Data Encryption – What You Need to Know

Data Encryption – What You Need to Know

Written / Courtesy of Hongkiat

You are being watched. Governments around the world have secret systems that spy on their citizens every hour of every day. These systems were designed to protect people from threats of international and domestic terrorism, but since they are run by humans, they tend to be used inappropriately too, like this National Security Agency employee who spied on 9 women until he was finally caught.

Of course, it’s not just governments who do this, individuals who know and have the capability to hack and plant malicious software into devices do it too every day. Victims can be regular people like you and me, and the most we’ll lose is some privacy (like our private messages being read by someone else, not creepy at all). But on a higher level, companies often get attacked and lose millions to billions of dollars worth of information.

How is this possible? It’s either poor encryption on devices with weak security settings or the attacker is highly advanced and has the necessary skills and machines that can penetrate even fortresses.

Big words, wow, and I hope that got your attention. It might sound sci-fi-ish to you but this happens daily. Even as you are reading this. But the good thing is that there are several measures in which you can protect your data from these bad elements through encryption with the help of device manufacturers and security experts, and this article attempts to explain how encryption works to do exactly this.

First, why is encryption important?

Good question. Consider a scenario in which a system is password protected with no anonymous logins or unauthorized use. However, if someone wants to access your data they can simply factory reset it. The goal of encrypting your data, on the other hand, is to protect your files even if someone gains illegal access to it.

Another way of looking at this is if your phone, laptop, or desktop was stolen, you may say it’s password protected, but that’s easy to bypass. The thief can simply remove the SD card or hard disk and mount it elsewhere and they’ll have access to your files already. But if you encrypt your data, no one will be able to approach your data.

Neat, eh?

But that’s just for your files. What about your confidential information that gets sent through email or messaging applications? There is this thing we call end-to-end encryption that a couple of messaging apps are using, such as WhatsApp and Facebook Messenger.

What is End-to-end encryption?

End-to-end encryption (E2EE) is a method where the parties communicating are the only ones who can understand the message being delivered. This means that eavesdroppers will be unable to listen to what is being talked about. Even the owners of the said channel like the telecom service providers, ISPs, and even app owners are not able to access your information.

The message is encrypted in such a way that the keys to deciphering the data only belong to the users who are communicating with each other and no third party can decipher it.

How is the key passed to end-to-end encryption?

Let’s put it this way, Bob texts his wife Alice. Each of them starts with a common color or a public key, and a personal private color or a private key. When Bob sent his text to Alice, his color (private key) is mixed with the common color (public key). Alice then receives the message and combines it with her own personal private color, and so she can read the message Bob sent her.

This is called the Diffie-Hellman key exchange.

What is Public Key and Private Key?

Public and Private Key Pairs are composed of two unique, but related strings of randomly generated numbers. A good example would be:

20438 0145 00B1 28CB C9FA 5BB4 56DE 6D43 8BB1 E16A 5AB7 F3B0 5ECE 657F E6F1 CDF2 3FE4 D81A 7E8F B384 B1F1 3C2C 92BB 60AB BF40 C7D4 B6E4 C044 B84A DD74 C122 4B0A CB6F 52C4 C20B 0C0A 000A.

The Public Key in this type of encryption is, well, public. That means it’s readily available to everyone and can be seen in a directory. The Private Key, however, belongs to the owner alone. Because of its complicated and mathematical nature, the encrypted data using a public key may only be decrypted by a compatible Private Key and vice versa.

So, if Bob wants to text Alice something he doesn’t want anyone to see, he will encrypt whatever that is using Alice’s Public key and since only Alice has the access to her Private Key, she is the only person who is capable of decrypting the data back to its intended format.

Since Alice is the only person who has the key to decrypt the data, it’s only Alice who would be able to use it even if someone else gained access to the file. It will remain confidential as long as Alice doesn’t share the Private Key.

To put it simply, Private and Public Encryption is like putting your message inside a chest knowing that the person you are sending the message to is the only one in the world who has the key.

Why does it matter?

In the time we are living right now, information matters. There are many people who can use information to further their agenda. Governments can use information to protect its citizens or spy on its people, corporations can use information to feed us with advertisements, or to sell this products to us. And the more we, the causal users, produce these information, the more susceptible we are to these entities.

So why does it ‘really’ matter?

It matters because innovations in tech are bringing encryption closer to us. Gone are the days where if one wants his emails to be secure or private, one would employ difficult and complicated mathematical equations in order to encrypt them. That being said, it is now easier to secure our data and that is one good reason to take advantage of.

It also matters because we need to safeguard our online privacy. Sure, you may think that it is practically harmless for you to open your data to anyone, but it really is not. The reality is, online security doesn’t only lie in emails or text messages, it encompasses banking, financial, and medical records. This data is sensitive because it could spell out huge differences in our lives, and if it falls into the wrong hands, we could be in for a lot of trouble.

Lastly, it matters because sooner or later, we all would have something to hide. You may not think it to be possible but it would happen. The real power of encryption and privacy lies in its ability to protect the public. If privacy is absent, democracy and good governance cannot exist.

A concluding look at the matter

Though encryption may sound complicated, and even daunting, it is, however, necessary. The world is not of unicorns and rainbows and there are people who are itching to get every bit of information possible and they will go leaps and bounds just to get it. That’s why you build a fence when there is a threat from bandits.

You wouldn’t want anyone listening to your conversations, or maybe reading private messages, would you? So what would you do? Leave the door open? Or bolt it so no one could enter?

Read the original article over at Hongkiat.