What is data encryption?

What is data encryption?

Data encryption is a method of data protection. Here, open data is converted into encrypted data. This encryption is done with the help of a secret key. Decryption can also only be achieved using a secret key. Data encryption is primarily used to protect against unauthorized access.

How data encryption works

The encryption process consists of two components, namely a data set to be secured and a key. By using the key, namely, the open data can be encrypted and thus encoded into a secured information. A key is also required for decryption.

The procedure varies somewhat depending on the encryption method, but the essence of how it works is always the same: a data record is encrypted by using a key and can then only be made readable again by the person who knows the key. This means that unauthorized persons cannot access the data.

Encryption method

Basically, a distinction can be made between two encryption methods: symmetric and asymmetric encryption. In addition to these methods, there is also the hybrid, i.e. combined, encryption method, which is composed of the symmetric and asymmetric mechanism.

Data encryption methods are under constant development and are updated in parallel with computer software and data theft strategies. This constant development is important because it guarantees the highest possible level of data security.

Symmetric encryption

This encryption method uses the same key for encryption and decryption. This requires that the sender and receiver of the message know this key. Only in this way can the exchange of information take place. Because of the assumed uniform key, this method is ideal for single users and closed systems. If the key for encryption and decryption were not identical, the key would first have to be communicated to the recipient. This would represent a weak point in security.

The advantage of this method over the asymmetric method is that it is much faster in execution. This also means that the system responsible for the encryption has to expend less energy and can work faster. However, there is a constant risk that the key will come into the possession of an unauthorized person.

Alternatively, this method is also called a "symmetric crypto system".  

Asymmetric encryption

In asymmetric encryption, two different keys are used. These keys are a public key and a private key. Both keys are mathematically linked to each other. The keys are each a long series of numbers that are not identical and are therefore asymmetric. The public key can be shared with anyone, but the private key must remain secret. The message is encoded with the public key, but can only be decoded again with the private key, which is only known to the recipient.

The asymmetric encryption process can be compared to the way a safe works. Anyone can lock something in a safe and then simply let the door close. However, only the person who knows the required key or code can open the safe. Locking in is done with the help of the public key, while unlocking is done only with the private key.

The advantage here is that the private key cannot be shared and the public key can be accessed by anyone without any problems. In addition, decryption is faster than with the symmetric method.

However, there are also disadvantages that arise with the asymmetric method. The asymmetric encryption was based on a high and complicated calculation procedure. This means a high computational effort for the system, which is why it has to do more work and accordingly needs more working time. In addition, with asymmetric encryption it is not always possible to guarantee that the encrypted message was sent to the correct recipient without any problems. However, this vulnerability can be circumvented with the help of a public key infrastructure (PKI).

Hybrid encryption

This encryption method represented a combination of the two previously mentioned methods. Here, the message or the data record is encoded with a fast-working symmetric encryption method and the key used for this is first encrypted with the asymmetric method and then sent to the recipient of the message in this way.

Public Key Infrastructure (PKI) und Digitale Signaturen

PKI and digital signatures ensure that the messages sent are exchanged between the correct sender and recipient and cannot be attacked in transit.

Public Key Infrastructure is characterized by the certification authority. This is a generally recognized body that is responsible for assigning unique key pairs to the respective persons. The assignment of the key pair is confirmed to the users by a certificate.

Just as with asymmetric procedures, there are also signature procedures with public keys. In asymmetric encryption, anyone with the appropriate public key can send a message to the person with the appropriate private key to decrypt the message. Signature methods generally aim to replicate the functionality of ordinary signatures for digital documents. It is important to note that anyone can verify a signature, but only the signer can generate a signature that is valid for him or her.

Digital signatures have the advantage that it is more difficult to falsify or subsequently change the signed document. With digital documents, verification fails if someone tries to subsequently change the already signed file. Modern signature methods work in that:

  • anyone who knows the signer's public signature key can verify digital signatures with relatively little effort
  • anyone who does not know the signer's private signature key is practically unable to sign documents on the signer's behalf, and
  • anyone who does not know the private signature key of the signer of a file cannot, for all practical purposes, modify the file without invalidating the signature.

In some cases, digital signature procedures are based relatively directly on the asymmetric encryption procedure, as is the case with the RSA encryption procedure. However, there are also signature procedures that work differently.

Encrypted communication - areas of application and encryption methods

E-mail communication

In e-mail communication, messages are sent in e-mail form between the sender and the recipient. On its way to the recipient, the message is intercepted at different nodes on the web, where it is navigated and forwarded until it finally arrives at the correct e-mail recipient and its e-mail provider. Along this route, it is important to securely encrypt the email message and protect it from unauthorized readers.

Transport encryption or point-to-point encryption

Transport encryption is responsible for secure communication between the e-mail program and the associated provider. The connection between the e-mail program and the server, for example, is established according to the widely used Transport Layer Security protocol. This means that all data sent between the communication partners is encrypted during transmission. However, when the e-mail is sent, it is forwarded via different nodes on the Web, at which or in between it is not necessarily protected. At such points, where the e-mail message is open, it can be intercepted, copied or modified.

End-to-end encryption

Unlike point-to-point encryption, it is not the individual transport sections in the send channel that are encrypted, but the e-mail itself. This means that the e-mail can only be read by the sender and the recipient, since only both have the necessary key for deciphering. This means that both attackers and the e-mail provider are prevented from reading the e-mail. This technology is the one that meets all security requirements on the Internet.

IP telephony and cloud telephone systems

With IP telephony, the conversation is transmitted via voice data packet over the IP network. Since there is a risk here that the conversation can be intercepted, it is important that the data transmitted here is also securely encrypted.

The Secure Real-Time Transport Protocol (SRTP) is therefore used for IP telephone communication. This is used to ensure that voice transmission is protected and that the data cannot be recorded or intercepted.

The voice is encoded and sent in encrypted data packets to the recipient via the IP network. To enable the recipient to decrypt the encoded voice data, the recipient receives a master key when the call is set up. The prerequisite for using SRTP is that both parties to the call support this encryption method.

There are also VoIP systems that use encryption methods such as browser. Some providers also have their own security and encryption mechanisms and offer these only to their own customers.

Virtuelle private Netzwerke (VPN)

A virtual private network (VPN) is figuratively speaking a tunnel between a company's own network and another network, such as the corporate network. To ensure that the connections between the two networks are attack-proof and protected against manipulation, VPN operators also use encryption processes here. In this way, information can be exchanged securely through the virtual tunnel system.

Instant messaging

Phone calls and messages that are handled via a cell phone are only encrypted between the end device and the mobile cell in question. With a smartphone, it is possible to use apps that also offer a messaging service. These apps usually also have an encryption mechanism through which it is possible to send messages securely. One example would be the instant messaging app "WhatsApp". This app uses end-to-end encryption.

Why is data encryption so important?

When messages are sent over the Internet, there is a risk that they can be read. This applies to communication via VoIP telephony, e-mail messages, instant messaging and the like. It is therefore very important to encrypt the messages sent if they are to be protected from unauthorized access.

However, no encryption method can guarantee absolute security. The reason for this is that, due to increasing computing power, new scientific cryptographic findings or hidden bugs, encryption methods can be attacked and thus hacked. Therefore, it is very important to constantly inform oneself about current encryption methods and to stay up to date.

Data encryption: What you should consider

Encryption methods offer many advantages, but also require a lot of power. This means that your system, which has to encrypt and decrypt data, also requires a corresponding amount of computing capacity and energy. A low-powered computer, for example, may become even less powerful and slower as a result.

It should also be noted that encryption does not prevent the retrieval of data that is not encrypted on that system. If you have only set up an encryption system for a folder, for example, it is possible that a file that is actually encrypted will be decrypted when opened by an application and then stored in another folder that is not subject to encryption. In addition, security vulnerabilities can be exposed at any time, so other attacks may be possible.

The security factor of your password is also very important. Often, data or data carriers are protected by a password. This is an effective method, but should not be taken lightly. Passwords should always be individual and have a certain length and combination of characters to be considered as secure as possible. However, even a secure password is not always protected against attacks. Therefore, it is highly recommended to use virus scanners and firewalls as well as to update the operating system regularly in order to keep the risk of an attack as low as possible.

Copyright 2021 Suisse Key All Rights Reserved.