Encryption
Encryption is a form of data security in which information is converted to ciphertext. Only authorized people who have the key can decipher the code and access the original plaintext information.
In even simpler terms, encryption is a way to render data unreadable to an unauthorized party. This serves to thwart cybercriminals
Encryption not only ensures the confidentiality of data or messages but it also provides authentication and integrity, proving that the underlying data or messages have not been altered in any way from their original state.
How Encryption Works
Original information, or plain text, might be something as simple as "Hello, world!" As cipher text, this might appear as something confusing like 7*#0+gvU2x—something seemingly random or unrelated to the original plaintext.
Encryption, however, is a logical process, whereby the party receiving the encrypted data—but also in possession of the key—can simply decrypt the data and turn it back into plaintext.
For decades, attackers have tried by brute force—essentially, by trying over and over again—to figure out such keys. Cybercriminals increasingly have access to stronger computing power such that sometimes, when vulnerabilities exist, they are able to gain access.
Data needs to be encrypted when it is in two different states: "at rest," when it is stored, such as in a database; or "in transit," while it is being accessed or transmitted between parties.
An encryption algorithm is a mathematical formula used to transform plaintext (data) into ciphertext. An algorithm will use the key to alter the data in a predictable way. Even though the encrypted data appears to be random, it can actually be turned back into plaintext by using the key again. Some commonly used encryption algorithms include?Blowfish, Advanced Encryption Standard (AES), Rivest Cipher 4 (RC4), RC5, RC6, Data Encryption Standard (DES), and Twofish.
Encryption has evolved over time, from a protocol that was used only by governments for top-secret operations to an everyday must-have for organizations to ensure the security and privacy of their data.
Types of Encryption
There are many different types of encryption, each with its own benefit and use case.
Symmetric Encryption
In this simple encryption method, only one secret key is used to both cipher and decipher information. While the oldest and best-known encryption technique, the main drawback is that both parties need to have the key used to encrypt the data before they can decrypt it. Symmetric encryption algorithms include AES-128, AES-192, and AES-256. Because it?is less complex and executes faster,?symmetric encryption is the preferred method for transmitting data in bulk.
Asymmetric Encryption
Also known as public key cryptography, asymmetric encryption is a relatively new method that uses two different but related keys to encrypt and decrypt data. One key is secret and one key is public. The public key is used to encrypt data, and the private key is used to decrypt (and vice versa).?Security of the public key is not needed because it is publicly available and can be shared over the internet.?
领英推荐
Asymmetric encryption presents a much stronger option for ensuring the security of information transmitted over the internet. Websites are secured using Secure Socket Layer (SSL) or Transport Layer Security (TLS) certificates. A query to a web server sends back a copy of the digital certificate, and a public key can be extracted from that certificate, while the private key stays private.
Data Encryption Standard (DES)
DES is a deprecated symmetric key method of data encryption. DES works by using the same key to encrypt and decrypt a message, so both the sender and the receiver must have access to the same private key. DES has been superseded by the more secure AES algorithm. It?was adopted by the U.S. government as an official standard?in 1977 for the encryption of government computer data. It can be said that DES was the impetus for the modern cryptography and encryption industry.
Triple Data Encryption Standard (3DES)
The Triple Data Encryption Standard involved running the DES algorithm three times, with three separate keys. 3DES was largely seen as a stopgap measure, as the single DES algorithm was increasingly becoming seen as too weak to stand up to brute force attacks and the stronger AES was still under evaluation.
RSA
Rivest-Shamir-Adleman (RSA)?is an algorithm and the basis of a cryptosystem—a suite of cryptographic algorithms used for specific security services or purposes. This enables public key encryption
Advanced Encryption Standard (AES)
Developed in 1997 by the National Institute of Standards and Technology (NIST) as an alternative to the Data Encryption Standard, the Advanced Encryption Standard is a?cipher?chosen by the U.S. government to protect sensitive information. AES has three different key lengths to encrypt and decrypt a block of messages: 128-bit, 192-bit, and 256-bit.?AES is widely used for protecting?data at rest in such applications as databases and hard drives.
Encryption in the Cloud
Cloud encryption is a service offered by?cloud storage providers?in which data is first?encrypted?using algorithms before being pushed to a storage cloud. Customers of a cloud storage provider must be aware of and comfortable with the level of depth of the provider's policies and procedures for encryption and?encryption key management
Because encryption consumes more bandwidth, many cloud providers only offer basic encryption on a few database fields, such as passwords and account numbers. This is often not enough for some organizations. So they rely on a Bring Your Own Encryption (BYOE) model in which they use their own encryption?software and manage their own?encryption keys to ensure a level of cloud computing security
As an opposite approach, Encryption as a Service ?(EaaS) has emerged as a simple, pay-as-you-go service customers can purchase from a cloud provider, managing encryption themselves in a multi-tenant environment.
End-to-end encryption (E2EE) ensures that only the two users communicating with one another can read the messages. Even the intermediary, such as the telecom or internet service provider, cannot decrypt the messages. E2EE is generally seen as the most secure way to communicate privately and securely online. Examples of E2EE in use include the?WhatsApp messaging service, which famously asserts that users'?messages are secured with "locks."