Understanding Data Security
To understand PeopleSoft Encryption Technology, it's first necessary to understand the types of data security that cryptography in general can provide.
Data security comprises the following elements:
Privacy – keeping data hidden from unauthorized parties.
Privacy is normally implemented with some type of encryption.
Integrity – keeping transmitted data intact.
Integrity can be accomplished with simple checksums, or better, with more complex cryptographic checksums known as one-way hashes. Many times, checksums are combined with a type of asymmetric cryptography to produce digital signatures. These signatures, when verified, assure you that the data has not changed.
Authentication – verifying the identity of an entity that is transferring data.
Authentication can also be accomplished using digital signatures, which makes them an obvious choice for data security.
There may be certain regulatory, certification, or legal requirements to store certain data in a secure manner. For instance credit card numbers should not be stored in clear text form. Many businesses use encryption technology to secure this data.
Encryption is the scrambling of information such that no one can read it unless they have a piece of data known as a key. Using the key, the sender encrypts plaintext to produce ciphertext. The recipient also uses a key to decrypt the ciphertext, producing the original plaintext. The type of key at either end of this transaction, and the way it's applied, constitute an encryption algorithm. In all cases, the security of an encryption algorithm should not rely on its secrecy. Rather, it should rely on how well the operations involved affect the input data.
Data encryption algorithms come in two major forms: Symmetric cryptography and asymmetric cryptography. Symmetric cryptography falls into two categories: Block ciphers and stream ciphers. The bulk of cryptographic research has gone into block ciphers, which are employed by PeopleSoft Encryption Technology.
Symmetric encryption involves both encrypting and decrypting a piece of data using the same key, which is stored on the sending and receiving entities. To make it a bit harder to crack symmetric encryption schemes, they can be applied in a number of encryption modes. These modes provide ways of applying encryption sequentially to blocks of data, such that each block is encrypted by a combination of the encryption key and the previously encrypted block. Of course, when encrypting the first block, a previously encrypted block isn't available, so the encryption software applies a random initialization vector (IV) to get the process started. This IV does not have to be secret.
The most popular symmetric encryption modes currently in use are:
Electronic Code Book (ECB).
ECB does not apply any special recombinations while encrypting. Plaintext blocks are simply encrypted with the key to produce blocks of ciphertext.
Cipher Block Chaining (CBC).
CBC takes a the previous block of ciphertext and XORs it with the current plaintext block before encrypting the plaintext.
Cipher Feed Back (CFB).
CFB produces ciphertext by XORing the plaintext with the result of a symmetric encryption operation on the previous ciphertext.
Output Feed Back (OFB).
OFB produces ciphertext by XORing plaintext blocks with a series of blocks resulting from repeated encryptions of the initialization vector.
There's a drawback with symmetric cryptography: The recipient of symmetrically encrypted ciphertext must posess the same key to decrypt it that you used to encrypt it. Because of this, you'll need a secure method of transmitting the key. This can be done a number of ways. You can send the key electronically over a private line that cannot be tapped; you can personally hand the key to your recipient; or you can use a courier to deliver the key. None of these approaches is foolproof or very efficient. A partial solution to this problem is asymmetric encryption.
Asymmetric encryption involves the use of a pair of complementary keys, in which one key is used to encrypt a piece of data and the other key is used to decrypt it. This system uses public key encryption technology. The encryption key is called the public key and is widely distributed. The decryption key is the private key, which its owner must never reveal or transmit. Asymmetrically encrypted ciphertext is readable only by the owner of the private key. Anyone who wants to send ciphertext to that party needs only to have a copy of the recipient's freely available public key to perform the encryption.
Although asymmetric encryption is by design an excellent way for strangers to exchange data, it requires more computing power and capacity than symmetric encryption. Because of this, symmetric and asymmetric encryption are typically used in combination, to take advantage of the strengths of each system.
You apply the more efficient symmetric encryption to your data using a randomly generated symmetric key, which leaves only the problem of transmitting your symmetric key (also known as the content encryption key) to the recipient, who can use it to decrypt the ciphertext. You use the recipient's public key as a key encryption key, to apply asymmetric encryption to your symmetric key, not to your already encrypted ciphertext. The ciphertext and your symmetric key can now both be transmitted to the recipient. The recipient's private key is used to decrypt your symmetric key, which in turn is used to efficiently decrypt the ciphertext.
Integrity can be provided with a cryptographic hash. There are several well-known hash types, including MD2, MD4, MD5, SHA1, and RIPEMD160. These hash types have the following properties in common:
You cannot reverse the operation and get back the text that produced the hash. Indeed, this is obvious since most hashes have values that are 128-256 bits long. The size of a typical message will far exceed this, so it's extremely unlikely that the hash could contain all of the original information.
They're collision resistant.
There's almost no possibility of finding two meaningful messages that produce the same hash. Each hash algorithm has a different degree of collision resistance.
To use hashing, you generate a hash value from your data and include it when you transmit the data. The recipient uses the same hash algorithm to generate a hash value from the received data. If the result matches the transmitted hash, the data wasn't altered in transit.
Authentication can be accomplished in a number of ways. These include:
Digital signatures are by far the most popular and most reliable method of authentication. Digital signatures usually combine a hash with another cryptographic operation (typically asymmetric encryption) to produce a type of check that not only verifies that the data was not altered in transit, but also assures that the named sender is, in fact, the actual sender of the data.
For example, if we provide a digital signature based on SHA1 with RSA encryption, this means that an SHA1 hash of the message was encrypted with the private key of the sender. Because the SHA1 hash is very collision resistant, and assuming the private key of the sender is known only by the sender, then verifying such a signature indicates that the message was not altered and that it was sent by the named sender.