Encryption & Access Rights
Encryption transforms readable data into an unreadable format to prevent unauthorized access. Combined with access rights and authentication, it forms the core of data confidentiality.
Learning Objectives
- 11.1.2.4 Explain encryption and access rights
Conceptual Anchor
The Secret Language Analogy
Imagine you and your friend invent a secret code where every letter is shifted by 3 positions (A→D, B→E). Only someone who knows the rule (the key) can read your messages. This is essentially what encryption does — it scrambles data so only authorized parties can understand it.
Rules & Theory
Key Terminology
| Term | Definition |
|---|---|
| Plaintext | Original, readable data |
| Ciphertext | Encrypted, unreadable data |
| Key | Secret value used to encrypt/decrypt data |
| Encryption | Process of converting plaintext → ciphertext |
| Decryption | Process of converting ciphertext → plaintext |
Symmetric vs Asymmetric Encryption
| Feature | Symmetric | Asymmetric |
|---|---|---|
| Keys | One shared key (same for encrypt/decrypt) | Two keys: public (encrypt) + private (decrypt) |
| Speed | Fast | Slower |
| Key distribution | Difficult (must share key securely) | Easy (public key is shared openly) |
| Examples | AES, DES, Caesar cipher | RSA, ECC |
| Use case | Encrypting files, databases | HTTPS, email, digital signatures |
Caesar Cipher Example
Plaintext: HELLO WORLD
Key: Shift by 3
Ciphertext: KHOOR ZRUOG
H → K (+3)
E → H (+3)
L → O (+3)
L → O (+3)
O → R (+3)Access Rights
Access rights (permissions) control what each user can do with data:
| Permission | Allows | Example |
|---|---|---|
| Read | View/open files | Students can view grades |
| Write | Modify/edit files | Teachers can update grades |
| Execute | Run programs | IT admin runs system utilities |
| Delete | Remove files | Only admin can delete records |
| No access | Cannot see the file at all | Students can't see admin files |
Authentication Methods
| Factor | Type | Example |
|---|---|---|
| Something you know | Knowledge | Password, PIN |
| Something you have | Possession | Smart card, phone (OTP) |
| Something you are | Biometric | Fingerprint, face ID, iris scan |
Two-Factor Authentication (2FA)
Combining two different factors (e.g., password + SMS code) significantly increases security. Even if a password is stolen, the attacker still needs the second factor.
Worked Examples
1 Caesar Cipher — Encrypt & Decrypt
Encrypt "CAT" with key = 5:
C (position 2) + 5 = H (position 7)
A (position 0) + 5 = F (position 5)
T (position 19) + 5 = Y (position 24)
Ciphertext: HFYDecrypt "HFY" with key = 5:
H (7) - 5 = C (2)
F (5) - 5 = A (0)
Y (24) - 5 = T (19)
Plaintext: CAT2 Access Rights Matrix
| User | Student Records | Exam Papers | System Settings |
|---|---|---|---|
| Student | Read (own only) | No access | No access |
| Teacher | Read/Write | Read/Write | No access |
| Admin | Read/Write/Delete | Read/Write/Delete | Full access |
Common Pitfalls
Symmetric ≠ Asymmetric
Don't confuse the two. Symmetric uses ONE key for both encryption and decryption. Asymmetric uses TWO different keys (public + private).
Encryption ≠ Hashing
Encryption is reversible (you can decrypt). Hashing is one-way (you cannot reverse a hash). Passwords are typically hashed, not encrypted.
Tasks
Define plaintext, ciphertext, key, encryption, and decryption.
Encrypt the word "PYTHON" using a Caesar cipher with key = 7.
Compare symmetric and asymmetric encryption. When would you use each? Which is more secure for sending data over the internet?
Design an access rights table for a hospital system with 4 user roles (Receptionist, Nurse, Doctor, Admin) and 3 data types (Patient names, Medical records, Billing).
Self-Check Quiz
Q1: How many keys does symmetric encryption use?
Q2: What are the three authentication factors?
Q3: Encrypt "DOG" with Caesar cipher, key = 4.