Data stored and transmitted by devices today are often sensitive in nature. This includes data relating to both the users and the enterprise. It is important that device data is properly protected so that an attacker cannot read or modify it. As well as appropriately protected, so that it is not stolen or tampered with. Without data encryption, all our digital information would be available to everyone. Cyberattacks today are disastrous for both corporations and individuals.
Fortunately, successful attacks remain relatively rare. Our current data encryption systems rely on the privacy of an encryption key shared between the attacker and the compromised target. It is used to mathematically scramble data into an unreadable format without the key for decryption. In theory, encryption provides privacy in practical terms but cannot guarantee perfect safety. Encryption keys can be guessed and with the emergence of Quantum computers – they will be able to crack much of today's encryptions. Luckily, quantum computers are not yet powerful enough to break public-key encryptions.
If an attacker gains access to a device when it is off, there is a risk of reading unencrypted stored data. It is for this reason that organizations are likely to require the encryption of sensitive data at rest. Manufacturers should consider the extent to which their device supports this requirement. File encryption allows for the encryption of sensitive files while the device is in use - decrypting sensitive data only when necessary. The level of security required to protect data at rest should be proportional to the impact that loss of privacy or integrity may have on the organization. Critical information such as digital certificates, cryptographic keys, and system configuration information should require strong protection. Please consider that it may also be necessary to detect and disregard data that has been data that is re-sent or received at unexpected times. Mechanisms to defend against replay attacks include sequence numbers and timestamps. Remember, they must be properly authenticated, and their integrity protected so that attackers cannot breach them.
Symmetric encryption uses a single key that must be shared between those who need to receive data, while asymmetric encryption uses a pair of keys. A private key and a public key to encrypt and decrypt messages in transit. There are two types of symmetric encryption algorithms. The first type is called a block cipher and the second is called a stream cipher Block and stream ciphers make different assumptions for the environment in which they operate. So each is better suited for a different protocol level than the other.
“A block cipher divides a message into chunks of fixed size called blocks and encrypts each block separately. Block ciphers have the random-access property, meaning that a block cipher can efficiently encrypt or decrypt any block utilizing an initialization vector in conjunction with the key. This property makes block ciphers a good choice for encrypting the content of MAC layer frames and network layer datagrams” [1].
“A stream cipher treats the data as a continuous stream and can be thought of as encrypting and decrypting data one bit at a time. Stream ciphers are usually designed so that each encrypted bit depends on all previously encrypted ones, so decryption becomes possible only if all the bits arrive in order. This means that in principle stream ciphers only work in network protocols when they’re used on top of a reliable data delivery service such as TCP” [1].
A significant amount of research has been conducted on quantum computers. They will soon be able to crack the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet everywhere. The field of post-quantum cryptography's main goal is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communication protocols and networks. There are a few engineers today who predict that within the next twenty or so years sufficiently large quantum computers will be built to break essentially all public key schemes currently in use. It is important then to begin preparing your organizations and information security systems to be able to resist quantum computing. We have time yet, as historically it has taken almost two decades to deploy our modern public key cryptography infrastructure. It is important to begin thinking about these upcoming changes.
[1] Vacca, J. R. (2013). Computer and information security handbook. [electronic resource] (2nd ed.). Elsevier.
Comments