Although, the method of encrypting information is certainly not new. In fact, cryptography dates back to ancient times, the only real difference being that now we use electronic devices to generate unique encryption algorithms to scramble our data. These days you’ll find encryption in most things that run using an internet connection, from messaging apps and personal banking apps to websites and online payment methods. And for consumers, making sure your data cannot be stolen or used for ransom has never been more important. But encryption is not without bad press. Pretty Good Encryption (PGP), a popular email encryption program has hit the headlines this week after German researchers found a major vulnerability which could reveal past and present encrypted emails. Find out more about PGP’s encryption vulnerability here. Techworld looks to explain what encryption is and how it works.
What is encryption?
In its most basic form, encryption is the process of encoding data, making it unintelligible and scrambled. In a lot of cases, encrypted data is also paired with an encryption key, and only those that possess the key will be able to open it. An encryption key is a collection of algorithms designed to be totally unique. These are able to scramble and unscramble data, essentially unlocking the information and turning it back to readable data. Usually, the person that is encrypting the data will possess the key that locks the data and will make ‘copies’ and pass them on to relevant people that require access. This process is called public-key cryptography. Computer or at least machine cryptography, which encryption is a form of, became significant during the second world war with military forces across Europe tasked with breaking Germany’s Enigma code. Read next: Best anti-ransomware tools 2018 Convoys travelling across the Atlantic were a vital lifeline for Britain as the majority of Europe was occupied by the Nazis. German U-Boats often used radio signals to send encrypted messages to one another and attack these convoys en masse, planning and undertaking coordinated attacks. It was these messages that were created by the German Navy’s Enigma machines, which the British forces set out to decrypt. And while it’s believed that Polish mathematician Marian Rejewski actually cracked the Enigma code in 1938, not the British, at Bletchley Park in England, Alan Turing and Gordon Weichman created a code-breaking machine called Colossus based on Rejewski’s which became the first programmable digital computer. This marked a huge turning point for encryption and decryption.
How does encryption work?
In practice, when you send a message using an encrypted messaging service (WhatsApp for example), the service wraps the message in code, scrambling it and creating an encryption key. It can then only be unlocked by the recipient of the message. Digital encryption is extremely complicated and that’s why it is considered difficult to crack. To bolster that protection, a new set of encryption algorithms is created each time two smartphones begin communicating with one another. You might have heard of end-to-end encryption, perhaps you’ve received a notification on WhatsApp saying that they now support this type of encryption. End-to-end encryption refers to the process of encoding and scrambling some information so only the sender and receiver can see it. As previously explained, encryption keys can work as a pair, one locking the information and multiple (which can be passed out) to unlock the encrypted information. With end-to-end encryption, however, only the sender and recipient are able to unlock and read the information. With WhatsApp, the messages are passed through a server, but it is not able to read the messages.
So that’s end-to-end encryption. But what about other methods?
There are two main methods of encryption that can be done: symmetric and asymmetric. Although, it is worth noting that within these two ways, there are various of encryption algorithms that are used to keep messages private. So, while we’ve touched on symmetric and asymmetric encryption briefly already, you can gather more detail here. Symmetric encryption is the process of using the same key (two keys which are identical) for both encrypting and decrypting data. This will mean two or more parties will have access to the same key, which for some is a big drawback, even though the mathematical algorithm to protect the data is pretty much impossible to crack. People’s concerns often land with the behaviours of those with access to the shared key. Conversely, asymmetric encryption refers to the method of using a pair of keys: one for encrypting the data and the other for decrypting it. This process is depicted in the above diagram. The first key is called the public key and the second is called the private key. The public key is shared with the servers so the message can be sent, while the private key, which is owned by the possessor of the public key, is kept a secret, totally private. Only the person with the private key matching the public one will be able to access the data and decrypt it, making it impenetrable to intruders.
Other methods
There are numerous common encryption algorithms and methods designed to keep information private. You may already be aware of some of them including RSA, Triple DES and Blowfish. Data Masking is a form of encryption that creates a similar, yet inaccurate version of an organisations data. This data can be interpreted by the organisation, so is functional and can be used in place of the real data. “Encryption is an essential part of an organisation’s security portfolio, securing data whilst it is in transit or not being used,” says Jes Breslaw, director of strategy at Delphix. “However, it does not solve one of the biggest challenges when protecting sensitive data: when it is being consumed by business applications. “Data masking is the complementary solution to encryption that solves this problem by replacing sensitive information with fictitious, yet realistic data. What makes masking attractive is that it keeps data safe and of good quality; yet, unlike encrypted data, masked data can’t be reversed – it’s one way.” The upcoming deadline for GDPR means that this form of technology is growing in use, as it not only hides direct consumer data, but also indirect data linking to an individual. “In order to mask data, some companies create their own masking scripts, or turn to legacy vendors with bloated interfaces that require high levels of expertise,” explains Breslaw. “The reason they fail is that translating large amounts of data is a slow and costly exercise delaying projects and forcing departments to use poor quality data. Worse still, many don’t protect data at all, something that GDPR will not forgive. Dynamic Data Platforms combine data masking with modern approaches to virtualising and automating the delivery and securing of data.”