- November 30, 2016
- Posted by:
- Categories: Archer News, Cyber Crime, Cyberattack, Hacking, Mobile Devices, Posts with image, Ransomware
Everybody’s using it—good guys, bad guys, the government. Even you, though you might not know it.
But what is encryption?
“Encryption is a fancy word for garbling up a message or data that makes it unreadable to everyone except the sender and the recipient,” said Richard Shiflett with Archer Security Group.
Your phone may be encrypted. If you use the messaging app WhatsApp, you’re sending encrypted messages. Your bank encrypts info to keep crooks from stealing your money. Web sites you visit use encryption to send data.
“The more garbled and complicated the message or data becomes, the harder it is for an external entity to decipher its contents,” Shiflett said.
Archer News continues its series of “What is…?” articles to help you learn about cybersecurity words and terms—and to help keep you safe. We ask cybersecurity professionals from Archer News’ parent company, Archer Security Group, to answer your questions.
See also “What is cybersecurity?”, “What is a DDoS?”, “What is ransomware?”, “What is IoT?”, “What is a firewall?”, “What is malvertising?” and “What is a password manager?” from Archer News.
The WhatsApp messaging app uses encryption to keep your messages private.
How does it work?
The details of how encryption works can be complex.
“To fully understand encryption could take years of schooling in mathematical theory and computer algorithms,” said Daniel Lance with Archer Security Group.
“But a base idea is easy to grasp,” he said.
Encrypting information is like breaking a glass vase—representing your sensitive info—into small pieces, explained Archer Security Group’s Bob Beachy.
“When broken into pieces, the vase is worthless, unless the pieces can be put back together,” he said. “Encryption both breaks the glass and allows for a magic spell that will perfectly and instantly reassemble the vase from its broken pieces.”
In theory, you get to choose who has the key to unencrypt the info.
“The goal of any encryption is to make the vase, or the information, available only to those with the proper credentials or the right magic spell, while making it as difficult as possible to reassemble the information without using the spell,” Beachy said.
Sites that use ‘https’ use encryption. Photo credit: Sean MacEntee via Foter.com / CC BY
Holding hostage
Encryption can also be used against you.
Crooks online like to use ransomware that encrypts your files—and they keep the key. You have to pay the hostage-takers to get that key and unlock your info.
This ‘crypto-ransomware’ has hit personal computers, hospitals, police departments, universities, race car crews, transportation systems and more—and could be headed toward your car, your TV, your watch and other wearable technology.
Cybersecurity groups and companies have found ways to unencrypt some of the ransomware attacks, so you do not have to pay money to criminals.
An attacker took San Francisco’s Muni transportation computer system hostage over Thanksgiving weekend. Photo credit: coolmikeol via Foter.com / CC BY
Cracking the code
Some kinds of encryption are easier to crack than others.
It may help to think of your data like a cup of water that you are freezing and sending across the country, according to Lance.
“In doing so, the space between molecules in the water changes and I can no longer reach out and grab just one molecule like I could before it was frozen,” he explained. “I’ll need to thaw the whole thing.”
Other people can’t just do it on their own.
“When they attempt to thaw it without your permission, they end up with steam, meaning nothing but gibberish,“ Lance said.
But security flaws in some kinds of encryption could let spies in, turning steam, for some, into gold. For example, the National Security Agency may have been monitoring and decoding trillions of encrypted web and VPN [virtual private network] connections, according to a report last year in Ars Technica.
The RSA algorithm is used to encrypt and decrypt files. Example from the University of Texas at Austin Computer Science department.
Encryption can be controversial
There are battles over encryption in the courts and in Washington, D.C.
Apple updated its phones in 2014, creating a new encrypted system where no one could get into the data without a password. This erupted into controversy in February after a mass shooting in San Bernardino.
The Federal Bureau of Investigation demanded that Apple make a ‘backdoor’—a way to decrypt its phones—so the FBI could get into the shooter’s phone and extract clues. Apple said that would put every phone user at risk because criminals could also get in through the backdoors. Ultimately, the FBI got into the phone without Apple’s help.
The New York County District Attorney restarted the argument this month, saying it had more than 400 iPhones with possible evidence waiting to be unlocked.
In addition, several lawmakers introduced a bill to force tech companies to create backdoors, arguing that terrorist and criminals could hide behind encryption.
Other lawmakers have sponsored bills like the Secure Data Act and the ENCRYPT Act to prevent the government from forcing tech companies to make backdoors.
The incoming president may face big decisions on encryption, and some new cabinet members—future U.S. Attorney General Jeff Sessions and soon-to-be Central Intelligence Agency director Mike Pompeo—have drawn controversy over their views of it.
The FBI asked Apple to create a way to get inside the encrypted iPhone 5C—see example above—belonging to one of the San Bernardino shooting suspects. Photo credit: Janitors via Foter.com / CC BY
Using encryption in your daily life
You use encryption now, knowingly or unknowingly—at the ATM, buying something on Amazon, as you pay a bill online.
You can also choose to use encryption on some platforms like Facebook Messenger. Facebook calls them ‘secret conversations.’
You can encrypt your e-mails using programs like PGP, which stands for Pretty Good Privacy, and AES, or Advanced Encryption Standard.
Some platforms offer automatic encryption, like the latest version of WhatsApp.
ATMs use encryption to protect financial data.
Protect yourself
You need to choose tough encryption on your home router to protect yourself from attackers.
Old-school encryption for your router, like WEP (Wired Equivalent Privacy), is not hard to break. WPA (Wi-Fi Protected Access) and WPA2 are harder to break.
“Older forms of encryption are like breaking the vase into two halves where it is very easy to put the pieces back together without doing much work,” Beachy said.
“Some modern encryption is capable of essentially grinding the glass vase into a fine powder, and without thousands of computers working thousands of years to try all the possible magical spells, it is unlikely the vase will ever be used by someone without the original spell,” he added.
See also “What is cybersecurity?”, “What is a DDoS?”, “What is ransomware?”, “What is IoT?”, “What is a firewall?”, “What is malvertising?” and “What is a password manager?” from Archer News.