Photography by Hillary Ehlen
March is National Cyber Security Awareness Month, which gives us a good excuse to go even deeper on the backbone of security: encryption.
The easiest way to talk about encryption is to take an everyday situation and break it down into its component parts. In this article, we’ll think about encryption through the example of something almost all of us do: online shopping.
Specifically, our goal here is to shed some light on why you can be comfortable with making online transactions and why we don’t end up with our identities stolen after every purchase. To do that, we need to break encryption down into its smaller, individual components and explain how they are used together.
Encryption is the process of hiding important information by scrambling that information so only those who need to can understand it. The easiest way to achieve this is by using what’s called symmetric encryption. Symmetric encryption utilizes the same shared secret between the message-sender and -receiver to scramble the message and unscramble it. This “shared secret” between the senders and receivers is called a cipher. Let’s take a quick look at a simple cipher:Above, we used what is called a shift cipher to encrypt the message “HELLO FARGO.” A shift cipher moves the letters in the alphabet a specific direction and recreates the message using the new alphabet. In our case, I shifted the alphabet upward by four positions. You, the receiver of the message, can easily decode LIPPS JEVKS back to HELLO FARGO using our shared secret, or our cipher.
Symmetric encryption works great only if you keep the cipher hidden to those who only need to know the message contents. This is much harder than you think. Historically, symmetric encryption is wrought with failure and minimal success. If you enjoy historical failures, you can look into how the stolen blueprints of the Enigma machine led to the Allied forces turning the tide of World War II.
How do we successfully communicate a shared secret between us? The answer is we need to use another type of encryption called asymmetric encryption.
Asymmetric encryption, also called public key cryptography, utilizes two different ciphers to encrypt and decrypt the message between the sender and receiver. The sender of the message utilizes the public (encryption) key to encode the message, and the receiver of the message utilizes a private (encryption) key to decode the message.
Unfortunately, I can’t provide a direct example of this, as even the simplest forms of asymmetric encryption utilize what’s called prime-number factorization, mathematical derivatives and other scary math terms I pretended to have once known in pre-calculous. Thankfully, we can draw a close analogy using a locked public U.S. Postal Service mailbox.
We use a basic form of asymmetric encryption every time we get the daily mail. Most mailboxes are locked with a physical key that only the recipient of the mail has. By dropping the mail into a publicly locked mailbox, the sender encrypts the message so that only the receiver can read the message. They unlock, or decrypt, the mail with their physical key to the lock. The mailbox acts as a public key, where anyone can encrypt a message, but only those with the private key — in this case, a physical key — can read the contents of the message.
Comparable to symmetric encryption, it’s much easier to keep your private key secure if you don’t have to share it with anyone. However, this leaves us with a secure, one-sided communication and a reliance on the mailman to not steal the unencrypted message during transit. We can fix these problems.
Putting Them Together
When we use symmetric and asymmetric encryption together, we end up with a way to securely transport messages between two parties, regardless of who is carrying the message.
Keeping our mailbox analogy and adding a lockable box, we can secure communications between two individuals and a third-party message carrier. The sender must be given an open-unlocked box from the receiver that only the receiver has the key to open. The sender places a symmetric cipher — to be used to encrypt for further communications — in the box and then locks it.
The receiver opens the locked box with their key and can now communicate back to the sender with the symmetric cipher inside. If the mailman were to steal the locked box, no problem, the sender can send another locked box with a different cipher until its successfully received. The mailman doesn’t possess the key to the lockbox and therefore cannot access the message. This process continues until the sender receives an encrypted message that they can decrypt with the original cipher.
What encrypted message do you decode? A completely new secret way, or cipher, of how to encrypt the next message back to the intended receiver. You then encrypt your message with the safely transmitted symmetric cipher. This creates a loop of securely transferring the information between a sender and receiver.
Applying this to our everyday shopping habits, we can securely transmit credit card numbers to online retailers without ourselves having to provide anything other than our credit card number to be safely encrypted and sent. Computers successfully generate and communicate via these methods every time you send your information. This prevents people from grabbing our private information out of the digital airwaves and using it to digitally “become” us.