Transferring data over networks is inherently insecure. The traffic passes through multiple routers and if any of those routers are compromised by a hacker or malware your packets can be read. This is an issue when you have sensitive information moving across networks, such as credit card details. Most protocols have no security built in, the only ones we cover in this course are HTTPS (Secure HyperText Transfer Protocol) and IPv6 (Internet Protocol version 6) which use Public Key encryption – which we will learn about now.
Encryption works by turning a message into a secret message that cannot be read. This is known as a cipher. It does this by running it through a mathematical formula using a unique key.
There is Symmetric Key encryption, this means the sender and receiver have the same key. The sender encrypts the data using the key, sends the message to the recipient, who then use the same key (which they already have) to decrypt the message. As this requires both the sender and receiver to have the same key this is not used as much.
The more common encryption method is Public/Private Key encryption (asymmetric). The sender encrypts the message using the receivers public key, the receiver can then decrypt the message using their private key. Not only can the receiver be sure the message has not been read by anyone else, it also means it has not be tampered with (edited). When a sender encrypts a message using their private key, the receiver decrypts it using the senders public key, this proves the message has definitely come from the specific sender (this is known as a digital signature).
While communication can be secured using encryption, it is important to note encryption works to secure data within databases and other types of data storage (hard drives for example). When passwords and credit card details are stored within databases, they are hashed, which means they are stored in an encrypted form. If the database is stolen then the contents cannot be easily read.
Below is a video that takes you through both types of encryption. You should generally use Public/Private Key (asymmetric) encryption for answers to test/exam questions, as that is the most common and practical.