What is the Difference Between Encryption and Authentication?

By: Gunter Fuchs

Not considering how to actually do encryption or authentication, it is fairly simple for a native Latin speaker (http://www.etymonline.com/index.php?term=authentic, http://www.etymonline.com/index.php?term=crypto) to distinguish between the two. We authenticate something to prove to the receiver of the “something” that it actually came from us. We encrypt a message so nobody, including us, can read it. Why do we authenticate or encrypt? We authenticate so that the receiver is assured that what she received came from us and not from an imposter. This “thing” can be an item – a coin or painting for instance, or a piece of information, an email attachment or a speed command to a uranium centrifuge. We encrypt information so that only the intended receiver(s) can understand it.

So that was simple. But why do computer gurus go through great efforts to provide means of information authentication? Wouldn’t encrypting information be enough? Couldn’t the sender just include its name and address in the information and then encrypt? Well, no. The problem is that although a “man in the middle” will not understand the information, he will still be able to change it. For instance, in computer communication protocols a destination address (port) might be at a fixed position in a message. An adversary could copy such a message when it is on its way through some wire, change this value randomly, and monitor its own port/s until one of these messages – though still garbled – arrives. Once the adversary has received one message, he can now inject the encrypted port value for his own port for every message. One message would not be enough for a hacker to perform decryption,  but many makes this possible.  Not only would an adversary then be able to decipher messages that were not meant for her, but she can now also “break the code”, meaning deduce the encryption key. And with that key in hand, she can now send messages that are not authentic.

Therefore, a secure communication consists of authenticating the message and encrypting it.  To learn more about the importance of protecting your trade secrets, check out this white paper.

Symmetric vs. Asymmetric Encryption: Which Way is Better?

There are two fundamental ways to use keys or secrets for encryption:symmetric and asymmetric.  Symmetric encryption uses the identical key to both encrypt and decrypt the data.  Symmetric key algorithms are much faster computationally than asymmetric algorithms as the encryption process is less complicated.  The length of the key size is critical for the strength of the security.  NIST has recommendations on how long a key should be– in general, 160-512 bits.   There are inherent challenges with symmetric key encryption in that the key must somehow be managed.  Distributing a shared key is a major security risk.

symmetric encryption

Asymmetric encryption uses two related keys (public and private) for data encryption and decryption, and takes away the security risk of key sharing.  The private key is never exposed.  A message that is encrypted by using the public key can only be decrypted by applying the same algorithm and using the matching private key.   Likewise, a message that is encrypted by using the private key can only be decrypted by using the matching public key.

Asymmetric Encryption

Are you building out for secure devices to protect your engineering designs and secure any potential hacking in your product? Receive a FREE Atmel CryptoAuthentication development tool?

This blog was written by Steve Jarmusz, Atmel Applications Manager for Crypto, Memory and Analog Devices. 

Counterfeited accessories are everywhere. Prevent Hacking with Authentication.

Battery packs, printer cartridges and refrigerator water filters are just a few examples of critical consumable accessories that make appliances and devices function properly.  With their limited lifespan, hundreds of millions of these consumable accessories are manufactured and sold every year. This makes these items a lucrative target for unsavory companies that want to get in on the action with their cheap knockoffs.  “According to The World Health Organization (WHO), 6% to 8% of the total medical device market is comprised of counterfeit goods.” As a result, billions of dollars can be lost by their rightful owners, the OEMs, and, sometimes, consumers can be impacted by subpar quality and incompatibility with their appliances or devices.  When a consumer’s experience is soured due to the use of unauthorized accessories, fingers are often wrongfully pointed at the OEMs, accusing them of building shoddy products when, in fact, the problem is caused by the knockoffs.  At this point, brand equities along with the valuable trust forged between the company and its customers have already been damaged.  As an OEM, one easy way that you can protect your consumable accessories is by designing into them a low-cost security chip, which protects against cloning, counterfeiting and other security breaches.

 

Protecting your revenue stream

From MP3 players to smartphones to tablets, our mobile devices are becoming smarter and more connected by the day. Because these devices can do more for us, we are using them more and, as a result, need to charge them more frequently. In keeping with our on-the-go lifestyles, we’re charging our mobile devices wherever we are, often with any charging cable available. Indeed, accessories are usually a big source of revenue for equipment companies—often, a charging cable can be developed at a cost of just a few bucks but is sold for as much as $20. Some unsavory companies exploit the lack of protection on this equipment by coming out with knockoffs that sell for a fraction of the price that the equipment companies charge.  Sounds great for consumers, but often, not only do the OEMs suffer from revenue loss, the consumers end up spending money on subpar products. Knockoff charging cables could result in longer charge times, have a much shorter lifespan or even damage the devices they are connected to.  OEMs are also exposed to much greater liabilities by allowing knockoffs of their products to be available in the marketplace.

There’s an easy enough way for companies to protect their investment and limit their liability exposures—implementing a security chip into their designs. By choosing a turnkey security chip that is robust and easy to integrate, OEMs can protect against cloning, counterfeiting and other piracy attacks.