Welcome » IT Booklets » Information Security » Security Controls Implementation » Encryption » Examples of Encryption Uses
Asymmetric encryption is the basis of public key infrastructure.
In theory, PKI allows two parties who do not know each other
to authenticate each other and maintain the confidentiality,
integrity, and accountability for their messages. PKI rests
on both communicating parties having a public and a private key,
and keeping their public keys registered with a third party they
both trust, called the certificate authority, or CA. The use of and
trust in the third party is a key element in the authentication
that takes place. For example, assume individual A wants to
communicate with individual B. A first hashes the message,
and encrypts the hash with A's private key. Then A obtains
B's public key from the CA and encrypts the message and the hash
with B's public key. Obtaining B's public key from the
trusted CA provides A assurance that the public key really belongs
to B and not someone else. Using B's public key ensures that the
message will only be able to be read by B. When B receives the
message, the process is reversed. B decrypts the message and hash
with B's private key, obtains A's public key from the trusted CA,
and decrypts the hash again using A's public key. At that
point, B has the plain text of the message and the hash performed
by A. To determine whether the message was changed in transit, B
must re-perform the hashing of the message and compare the newly
computed hash to the one sent by A. If the new hash is the
same as the one sent by A, B knows that the message was not changed
since the original hash was created (integrity). Since B
obtained A's public key from the trusted CA and that key produced a
matching hash, B is assured that the message came from A and not
someone else (authentication).
Various communication protocols use both symmetric and
asymmetric encryption. Transaction layer security (TLS), the
successor to Secure Socket Layer (SSL) uses asymmetric encryption
for authentication, and symmetric encryption to protect the
remainder of the communications session. TLS can be used to
secure electronic banking and other transmissions between the
institution and the customer. TLS may also be used to secure
e-mail, telnet, and FTP sessions. A wireless version of TLS
is called WTLS, for wireless transaction layer security.
IPSec is a complex aggregation of protocols that together
provide authentication and confidentiality services to individual
IP packets. It can be used to create a VPN over the Internet
or other untrusted network, or between any two computers on a
trusted network. Since IPSec has many configuration options,
and can provide authentication and encryption using different
protocols, implementations between vendors and products may
SSL and TLS are frequently used to establish encrypted tunnels
between the financial institution and Internet banking users.
They are also used to provide a different type of VPN than
that provided by IPSec.
Secure Shell (SSH) is frequently used for remote server
administration. SSH establishes an encrypted tunnel between a
SSH client and a server, as well as authentication services.
Encryption may also be used to protect data in storage.
The implementation may encrypt a file, a directory, a volume,
or a disk.