The use of encryption and decryption techniques for securing communication is as old as the art of communication. Technically, a code is used instead of data which is a signal for intent to keep data secret. In order to recover the contents from an encrypted signal, accurate decryption key is needed. The key is basically an algorithm that is used to reverse the work of the encryption technique and get original form of data. There is always a potential threat from hackers to decode encrypted signal, to avoid such issues specialized intellectuals have worked hard and defended these threats by developing more advanced techniques for encryption. From its evolution online communication is been under threats by potential hackers, developers always need to be a step ahead for securing online communications.
The function of this research is to deliver a high level introduction regarding encryption, advancement in encryption, standard methods and practices which is utilized to secure information. This comprises such topics as hashing, encryption types, data transfer, key management, remote access, email, and securing movable devices like smartphones, blackberry's, laptops. The purpose of this research is not to promote or recommend any particular technology or product. There are so many solutions and practices exist, and this research makes no effort to praise any one available solution above another.
An algorithm is just a mathematical procedure used to encrypt provided data. As an example, in the given below demonstration sentence fragment has been encrypted by using the simple replacement algorithm:
Plain Text: UNO ensures peace
Algorithm: If A is represented by 1, b by 2, c by 3, d by 4, etc and
Cipher Text: 21 14 15 255 5 14 19 21 18 5 19 255 16 5 1 3 5
Over the long time, many algorithms have been developed: Blowfish, AES (Advanced Encryption Standard), 3DES (executing information thru DES several times), DES (Data Encryption Standard), and many others. Some of the algorithms which were previously utilized, have been ‘cracked’ or broken, and are useless now. Currently AES is the federal standard. There are several factors for rating the Encryption algorithms, most prominently the algorithm key-length. 3DES and DES, as an example, were initially created to utilize a 56-bit key. By advancement of DES now encrypted data can be broken within small time on a moderately strong computer.
While above analysis may be applicable to data at rest and data in motion, email offers amongst the most appropriate movement for penetration, and is a major area to adopt during implementation of encryption. For example, most of the online user have email access, and it is very well known technology; and also a common area which is likely an auditor investigate. The procedures used for transferring email were invented long time ago. At initial stage, there were little concerns regarding privacy of the data being delivered. Due to this reason, standard email, most of the time was not secure. To make it secure information being sent is converted in what is generally known as “The Plain Text”. This indicates that any person can intentionally interrupt information transferring between sender and receiver with little effort, and able to read message. In this approach, this person is able to copy the data, or amend it as desire. Then how can one protect himself and the data which can be leaked from delivering or receiving secured data in an email?
Generally following three ways are used for managing email encryption by Public Key:
- At desktop (the local level)
- At gateway (the network perimeter)
We're attempting to reduce costs, and assist the environment. We've heard of telecommuting; how could I allow my employees to work while they stay at home? Telecommuting is turning out to be a common approach for managing expenses, and assists the environment by placing fewer cars or vehicles on the way. Remote access methods enable other workers or employees to safely connect to data and applications from their homes as if they were able to use in the workplace. There are numerous procedures for allowing access to data and applications from distant locations; amongst the most popular is with a VPN (Virtual Private Network). As the name indicates, the VPN establishes an encrypted connection temporarily into the network of the host that lasts only for required time period.
Standard VPN needs installation of the client service on the remote workstation, and makes the encrypted connection. This approach utilizes keys (same as the keys utilized in an email encryption) for confirming the distant computer, and IPSEC protocol to secure and create (encrypt) tunnel. One benefit to this technique is that a company can better control the connection as connections are just permitted for computers along with the suitable client utility. Many firewalls have the capacity to establish and deploy VPN tunnels, utilizing their client’s utilities. Distant workers just need to provide their ID along with the password establishing connection, and it gives access to them as just like they were in the workplace. Recently, a latest kind of Virtual Private Network has become much popular in remote access, it is known as the SSL VPN. Instead of having deployed client service, the SSL Virtual Private Network is installed as a safe website (same as to how the banks facilitate online banking facilities), as there is not any client to set up and install, this has the benefit of being accessible from anywhere, to anyone, and not just from a specific computer. In any of the case IPSEC or SSL both uses a secure encryption algorithm and all/any client applications must require to be set up on the distant computer to be used and accessed.
Folder and File Level Encryption
Folder/file level encryptions are usually selective, being achieved manually by direct client control, or through a computerized program. Some folder/file level encryption stuffs are able to encrypt files in a folder automatically, built on certain configuration required for encryption of file according to file type (like spreadsheets), or the source application (Excel), or file location (folder). Encrypting File System (EFS) of Windows is the best example of a folder/file level encryption utility. One can centrally activate this by adopting the Active Directory Group Policy Objects for encryption specified files or folders. Nevertheless, like all folder/file level encryption stuff, it depends on users to appropriately write crucial data into pre-defined secured folders, and are unable to prevent any users from stealing sensitive data that is required for the encryption, to locations for unencrypt (either on portable/removable media or on the laptop hard-disk drive). There are more complex and sophisticated folder/file level encryption stuff which offer more, and few offer little stronger enforcement and policies which enable it less probable that crucial data will be transferred unencrypted on portable/removable devices (USB drives) or the laptop hard-disk drive.
Full Disk Encryption (FDE)
Full disk encryption (FDE), as the name indicates, does just the same; it encrypts all data saved on a logical volume or physical disk. The objective of the FDE is to ensuring that everything written on hard-disk is completely encrypted. This comprises not only files and sensitive data, but even operating system files (i.e. data caches, page files, etc.) and application, by deploying encryption to the disk-drive(s), all information is encrypted automatically as it is saved to drive, further it is absolutely inaccessible if drive is detached or is retrieved from outer source. The only method to retrieve the data from an FDE disks is to utilize the approved and predefined retrieve methods. How does this technique function? Just similar to other available encryption techniques, a key is required to transform the data to an encrypted form, and to transform it back again into something unencrypted when desired. A model of one kind of encryption of FDE is called BitLocker feature. The BitLocker technique encrypts complete disk volumes and uses security characteristics available in the laptop operating system and computer hardware (i.e. USB keys, (TPM) Trusted Platform Module chip, etc.).
There are some FDE stuffs which are little broader and able to encrypt the complete contents of hard-disk, sector to sector and bit to bit (including swap files, boot sectors, user data and OS files). Many FDE products offer additional security through the procedure of Pre-Boot authentication (PBA), verifying the user prior to the operating system boots. The provisioning, authentication, reporting and encryption capabilities differ for each FDE stuff, but enterprise FDE stuff generally provide characteristics like centralized administration (like password resets), Windows centralized logging for compliance, sign-on from single and security reporting, and characteristics like the remote destroy switch if any laptop or computer is reported stolen/ lost or doesn’t occasionally register with FDE server of an organization.
Many years before, operating PGP or any registered security package to secure data on any hard drive was very burdensome. I would sometimes give up much frequently after setting up the software because of the numerous steps necessary for encryption/decryption of data, speed to process, or few other issues regarding user interface. Consequently, I would return to “security through obscurity”, securing folders, inserting documents into zip files, etc. It is a great news that solutions for encryption have come long way. If someone is striving to work paperless or even if he just stores copies of his tax returns in PDF formats – then he has no justification to give up these encryptions any longer. The preferred solution many software like TrueCrypt which is a popular encryption tool. This utility is easily available for Linux, Windows and Mac and has been well equipped with more features than anyone would desire to read about the most effective amongst them is creating the containers which are secured for the files you intend to secure. The best thing is that this utility is free (even though a contribution is money spent for good). In brief, once you make the container, you would be able to “mount” it like if these containers were just a distinct hard drive of your system and you will just copy files in and out. In whole-drive encryption process solutions are offered by operating system like BitLocker/EFS (Windows). These solutions could be used to secure your entire hard disk.
New quantum encryption was discover by a team of researchers working under Professor Hoi-Kwong Lo (University of Toronto), this method can foil the sophisticated hackers. This discovery is published in Physical Review Letters (Latest issue). Quantum cryptography in principle is a foolproof method to prevent any kind of hacking. This method ensures that any eavesdropper’s attempt to read communication data will create disturbances which is detected by legitimate users. Therefore, new quantum cryptography makes the transmission unconditionally secure by an encryption key which is used between two users, named as Alice and Bob and a potential hacker named Eve. The key is transfer by light signals and on receiver end it is received by photon detectors. Eve can manipulate or intercept these signals which is a potential threat. Photon detectors are an Achilles heel for key distribution, which open the door for subtle side-channel attackers, this is known as quantum hacking. When this quantum hacking take place, light signals starts subverting on photon detectors, which result into sending only specific photons that Eve manipulated for Bob. Earlier results from by Professor Lo research have shown that how a quantum hacker hacks commercial quantum systems.
Password encryption by using multiple locations
One of the main problems in computer security is to protect an increasing amount of data from potential threats. Researchers at the RSA (a security firm) have founded a new method of securing user data (user ID and passwords) from hacks. This process involve breaking data into pieces and storing in separate locations. From the user’s view, nothing seems change as user visit a website, type user ID and password and login. However in server side authentication things would be considerably different from now. Currently, when user give a password to website, the password data is encrypted or hashed using some techniques. Actually server doesn’t store your password data in plaintext, but it store an encrypted value against your password. Cryptographic functions are reversible, but well-designed hashes functions are impossible to crack within reasonable time limit. The problem in this approach is that it looks perfect theoretically, but it is often flawed practically.
RSA is proposing a system which will break password into two parts, and store each part in different locations on a different hard disk or in different data center or on any other location in the world. These separate parts are then hashed to create new string of password. The two servers where password was stored would compare this new string to check if hash values match. If they successfully match then the password is real. If they mismatch then login fails. Splitting password between different servers ensures that in case if one of servers is compromised, Still hackers would get nothing but only garbage half hash values and there would be no way to combine these values into an exact authentication password. With not any knowledge of second combination of password, there is no way for reverse engineers to hash back into plaintext. The part of password hashes themselves and refresh their values, furthermore limiting access to a database.
WhiteHat Security’s vulnerabilities report, 2012
The good in this process is that RSA method for splitting and then combining password in the form of hashes would prevent attacks by hackers, the bad thing about it is that this method itself is good as the process of implementing it. It cannot address issues related to account that arise from any kind of malware infections. This issue highlights the most devastating facts about web security. The scope and size of technical attacks is overwhelming and every year new methods are been discovered. The RSA approach still close a potential loophole which is scalable. The current approach uses only two servers, but this method could be implemented across three or more servers.
Dual System Encryption
Dual System Encryption used in dual system, in this technique keys and texts can be divided into two forms. First normal also called as semi-functional. In Semi-functional keys and texts are not implemented in real system, they are used in full proof security. Normal key can be used to decrypt semi-functional texts, and normal text can be decrypted using normal keys. Whenever semi-functional key is implemented to decrypt semi functional text, it will fail. The semi-functional part of the key and text try to interact for masking and blinding factor with the help of random term.
Advance encryption techniques help us in securing communication in online networks. These encryption techniques contains a vast variety of methods, depends on the threat faced, data type and communication medium that is under threat. Multiple layers like file, folder, drive and email data encryption is improving with the help of advanced encryption algorithm. New algorithm techniques involve usage of multiple layers of hardware and logical encryption. Decryption process with the decrypt key is also advanced with the same ratio of encryption. Advanced encryption technology helps us to fulfil the need of protecting password and other confidential data. Researches in the fields of encryption have played their role to provide a step ahead from hackers and providing users with the advanced encryption techniques. Data encryption tools have developed to such extent that encryption is now became a specialized industry. Many encryption techniques were known as foolproof on the time of their discovery were cracked by hacker and now these techniques are no longer used for encryption. The process of advancement in encryption tools will continue as advancement in hacking techniques will always be a threat for this system.
Hruska, J. (2012, OCT 09). new-encryption-method-avoids-hacks-by-saving-your-password-in-multiple-locations. Retrieved from http://www.extremetech.com: http://www.extremetech.com/computing/137606-new-encryption-method-avoids-hacks-by-saving-your-password-in-multiple-locations
Ishai, Y. (2011). Theory of Cryptography. Springer.
sciencedaily.com. (2012, Mar 30). Retrieved from http://www.sciencedaily.com: http://www.sciencedaily.com/releases/2012/04/120402094326.htm
TechRepublic. (2004). IT Security Survival Guide. CNET Networks Inc.
Wilshusen, C. G. (2008). Information Security: Federal Agency Efforts to Encrypt Sensitive Information are Under Way, But Work Remains. DIANE Publishing.