What is Encryption: For Dummies
Encryption techniques are increasingly used in non-military and government environments. Businesses have also begun relying on technology to protect applications and sensitive information.
Incorporating encryption makes the clients trust you better. A lot of sensitive data, including personal information, and official documents are shared between devices and stored on the cloud. Using multiple platforms and devices risks more vulnerabilities in security, which can make it easier for an unauthorized party to access your information. Encryption is immensely helpful in maintaining data integrity while at storage as well as during movement.
What is encryption?
Encryption is a security method implemented to ensure data security. It can protect the data you send, receive or store on your device. It prevents an unauthorized person from accessing your data. The process involves converting plaintext unencrypted data into ciphertext. This data is encoded or decoded via an algorithm using cryptographic keys (cipher).
There are three major components to any encryption system – the data, the algorithm, and the key management. When the data is stored on a single device, all three components are running or stored in the same device. If data is transferred between multiple devices, the three components usually run or are stored in separate places. This reduces the chances of data breaches by preventing a single component from compromising the entire system.
Also read: Decoding the Indian Laws on Encryption
What are the types of Encryption?
Encryption is essentially of two types – symmetric and asymmetric. Under a symmetric system, a single key or password is used to encode or decode the data.
The asymmetric system, while being slower, is more secure since it encompasses a dual key. One key is available to the public while the other key remains private. The public key is used to encrypt whereas the information can only be decrypted using the private key.
During encryption, the algorithm scrambles data so that only a person having access via a decryption key can read it. The data gets converted into an unreadable format which can only be retrieved when the correct private cipher is entered.
In case of interception of data by an unauthorized entity, the intruder has to guess the correct cipher. This process is lengthy and requires resources. The time value and difficulty of guessing this information is what makes encryption such a valuable security tool.
What is End-to-End Encryption?
The most common method deployed to protect data in transit is end-to-end encryption (E2E). This method ensures the data being sent between two parties cannot be viewed by any third party trying to intercept the communication channel, even by the service provider. Popular messaging apps including WhatsApp and Signal have incorporated E2E in their core product. The communication on these service providers remains protected as the end-to-end encrypted data cannot be accessed except by the intended individuals.
In India, encryption particularly has been a topic of debate in the recent past. As per Rule 4(2) of the Intermediary Guidelines under the IT Rules 2021, significant social intermediaries are required to adopt a mechanism allowing them or the government to trace the origin of a message to its first sender. This requirement, however, may force companies to break E2E encryption and provide a backdoor. But in asking for a theoretical backdoor, a tiny crack may emerge in the watertight encryption making it easier for the data to be accessed by unauthorized third parties.
Merits and Demerits
Encrypting data ensures confidentiality and integrity are maintained. If coupled with hashing, it can also verify if the data has been altered or tampered with. Many government regulations require companies handling user data to implement encryption standards.
Although encryption has its many merits, it is not foolproof. The most basic method of breaking encryption involves using brute force. Each cipher combination is tried until the right one is found. Encryption strength is directly proportional to the cipher size. Lengthier cipher sizes require more resources to perform the computation and are difficult to break. (That’s why they ask you to create longer and stronger passwords!)
Management of keys is also an issue since the decryption keys have to be stored somewhere, making them susceptible to attacks. Having a key management system is recommended though it isn’t enough. Comprehensive plans are required for protecting the key management system. Typically, this means backing it up separately from everything else and storing those backups in a way that makes it easy to retrieve the keys in the event of a large-scale disaster.
Encryption can also be used against an individual or organization. In cases of ransomware attacks, the decryption cipher details are only provided upon payment of ransom. The compromised data is encrypted preventing the owner from accessing their own data. To avoid such a scenario, the use of anti-ransomware tools is highly recommended.
Currently, encryption is one of the most effective ways to secure data. It ensures that the data in transit remains accessible to only the intended individuals. That said, encryption is capable of being exploited due to external factors. Mismanagement of cryptographic keys, the possibility of a brute-force attack, or having a backdoor could potentially inhibit encryption.
Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.