Security Precautions

Encryption

Encryption is when data is encoded into another form. This means that even if data is intercepted then the data is meaningless until it is deciphered using a key. Some apps such as WhatsApp and Snapchat encrypt their traffic when sending to prevent interception were potentially going to be banned by British political parties in the 2015 election (Wright, 2015).

There are two main methods to encrypt data:

1. Symmetric Key (Secret Key)

2. Asymmetric Key (Private/Public key)

Symmetric Encryption is when a secret key is which can be a number, a shift pattern or random letters which is applied to the plaintext message to turn it into ciphertext. This process is applied in reverse by the recipient in order to convert it back into plaintext. The Caesar cipher is an example of this technique.

So "Dad" would become "Axa" using the above cypher. Some more asymmetric encryption methods are:

• Data Encryption Standard (DES) which was created in 1977 it used a 56 bit key so has approx. 72,000,000,000,000,000 combinations (256 ).

• This was then superseded by Advanced Encryption Standard (AES), this is used by the US Government and offers 128,192 or 256 bit encryption - 2 256 combinations (1.15e+77).

• CSS (Content Scramble System) encryption was used as the original Digital Rights Management system on DVD’s in 1996 it used a 40 bit cipher and was compromised in 1999.

Asymmetric Key or public key encryption is when there are two keys. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret.

Some malware (christened ransomware) such as CryptoLocker  and WannaCry will encrypt the contents of infected machines. It uses RSA encryption and will only decrypt the drive once payment has been made - the key is held on a private server.

WannaCry was an example of this whereby through a lack of Operating System updates for Windows, the backing storage of systems was encrypted using RSA encryption. The screenshot below demonstrates that there had to be a bitcoin payment for decryption of the files. There was a trial method where  you could see some of the files ( as proof). 

As mentioned above Asymmetric encryption relies on being able to get the key to the receiver and also to verify the authenticity of the sender. Digital certificates are a useful tool for this. A digital certificate is the digital version of a passport or driving license. They are issued by a central certification authority. Many digital certificates conform to the X.509 standard.

A digital certificate contains the following information

• Public Key

• Owners Name

• Expiration and Issuer

A digital signature is a method of ensuring that a message is authentic (unaltered).

1. You obtain a message hash (A mathematical summary of the contents of the message).

2. You can encrypt this message hash (this time with the private key as this has to be private - hence the private key).

3. This ‘signature’ is attached to a message.

The recipient has to apply the same mathematical hash of the received message so when received the encrypted message hash is then decrypted using the public key. If both of the hashes match then the message is valid and authentic.