream cipher is a type of cipher that operates on data a byte at a time to encrypt that data. RC4 is one of the most commonly used stream ciphers, having been used in Secure Socket Layer (SSL)/ Transport Layer Security (TLS) protocols, IEEE 802.11 wireless LAN standard, and the Wi-Fi Security Protocol WEP (Wireless Equivalent Protocol). RC4 owes its popularity, relating to stream ciphers, to its ease of use and performance speed. Now, significant flaws mean RC4 is not used nearly as often as before.

How secure is RC4?

RC4 was initially used in many applications, like SSL/TLS and WEP, until severe vulnerabilities were found in RC4 in 2003 and 2013. As RC4 was used in WEP, attackers had a chance to practice cracking it as often as they wished. With this practice, a flaw was found in RC4 where the encryption key used by RC4 could be cracked in less than a minute. RC4 keys can come in sizes of 64 or 128-bits, and the 128-bit key is able to be obtained in seconds. At the time, WEP was the only security protocol used for Wi-Fi, so the next phase, Wi-Fi Protected Access (WPA), had to be rushed for use.

Another vulnerability was discovered in RC4 in 2013 while it was being used as a workaround for a cipher block chaining issue that was discovered in 2011. Cipher block chaining is an operational mode used by block ciphers, which RC4 did not use. A group of security researchers found a way around RC4, with only a slight increase in processing power necessary in the previous RC4 attack. Due to these vulnerabilities, and other smaller ones found later, RC4 is no longer a cipher that is recommended to be used.

Variants of the RC4 cipher

There are 4 variants to the regular RC4 cipher:

  1. Spritz – Spritz is used to create cryptographic hash functions and deterministic random bit generator.
  2. RC4A – This is a variant that was proposed to be faster and stronger than the average RC4 cipher. RC4A was found to have not truly random numbers used in its cipher.
  3. VMPC – Variably Modified Permutation Composition (VMPC) is a version of RC4 that was found to have not truly random numbers used in its cipher, like RC4A.
  4. RC4A+ – RC4A+ is an advanced version of RC4A that is longer and more complex than RC4 and RC4A, but is stronger as a result of its complexity as well.

Advantages and Disadvantages

RC4 boasts a number of advantages compared to other stream ciphers:

  • RC4 is extremely simple to use, thus making the implementation simple as well.
  • RC4 is fast, due to its simplicity, which makes it a better performing cipher.
  • RC4 also works with large streams of data swiftly and easily.

Though it has advantages, RC4 has many disadvantages as well:

  • The vulnerabilities found in RC4 means RC4 is extremely insecure, so very few applications use it now.
  • RC4 cannot be used on smaller streams of data, so its usage is more niche than other stream ciphers.
  • RC4 also does not provide authentication, so a Man in the Middle attack could occur, and the RC4 cipher user would be none the wiser.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk