Some information is not meant for everyone to see. But how do you ensure that only the right people can read the information? The short answer is: encryption. But, what is encryption? In this know-how, we will explain what encryption is and some of the most important things to know.
What is encryption?
Encryption is a way of encoding information so that it can only be read by the intended receiver who can decrypt the information and read it in its original form.
There are symmetric and asymmetric encryption. Symmetric encryption means that there is only one private key that can encrypt and decrypt the information – this key must be shared between those who want to encrypt or decrypt the information. Asymmetric encryption on the other hand, needs both a public key and a private key, where the public key is used for encryption and the private key is used for decryption.
Why do we need encryption?
By design, the Internet is an open network which facilitates the flow of information between attached devices. Scientists who designed the Internet focused on the technical challenges of moving information quickly and reliably, security was almost an oxymoron. A lot of information, including electronic mail and VoIP, travel openly or poorly secured over the Internet and can be monitored or manipulated by others.
Ever since its inception, encryption has been a kind of arms race - each time a stronger encryption method has been developed, it has been attacked and, sometimes, broken. Each time, in response, cryptographers have produced tougher and tougher encryption algorithms.
A wide range of industries rely upon the ability to keep sensitive information secure, whether it be for competitive advantage or regulatory compliance. Often sensitive information has an extended lifetime - government and financial services data is often kept for periods of 25 years or more, medical data is sensitive for the lifetime of the individual and beyond.
Is encryption sustainable?
A challenge worth mentioning is if you are going to keep something secret with crypto for X years, it is not only the attacks today you will have to resist, but all development over the next X years. It is quite probable that intelligence services in several countries have chosen to "record" encrypted traffic that they suspect is important but cannot crack today, but which may be cracked in 20 years and still be useful. Quantum computers are machines that use the properties of quantum physics to store data and perform computations. This can be extremely advantageous for certain tasks where they could vastly outperform even our best supercomputers.
In 1994, an algorithm was presented that proved how the mathematical challenge of great prime numbers could be cracked – and thus, quantum computers turned into a problem for cryptography. The quick computation has a direct connection to encryption. Cryptographic theses based on assumption that certain mathematical calculations take an extremely long time (in other words are practically impossible to do) are simply thrown out by quantum computers. Communication protected today by such cryptographic algorithms must therefore be viewed as insecure, or at least that they carry a distinct risk.
Why quantum-secure key management is important
A challenge in general with encryption is key management. It is well known that all protection should be borne by the secrecy of the crypto key, not the secrecy of which algorithm you used. This makes key management important. The so-called public key crypto systems have the advantage that they require fewer keys in total to allow a given number of individuals to communicate securely with each of the others than what those called secret key crypto systems have. A problem is that the quantum computer has been shown to put sticks in the wheels of the asymmetric key systems.
The benefits with encryption solutions
Cryptography is used in technical solutions to facilitate many things, like:
- Data confidentiality
- Data integrity
With encryption, sensitive information is kept secret. The information is protected against modification and communicating parties are who they claim to be. In practice, cryptography combined with security protocols are the very essence, or cornerstones, of modern secure communications and also part of all economical commerce. Ordering, paying, concluding agreements etc. requires trust, and to then do it at a distance where you have not met or had any human contact is difficult. Should HTTPS (secure WEB traffic) tomorrow be cracked by some ingenious mathematician, it would have created a huge break in the economy. If half of your online payments went to the wrong people or were "stolen", many businesses would be affected.
How to choose the right encryption solution
Encryption is used to protect data from someone. But depending on what type of information you are trying to protect, and from whom you are protecting it, your priorities could be a bit different. A private person has a different view on what is important compared to a company producing electricity for the whole society, and a military defence organisation has even higher requirements. This is also influenced by the different demands and laws that are regulating the security in different types of businesses.
Many encryption solutions are mainly software-based, like the solutions used for remote work. These solutions are simple to use and not so expensive, but are not made for information at the highest security level. Purely software-based solutions are simply not enough for providing top-level security due to vulnerabilities to advanced attacks, but they can be enough for other use cases.
Hardware-based encryption solutions are more expensive and can be a bit more complicated to handle, but if you have sensitive information or information that needs stronger protection – which makes security the highest priority – hardware solutions should be your choice.
To make your choice, you need to know of the classification of the information you want to protect. How sensitive is it? Are there laws or directives directing how you should handle information security? By asking yourself these questions, you will know what kind of solution you need.
Network encryptors – the solution for protecting sensitive information
When geographically scattered organisations share information and data over open networks, such as the Internet, they are facing the risk of data intrusion and manipulation.
With hardware-based network encryptors it is possible to enable organisations to extend their IP networks securely over an untrusted network. By creating a kind of secure tunnel through an untrusted network, it becomes possible for organisations to securely send sensitive and even classified information over the Internet. The encrypted tunnel prevents all kinds of unauthorised data access and manipulation.
Three Domain Separation
Advenica’s unique innovation, Three Domain Separation, is a true paradigm shift in encryption management. It is the only technology that eliminates the threat of unauthorised disclosure of sensitive information by a VPN administrator or a Managed Security Service Provider (MSSP). The Three Domain Separation technology is based on extending the traditional two domain separation with an administration domain. By adding a third domain, Advenica’s solution provides system administrators with a tool that allows management and control of VPN devices from a central location. At the same time, administrators cannot under any circumstances access user information that passes through a VPN device or information stored inside the secure network.
Users of the VPN system are thus provided increased security:
- No unauthorised access to user information in transit over an unprotected network (encrypted traffic in the VPN tunnel)
- No administrative personnel can access any information other than what is required for device management.
Three Domain Separation is a truly ground-breaking innovation that prevents IT administrators from accessing sensitive information. It provides unique assurance and protection against data leakage, which is crucial for Managed Security Service Providers and for customers who manage their own cybersecurity systems.
SecuriVPN – a quantum-secure encryption
With quantum-secure encryption (256-bit keys for symmetric encryption gives enough security even considering quantum threats) and wide range of tactical features, SecuriVPN enables defence, critical infrastructure, and public sector to take the digital revolution to the next level. Simple future-proof key management, versatile high-availability features, and ability to communicate over low and high-quality transmission layers provides ease of use as well as resilient communications. Additional functionalities, such as multicast support, quality of service, dynamic routing, radio silence and emergency erase, enable a wide range of use cases.
SecuriVPN protects against interception, replay attacks and manipulation of information. It enables sustainable secure communication of classified information over open networks. It has a unique patented security feature – the Three Domain Separation and a future-proof key management. It also has a central administration with easy-to-use intuitive graphical user interface.
Do you want to know more about encryption? Do not hesitate to contact us!