We live in a century where a lot of our businesses and communication processes are digitized. Today, with the advance in technology we can easily share information at much higher rates to distant places. Besides this, today there are multiple numbers of businesses performing online. With the development of IoT based products, a large amount of information is being shared and used. As we are relying more on the online services for banking, ticket booking, ordering food, etc… there is also a constant risk of breach of security. One of the measures being practiced to make our information safe is the Encryption process.
What is Encryption Process?
In ancient times, people used to practice some secret methods to conceal important information when transporting it from one place to another. Here, they used to convert the information into a secret code that would hide the true meaning of the information. Only the sender and receiver would be aware of the method to breakdown the method used. This method would preserve the security of the information albeit it gets stolen en route. These methods are used today in cryptography
Encryption is a form of cryptography where the messages or information are encoded in such a way that only authorized personnel can access it. The word ‘Encryption’ is derived from the Greek word ‘ Kryptos’, which means hidden or secret. Here, the content of messages will be reordered or replaced with other numbers, alphabets, pictures, etc..to conceal the real message. The practice of encryption dates back to the early 1900 B.C. Until 1970’s encryption was used only by government and large enterprises while sharing any important information. But with the passage of time, new methods and algorithms with more complexity are being practiced.
The Procedure of the Encryption Process
Data, Encryption engine, and key management are the three main components of the encryption process. The data to be secured is encrypted using an encryption algorithm. The sender decides on the type of algorithm to be used and the variable to be used as a key. Then this encrypted data can be decrypted only using a proper key shared by the sender.
The encryption algorithms are of two types – symmetrical and asymmetrical. Symmetric Cypers are popularly known as the secret key encryption. This algorithm uses a single key. Here, the key is shared by the sender to the authorized recipients. Advanced Encryption Standard is the widely used symmetric algorithm.
The asymmetric encryption algorithm is also known as private key encryption. This algorithm uses two different keys – a private key, public key. These keys are logically linked. Here, prime numbers are used to make the key. This makes the reverse engineering of encryption more difficult. Rivest – Shamir – Adleman is the popularly used asymmetric encryption algorithm.
Types of Encryption Process
While computing, the data or information that is encrypted is known as ” Ciphertext”. To read an encrypted message the reader has to decrypt it. The unencrypted data is known as “Plain text”. To encrypt or decrypt a message certain formulas are used. These formulas are known as Encryption Algorithm, also popularly called as “Ciphers”. These are different types of Ciphers used based on the application. These algorithms contain a variable called ‘Key’. The variable ‘Key’ plays an important role in the encryption and decryption of messages. If an intruder tries to decrypt a message, he has to guess the algorithm used to encrypt the message as well as the variable ‘key’.
Depending upon their functionality and computation complexity there are various types of Encryption methods available today. There are chosen depending on their application. Some popular types of encryption are –
Bring Your Own Encryption(BYOE)
This is also known as “Bring Your Own Key”. This is a cloud computing security model. Here it allows the cloud service customers to use and manage their own encryption software and encryption keys.
Cloud Storage Encryption
This model is provided by cloud service providers. Here, data is first encrypted using the encryption algorithm prior to storing it in cloud storage. The customer has to be aware of the policies and encryption algorithm used in this type of model and choose according to the level of sensitivity of the stored data.
Column Level Encryption
This is a database encryption model. Here the data present in each cell of a particular column has the same password for accessing data, reading, and writing.
Deniable Encryption
In this encryption depending on the type of encryption key used, data can be decrypted in more than one way. This encryption is useful when the sender anticipates the interception of communication.
Encryption as a Service
This is a subscription-based model. It is highly useful for cloud service customers. For the customers who don’t have the necessary resources to manage encryption themselves. This model helps customers by providing data protection in multiple tenant environments.
End-to-End Encryption
This model guarantees the full protection of data sent through a communication channel between two parties. Here, the data to be sent is first encrypted by the client software and then sent to the web client. The received data can be decrypted only by the recipient. This model is adopted by social messaging applications such as Facebook, WhatsApp, etc…
Field- Level Encryption
This model performs the encryption of data in specific fields on a webpage. Some of the examples of such fields are Credit card numbers, social security numbers, bank account numbers, etc. After the selection of the field, the data in that field is automatically encrypted.
FDE
This is hardware-level encryption. It automatically converts the data on a hardware drive into a form that can be understood only by the person who has the proper encryption key. Even though the hard drive is removed and placed in another machine, without proper encryption key it is not possible to decrypt the data. This model can be installed on the computing device either during the manufacturing process or by installing special software drivers.
Homomorphic Encryption Process
This encryption process converts the data into ciphertext in such a way that it enables the users to work on the encrypted data without compromising the encryption. It is possible to perform mathematical operations on the data encrypted using this model.
HTTPS
This encryption is used by web servers. Here, HTTP is run over the TLS protocol to encrypt the websites. A public-key certificate is required by the webserver that encrypts the data.
Link-Level Encryption Process
Here, data is encrypted when it leaves the host. It gets decrypted at the next link- which can be either a host or a relay point. Then data is again re-encrypted before being sent to the next link. This process is repeated until the data reaches the recipient. Each link in the path may have different keys or even different encryption algorithms.
Network Level Encryption Process
This model applies encryption services at the network transfer layer. This encryption method is implemented through the internet protocol security. A framework for private communication over the IP network is established.
Encryption Process Limitations, Attacks and Counter Measures
Encryption proves to be very useful for securing information. This method of protecting data provides confidentiality, authentication, integrity, and non-repudiation of data.
Many of the government and law enforcement officials all around the world are insisting on the encryption back doors. As criminals and terrorists increasingly communicate through encrypted emails, it possesses a challenge to the government to decrypt the information.
Though the encryption process is an important method, it alone cant provide data security of sensitive information through its lifetime. In some encryption method, it is possible to improperly disclose the data during the processing process. Homomorphic encryption provides a solution for this challenge but it increases the computational and communication costs.
The encrypted data at rest usually face threats. Some of the recent threats to this data are cryptographic attacks, stolen ciphertext attacks, attack on encryption keys, insider attacks, data corruption, and integrity attacks, data destruction attacks, ransom attacks, etc…Data fragmentation and active defense data protection technologies are being used as countermeasures for some of these attacks.
It was found in the report of 2019 that the cybersecurity threats increasing included the encrypted data present on IoT devices and mobile phones.
Uses of Encryption Process
Some of the uses of encryption are as follows-
- After the world war encryption process is highly used by military and government organizations for protecting sensitive and confidential data.
- According to the survey, 71% of the civilian companies use encryption on some of their data in transit, 53% use it on the data in storage.
- The encryption process is highly recommended for data transported via a network, mobile phones, wireless intercom, Bluetooth, ATM, etc…
FAQs
1). What happens when you encrypt your phone?
When we encrypt an android phone all the data present on the device gets locked behind the security keys in the form of PIN code, fingerprint, pattern or password known only to its owner. Without that key, no one can unlock the data.
2). Can an encrypted phone be hacked?
The apps installed on the phone has access to all type of information available on phone. A keylogger spy app can bypass the protection provided by encryption. Rather than reading the encrypted data, it will monitor what you type before the data gets encrypted.
3). Can I decrypt Whatsapp messages?
It is possible to decrypt the backup files found with format crypt8, crypt7, etc..
4). Where is the WhatsApp encryption key found?
The WhatsApp encryption key is stored in a file named ‘key’ at the location user data/data/com.whatsapp/files.
5). Can police access the encrypted data on the phone?
When we encrypt data we will set a password which is known only to the owner. Unless the owner shares the password no law enforcement can access the encrypted information.
Today with the use of devices like IoT and an increase in online merchandise lots of sensitive data is being uploaded and used by companies. It is important to protect the data from unauthorized third parties. Many new encryption processes are being introduced with better protection and security features. Some of the most popularly used encryption algorithms are AES, DES, Elliptical curve cryptography, RSA, Quantum key distribution, etc…
0 Comments