Encryption is the basic building block of data security. It is the simplest and most important way to ensure a computer system's information can't be stolen and read by someone who wants to use it for malicious purposes.
Data security encryption is widely used by individual users and large corporations to protect user information sent between a browser and a server. That information could include everything from payment data to personal information. Data encryption software, also known as an encryption algorithm or cipher, is used to develop an encryption scheme that theoretically can only be broken with large amounts of computing power.
How does encryption work?
When information or data is shared over the internet, it goes through a series of network devices worldwide, which form part of the public internet. As data travels through the public internet, there is a chance it could be compromised or stolen by hackers. To prevent this, users can install specific software or hardware to ensure the secure transfer of data or information. These processes are known as encryption in network security.
Encryption involves converting human-readable plaintext into incomprehensible text, which is known as ciphertext. Essentially, this means taking readable data and changing it so that it appears random. Encryption involves using a cryptographic key, a set of mathematical values both the sender and recipient agree on. The recipient uses the key to decrypt the data, turning it back into readable plaintext.
The more complex the cryptographic key, the more secure the encryption – because third parties are less likely to decrypt it via brute force attacks (i.e. trying random numbers until the correct combination is guessed).
Encryption is also used to protect passwords. Password encryption methods scramble your password, so it's unreadable by hackers.
What are the most common techniques of encryption?
The two most common encryption methods are symmetric and asymmetric encryption. The names refer to whether or not the same key is used for encryption and decryption:
- Symmetric encryption keys: This is also known as private key encryption. The key used to encode is the same as the one used to decode, making it best for individual users and closed systems. Otherwise, the key must be sent to the receiver. This increases the risk of compromise if it's intercepted by a third party, such as a hacker. This method is faster than the asymmetric method.
- Asymmetric encryption keys: This type uses two different keys — public and private — that are linked together mathematically. The keys are essentially large numbers that have been paired with each other but aren't identical, hence the term asymmetric. The private key is kept secret by the owner, and the public key is either shared amongst authorized recipients or made available to the public at large.
Data encrypted with the recipient’s public key can only be decrypted with the corresponding private key.
Examples of encryption algorithms
Encryption algorithms are used to turn data into ciphertext. An algorithm uses the encryption key to alter the data in a predictable way so that, even though the encrypted data will appear random, it can be turned back into plaintext by using the decryption key.
There are several different types of encryption algorithms designed to suit different purposes. New algorithms are developed when older ones become insecure. Some of the best-known encryption algorithms include:
DES encryption
DES stands for Data Encryption Standard. This is a now-outdated symmetric encryption algorithm not considered suitable for today's uses. Therefore, other encryption algorithms have succeeded DES.
3DES encryption
3DES stands for Triple Data Encryption Standard. This is a symmetric key algorithm, and the word “triple” is used because data is passed through the original DES algorithm three times during the encryption process. Triple DES is being slowly phased out but still manages to make a dependable hardware encryption solution for financial services and other industries.
AES encryption
AES stands for Advanced Encryption Standard and was developed to update the original DES algorithm. Some of the more common applications of AES algorithm include messaging apps such as Signal or WhatsApp and the file archiver program WinZip.
RSA encryption
RSA was the first asymmetric encryption algorithm widely available to the public. RSA is popular due to its key length and therefore widely used for secure data transmission. RSA stands for Rivest, Shamir, and Adleman – the surnames of the mathematicians who first described this algorithm. RSA is considered an asymmetric algorithm due to its use of a pair of keys.
Twofish encryption
Used in both hardware and software, Twofish is regarded as one of the fastest of its kind. Twofish is not patented, making it freely available to anyone who wants to use it. As a result, you’ll find it bundled in encryption programs such as PhotoEncrypt, GPG, and the popular open-source software TrueCrypt.
RC4 encryption
Used in WEP and WPA, which are encryption protocols commonly used in wireless routers.
Asymmetric encryption examples include RSA and DSA. Symmetric encryption examples include RC4 and DES. As well as encryption algorithms, there is also what is known as Common Criteria (CC):
- This is not an encryption standard, but a set of international guidelines for verifying the product security claims stand up to scrutiny.
- CC guidelines were created to provide vendor-neutral, third-party oversight of security products.
- Products under review are submitted voluntarily by vendors, and whole or individual functionalities are examined.
- When a product is evaluated, its features are tested according to a defined set of standards by product type.
- Initially, encryption was outside the scope of Common Criteria but is increasingly being included within its security standards.
In transit vs at rest encryption: What’s the difference?
Data encryption solutions such as data encryption software and cloud data encryption are often categorized based on whether they are designed for data at rest or data in transit:
Data encryption in transit
Data is considered in transit when moving between devices, such as within private networks or over the internet. During transfer, data is at greater risk because of the need for decryption before transfer and the vulnerabilities of the transfer method itself. Encrypting data during transfer, referred to as end-to-end encryption, ensures that even if the data is intercepted, its privacy is protected.
Data encryption at rest
Data is considered at rest when it sits on a storage device and is not actively being used or transferred. Data at rest is often less vulnerable than when in transit since device security features restrict access, but it is not immune. Additionally, it often contains more valuable information, so it is a more appealing target for thieves.
Encrypting data at rest reduces opportunities for data theft created by lost or stolen devices, inadvertent password sharing, or accidental permission granting. It increases the time it takes to access information and provides valuable time for the data’s owner to discover data loss, ransomware attacks, remotely erased data, or changed credentials.
One way to protect data at rest is through TDE. This stands for Transparent Data Encryption and is a technology used by Microsoft, Oracle and IBM to encrypt database files. TDE protects data at rest, encrypting databases both on the hard drive and consequently on backup media. TDE does not protect data in transit.
0 Comments