This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Encryption undoubtedly is the hottest topic under discussion among IT professionals, security experts and end users. Doesnt matter if it is a government agency, banking institution, colleges, hospitals or your personal computer; none is ready to compromise on the privacy ofÂ data. This paper throws light on various techniques used in data loss prevention using encryption technology with emails, data storage, data loss through laptop theft and also securing data in second hand computer sold with data unerased.
What is encryption?
Encryption is a method of converting or transforming plain text messages often referred to as information using algorithms which mask the data and is not perceivable without special knowledge often referred as the "Key". The method of encryption was the primary mode of communicating secret in military.Encryption today finds it application in almost every aspect of life since all manual tasks by people has been automated electronically via the Internet. The information exchange on the internet is very susceptible to data theft or hijack.
Types of encryption
The fundamental types of encryption schemes can be classified under two categories- symmetric and asymmetric encryption. Encryption algorithms are called symmetric if the same key is used to encrypt and decrypt the data. Algorithms which use different keys for encryption and decryption are referred to as asymmetric. The drawback of symmetric encryption is that anybody who knows the key can decrypt data to plaintext.A very famous technique used earlier was known as Data Encryption Standard which is no longer widely used. Asymmetric encryption on the other hand uses public key encryption method where in anybody who has the public key can decrypt messages from the sender, Also the sender can digitally sign messages to the receiver to enhance message authenticity. The other ways of classifying encryption is secure and non-secure encryption. Secure encryptions are those where in the functionality or the technique incorporated is made known to the public.The encryption and decryption techniques are illustrated below in Figure 1 and Figure 2 respectively.
Figure 1: File Encryption
Figure 2: File decryption
Plaintext: Original message to be encrypted.
Ciphertext: The encrypted message.
Enciphering or encryption: Process of converting plaintext into Ciphertext.
Encryption algorithm: Performs encryption (Plaintext + Secret key).
Deciphering or decryption: Recovery plaintext from Ciphertext.
Decryption algorithm: Performs decryption (Ciphertext + Secret key).
Real world applications
Hard drive or disk encryption
This is a technique in which the disk encryption software or hardware is used to encrypt every single bit of data that goes into the disk volume.This is also referred to as full disk encryption or whole disk encryption. The main idea of this technique is to prevent unauthorized access to storage machines. This method guarantees that everything on a hard drive is encrypted only exception being Master Boot Record (MBR).The benefits in full disk encryption are the user is not left with an option to encrypt files of his choice, by default all files including that of temporary files are encrypted, thus enabling protection at all times. This could be useful in preventing data leakage on second hand computers sold or stolen by just destroying the cryptographic keys which makes data useless or unrecognizable.
Credit card encryption in databases
Most of the purchases today happen on sites like Amazon, Ebay and Best Buy with millions of customers wanting their credit card details to be stored securely without any compromises. The necessity to securely store data in large client databases brings the concept of encrypting credit card details when saved onto the company's database. Anybody in the organization which a slight knowledge of databases with access to storage can have a look at thousands of credit card number and eventually misuse them. To encrypt data we can used AES or Triple DES standards and also store the encrypted ciphertext in hexadecimal encrypted format.We have an option to make use of the 192 bit key. The simplest and sometimes the default mode would be the Electronic Code Book (ECB) mode. The next step would be to pad the encrypted code to make it look like it is a multiple of Triple DES block length. This encryption technique is illustrated below.
Encryption at a database level in companies helps to secure data written to and read from the database. This kind of operation generally happens at the column level of database tables, if supported by database security and ideal access controls, can help avoid data theft in databases. This encryption not only prevents data within the database but also from several other attacks like storage media theft, well known storage attacks , database-level attacks and several DBA's. Database level encryption aids in removing changes at the application level and also answers the idea of combining business logic with the Database server or system by using concepts like triggers and stored procedures. This method justifies securing the data but again some scale of integration is required at the database level, which include modifying database schemas. The drawback that has been noticed with this encryption is that it is does not protect the DBMS against application level attacks because only the encryption happens at the DBMS level.
Storage level encryption
Storage level encryption secures data by encrypting data at the storage subsystem, depending on the requirements either at file level or block level. This encryption method is preferred for encrypting storage blocks, files, media tapes and directories. In present day's situation with large databases and also the need to avoid Logical Unit Numbers for either masking or zoning storage level encryption serves the purpose of securing data. The limitation of this encryption is that it protects against a very minimum varieties of threats like media theft and storage system attack. The other disadvantage being stored level protection does not apply to application based or database level attacks as most encryption happens at the block level and not at the field level.
Encryption for validation
Validation is an attribute which helps users to check the authenticity of the sender's identity and the message, document or file has not been tampered. Â Encryption can be used to provide validation by making a digital fingerprint of the information contained within a message. A digital fingerprint is a code that uniquely identifies a file or a message by reflecting the content of the file with tremendous specificity. A digital fingerprint is achieved by mathematical transformation of the message. Any attempt to tamper with the message changes the fingerprint. But the short fall of the digital fingerprint is, it does not guarantee the recipient regarding the identity of the sender. In order to overcome this issue we have an option to make use of digital signature. This is nothing but a seal, water mark or a stamp which is made using a private key. The sender can digital sign the content and its fingerprint before sending it to the recipient. Upon receiving the message, the recipient verifies this signature, using the public key that the sender has previously communicated, indicating that the sender is the expected person.
Encryption in biometrics
Biometric encryption is the use of physical characteristics of the body to code or decode data. Physical characteristics such as fingerprints, retinas and irises, palm prints, facial structure, and voice recognitionÂ are some of the method used in biometric encryption. In order to deal with theft and fraud in commerce over the internet these unique physical characteristics of individuals are made use of. This method is overlooked over passwords or secret PIN's because physical traits mentioned above cannot be impersonated easily. Some of the types of Biometric encryption-
Facial Structure Recognition.
Encryption that takes place at the network layer in the OSI(Open Systems Interconnection) model using the crypto services. Network encryption is invisible to the end user and functions independently of any other encryptions performed. Data is encrypted while in transit, existing as plaintext on the originating and receiving hosts. Internet Protocol Security (IPSec) create a channel for private communication over IP networks. IPSec operates within the limits of network architecture needing no alteration in ways how end users and the application function.The encrypted as well as the unencrypted packets of data are identical in transit through any IP network.
Some myths and weaknesses in implementing encryption technology.
The spread of misinformation is very harmful as we understand that cryptography is incorrectly implemented in most places. One of the instances which is making myths plausible is that the "128-bit" WEP encryption used in 802.11 wireless are very weak, the supporting reply being WEP was designed in the early 90's . FearingÂ 802.11 devices would be banned by US export laws, good encryption algorithms were deliberately passed up by the 802.11 group in favor of a weaker one.Â The weaknesses that one notices in WEP are not attributes of any symmetric encryption algorithms properly implemented in SSL and VPN . Some may ask why use RSA keys when it's many orders of magnitude slower and requires so many more bits to be secure, the reason is that RSA encryption has the special property of being able to do secure key exchanges in plain sight of an adversary who is trying to break in but still remain safe. When it comes to credibility of encryption being cracked?, the appropriate question should be when will it be cracked? Encryption strength and the number of bits used in a particular encryption technology is based on how long it is safe until the encryption technology advances to break it. For a 128 bit key used in a common e-commerce transaction is safe for few more years from today and it is safe at the moment. Also the use of 256-bit AES encryption by the government to safeguard classified data is estimated to remain safe for couple of more decades.
Future of encryption
The growth of Information Technology in the enterprises promises a growth in encryption technology also. The statistics suggest that the amount of information communicated and stored is much greater than those five years ago. The demand for protection and control is vastly increasing. Although there has been advancements in AES encryption algorithms, the underlying math in cryptography is quiet efficient for today's application. Since encryption being the last resort against vulnerabilities and threats, the need to design and develop new products which are way simpler and easy to maintain would be the key. The secure data transfer and messaging is at stake as the underlying encryption technology is at the grasp of the end user. The need of the hour is to make the underlying implementations more sophisticated than those which exist now. Proper key management would boost the future of encryption as scalability is becoming an issue because of reliance on manual processes for certificates and key controls.
At the end of the day no matter what we need to protect our data at any cost. The last of defense increasingly sighted is encryption and its enhancement. At the same time the ever growing encryption is a management issue as far as the market drivers are concerned, but acting hand in hand would be a suitable action to curb the gap between IT growth and encryption. Implementing a flexible and extensible solution that automates many of the time-consuming and error-prone key management tasks in an automated enterprise-wide manner is rapidly becoming a priority. To manage enterprise-wide encryption efficient key management is a challenge to the IT and data protection is imperative.