Understand the need for and purpose of encryption when transmitting data

ResourcesSubject NotesComputer ScienceLesson Plan

Encryption

Learning objective

Understand the need for and purpose of encryption when transmitting data (AO1, AO2).

Why is encryption needed?

Data travelling over a network can be intercepted by anyone who can access the transmission medium. Encryption protects that data by converting it into a form that cannot be understood without the correct key.

  • Confidentiality: Only authorised recipients can read the information.
  • Integrity: When combined with a hash or MAC, encryption lets the receiver detect any unauthorised changes.
  • Authentication: Some encryption schemes verify the identity of the sender.
  • Non‑repudiation: Digital signatures (which use asymmetric encryption) prevent a sender from denying that they sent a message.

Basic encryption process (AO2)

Three simple steps describe how data are protected during transmission.

  1. Plaintext → Ciphertext: The sender applies an encryption algorithm (the cipher) to the original data (plaintext) using a key. The result is ciphertext.
  2. Transmission: Ciphertext travels across the network. Even if it is intercepted, it cannot be understood without the key.
  3. Ciphertext → Plaintext: The receiver uses the appropriate key to run the decryption algorithm, restoring the original plaintext.

Note: The mathematical notation C = E_K(P) and P = D_K(C) is shown only to illustrate the idea – the IGCSE exam does not require you to use or memorise such formulas.

Types of encryption (AO1)

Type Key usage (syllabus wording) Typical algorithms (key lengths) Advantages Disadvantages / caveats
Symmetric (secret‑key) Same key for encryption and decryption AES‑128, AES‑256, DES (historical), 3DES Fast, low computational cost – suitable for encrypting large amounts of data. Key‑distribution problem – every party must share the secret key securely.
DES’s 56‑bit key is no longer safe.
Asymmetric (public‑key) Public key encrypts; private key decrypts RSA 2048 (or larger), ECC (e.g., Curve25519) Secure key exchange without a pre‑shared secret; supports digital signatures. Slower and requires larger keys for comparable security; normally used only to exchange a symmetric session key.

Key‑length recommendations (IGCSE level)

  • AES – 128‑bit or 256‑bit keys are standard for strong security.
  • RSA – 2048‑bit keys are the minimum recommended for most applications.
  • ECC – 256‑bit curves provide security comparable to RSA 3072.

These numbers are illustrative only; the exam does not require memorising exact lengths.

How encryption protects data in transmission

  1. Sender encrypts: Uses the chosen algorithm and key to produce ciphertext.
  2. Data travels over the network: An eavesdropper can only see ciphertext.
  3. Receiver decrypts: Uses the corresponding key to recover the original plaintext.

Real‑world examples (linked to IGCSE topics)

  • HTTPS (TLS/SSL): Asymmetric encryption exchanges a symmetric session key; the bulk of the web traffic is then encrypted with AES. (Illustrates “security protocols”.)
  • Virtual Private Network (VPN): Creates an encrypted tunnel (often AES) over the public Internet – demonstrates “encrypted tunnel over the internet”.
  • Secure email (PGP/GPG): Uses public‑key encryption for the key exchange and symmetric encryption for the message.
  • Mobile banking: Transaction data are encrypted with AES before being sent to the bank’s server.
  • School’s online learning platform (e.g., Moodle) accessed via HTTPS: All data between the learner’s browser and the school server are encrypted, protecting exam results and personal information.

Key management (AO3)

Effective encryption relies on how keys are generated, stored, exchanged and revoked.

  • Key generation: Keys must be random, unique and of sufficient length (see the table above).
  • Key distribution:
    • Symmetric keys – require a secure channel (face‑to‑face, pre‑installed, or exchanged via an asymmetric key exchange).
    • Asymmetric keys – public keys are distributed in digital certificates issued by a Certificate Authority (CA) as part of a Public‑Key Infrastructure (PKI).
  • Key storage: Keep keys in secure hardware (smart cards, TPM) or encrypted software keystores.
  • Key revocation: Compromised or outdated keys must be invalidated promptly, usually by publishing a revocation list or updating the certificate.

Suggested diagram

Flow of data: Sender → Encrypt (key) → Network (ciphertext) → Decrypt (key) → Receiver

Evaluation checklist (AO3)

When assessing an encryption solution, consider each of the following criteria.

  • Confidentiality – does the method keep data secret?
  • Integrity – are tampering checks (e.g., hash or MAC) included?
  • Authentication – can the sender’s identity be verified?
  • Performance – is the algorithm fast enough for the intended volume of data?
  • Key management – how easy is it to generate, distribute, store and revoke keys?
  • Cost – hardware/software requirements and licensing.
  • Future‑proofing – does the key length meet current security recommendations?

Sample marking rubric for AO3 (1‑2 marks per criterion)

Criterion 0 marks 1 mark 2 marks
Confidentiality No mention of secrecy. Identifies that encryption provides secrecy. Explains how the chosen method prevents unauthorised reading of data.
Integrity No reference to tampering. Mentions a hash/MAC. Describes how the hash/MAC detects changes and why it is needed.
Authentication Absent. Notes that the method can verify identity. Explains the mechanism (e.g., digital signature) and its benefit.
Performance No comment on speed. States that the method is “fast” or “slow”. Provides a reasoned comparison (e.g., symmetric vs. asymmetric) and relevance to the scenario.
Key management No discussion. Identifies a key‑distribution issue. Evaluates generation, storage, distribution and revocation in context.
Cost & future‑proofing Ignored. Mentions cost or future security. Gives a balanced view of expense and whether the key length is up‑to‑date.

Scenario‑question activity (AO2)

Scenario: A school wants to send students’ exam results to parents over the Internet. The data must remain private and any tampering must be detectable. Which type of encryption would you recommend and why?

Students should:

  • Identify the most suitable encryption type (symmetric, asymmetric, or a combination).
  • Explain how it meets confidentiality and integrity requirements.
  • Briefly discuss key‑management implications for the school.

Think‑Pair‑Share prompt (AO2)

“Which encryption method would you recommend for a small school network and why? Consider security, speed, and key management.”

Students discuss in pairs, then share ideas with the class, using the evaluation checklist and rubric to justify their choice.

Summary

Encryption is essential for protecting data during transmission. It provides confidentiality, helps detect tampering (integrity), can verify identity (authentication) and, when combined with digital signatures, offers non‑repudiation. Knowing the differences between symmetric (secret‑key) and asymmetric (public‑key) encryption, the relevance of key length, and the challenges of key management enables students to evaluate real‑world solutions such as HTTPS, VPNs, secure email, mobile banking and a school’s encrypted online learning platform.

Create an account or Login to take a Quiz

51 views
0 improvement suggestions

Log in to suggest improvements to this note.