Encrypting data

Some methods of communication provide an encrypted way of transmitting information, some do not. An example of encrypted communication is via SSH protocol. Communication via SSH protocol is encrypted, so a person who does not have an encryption key, is not able to understand the communication.

An example of not encrypted communication is via Telnet. Modern systems do not include telnet, or disable it by default. It is your responsibility, as implementer of technology, to know what is being installed. Insecure communication such as telnet may be enabled by default in some systems, because it is much simpler than SSH. Some embedded systems may come with telnet turned on instead of SSH, because telnet is much simpler to implement than SSH.

I have to note the differences here between HTTP and HTTPS protocols. One is encrypted, and one is not. HTTP is not encrypted, and HTTPS is. Banking, checkouts should use HTTPS. If they are not, as a user you need to think of using something else instead. As an implementer, you need to think of encrypting these communications.

Examples of secure communications are checkout or banking. These are usually encrypted with SSL encryption. Why encrypt such data? It is a bad idea to pass credit card or banking information not encrypted. A person who is able to retrieve such secrets is able to pretend that this is you and steal money from a bank account, which is bad. You don’t want to see your bank account emptied by someone.

There are different strengths of encrypted communications and there are different encryption algorithms. Some are very basic and simple, and some are more complex. I am not able to recommend in this book which algorithm to choose. It all depends on your environment and classification of the data.

Encrypting the data comes at a cost of processing resources. The data must be encrypted and decrypted. Often, we don’t notice it, because it happens behind the scenes for us.

Nazi Germany was using the Enigma machine during World World II to encrypt communications. This was thought of as unbreakable encryption. And indeed by the standards of those days, it was state of the art technology, but by today's standards this encryption is weak.

Some data is encrypted at rest. Meaning when such data is not in the processes of transmission, it is also encrypted. The Enigma machine was encrypting one character at a time, the data now is more complex, encryption algorithms must be more complex as well. Modern encryption algorithms work on blocks of data instead of individual characters.

Please don’t invent your own encryption mechanism, you need to be first of all a good mathematician in order to do so. And second, if this encryption is broken, then sensitive data can be exposed. There are proven ways to encrypt communications and sensitive data at rest.

YouTube link - video 1/2

YouTube link - video 2/2

Secure and Encrypted Communication Methods: A Study Guide

Review Questions

What is the primary difference between encrypted and unencrypted communication? Encrypted communication obscures the data during transmission, making it unreadable without the correct decryption key. Unencrypted communication transmits data in plain text, making it easily intercepted and understood.

Why is Telnet considered an insecure protocol? Telnet transmits data, including usernames and passwords, in plain text, making it vulnerable to eavesdropping.

Explain the difference between HTTP and HTTPS. HTTP is an unencrypted protocol for transmitting data over the internet, while HTTPS is a secure version of HTTP that uses SSL/TLS encryption to protect the data during transmission.

Why is encryption essential for online banking and checkout processes? Encryption protects sensitive information like credit card numbers and bank account details from being intercepted and stolen during transmission.

What are the resource costs associated with encrypting data? Encrypting and decrypting data require processing resources, leading to increased CPU usage and potentially slower performance.

Why is it generally not recommended to create your own encryption algorithm? Designing a secure encryption algorithm requires advanced mathematical expertise, and custom algorithms are often vulnerable to attacks and data exposure.

What does the term "data at rest" refer to in the context of encryption? "Data at rest" refers to data that is not actively being transmitted or processed and is instead stored on a device or storage medium. Encrypting data at rest adds an additional layer of security.

What are two major differences between the Enigma machine and modern encryption algorithms? The Enigma machine encrypted one character at a time, while modern algorithms work on blocks of data. Also, compared to today's standards, the Enigma machine's encryption is weak.

According to the text, what makes communication "secure?" Secure communication relies on encryption, and encryption needs a key to work. Without the key, a message can be intercepted but it won't be understood.

According to the text, what is the responsibility of the "implementer of technology?" The implementer has to know what is being installed, because systems might have insecure forms of communication that are enabled by default.

Answer Key

Encrypted communication obscures the data during transmission, making it unreadable without the correct decryption key. Unencrypted communication transmits data in plain text, making it easily intercepted and understood.

Telnet transmits data, including usernames and passwords, in plain text, making it vulnerable to eavesdropping.

HTTP is an unencrypted protocol for transmitting data over the internet, while HTTPS is a secure version of HTTP that uses SSL/TLS encryption to protect the data during transmission.

Encryption protects sensitive information like credit card numbers and bank account details from being intercepted and stolen during transmission.

Encrypting and decrypting data require processing resources, leading to increased CPU usage and potentially slower performance.

Designing a secure encryption algorithm requires advanced mathematical expertise, and custom algorithms are often vulnerable to attacks and data exposure.

"Data at rest" refers to data that is not actively being transmitted or processed and is instead stored on a device or storage medium. Encrypting data at rest adds an additional layer of security.

The Enigma machine encrypted one character at a time, while modern algorithms work on blocks of data. Also, compared to today's standards, the Enigma machine's encryption is weak.

Secure communication relies on encryption, and encryption needs a key to work. Without the key, a message can be intercepted but it won't be understood.

The implementer has to know what is being installed, because systems might have insecure forms of communication that are enabled by default.

Essay Questions

Discuss the evolution of encryption methods, comparing the Enigma machine to modern encryption algorithms. How have advancements in technology influenced the complexity and strength of encryption?

Explain the importance of using HTTPS for online transactions. What potential risks are associated with using unencrypted HTTP connections for sensitive data?

Analyze the trade-offs between security and performance when implementing encryption. How can organizations balance the need for strong encryption with the desire for optimal system performance?

Evaluate the risks and benefits of creating custom encryption algorithms. Why is it generally recommended to use established, well-vetted encryption methods instead?

Describe the concept of "data at rest" encryption and explain its significance in protecting sensitive information. What are some common methods for encrypting data at rest?

Glossary of Key Terms

Encryption: The process of converting data into a coded form to prevent unauthorized access.

Decryption: The process of converting encrypted data back into its original, readable form.

SSH (Secure Shell): A cryptographic network protocol for secure communication between a client and a server.

Telnet: An unencrypted protocol for accessing and managing remote computers.

HTTP (Hypertext Transfer Protocol): The foundation of data communication for the World Wide Web, an unencrypted protocol.

HTTPS (Hypertext Transfer Protocol Secure): A secure version of HTTP that uses SSL/TLS encryption.

SSL (Secure Sockets Layer): A standard security technology for establishing an encrypted link between a web server and a browser.

TLS (Transport Layer Security): A successor to SSL, providing secure communication over a network.

Encryption Algorithm: A mathematical process or formula used to encrypt and decrypt data.

Data at Rest: Data that is not actively being transmitted or processed and is instead stored on a device or storage medium.

Frequently Asked Questions about Secure and Encrypted Communication
What is the difference between encrypted and unencrypted communication?
Encrypted communication transforms data into an unreadable format using an encryption key, ensuring that only authorized parties with the correct key can decipher and understand the information. Unencrypted communication transmits data in plain text, making it easily accessible and readable by anyone who intercepts it.
Why is it important to use encrypted communication methods like HTTPS for sensitive information such as banking or checkout processes?
Encrypting sensitive data, like credit card details and banking information, protects it from unauthorized access. If this data were transmitted unencrypted, malicious actors could intercept it and use it to steal money, commit fraud, or perform other harmful activities. HTTPS uses SSL/TLS encryption to safeguard this information during transmission.
What are some examples of unencrypted communication protocols, and why are they considered risky?
Telnet and HTTP (without the "S") are examples of unencrypted communication protocols. Telnet transmits data in plain text, making it vulnerable to eavesdropping. HTTP transmits website data without encryption. Both are risky because anyone intercepting the communication can easily read the transmitted information, potentially compromising sensitive data like usernames, passwords, and personal details.
What factors should be considered when choosing an encryption algorithm?
The choice of encryption algorithm depends on several factors, including the environment in which it will be used, the classification of the data being protected, and the processing resources available. More complex algorithms provide stronger security but require more computational power.
Does encryption come at a cost, and if so, what is it?
Yes, encryption does come at a cost in terms of processing resources. The data must be encrypted before transmission and decrypted upon arrival. While this process happens behind the scenes and is often unnoticeable to the user, it does require computational power.
What does it mean for data to be encrypted "at rest"?
Data encrypted "at rest" means that it is encrypted even when it's not being actively transmitted or processed. This protects the data from unauthorized access if the storage device is compromised or stolen.
Why is it generally a bad idea to create your own encryption algorithm?
Creating your own encryption algorithm is generally a bad idea because it's incredibly difficult to design one that is truly secure. It requires a deep understanding of mathematics and cryptography. Amateur algorithms are often easily broken, exposing sensitive data. It's much safer to use well-established and thoroughly tested encryption methods.
How has encryption technology evolved over time, using the Enigma machine as an example?
The Enigma machine, used by Nazi Germany during World War II, represents an early form of encryption that was considered state-of-the-art at the time. However, by today's standards, its encryption is weak. Modern encryption algorithms are much more complex, operate on blocks of data instead of individual characters, and are designed to withstand sophisticated attacks. This evolution reflects the ongoing need to develop stronger encryption methods to keep pace with advances in computing power and cryptanalysis.

Comments

Post a Comment

Popular posts from this blog

Absolute and relative path in HTML pages

HTML documents can have relative or absolute links to other web pages. Relative links keeps a visitor on the same web site. Relative links are pointers to other web pages on the same web site. They just contain this page filename. Absolute links on other hand contain full path including protocol and domain name to access the page. Absolute links can point to the same web site or they can point to a different web site.
Read more

Errors

It is a good idea to send errors in production environment to error log. Errors may contain sensitive information. Even so errors maybe helpful to development team or to QA team, errors need to be suppressed in production environment for viewing by everyone. Errors are good way to troubleshoot an issue therefore only trusted people can have access to this information. If not a trusted person get an access to this information, this information maybe used against the company and for a personal benefit. What to do in a case when there are more servers than one? Even so it is possible to inspect the log files in a single server, however it is impossible to do so when there is more than one server is available and web traffic is redirected to a different server each time. Log aggregation is needed in this case. All of the logs will be send to a central location. Logs may contain sensitive information. Please consult your company lawyer of how long logs can be stored, because logs can be use...
Read more

goto PHP operator

goto operator will skip execution of code and continue execution of a code that follows a label to which goto operator points to. If code has many goto operators, than this code probably needs a revision. It is possible to write code that executes without goto operators.
Read more