450 The Basics of Encryption The fact that computers can’t generate truly random numbers allowed computer hackers to hack the newest computerized slot machines used in many casinos. The slot machine would seed its random number generator with a value and then use this list of pseudorandom numbers to determine payoffs. Hackers soon discovered that certain slot machines used the same seed value every time, so the generated list of pseudorandom numbers could be predicted. Then they used a handheld computer that generated that same list of pseudorandom numbers as the slot machine. By knowing which pseudorandom Hacking a slot machine number the slot machine would use next, the hackers could determine when the slot machine would hit a jackpot. So, all the hackers did was watch a certain slot machine and wait for someone else to churn through all the losing pseudorandom numbers and leave. When the slot machine was close to a winning pseudorandom number, the hackers would only have to put a few coins into the slot machine before they’d hit a jackpot. Then they’d leave and wait for someone else to churn through the next batch of losing pseudorandom numbers before playing that same slot machine and hitting another jackpot. Stream ciphers use two different methods to generate a list of pseudorandom numbers: ✦ A synchronous stream cipher generates pseudorandom numbers independent of the plaintext data. ✦ A self-synchronizing stream cipher generates pseudorandom numbers based on part of the plaintext. By creating pseudorandom numbers based on the plaintext, a stream cipher can further randomize the encryption process because no two messages are ever encrypted the exact same way. The most popular stream cipher is RC4, named after its creator, Ron Rivest. RC4 is used in the two wireless encryption standards — Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), which protects wireless Internet connections. Block ciphers Block ciphers encrypt data in chunks, although you can think of a stream cipher as a block cipher with each character representing a single data chunk. A typical block size is 64- or 128-bits. Because most data doesn’t fit into neat 64- or 128-bit blocks, a block cipher must pad the last chunk of data with information, such as zeroes.
The Basics of Encryption 451 Electronic codebook (ECB) After a block cipher divides plaintext into blocks, it has several different ways to encrypt that data. The simplest way to encrypt data is to encrypt each block of data separately with the same key, which is the electronic codebook method, as shown in Figure 5-2. Plaintext I A M S A M . Figure 5-2: The electronic codebook encrypts blocks of data separately with the same key. Blocks Ciphertext I A Block cipher encryption X * 4 M S A M . Block cipher encryption d * 3 X * 4 d * 3 4 d ^ Block cipher encryption 4 d ^ Encrypting with the electronic codebook method is simple and fast, but because it uses the same key to encrypt data, it tends to encrypt redundant data in identical chunks. So the message I am Sam. Sam I am might create two blocks of encrypted data that would look nearly identical, such as X*4d*34d^ and 34d*X*4d^. A cursory examination of these two encrypted blocks can reveal that X represents the letter I, * represents a space, 4d represents am, 3 represents S, and ^ represents a period. Cipher-block chaining (CBC) The ideal encryption algorithm takes identical data and scrambles it in two different ways to avoid revealing any redundant data. So the idea behind the cipher-block chaining (CBC) method is to use the encrypted output from one block as input to encrypt a second block. Because the output from one encrypted block directly affects the encryption of another block, identical plaintext data gets converted into completely different ciphertext, as shown in Figure 5-3. Book IV Chapter 5 Encryption Algorithms
Agreed in 2016, the motive of the General Data Protection Regulation (GDPR) is to better protect the personal data of European Union “data subjects” – EU citizens and other nationals physically present in the EU at the time data are collected. Visit: https://www.hipaajournal.com/gdpr-training/
The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.