Skip Navigation

Encryption Basics

Encryption is the process of taking readable information and converting it into a form that is not feasible to read without knowing a secret piece of information called the encryption key. By encrypting information, we can protect it both from discovery at rest and from interception in transit.

Page Contents

Plaintext and Ciphertext

Encryption is the process of converting information in plaintext (either human-readable text or a format that is trivially readable by a computer program) into ciphertext. Ciphertext, when intercepted, looks like a bunch of random data. However, if one possesses the encryption key, it is possible to convert the ciphertext back to plaintext and read the message. The process of converting between plaintext and ciphertext requires the use of advanced mathematical algorithms that are designed to make it difficult for someone to guess the encryption key or otherwise obtain the plaintext from the ciphertext.

By way of example, I can use the GNU Privacy Guard1 (version 2) to encrypt the following piece of plaintext using the (weak and for example purposes only) password “secret”:

Anti-Forensics and Digital Privacy

Using the OpenPGP ASCII armored output format,2 the resulting ciphertext reads:

-----BEGIN PGP MESSAGE-----

jA0ECQMKYyikq1Y/b1H/0mEBNJOh7/LG2Bu6qs0IM4g4gdKvRg82+TEEvYJPrgJJ
O/u5acparK+zMqbVkMBGaEkBpaRV4bX+lxfyRN/KTqBUXOgbkOk0UJxm6d7HQPQR
Ljt/lRvWDnXvKtBH2SjyYxdi
=Mk2p
-----END PGP MESSAGE-----

Notice how this ciphertext appears to be a random sequence of characters that looks nothing like the plaintext.

Protecting Confidentiality

Academically, we refer to someone trying to intercept a secure piece of information as an adversary. An adversary can take numerous forms depending on the context. For example, in the case of identity theft, the adversary is the thief or scam artist trying to acquire a person’s identity. Another example of an adversary might be an eavesdropper on a private conversation, which could be anyone from a nosy sibling or neighbor to a government entity. Different adversaries frequently have different objectives. A nosy sibling or neighbor might simply be curious, for example, while a government entity might want to intercept communications for intelligence purposes or to prosecute someone.

Encryption is one method that can be used to safeguard information from an adversary, provided the adversary does not know the encryption key and cannot intercept a plaintext version of the information. In the ideal case, two people wanting to exchange information while protecting it from an adversary would encrypt the information at each end of their communications channel, sending only the ciphertext between them. This approach, which is called end-to-end encryption (E2EE), protects the information while it is in transit between the two individuals. Anyone who intercepts the message somewhere along the way would only see the ciphertext. Unless the interceptor already has the encryption key or the encryption algorithm is weak, it is not computationally feasible for the interceptor to recover the plaintext from the ciphertext. By using encryption, we can maintain the confidentiality of the information being shared.

Terminology

To be able to discuss encryption at any length, it is first necessary to understand some common terminology that is used. These terms include:

Plaintext
Information that is readily understood by a person or computer system. Plaintext is the unencrypted form of data.
Ciphertext
Information that has been transformed using an encryption algorithm with an encryption key to make it difficult to impossible for a person or computer system to understand without access to the encryption key.
Encryption algorithm
A mathematical algorithm that generates ciphertext from a combination of plaintext and an encryption key. When run in reverse, the algorithm recovers the plaintext from the generated ciphertext using the encryption key.
Encryption key
A piece of data that is used by an encryption algorithm to make it possible to generate and recover ciphertext. Depending on the encryption algorithm, the encryption key could take a form similar to a password or passphrase. For other algorithms, a long sequence of binary computer data might be used as the encryption key.
Adversary
In the context of encryption, someone (or some thing) that tries to access a copy of the plaintext without authorization.
End-to-End Encryption (E2EE)
The act of encrypting a message before sending it through a communications system, after which it is decrypted only by the intended recipient of the message. Any reply from the recipient is similarly encrypted before sending it through the communications system back to the original sender, who similarly decrypts the reply only after receiving it.
Deniable Encryption
Encrypted data that cannot be distinguished from completely random data that might happen to be present on a computer system by chance. In the above example, we do not have deniable encryption, since the BEGIN PGP MESSAGE and END PGP MESSAGE lines in the ciphertext give away the presence of encrypted data.

Encryption at Rest

In situations where there is a risk of theft directly from a computer system, data stored on that system can be encrypted at rest. The ciphertext is only converted to plaintext inside the computer’s Random Access Memory (RAM) while the system is being used. When the computer is turned off, only the ciphertext is stored on the hard drive or solid state drive inside the machine. A computer configured in this way is using encryption at rest.

Encryption at rest is an example of an anti-forensic data protection technique, since a theft or seizure of the computer system (at least while it is powered off) will only permit recovery of the stored ciphertext. It is not computationally feasible for computer forensics tools to guess the encryption key when the encryption has been performed correctly. A good use case for data-at-rest encryption occurs with laptop computers, which have a high risk of theft while in transport or away from the home or office. Protecting saved files with encryption can help prevent a laptop thief from also becoming an identity thief by obscuring personal information stored on the device.

The inside a solid state drive

Figure 1: The main circuit board inside an older model of solid state drive.

Note that at-rest encryption must be performed correctly in order to be successful. On Linux systems, the Linux Unified Key Setup (LUKS)3 can be used to create a fully encrypted disk that is unlocked only at boot time.4 Windows systems are not as easily protected without adding extra software, since BitLocker encryption falls back to the solid state drive’s built-in encryption key on modern systems.5 The SSD key is easy to recover with a computer forensic tool that can put the drive into Factory Access Mode, allowing the key to be read and BitLocker to be bypassed quickly.6

Encryption in Transit

In many cases, the data on our computer systems is not encrypted at rest but is instead stored in plaintext. Encrypting all data on a system comes with several tradeoffs that chiefly involve performance and disaster recovery. There is a significant performance penalty inherent with using full system encryption. Measurements using LUKS on NVMe solid state disks show performance losses that can exceed 75% for some workloads.7 In addition, the presence of encryption makes data recovery significantly more difficult if the storage device begins to fail. We can normally use various digital forensic techniques to recover at least some data from a failing disk drive or SSD. However, it only takes the loss of a tiny bit of ciphertext to make it impossible to decrypt back to plaintext, even if the key is known. For these reasons, stationary computer systems (such as servers and desktop PCs) often rely heavily on physical security to protect confidentiality.

Physical security is sufficient to protect confidentiality as long as a computer system does not communicate with any other systems. Such systems, known as air gapped systems, do exist and are used for certain high-confidentiality purposes. However, most systems today are connected to the Internet and definitely do communicate with other systems. Even if the data on these systems are stored in plaintext, they are typically encrypted before being sent to other systems that in turn decrypt the data upon receipt. This encryption and decryption only when transferring data is called encryption in transit. You are using a type of encryption in transit while viewing this website over the HTTPS protocol.8 When your browser requests the content of this page, it creates an encrypted connection to the Coastal Carolina University ww2 server. Both the specific request for this page and the server’s response are communicated via this encrypted channel, making it computationally infeasible for an observer monitoring the Internet between you and the server to read the contents of this page. However, the page doesn’t have to be stored with encryption on either the server or your computer for this process to work.

Notes and References

  1. The GNU Privacy Guard

  2. OpenPGP Message Format. RFC 4880. November 2007. 

  3. Linux Unified Key Setup

  4. dm-crypt/Encrypting an entire system. ArchWiki. 

  5. Günter Born. “SSD Vulnerability breaks (Bitlocker) encryption.” Born’s Tech and Windows World. November 6, 2018. 

  6. Oleg Afonin. “Life after Trim: Using Factory Mode to Image SSD Drives.” Elcomsoft Blog. January 16, 2019. 

  7. Paul-Philipp Kuschy. “Performance impact of disk encryption using LUKS.” Sovereign Cloud Stack. February 24, 2023. 

  8. HTTP Semantics. RFC 9110. Section 4.2.2. 

 

Encryption
Types of Encryption