Encryption Methods

Data Protection

Algorithm	Strength	Use
DES	Insecure	Government used in the 1970’s
AES	Secure	Replaced DES and is currently used by the government.
AES256	Extremely Secure	Government uses this for top secret information.

Algorithm	Strength	Use
RSA	Secure	Multiple environments, such as SSL and key exchange.
Diffie-Hellman	Secure	Creates and sends keys across public networks (Dulaney & Easttom, 2014).
Elliptic Curve Cryptography	Most Secure	Combines points within a curve with points at infinity.

Hashing must contain these three characteristics, irreversible, fixed length, and no collisions.  There are also three hashing algorithms available, Secure Hash Algorithm (SHA), Message Digest Algorithm (MD), and RACE Integrity Primitives Evaluation Message Digest Algorithm (RIPEMD).

Secure Hash Algorithm has three different size values, SHA which is a 160-bit hash value, SHA-2 which has 224, 256, 334, and 512-bit, and SHA-3 which uses the SHA-2 values.  SHA can be utilized alongside of an encryption protocol.  SHA-2 is the most commonly used worldwide, but SHA3 was recently released and has now become a standard.  The original name for SHA was Keccak and it was designed by Guideo Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche. (Dulaney & Easttom, 2014)

The Message Digest Algorithm, which creates an one-way hash that helps maintain integrity.  The most recently released version is MD5 which has a 128-bit hash.  The others before it, MD, MD2, and MD4 are far less complex and unsecure.  Although MD5 is secure it does not have a very strong collision resistance.  Therefore, this algorithm is not recommended as SHA is the alternative.

RACE Integrity Primitives Evaluation Message Digest Algorithm, was originally based off of MD4, which brought questions of its security.  Currently there are still other versions of RIPEMD, which are RIPEMD-160, RIPEMD-256, and RIPEMD-320.  Overall, the most secure hashing algorithm to this day seems to be SHA3.

Secure Sockets Layer (SSL) is a protocol that utilizes the handshake method of starting a session.  SSL is a standard security technology that creates an encrypted connection between a web server and a web browser.  The connection guarantees that all data distributed between the two parties remain secretive and integral.  This protocol can be used alongside with Transport Layer Security (TLS). 

Transport Layer Security (TLS) is the security protocol that would expand upon utilizing alongside SSL.  A majority of web browsers start with port 443 when accessing a TLS/SSL connection, unless the server is configured to use port 80.  The reason of which TLS is the better option than SSL, as it is more secure and does not require nearly as much configuration.

Company	Encryption Used	Basic Cost
Symantec	Combination of SSL encryption and a non-encrypted HTTP ports	$399 for 1 year
Digicert	Combination of SSL encryption and RSA.	$175 for 1 year

Reason	Definition	Example
Confidentiality	Avoid the unsanctioned discovery of data on a network.	An unsecure network with little to no confidentiality is easy to crack and steal the data.
Integrity	Guaranteed that a message wasn’t altered during communication.	Message being altered to contain a virus during transmission.
Digital Signatures	Authenticates the veracity of the memo and source.	Like a signature used when processing a transaction.
Authentication	Verification of authenticity.	Not a fake.
Nonrepudiation	Denial prevention	Preventive measures to ensure denial is not possible.

Public Key Infrastructure system (PKI) is a system that helps create and preserve a dependable networking environment.  Its main purpose is specifically to manage certificates and keys.  The use of PKI enables the organization the ability to utilize encryption and digital signature services across a wide variety of applications.  Public Key Infrastructure contains four main components, certificate authority (CA), registration authority (RA), RSA, and digital certificates (Dulaney & Easttom, 2014).

Certificate authority, is an association that issues, revokes and distributes certificates for verification purposes.  A registration authority, allows some of the workload from the certificate authority to be distributed as RA is basically the middleman within the entire process.  Registration authority basically handles the distribution, validation, and the registrations for the certificate authority.

RSA is an algorithm that utilizes large integers as the base, being it has been widely implemented it is now a standard.  The digital certificate is used throughout the process to verify the authenticity of all parties involved.