If you're seeing this message, it means we're having trouble loading external resources on our website. Show If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked. Encryption is the process of altering data in order to hide its content and ensure confidentiality. Entities that do not have the decryption key in their possession cannot decrypt the data and, therefore, read its content. How does encryption work?Plaintext data is transformed, using an encryption algorithm and a secret key, to ciphertext, which is unreadable text. There are two types of encryption algorithms: In symmetric algorithms, the key used to perform the encryption is the same as the one used to decrypt it and is, therefore, secret. Examples of symmetric algorithms are:
The latter one is, in 2022, the industry standard and is recommended to be used with 128 bits keys. Image source – cisco.com Asymmetric algorithms use two different keys: a public key for encryption and a private key for decryption. Asymmetric algorithm examples are:
Asymmetric algorithms are not commonly used for encryption because they are slower. For example, the RSA algorithm requires keys between 1024 and 4096 bits, which slows down the encryption and decryption process. These algorithms can be used, however, to encrypt symmetric algorithm keys when they are distributed. A more common usage of asymmetric algorithms is digital signatures. They are mathematical algorithms that are used to cryptographically validate the authenticity and integrity of a message or media on the internet. What is encryption used for?Encryption ensures confidentiality of data. The unreadable ciphertext keeps the data private from all parties that do not possess the decryption key. Data has three states:
It is essential to understand these states and ensure that the data is always encrypted. It is not enough to encrypt data only when it is stored if, when in transit, a malicious party can still read it. Therefore, we will look at encryption mechanisms for all three data states. In Motion EncryptionData in motion, or in transit, is data that is moved from one location to another, for example, between:
Examples of data in motion are: Data in motion can be encrypted using SSL/TLS. TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are transport layer protocols that protect the data in transit. TLS is a newer and improved version of SSL. SSL/TLS ensure confidentiality through encryption. Firstly, a session is created between the two parties exchanging a message using asymmetric encryption. Then, after the secure session is established, symmetric algorithms are used to encrypt the data in motion. Using one of the mentioned protocols prevents attackers from reading the data in motion. Websites should use HTTPS (Hypertext Transfer Protocol Secure) instead of HTTP to ensure encryption between websites and browsers. HTTPS uses SSL/TLS. What is in motion data vulnerable to? Eavesdropping attacks. In this situation, malicious entities can analyze traffic sent over the internet and read unencrypted data. In Use EncryptionData currently accessed and used is considered in use. Examples of in use data are:
Because data needs to be decrypted to become in use, it is essential that data security is taken care of before the actual use of data begins. To do this, you need to ensure a good authentication mechanism. Technologies like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) can be implemented to increase security. Moreover, after a user authenticates, access management is necessary. Users should not be allowed to access any available resources, only the ones they need to, in order to perform their job. A method of encryption for data in use is Secure Encrypted Virtualization (SEV). It requires specialized hardware, and it encrypts RAM memory using an AES-128 encryption engine and an AMD EPYC processor. Other hardware vendors are also offering memory encryption for data in use, but this area is still relatively new. What is in use data vulnerable to? In use data is vulnerable to authentication attacks. These types of attacks are used to gain access to the data by bypassing authentication, brute-forcing or obtaining credentials, and others. Another type of attack for data in use is a cold boot attack. Even though the RAM memory is considered volatile, after a computer is turned off, it takes a few minutes for that memory to be erased. If kept at low temperatures, RAM memory can be extracted, and, therefore, the last data loaded in the RAM memory can be read. At Rest EncryptionOnce data arrives at the destination and is not used, it becomes at rest. Examples of data at rest are:
This data state is usually most targeted by attackers who attempt to read databases, steal files stored on the computer, obtain USB drives, and others. Encryption of data at rest is fairly simple and is usually done using symmetric algorithms. When you perform at rest data encryption, you need to ensure you’re following these best practices:
For the examples of data given above, you can have the following encryption schemes:
One important aspect of encryption is cryptographic keys management. You must store your keys safely to ensure confidentiality of your data. You can store keys in Hardware Security Modules (HSM), which are dedicated hardware devices for key management. They are hardened against malware or other types of attacks. Another secure solution is storing keys in the cloud, using services such as:
What is at rest data vulnerable to? Although data at rest is the easiest to secure out of all three states, it is usually the point of focus for attackers. There are a few types of attacks data in transit is vulnerable to:
Are you protecting data in all states?Use Cyscale to ensure that you’re protecting data by taking advantage of over 400 controls. Here are just a few examples of controls that ensure data security through encryption across different cloud vendors: In which type of encryption is the same key used to encrypt and decrypt data quizlet?Symmetric encryption uses the same key to encrypt and decrypt data. For example, when transmitting encrypted data, symmetric encryption algorithms use the same key to encrypt and decrypt data at both ends of the transmission media.
Which encryption is used for both encryption and decryption?Asymmetric encryption is also known as public key encryption. In symmetric encryption, there is only one key, and all communicating parties use the same (secret) key for both encryption and decryption.
|