Cybercrimes are on the rise, and it’s comforting to know that there are methods to protect network security from the prying eyes of Cybercriminals as there are ways of trying to penetrate it. In this post, we will delve deeper into what is encryption and the types of encryption.
Cybersecurity and protecting data are becoming more critical every day. Sectors like banking, health, and business data are maintained online; keeping them secure can be difficult. Today many programs and apps we use, rely on data encryption to keep our information safe.
What is Encryption?
Encryption is the process of encoding information in order to secure the data at rest, in use or in motion. This process converts the original information (plaintext) into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext and access the original data.
When you transmit the data over the Internet, it goes through a series of network devices situated worldwide, and data can get compromised. You need to implement specific software/hardware to ensure a secure transfer of data to avoid such compromises. This process is known as encryption in the modern digital world.
Encryption uses a cryptographic key: a set of mathematical values that both the sender and the recipient of an encrypted message agree on. Encrypted data may appear random, but encryption proceeds logically, allowing a party that receives the encrypted data and possesses the right key to decrypt the data, turning it back into plaintext.
The information is passed through an encryption algorithm to get the ciphered text. This algorithm takes the original data and, based on randomized rules, transforms the data into a new, undecipherable piece of data or a translation. The algorithm creates a new language and hides sensitive data by changing it using the secret code, which can be decrypted and turn back to plaintext with a key.
What is a key in cryptography?
How Does Encryption Work?
Imagine you have put a lock on the box containing some essential documents. You send that box to your friend who has the same key as yours through which they can unlock it and get access to those important documents. In the digital world, all of this is done electronically!
There are three articles of encryption:
1. Plain text
2. Encrypted text (ciphertext)
3. Decrypted text (same as the initial plain text)
Why Do We Need Data Encryption?
1. Authentication to validate the identity
2. To preserve the privacy of information
3. To meet regulatory compliances
4. To Ensure security of data at rest and in transit
5. To preserve the integrity of data
Encryption helps prevent malicious behavior such as on-path attacks. When data is transmitted across the Internet, encryption ensures that the data received by the recipient has not been tampered with on the way.
Encryption is an intimidating endeavor. Data is omnipresent, and encryption should be considered at all levels: data at rest, in motion, who and where need to access this data, how it is transmitted, and what types of interactions are involved with sensitive information that must be encrypted.
It could be enterprise communications, web browser information, e-commerce transactions, your company’s database, hard drives, or customer and user data. It is necessary to document all the data interactions and decide which type of encryption to use.
What are the different types of encryption?
Encryption can broadly be devided into two types
- Symmetric encryption
- Asymmetric encryption
Symmetric encryption uses a single cryptographic key to be used by all parties involved to encrypt and decrypt information. A single key makes the process straightforward. Eg. You encrypt an email using a unique key and send that email to your boss, and he will use the same symmetric key to decrypt the email.
It is also called private-key cryptography or a secret key algorithm.
Another example is the activation of BitLocker on a Windows computer to encrypt all hard drives. By unlocking the PC with a passcode, the user will decrypt data without exposing its secret encryption key. However, both parties need to make sure the key is safe and secure, and available only to the software that needs to use. This method is older and less secure when compared to asymmetric encryption.
Advantages of Symmetric Encryption
- The best feature of Symmetric Encryption is the simplicity of the process
- Significantly faster than Asymmetric Encryption
- Require less computational power
- Doesn’t dampen internet speed
Symmetric encryption is an excellent option while working with sensitive data in bulk or encryption tasks that need to hide information without the need for decryption permanently.
Asymmetric Encryption is a newer and safer technique that utilizes two keys for the encryption process. A public key is used for encryption, and a private key is used for decryption. The keys are mathematically linked with each other. Both keys are simply large numbers that are not identical but are paired with each other, thus, “asymmetric”.
Imagine a situation where you need to store confidential information. You keep it in a box with two locks. One of those two locks has a master key that anyone can access, while the second key is only with you and a friend with whom you have to share the box. You send the box to your friend through a third person X. X tries to open the box but can only get through one of the locks, which can be opened by a master key and cannot open the second lock. He delivers the box to your friend, who opens it with a second key and can access your shared information.
A public key is accessible to all and can be used to encrypt a piece of information. This key only works for encryption but not the decryption process. A user needs a secondary key called the private key to decrypt this information. Hence, the private key is only held by the person who decrypts the information without sacrificing security as you scale security.
Ex: email encryption – Anyone can use your public key to send an encrypted email that you can only decipher using your private key.
Asymmetric is a newer, more secure, and advanced encryption standard making it slower and resource-consuming. It is usually utilized in smaller transactions to establish secure communication channels or authenticating users.
Since the asymmetric encryption technique works on two keys, any algorithm based on it will be considered the most robust encryption type because it ensures high levels of security.
Advantages of Asymmetric Encryption
- Protects against MITM (Man-in-the-middle) attacks like
- Solves the problem of distributing keys for encryption using public-key cryptography
- Asymmetric Encryption allows for non-repudiation
- Recipient can detect any tempering during transit
Hybrid Encryption (Symmetric + Asymmetric Encryption)
Hybrid Encryption uses a mix of both Symmetric and Asymmetric encryption for the use cases that requires high speed encryption along with identity verification like security the communication between a Website and the end user.
Both symmetric and asymmetric encryptions have their disadvantages. The symmetric encryption method works great for fast encryption of large data but doesn’t provide identity verification. Verification is the need of the hour when it comes to internet security. Asymmetric encryption has a public/private key pair and ensures that the intended recipient only accesses the data. However, this verification makes the encryption process slow.
This technique is used in applications such as SSL/TLS certificates. TLS handshake is a process where a series of back-and-forth communications between servers and clients (web browsers) happen. SSL/TLS encryption is applied in this process to verify the identity of both parties is verified using private and public keys. Once both parties have confirmed their identities, the encryption of the data takes place through symmetric encryption using a temporary session key. This ensures the speedy transmission of data on the Internet.
Now that we have gone through the data encryption techniques, we will elaborate the encryption algorithms used.
Symmetric Encryption Algorithm
1. DES Encryption Algorithm
DES or Data Encryption Standard, is one of the oldest encryption methods developed in 1976 by IBM. DES uses a 56 bit encryption key and operates by converting 64-bit blocks of plaintext data into ciphertext by dividing the block into two separate 32-bit blocks. Then encryption process is applied to each block independently.
DES is based on the Feistel Structure designed by a cryptographer named Horst Feistel. DES encryption algorithm was also included in TLS (transport layer security) versions 1.0 and 1.1.
The encryption process is applied to each of the 32 bit block is applied independently. This involves 16 rounds of processes — such as expansion, permutation, substitution, or an XOR operation with a round key —that the data will go through as it’s encrypted. At the end of all these processes, 64-bit blocks of encrypted text are produced as the output.
In 2005, DES was replaced by the AES encryption algorithm. The low encryption key length of DES made brute-force attacks easy. TLS 1.1, the most widely used TLS protocol today, doesn’t use the DES encryption method.
2. Triple DES (3DES) Encryption Algorithm
Triple DES Encryption uses a 168-bit key (56-bit key thrice) to encrypt the data. The DES algorithm is applied three times to every data block, making it harder to crack than its DES predecessor. Triple DES is the successor of DES and was created as a response to the data breach of DES.
It’s the most widely used symmetric algorithm in the industry. It has a wide range of applications and is mainly used as an encryption algorithm in payment systems, standards, and technology in the finance industry. It’s an integral part of cryptographic protocols such as TLS, SSH, IPsec, and OpenVPN.
The Sweet32 vulnerability discovery caused the security industry to consider the devaluation of the algorithm. The National Institute of Standards and Technology (NIST) announced this in draft guidance published in 2019.
3. AES Symmetric Encryption Algorithm
AES encrypts information into a single block (block cipher), one block at a time through ’rounds’. Data is converted into blocks and encrypted using the key in different rounds depending on the key size: 14 rounds for 256-bits, 12 rounds for 192-bits, & 10 rounds for 128-bits.
The process consists of data manipulation and mixing steps completed in each round: substitution, transposition, mixing, column mix, sub bytes. It also comprises multiple sub-processes such as sub bytes, shift rows, mix columns, and round keys.
AES is one of the most common symmetric encryption algorithms used today, developed by the US National Institute of Standards and Technology. Since it works on a single private key, it is also one of the secured types of encryptions.
It replaces the outdated DES (Data Encryption Standard), cracked by security researchers back in 2005. This algorithm solved its predecessor’s main weakness, a short encryption key length vulnerable to brute force attacks.
AES uses substitution and permutation. Initially, the plaintext data is turned into blocks and then encrypted.
AES encrypts data in one single block instead of as individual bits of data. The size of the blocks determines the name for each kind of AES encrypted data. Along with having different block sizes, each encryption method has a different number of rounds. These rounds are responsible for changing a plaintext piece of data into encrypted data or ciphered text.
Following are some of the key advantages of AES encryption:
- AES is much faster than DES and is safe and flexible.
- Multiple key lengths offer a great advantage since longer keys are much difficult to crack
- It is one of the most spread commercial and open source solutions used all over the world. Some of the applications of AES include:
o Wireless security,
o Processor security and file encryption,
o SSL/TLS protocol (website security),
o Wi-Fi security,
o Mobile app encryption,
o VPN (a virtual private network)
Many government agencies, including the NSA (National Security Agency), use the AES encryption algorithm to protect sensitive information.
BlowFish is a symmetric block cipher, which works on a variable key length from 32 bits to 448 bits. As a block cipher, it divides data or a message into fixed 64-bit blocks for encryption and decryption. BlowFish is known for speed, flexibility and is unbreakable. It’s in the public domain, accessible to all freely.
An encryption algorithm designed to replace DES, it’s fast and is available as free public encryption software for any user. It is neither patented nor licensed. It has been tested multiple times for its speed, efficiency, and security since it is a public encryption platform. BlowFish is the primary choice for vendors and e-commerce to secure payments, passwords, and other confidential information.
TwoFish is BlowFish’s successor. It’s license-free, symmetric encryption that deciphers 128-bit data blocks and can extend to the 256-bit key length. It functions in 16 rounds, irrespective of how large the data is. This is one of the flexible types of encryption. TwoFish is considered one of the fastest of its type.
TwoFish works well for both software and hardware environments. Modern file and folder encryption software solutions use this algorithm.
Types of Asymmetric Encryption Algorithms
1. RSA Asymmetric Encryption Algorithm
Rivest–Shamir–Adleman (RSA) encryption is an asymmetric cipher that requires two keys: a public key for encryption and a private key for decryption. It functions on 1024-bit and can extend up to 2048-bit key length. Larger the key size, the slower the encryption process
RSA is widely regarded as the best encryption algorithm is a public-key encryption asymmetric algorithm. It is the standard for encrypting information transmitted via the Internet.
Following are some of the advantages of RSA Asymmetric Encryption Algorithm:
- The most significant advantage of RSA is scalability. It offers various encryption key lengths such as 768-bit, 1024-bit, 2048-bit, 4096-bit, etc. Therefore, even if the lower-key lengths can be brute-forced, you can use encryption of higher key lengths to make it difficult to brute-force since the difficulty increases with each expanding key length.
- RSA uses a simple mathematical approach making the implementation of the public key infrastructure (PKI) straightforward. RSA is the most widely used asymmetric encryption algorithm today due to its adaptability with PKI and security. RSA is extensively used in many applications, including SSL/TLS certificates, crypto-currencies, and email encryption.
2. ECC Asymmetric Encryption Algorithm
ECC (Eliptic Curve Cryptography), uses Elliptic Curves to encrypt the data. An elliptic curve represents a set of points that satisfy a mathematical equation (y2 = x3 + ax + b) In the ECC encryption algorithm. Two mathematicians named Neal Koblitz and Victor S. Miller first proposed using elliptic curves in cryptography in 1985.
ECC was developed in 2004-05 using the prosposed algorithm. Similar to RSA, it’s easy to compute ECC in one direction but difficult to reverse it and come to the original point. In ECC, a number symbolizing a point on the curve is multiplied by another number and gives another point on the curve. The new point on the curve should be determined to crack this puzzle, which is virtually impossible because of the way it is built.
Following are the key advantages of the ECC Encryption Algorithm:
- ECC offers greater security than RSA due to its complexity by using much shorter key lengths. When ECC is applied with keys of greater lengths, it will take more time to crack using brute force attacks.
- Faster performance. Shorter keys require less networking overhead and computing power. This works perfectly well for devices with limited storage and processing capabilities. ECC decreases the time taken to perform SSL/TLS handshakes and helps you load the website faster. The ECC encryption algorithm is implemented in encryption applications, digital signatures, pseudo-random generators, etc.
- Many server software and control panels haven’t added support for ECC SSL/TLS certificates. This is the biggest challenge with ECC.
Which Encryption Algorithm is the Best?
Each of the encryption method mentioned has their own unique advantages. Following is a brief of the key usage and benefits of the leading algorithms:
AES is one of the most widely used algorithms, which is fast with a variable key length option that provides extra security. It fits best when handling large amounts of encrypted data.
TwoFish (Symmetric – previously BlowFish)
The most significant advantage of TwoFish is its flexibility in performance, providing total control of the encryption speed.
3DES is still widely utilized in financial services to encrypt ATM PINs and UNIX passwords.
RSA encryption is mainly used in digital signatures, email encryption, SSL/TLS certificates, and browsers since its speed isn’t convenient for processing large amounts of data.
How does Encryption makes Internet browsing secure?
Encryption is in the core of modern technologies. It plays a significant role in keeping HTTP requests and responses secure and authenticating website origin servers. HTTPS (Hypertext Transfer Protocol Secure) is the protocol responsible for this.
A website served over HTTPS instead of HTTP will have a URL that begins with HTTPS:// instead of HTTP://. It is usually represented by a secured lock in the address bar. HTTPS uses Transport Layer Security (TLS). In the past, Secure Sockets Layer (SSL) was used, but TLS has replaced SSL. A website that implements HTTPS will have a TLS certificate installed on its origin server.
A hash function is a one-way cryptographic algorithm that translates any data input to a unique output of a fixed length of bits irrespective of the data size. The output is known as a hash value, hash digest or hash code. In simple terms, a hash function is a unique identifier for any given piece of data.
After your desired encryption type, you need to make sure that your data is not altered, is authentic, and is verified. Hashes are the way to do that. By creating a unique fingerprint, you can make sure that the data has not been altered during different encryption levels.
You can always compare the original hash with that of the new one if there is a doubt of data being changed or altered because two different data sets cannot produce identical hashes.
An example of hash is, when a user logs in using the User ID and password, the server searches for the associated hash value in the backend. The password entered is hashed with the same algorithm through which it was encrypted, and if it matches with the already stored hash value, it is valid and authenticated.
It is worth noting, that Encryption and Hashing are two different cryptographic functions that help facilitate secure and legitimate communications.
A Digital Certificate is an electronic credential that connects the identity of the certificate owner to aelectronic encryption key pair. The pair has one public and one private key. The primary purpose of a digital certificate if to validate that the identity of a computer. Digital Certificates are used in a number of applications including SSL (TLS), Email Security, VPN etc.
Encryption is a part of our everyday life. It is used in the products and tools we use every day and will continue to be a bedrock of security, from computer games to our VOIP, phone calls, & video chats. If it can be sent or stored, it will most likely be encrypted. Technology will continue to change, so will the types of encryption that are developed and used.
Encryption is not only securing the data but it also has a potential of helping to save a democracy. At least Microsoft says so regarding it’s open source Electionguard software based on Homomorphic Encryption. If you would like to know more about Homorphic Encryption, please refer to our earlier post.
Cybercriminals are becoming sophisticated in their efforts. Encryption makes most software and hardware tools safe to use as long as you follow the manufacturer’s guidelines and keep your devices updated.
Pingback: All about Surface, Deep and Dark Web | SecurityFocal