Encryptions, Decryptions, and Ciphers, Oh My!
The basics of data security.
When you think of coding, what is the first image that comes to mind? Is it the hacker in movies and tv shows with several monitors displaying an onslaught of green lines traveling down vertically? While it is fun to see this as the epitome of all coding, more often than not coding involves staring at a computer with one program and utilizing codes from many collaborators. However, one thing that those movies/tv-shows did touch upon is the kind of coding those hackers were doing. Hacking encryptions with malicious intent is not respected, but it does bring us to learning what encryptions and decryptions are and what they encompass!
Encryption and decryption are involved in almost every aspect of modern technology that uses data gained from users in applications or products, this also includes data we send from one place to another like emails or files. To keep these collections of data secured, they are encrypted and decrypted using different keys. Some companies make encryptions and keys their niche for others to buy and use such as Encryption as a Service (EaaS). More types of encryptions would include Cloud Storage Encryption, an example being Apple’s iCloud, or End to End Encryption (E2EE) such as Facebook’s messaging application, WhatsApp.
There are all types of encryptions and keys, but they all are defined by ciphers. Ciphers change plaintext to ciphertext by substitution, transposition, etc. of characters and in return create a key that would change ciphertext back to plaintext in the process of decryption. Ciphers are the security of the encryption and can be asymmetric or symmetric depending on how much the data needs to be safe and who should be able to access that data.
What is the difference between Symmetric and Asymmetric Ciphers?
- Symmetric ciphers, also referred to as secret key encryption, use a single key. This type of cipher is often faster than an asymmetric cipher because it requires the user or sender to give access to anyone with the ability to decrypt the data. This cipher is similar to a shared secret due to how it functions. A well-known symmetric cipher would be Advanced Encryption Standard or AES.
- Asymmetric ciphers, also known as public-key encryption, use two different keys that are linked in the process of data being sent. For example, if one key is used for encryption the other will be used for decryption. This type of cipher often uses large prime numbers to create keys since it becomes difficult to unravel the encryption. An example of an asymmetric cipher would be Rivest-Shamir-Adleman or RSA.
Keys: Why are they needed?
Encryptions would be useless without keys to decrypt the data once it reaches its target. This is why key management is so important and has become a challenge when companies niche in encryption and decryption for themselves and others. Key management is both a question and an answer for what keys are being used for data and where those keys are being “held”, and how to make sure those keys do not end up in the wrong hands.
Companies who have created key management software also made a security feature that basically takes a decryption key and encrypts it again. This process is called key wrapping and can be done to one key or many at a time. To decrypt these keys when needed the process performed is called, unsurprisingly, key unwrapping. Most key management software uses symmetric ciphers to wrap and unwrap the keys provided.
Let’s touch upon the cipher examples mentioned above, AES and RSA, now that encryption and decryption keys have been defined a bit more.
- AES is a symmetric block cipher that superseded the Data Encryption Standard or DES that was popular pre-1977. This was due to DES becoming targeted by ‘brute-force’ attacks (Hint: Hackers), in which applications go through trial and error to unwrap keys and decrypt data. AES is used by many, including the U. S. Government, to encrypt classified information on software and hardware.
- RSA is an asymmetric cipher that is used widely to protect and share symmetric keys. It is much slower than AES and other symmetric ciphers due to its reliance on large prime numbers in its encryption and decryption, but this makes it time-consuming for anyone to try a brute-force attack even if asymmetric ciphers or more susceptible due to being a ‘public-key’. RSA is still used by secured networks, mail extensions, and internet communications.
Where does this all lead to?
With the introduction of quantum computers, it is becoming increasingly important to stay ahead when protecting data and information. Some fascinating prospects in this quest to improve would include Quantum cryptography and Quantum Key Distribution (QKD).
- Quantum cryptography uses the quantum mechanical properties of particles to secure data by understanding the Heisenberg uncertainty principle. This means if the quantum encrypted data was observed in any way during transit, by the sender, receiver, or hacker, the data would be changed. This would then let the sender and receiver know that the data was observed or attacked.
- QKD uses entangled photons to create encryption keys for transferring messages or data. These keys would change if they were observed between transferring from sender to receiver, which would alert that there was an interception. However, if the key is secured and not observed, the encrypted data would be able to transfer without any changes made.
Why data security matters.
The information above came together through the urge to understand how databases are protected and what was the foundational blocks of that protection. While the initial hypothesis I was trying research on was to create a secure messaging board for young activists to mobilize, it became urgent to me to take a few steps back and research more information on security of data in general.
With the rise of data being used and sold, the world begins to ask who has access to its data and who will protect it. Users need to know what exactly encompasses the security of their data and what they can even do as the digital world is ever more important to both personal and professional information and communication post-quarantine. Encryption and key management will soon become areas needing updates to keep up with new attacks on databases and the amount of data needing protection. This is where understanding ciphers, encryption, decryption, and keys come to the forefront because it is hard to take a leap with no footing at all.
Compliance FAQs: Federal Information Processing Standards (FIPS). (2021, July 8). NIST. https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips
Data Encryption 101: A Guide to Data Security Best Practices. (2021, September 9). The Missing Report. https://preyproject.com/blog/en/data-encryption-101/
Editorial Team. (2021, August 17). Encryption 101: How it Works & Who Gets Your Data. Virtru. https://www.virtru.com/blog/encryption-101-works-gets-data/
Loshin, P., & Cobb, M. (2019, October 16). encryption. SearchSecurity. https://www.techtarget.com/searchsecurity/definition/encryption
Tolly, K. (2020, January 27). Protect against evolving data security threats. SearchSecurity. https://www.techtarget.com/searchsecurity/tip/Protecting-against-data-security-threats