Secure Communications and Anonymizing Services

Key Terms and Services:

VPN

VPN unabbreviated is Virtual Private Network, a VPN allows a private connection to be extended across public networks There are a variety of VPN’s, with a variety of purposes. Most modern VPN’s in commercial use are typically used to connect an outside user into another network, say your organization’s network. VPN’s can also be used to extend a private network across the internet by opening a tunnel between these two connections in which the traffic can pass as if they were directly to the same private network. A VPN can be used to encrypt one’s data and many VPN’s offer you a level anonymity by changing your ip address as it appears to the public. VPN’s keep your traffic from being tracked back to you by having all your request for websites first sent to their VPN server, the VPN server then makes the actual request. So, when the destination receives the request, it appears as the VPN server was the one to make the request. The traffic from your computer to the VPN server, and back to your computer, is encrypted.

The Onion Router

The Onion Router describes a series of relays that are accessed via “Tor Browsers” which provide anonymity by having data encrypted multiple times and sent through a circuit of relays that pass the data along. As the data is passed from relay to relay, layers of encryption are “peeled off,” which reveal the address of the next “hop” or stop, along the way. This provides anonymity because each device or “node” that the data is sent to only knows the location of the previous and succeeding stops

Hash Functions

Hashing is a method of checking and ensuring data integrity. This is done by an algorithm based on the transmitted data itself. If the data is altered along the way to the destination, then the answer to the algorithm will change, which will alert the receiving party to the breach of data integrity.

Data Encryption

Data encryption is the scrambling of data into what is called “ciphertext, which is unreadable to the human eye. Encryption can be done via a variety of methods, some more secure than others. Un-encrypted data is referred to as “plain text,” or “clear text,” and is readable just as words wrote in the pages of a book. 

Digital Signature

A digital signature is an algorithm used when sending messages to provide authentication of the sender, and proof that the message was not altered along the way. It uses hashing for the integrity, and the non-repudiation is provided by the private key of the sender. The private key is held by the sender, and only the sender, so by encrypting the message with their private key, they have “signed” their message, which proves it came from them. 

Public Key Cryptograph

A form of cryptography where there is a public key and private key. The private key is held by the user in question, and only that user. The public key is held by receiver, or many times anyone and everyone. The private key can encrypt, but it can only be decrypted by the public key. The public key can encrypt as well, but its messages can only be decrypted by the private key. This system provides both authentication and encryption, because only messages encrypted with the private key could be of been sent by the user who holds the private key. Asymmetric encryption uses a lot of computational power, so it is mostly used to send small blocks of data. 

Symmetric-key Cryptography

A type of cryptography where only the parties in the “session” have the encryption keys. The same key is used to both encrypt and decrypt by both parties. Which is a major drawback, as the keys are in two locations and a hacker only needs to exploit one user to decrypt both parties’ data. This type of encryption is usually paired with asymmetric to exchange the symmetric keys, and then the large amount of data is sent across via symmetric encryption.

Proxy Servers

A server that acts as a middle man between two devices. Say your laptop is trying to get to google.com, and you have a proxy server enabled, your laptop would connect to the proxy, and the proxy would connect to the site. With a proxy server, your device is never directly connected to what you are attempting to connect to. Proxy server can be enabled with software to look for suspicious and malicious activity on the part of the foreign host. If the proxy detects malicious activity or data, it can break the connection, thus preventing you from being infected.