A Survery on the Use of Encryption and Encryption Schemes

Team Members

• Josh Opos
• Andrew Terry
• Steven Huang
• John Naegle

Project Description

Information security has played a critical role in protecting national secrets, strategies and communications for many thousands of years. Whenever a communication medium, such as paper-based message passing, radio transmissions, or digital information can be observed by an adversary, such as a foreign government, and the value of the information is high, information security has been critical to safeguarding the information. Cryptography, the process of scrambling ordinary text into a cipher text with encryption techniques and decrypting the transmitted message, is one means of achieving information security and has been in use for thousands of years. The earliest recording of such encryption use occurred some 4000 years ago in Egypt where hieroglyphic inscriptions on the tombs of noblemen were written with a number of unusual symbols to obscure the meaning of the inscriptions. Julius Caesar in 50 BC and the Spartans in 5 BC developed simple substitution and transposition ciphers to send and receive secret messages. With the renaissance, the evolution of mathematics, the development of mass communications, the world wars, and the Internet era, cryptography and encryption have evolved rapidly and been used extensively to protect sensitive data.

In most applications of cryptography, the transmitted cipher text is readily available. In the early 20th century, encrypted messages were often sent over radio making it possible for any listener to intercept the encoded text. Similarly, any knowledgeable listener can intercept Internet traffic and capture an encoded message. In almost every instance, cryptography is required because of unsecured communications channels that can be passively or actively attacked by an enemy. In addition there is little security through algorithmic obscurity. History has shown that maintaining the secrecy of an encryption algorithm to be very difficult. The modern cryptographic and security communities now assume that an adversary is given cipher texts and the encryption schemes used to produce, with only the encoding or decoding keys remaining private knowledge.

The cryptographic community is highly skilled and trained to understand these fundamental axioms. However, the people applying encryption schemes may not have a thorough understanding of the principles involved. Even when there have been highly skilled personnel coming up with encryption schemes, the use of these schemes has been carried out by individuals in such ways that the underlying keys used to perform the encryption or decryption were exposed to the enemy. An encryption scheme that is secure against all possible attacks can easily be rendered insecure if it is applied incorrectly.

Governmental policy places many restrictions on encryptions standards and implementations, such that many companies and consumers are unable to use the strongest encryption methods. This causes many different encryption schemes to be used, and while each may be individually secure, users are prevented from learning and applying a common encryption model. Further, government imposed policies can require “key escrow” or “key recovery” in which a spare set of keys is given to a "trusted third party" who had been approved by the government and who must turn over the keys in the case of dispute or criminal investigation. However, these policies can lead to loss of privacy and create insecurities in the encryption schemes. The combination of improper use of restricted encryption schemes and the fact that there is a “back door” for government access can be very dangerous, and may lead to large-scale attacks.

This project will discuss the history of encryption and will point out key events, which led to the formulation of the current state of encryption and information security in the digital age. It will show the progression of adversarial attacks and what lengths adversaries will go in order to decipher messages. It will discuss current encryption policy and practices and how they have played a role in information security, where they have succeeded and where they have failed. In addition, it will look to the future of encryption and information security and make recommendations for future policy makers.

Project Details

• Paper Outline
• Timeline
• References

Back to Student_Projects:Encryption_Use