Data encryption, Symmetrical encryption – Allied Telesis AT-S60 User Manual

Chapter 23: Encryption

Section V: Security Features

486

Data Encryption

Data encryption for switches is driven by the need for organizations to
keep sensitive data private and secure. Data encryption operates by
applying an encryption algorithm and key to the original data (the
plaintext) to convert it into an encrypted form (the ciphertext). The
ciphertext produced by encryption is a function of the algorithm used
and the key. Since it is easy to discover what type of algorithm is being
used, the security of an encryption system relies on the secrecy of its key
information. When the ciphertext is received by the remote router, the
decryption algorithm and key are used to recover the original plaintext.
Often, a checksum is added to the data before encryption. The
checksum allows the validity of the data to be checked on decryption.

There are two main classes of encryption algorithm in use—symmetrical
encryption and asymmetrical encryption.

Symmetrical

Encryption

Symmetrical encryption refers to algorithms in which a single key is used
for both the encryption and decryption processes. Anyone who has
access to the key used to encrypt the plaintext can decrypt the
ciphertext. Because the encryption key must be kept secret to protect
the data, these algorithms are also called private, or secret key
algorithms. The key can be any value of the appropriate length.

DES Encryption Algorithms

The most common symmetrical encryption system is the Data Encryption
Standard (DES) algorithm (FIPS PUB 46). The DES algorithm has
withstood the test of time and proved itself to be a highly secure
encryption algorithm. To fully conform to the DES standard, the actual
data encryption operations must be carried out in hardware. Software
implementations can only be DES-compatible, not DES-compliant. The
DES algorithm has a key length of 56 bits and operates on 64-bit blocks
of data. DES can be used in the following modes:

❑ Electronic Code Book (ECB) is the fundamental DES function.

Plaintext is divided into 64-bit blocks which are encrypted with
the DES algorithm and key. For a given input block of plaintext
ECB always produces the same block of ciphertext.

❑ Cipher Block Chaining (CBC) is the most popular form of DES

encryption. CBC also operates on 64-bit blocks of data, but
includes a feedback step which chains consecutive blocks so that
repetitive plaintext data, such as ASCII blanks, does not yield
identical ciphertext. CBC also introduces a dependency between
data blocks which protects against fraudulent data insertion and
replay attacks. The feedback for the first block of data is provided