Encryption
Encryption is the process of protecting information or data by using mathematical models to scramble it in such a way that only the parties who have the key to unscramble it can access it.
Early encryption techniques were often used in military messaging. Since then, new techniques have emerged and become commonplace in all areas of modern computing. Modern encryption schemes use the concepts of public-key and symmetric-key to protect data. Modern computers are inefficient at cracking the encryption.
Encryption uses
Organisations may choose to encrypt confidential information in databases, files, documents, messages, and other communication channels over their network.
Encryption types
Encryption methods vary based on the type of keys used, encryption key length, and the size of the encrypted data blocks:
- Advanced Encryption Standard (AES) - is a more secure version of
the Data Encryption Standard (DES), which used a 56-bit encryption key but
was vulnerable to brute-force attacks. Like DES, AES is also a symmetric encryption
algorithm which is the most frequently used method of data encryption globally.
AES encrypts 128-bit data blocks at a time with 128-bit, 192-bit, or 256-bit
keys.
- Triple Data Encryption Standard (TDES) - is sometimes shortened to
Triple DES or 3DES, an enhanced version of the DES algorithm. It's a symmetric
encryption method that uses a 56-bit key to encrypt data blocks. As its name
indicates, TDES applies DES to each block of data three times with three different
keys. Today, some industry leaders indicate that TDES is being transitioned
out of certain tools and products. The overall security of AES remains superior
to TDES.
- Rivest Shamir Adleman (RSA) - is an asymmetric form of encryption.
Used to encrypt data from one point of communication to another (across the
internet), it depends on the prime factorization of two large randomized prime
numbers. This results in the creation of another large prime number - and
the message can be only decoded by someone with knowledge of these numbers.
It's extremely difficult for a hacker to work out the original prime numbers,
so this encryption technique is a viable way to secure confidential data within
an organization. There are some limitations to this method, primarily that
it slows when encrypting larger volumes of data.
- Blowfish - this symmetric encryption algorithm was originally designed
to replace the Data Encryption Standard (DES). Blowfish uses 64-bit block
sizes and encrypts them individually with a variable length key of up to 448
bits. This data encryption method is known for its flexibility, speed, and
resilience. It’s also widely available as it’s in the public domain, which
adds to the appeal. Blowfish is commonly used for securing passwords.
- Twofish - the next generation version of Blowfish is Twofish, a symmetric
encryption technique that encrypts 128-bit data blocks. Twofish utilizes a
more complicated key schedule, encrypting data in 16 rounds no matter the
size of the encryption key. It’s also publicly available like its predecessor
Blowfish, but it’s a lot faster and can be applied to both hardware and software.
Twofish is most frequently used for file and folder encryption.
- Format-Preserving Encryption (FPE) - another symmetric encryption
algorithm, FPE algorithms keep the format (and length) of your data during
encryption. An example would be a phone number. If the original number is
012-345-6789, then the ciphertext would retain the format but use a different,
randomized set of numbers e.g. 313-429-5072. FPE can be used to secure cloud
management software and tools. Trusted cloud platforms like Google Cloud and
AWS use this method for cloud data encryption.
- Elliptic Curve Cryptography (ECC) - the ECC encryption algorithm is a relatively new asymmetric encryption method. It uses a curve diagram to represent points that solve a mathematical equation, making it highly complex. The shorter keys make it faster and stronger than RSA encryption. ECC can be used for web communications security (SSL/TLS protocols), and one-way email encryption.
Limitations
Encryption has two ends. Its origin begins with encryption software or a server module to encrypt the data. At the destination point, the user's desktop, the means to decrypt that data is needed before it can be displayed. So proprietary encryption solutions that are used to protect web content like documents, images and video, while their encryption methods are either compiled into software or installed on a server and thus not divulging their inner working, (unless it is open source) required a front end method of decryption that needs to be secure, ie: not disclosing the methods for decryption.
Fo web content the problem is on the user's computer because the reader/viewer needed to decrypt the protected content and display it needs to also protect its inner workings. That is where CMS plugins and browser extensions fail because anything comprised of JavaScript is useless because it is source can be viewed by anyone. Encrypting the JavaScript is futile because the decryption key needs to be in plain view for it to work.
Since most web browsers have dropped support for NPAPI plugins, web browsers can no longer use plugins that are entitled to action at system level, making them useless for displaying encrypted web content or copy protected media.
Encryption future
An effective data encryption strategy is an essential security measure for any business. However it is not without risk. As cyberattacks become more sophisticated and computing systems further develop, encryption algorithms and techniques must also evolve. Luckily, initiatives like next-generation quantum-safe algorithms and homomorphic encryption represent exciting new developments in data encryption. Other methods will inevitably be investigated as technology progresses. For now, implementing an effective data encryption solution that fits your unique security needs and is deployed in collaboration with your IT teams is the best way to safeguard your data in the modern workplace.
Please report any errors or typos here.