Monday, June 22, 2020

What is Data Encryption and How Does it Work?

What is Data Encryption and How Does it Work?


Data encryption protects your data from being seen, hacked, or stolen. VPNs provide data encryption at the consumer level, but how about end-to-end encryption? Is a VPN the best option, or are there other solutions out there? What does data encryption even mean? Find out with our guide to everything you need to know about data encryption.

What is data encryption?

Data encryption is a system that encodes your data so other people can’t read it. Consider this:

Hibu JT epub fodszqujpo? No, that’s not a massive typo — that’s the phrase “What is data encryption?” encrypted with a simple Caesar cypher, or shift cypher. Each letter is replaced by the letter that follows it in the alphabet, so when you see the encrypted phrase, it’s just gibberish. You can’t decrypt it if you don’t know the encryption system.

Data encryption works along the same lines, but with far more complex encryption systems. These transform regular data, stored as plaintext, into what’s known as “ciphertext” — a seemingly nonsensical string of letters, numbers, and symbols. You can only unscramble the data, or decrypt it, with a specific decryption key.

Why use data encryption?

Data encryption is all about protecting your personal information from anyone who’d like to get their hands on it. This idea stems from humanity’s long history of encoded communications, the use and study of which is known as cryptography. Some of these encryption systems, such as the writing used in the Renaissance-era Voynich manuscript, still remain uncracked, even with the aid of modern computing.

So why is data encryption important? In short, using encryption protects your personal data. You can use data encryption to safeguard yourself against a multitude of online threats, including identity theft, hacking, and fraud.

Many businesses also use encryption algorithms in network security to defend against spyware and other malware. Anyone who manages to obtain encrypted data won’t be able to read it — preventing hackers from gaining access to business secrets. That means data encryption also protects against certain strains of ransomware that hijack data and threaten to publish it unless a ransom is paid.

» How can encryption be used to protect information?

Did you know that you’re benefiting from data encryption nearly every time you use the internet? Here are a few uses of encryption that you may encounter in your daily online life:

Icon_01HTTPS encryption

Many modern websites feature HTTPS encryption — you’ll know because the URL begins with https, or because your browser shows you a little padlock icon in the address bar. Check your address bar now, and you’ll see these indicators here on our site. AVG Signal’s looking out for you.

HTTPS encryption protects your internet traffic while it travels between your device and the website you’re using, preventing anyone from either listening in or altering the data while it’s in transit. You should never divulge any sensitive personal data, such as credit card numbers, while on an unsecured website with plain old HTTP. If you don’t know how secure a certain site is, it’s always best to do a quick website safety check before entering any personal information.

Icon_02Email encryption

Gmail and Outlook — two of the most widely used email platforms — encrypt all emails by default. The encryption they provide should be sufficient for the average email user, but there are more secure options available. Both Gmail and Outlook offer upgraded encryption with premium accounts, and ProtonMail is a securely encrypted email service that anyone can use.

Icon_03Secure messaging apps

Many messaging apps also protect users with data encryption. Signal and Wickr are two popular options providing end-to-end encryption: the data is encrypted all the way from the sender to the receiver.

Icon_04Cryptocurrency

If you’ve dabbled at all in cryptocurrencies such as Bitcoin (BTC) or Ethereum (ETH), you’ve also enjoyed the protection of data encryption — though if you’re savvy enough to be using these, you probably already knew that. Cryptocurrencies protect their users by encrypting transactions and storing them in a shared historical record known as the “blockchain.” Once a transaction joins the blockchain, it can’t be reversed or forged.

Icon_05VPNs

VPNs are a popular solution for data encryption — you can even download a VPN on your mobile phone for encryption on the go. If you’re on an unsecured public Wi-Fi network, a VPN is an ideal solution for keeping your data safe. We’ll explore VPNs in more detail later in this piece, but for now, think of them as on-demand data encryption that’s both convenient and secure.

Try AVG Secure VPN for FREE

 

How does data encryption work?

Data encryption revolves around two essential elements: the algorithm and the key.

  • The algorithm is the set of rules that determine how the encryption works. The Caesar cypher algorithm we used earlier in this article substitutes each letter with another letter that sits a fixed distance away from it in the alphabet.
  • The key determines the encryption implementation. Keys are randomly generated and combined with the algorithm to encrypt and decrypt data. In our Caesar cypher, we used a key of +1. A is replaced by B, B is replaced by C, and so on. In data encryption, keys are defined by their length in bits.

The algorithm and the keys it generates both contributes to the overall security of the encryption method. Key length is one factor in encryption security, but it’s not an exclusive determinant — the mathematical systems behind the algorithm also influence encryption security as well. Some algorithms with shorter keys may have equivalent or greater security when compared to other algorithms with longer keys.

» Cryptographic keys

Modern cryptography algorithms generate new data encryption keys for each use so that two users of the same algorithm can’t decrypt each other’s communications. Symmetric-key algorithms use the same key for encrypting and decrypting, while public-key algorithms (also known as asymmetric-key algorithms) have separate keys for each process:

  • In a symmetric-key algorithm, the encrypting and decrypting parties all share the same key. Everyone who needs to receive the encrypted data will have the same key as everyone else. It’s a simpler system but with greater risk, as it takes just one leak to expose the data being transmitted by all involved parties.
Symmetric algorithms share the same key between encryption and decryption.

Symmetric algorithms share the same key between encryption and decryption.

  • Symmetric encryption uses either stream cyphers or block cyphers to encrypt plaintext data.
     
    • Stream cyphers encrypt data on a per-byte basis. Each byte is encrypted individually. It’s a complex system that uses a different key for each byte, but the reversal is relatively easy.
    • Block cyphers encrypt data in blocks of 64 bits (8 bytes) or larger. Reversing block cypher encryption is much harder than with stream cypher encryption.
  • Our Caesar cypher example is a symmetric-key algorithm since you can encrypt and decrypt a message using the same key: the number of letters in the shift from plaintext to ciphertext and back.
  • public-key algorithm is more secure than its symmetric-key counterpart. The public key is widely available for anyone to use in sending communications, but there’s a second key — the private key — that’s needed to decrypt the message. The algorithm creates both keys at once, and only these two exact keys can work together.
The_Ultimate_Guide_to_Data_Encryption-02

Public-key or asymmetric algorithms use different keys for encryption and decryption.

  • So how does data encryption protect data? Without the decryption key, you can’t unscramble the data — unless you’re willing to invest a lot of time and effort into other means of breaking the encryption. We’ll dive into what those measures look like towards the end of this piece.

» What about hashing?

Hashing is a process that uses an algorithm to convert plaintext into numerical values. Any website worth using will hash user credentials to protect them in the event of a data breach. If you encounter a website that still stores passwords as plaintext, run away and never look back.

Common encryption algorithms

There’s not just one data encryption algorithm out there. Here, we look at several of the most common encryption algorithms and quickly break down how they work.

» Advanced Encryption Standard (AES)

AES is a secure symmetric algorithm that’s easy to use, making it ideal for situations in which secrecy is important. Users can set the key length to 128, 192, or 246 bits, and AES supports block lengths of 128 bits for block cypher encryption.

» Rivest–Shamir–Adleman (RSA)

Names for its three creators, RSA is one of the earliest public-key algorithms and still sees widespread use. RSA uses large prime numbers to create its keys and compared to other systems, it’s rather slow. For this reason, RSA is most often used to share a symmetric key, which is used in turn to encrypt the actual data that needs protecting.

» Triple DES

Triple DES (or TDES/3DES) is asymmetrical block-cypher algorithm that encrypts each block three times over using a 56-bit data encryption standard (DES) key. But what is the data encryption standard in the first place?

DES is a pioneering encryption algorithm developed in the 1970s that was used as the US federal standard until being replaced in 2002 by AES. At the time, DES was strong enough to defend against contemporary threats. Even with its three layers of encryption, TDES is no longer considered reliably secure by modem standards.

» Perfect forward secrecy (PFS)

PFS isn’t an algorithm, but a property that an encryption protocol can have. An encryption protocol is a system that defines how, when, and where an algorithm should be used in order to achieve encryption. When a protocol has PFS, it means that if the private key in a public-key algorithm becomes compromised, prior instances of encryption will still be protected. This is because PFS protocols create new keys for every encryption session.

Because of the way PFS protects prior sessions from future attacks, it is a critical feature for the security of any encryption system. You’ll also see PFS referred to simply as “forward secrecy” or FS.

Data at rest vs. data in transit

The majority of the encryption conversation focuses on data in motion encryption, or how to protect data in transit — in other words, data that’s on its way from one place to another. When you encrypt your web traffic with a VPN, that’s data in transit encryption in action.

But not all data is constantly in motion. Data that are stored in one place is called “data at rest.” There’s plenty of data on your computer that isn’t going anywhere but maybe even more sensitive than anything you’d be communicating to other parties.

It’s just as important to practice data at rest encryption as well, in case your device gets hacked or stolen. You can easily protect your local data by encrypting or password-protecting files and folders on your computer or external storage device.

We’ll show you some encryption best practices for data at rest in the following sections, “How to encrypt your PC” and “Mobile data encryption.”

» Transparent data encryption (TDE)

Introduced by Microsoft in 2008, transparent data encryption (TDE) protects databases by encrypting the files on the servers as well as any backups. Microsoft, IBM and Oracle use TDE to provide enterprises with SQL server database encryption.

The encrypted files are automatically decrypted by any authorized applications or users when accessing the database. This is why it’s “transparent” — if you’re already allowed to access the data, you don’t need to do anything extra to see it. Think of TDE like an employee ID badge that grants entrance to a secure facility. If you have a badge, you can waltz right on in.

As an additional security measure, TDE stores the encryption keys separately from the encrypted data files. This way, if the physical storage media or files are stolen, they’ll still be protected against unauthorized access. You can’t open the data files without the correct key.

How to encrypt your PC

Ready to protect the data on your PC against snoops and hackers? We’ll take you through three types of data encryption that you can use to protect your PC.

» File encryption

If you only need to protect a few sensitive items, consider file encryption. This method encrypts individual files, so it’s best for cases where you don’t have too much encrypting to do. For example, if you’ve created a document that contains your backup codes for a certain website or application, file encryption is a great way to safeguard that information.

But what is file encryption, anyways? Simply put, it’s the act of scrambling a file so that it can’t be unscrambled without the correct decryption key. It’s the same thing as data encryption, just on a per-file basis. Here’s how to use encryption on your device with AVG Internet Security:

AVG Internet Security’s Sensitive Data Shield scans your entire computer for files that you might want to secure, then protects these items from unauthorized access. It’s a good option for anyone using Windows 10 Home since Microsoft hasn’t included any built-in tools there for file encryption. You’ll need to rely on third-party solutions if that’s your situation.

Mac users are in more luck. Apple allows for file encryption within macOS by using the Disk Utility tool. You can encrypt folders by navigating to File > New Image > Image from Folder. Choose the folder to encrypt, select your encryption method, and hit Save.Encrypting a folder with Disk Utility in macOS Catalina

» Full-disk encryption (FDE)

Rather than go from file to file, you can cut to the chase and encrypt your entire computer with FDE or whole-disk encryption. You can even combine both together for added security — even if someone gets through your FDE, they still won’t be able to access your encrypted files.

Windows 10 Home allows for FDE, though not all PCs accommodate this feature. Open your Settings, click Update & Security, and if your device supports FDE, you’ll see Device encryption at the bottom of the left-side menu. Click it, and you can begin encrypting your PC. You’ll need to sign in with your Microsoft account in order to enable FDE, as Windows will save your recovery key on Microsoft’s cloud.

Activating full-disk encryption in the Settings of Windows 10

Users of Windows Professional, Enterprise, and Education can use the BitLocker tool for more secure encryption, and you’ll find it in the same place. But either way, that’s how to encrypt your PC!

Mac users can also enable FDE on their machines with the FileVault tool. Open your System Preferences, then select Security & Privacy. From there, head to the FileVault tab and turn it on. It’ll take some time for FileVault to complete the encryption, but it’ll look like this when you’re done:Encrypting the hard disk with FileVault in macOS Catalina

» Network layer encryption

This final method protects data in transit, but not locally on your device. If you need to encrypt all the traffic coming to and from your PC, network layer encryption will help. It’s one reason that many people choose to protect their privacy with VPNs. HTTPS provides another type of network-layer encryption.

With network-layer encryption, you can send data securely across unsecured networks. But it’s just as important to ensure that the data is equally protected at its source and at its destination. If you haven’t encrypted your PC with one of the two above methods, any data you receive over an encrypted connection won’t be protected once it’s downloaded locally to your machine.

AVG Secure VPN encrypts all the internet traffic on your device. With a VPN, all your online activities are covered — everything you’re doing in your web browser, but also your emails, games, anything you download, and any other apps you use.

Try AVG Secure VPN for FREE

 

Mobile data encryption

You’re probably already protecting your Android or iPhone with a PIN, passcode, pattern lock, or fingerprint/face lock — and that’s great. Security measures like these are essential in the fight against unauthorized access. But there’s another way you can safeguard the data on your mobile device: encryption.

iCloud and Google Cloud both encrypt your data automatically, so you won’t need to handle the cloud data encryption yourself if you’re using these services. And just as you can configure FDE on your PC, you can also encrypt your phone. Should you lose your device, your encrypted data will be safe. Both Android and iOS devices allow you to encrypt your device by default. Here’s how:

» iPad & iPhone data encryption

As soon as you set up a passcode on your iOS device, your data is automatically encrypted. If you don’t have a passcode yet, perform the following procedure:

  1. Open your Settings and tap Passcode. Newer iPhones may instead say Touch ID & Passcode or Face ID & Passcode.
    Opening the Touch ID & Passcode settings in iOS 13.3.1 on an iPhone 6S
  2. Once here, follow the prompts to set up a passcode and any other security measures you’d like to include. After you’re done, your iOS device will be encrypted.

» Android data encryption

The procedure for encrypting your Android device may vary depending on its manufacturer and Android version. Here’s how the process looks in Android 10 on a Google Pixel 2:

  1. Open your Settings, then tap Security.
    Opening the Security settings in Android 10 on a Google Pixel 2
  2. Scroll down and tap Encryption & credentials.
    Opening the Encryption & credentials settings from the Security settings of Android 10 on a Google Pixel 2
  3. Follow the prompts here to encrypt your device. When you’re done, confirm your phone’s Encrypted status.
    The Encryption & credentials settings in Android 10 on a Google Pixel 2


No comments:

Post a Comment