Technical overview, Data encryption – Allied Telesis AT-S63 User Manual

Page 770

background image

Chapter 33: Encryption Keys

770

Section IX: Management Security

Technical Overview

The encryption feature provides the following data security services:

ˆ

Data encryption

ˆ

Data authentication

ˆ

Key exchange algorithms

ˆ

Key creation and storage

Data Encryption

Data encryption for switches is driven by the need for organizations to
keep sensitive data private and secure. Data encryption operates by
applying an encryption algorithm and key to the original data (the
plaintext) to convert it into an encrypted form (the ciphertext). The
ciphertext produced by encryption is a function of the algorithm used and
the key. Because it is easy to discover what type of algorithm is being
used, the security of an encryption system relies on the secrecy of its key
information. When the ciphertext is received by the remote router, the
decryption algorithm and key are used to recover the original plaintext.
Often, a checksum is added to the data before encryption. The checksum
allows the validity of the data to be checked on decryption.

There are two main classes of encryption algorithm in use: symmetrical
encryption and asymmetrical encryption.

Symmetrical Encryption

Symmetrical encryption refers to algorithms in which a single key is used
for both the encryption and decryption processes. Anyone who has access
to the key used to encrypt the plaintext can decrypt the ciphertext.
Because the encryption key must be kept secret to protect the data, these
algorithms are also called private, or secret key algorithms. The key can
be any value of the appropriate length.

DES Encryption Algorithms

The most common symmetrical encryption system is the Data Encryption
Standard
(DES) algorithm (FIPS PUB 46). The DES algorithm has
withstood the test of time and proved itself to be a highly secure
encryption algorithm. To fully conform to the DES standard, the actual
data encryption operations must be carried out in hardware. Software
implementations can only be DES-compatible, not DES-compliant. The
DES algorithm has a key length of 56 bits and operates on 64-bit blocks of
data. DES can be used in the following modes:

ˆ

Electronic Code Book (ECB) is the fundamental DES function.
Plaintext is divided into 64-bit blocks which are encrypted with the DES