Hi,

The following para, I picked from the Paul Allen's

SCEA book from the 10th chapter called Security.

You can refer that for more information on security.

"Encrypted Communication

Cryptography is a mechanism whereby data is encrypted using a key such that it can

be decrypted only with a matching key. The two types of encryption are known as

symmetric and asymmetric. In symmetric encryption, both sender and recipient know

a common key, and this is used to encrypt and decrypt messages. In asymmetric

encryption, also known as public-key cryptography, a key is split into two parts and

referred to as a key pair, or private key and public key. Their most interesting feature

is that each key is able to decrypt data that was encrypted by the other. The private

key is obviously kept private and known only to a single individual or business, and

the public key is given to all those who wish to communicate securely back and

forth with the private key holder. So the private key holder is the only one who can

decrypt data encrypted by the public key holders, and the public key holders are the

only ones who can decrypt data encrypted by the private key holder. Figure 10-2

shows how asymmetric cryptography works.

Several choices can be made regarding which type of encryption to use and how

much data should be encrypted in any given communication. For example, all the

data can be encrypted with a private key so that only the public key holder can

decrypt it, or it can be encrypted using a symmetric key known to both sides. Another

possibility is to append an encrypted piece on to the communication�in effect, a

signature or seal�so that the recipient will know that the sender genuinely sent the

data and that the data was not tampered with on the way. In this case, the sender

produces a hash code result by executing an algorithm on the complete message.

This hash code result then gets encrypted and appended with the original data.

Once the message is received, the recipient will attempt to decrypt the encrypted

portion of the message to obtain the sender�s hash code result. If successful, the

recipient knows the message came from the sender. The recipient then executes an

Chapter 10: Security 13

FIGURE 10-2 Asymmetric cryptography

algorithm on the complete message, producing a hash code result to be compared

with the sender�s hash code. If they are the same, the message has been received

without any tampering along the way.

Asymmetric encryption is slower than symmetric encryption when dealing with

large amounts of data. This is due in part to the increased length of the keys required

in asymmetric cryptography to achieve the same level of protection as the symmetric

variety. The longer keys demand more computing resources. Because of this, the bulk

of data that needs to be secured is usually encrypted using symmetric cryptography,

and a smaller amount is encrypted with asymmetric cryptography. In fact, a large

number of hardware manufacturers sell SSL accelerator boards to avoid the overhead

of key generation, encryption, and decryption."

Hope this will help you.

regards,

Manish