Protecting Data Using Encryption Basics
by Richard A. Vera II, CPA/CITP –
April 17, 2018
For accountants, nothing is more important than keeping data secure. In today’s computing environment where hacks and breaches have become an everyday occurrence, we should all employ available methods to shore up security and protect our data. Multiple methods of that protection use encryption to ensure only those authorized to use our data possess the ability to access it.
Historically, the intent of cryptography has been to keep information secret, except from those meant to view the content. Many methods have been used to accomplish this, from simple monoalphabetic substitution ciphers in ancient times, to invisible inks (i.e., lemon juice) used during the American Revolution, to electro-mechanical rotor cipher machines, such as Nazi Germany’s Enigma machine used during World War II, to today’s mathematical algorithms used to encrypt and decrypt digital data. Regardless of the process and level of sophistication employed, the goal is the same: to maintain the secrecy of sensitive data.
The entire cybersecurity industry is designed to protect computer systems and the data stored by, processed by, received by and transmitted from them, and to protect that data from the access by, manipulation and control of unauthorized recipients.
Cybersecurity professionals use the phrase cybersecurity triad to describe this protection. The elements of the cybersecurity triad are known by the acronym CIA (Confidentiality, Integrity and Availability):
- Confidentiality is focused on protection from unauthorized access to systems and data.
- Integrity is concerned with protection from unauthorized modification of systems or data.
- Availability is related to avoiding disruptions in access to systems and data.
Thus, encryption is one element used to ensure that data protection is in alignment with the cybersecurity triad.
How Data Encryption Works
Modern methods of cryptography often rely on data encryption. Data encryption is accomplished by applying a mathematical algorithm to an unencrypted message (known as clear text) to convert it to a securely formatted message (known as ciphertext). Ciphertext can then be stored securely on a system for later use and/or safely transmitted to a recipient, then decrypted (re-converted to plaintext) for routine viewing or processing by the authorized individual possessing the proper cryptographic key. This key is derived from the original encryption algorithm, sort of like a digital secret encoder/decoder. It is similar to a password although keys may have specific abilities depending on the key system employed for encryption. Common key systems are known as symmetric and asymmetric systems.
Symmetric Key Systems use a single key shared by sender and recipient. This key is bi-directional and can both encrypt and decrypt messages.
Asymmetric Key Systems use a pair of related keys both derived from the original encryption algorithm. One key is known as a private (secret) key and one is a public key, often shared among multiple individuals. Although related, these keys are unidirectional and can either only encrypt or decrypt data.
The use of encryption aids in securing data but it is not a foolproof system. If a cryptographic key is obtained by an adversary, he/she will be able to decrypt the ciphertext into plaintext and easily view the data. Think of it as having a very secure lock on the front door of your home; if the key to this dependable lock is left under the doormat, anyone can retrieve the key, open the lock and enter your home.
Many enterprises use key management systems to maintain the integrity of the cryptographic keys that protect the organization’s data.
Another way encrypted data may be accessible to an adversary is via a brute force attack. During such an attack every possible cryptographic key variation is attempted until the message can be unencrypted. The key length is directly proportional to the level of data security provided by the encryption.The National Institute of Science and Technology (NIST) cites key length as an important security parameter. Wikipedia refers to the following illustration online at https://en.wikipedia.org/wiki/Brute-force_attack:
“Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever even be made) would, in theory, require about 3×1051 (3,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000) years to exhaust the 256-bit key space.”
A Hex editor translates the binary data (1’s and 0’s) used by the computer to process data to a level a bit more user-friendly for us humans by displaying it in Hexadecimal or other formats, such as American Standard Code for Information Interchange (ASCII). Using a basic hex editor to view encrypted data at this lower level only reveals what appears as nonsensical information, while preserving the security (secrecy) of the message.
Cryptographic One-way Hashing Algorithm
The Integrity component of the cybersecurity triad ensures that data is protected from modification or change. One method to achieve this is to employ the use of a cryptographic one-way hashing algorithm, known as a hash. A hash provides a unique message digest.
To illustrate this point, I created a new MS Word document and simply typed in the word test and saved the file using the name test.docx. I then used the “Save As” option and replaced the lowercase t with an uppercase T and saved that file under the name test1.docx. Note, the file name does not affect the computation of the hash. I then calculated a SHA-256 hash of each file the results are shown below:
The hash of test:
The hash of Test:
A hash assures the integrity of the data. Adding just a single space to the document will result in another unique hash value being calculated. The calculation is based on the representative characters computers use to signify even a simple space. Hashes can be used to fingerprint single files or entire drives. The above example shows that the only change made was converting a lowercase t into an uppercase T and yet the resulting hashes are in no way similar.
Protecting the integrity of online software downloads, which may contain malicious code (adware, spyware, viruses, etc.), is possible if the software developer publicly releases a hash of their program code. Once the hash is known, a user downloading the program can simply establish that the downloaded program matches what was originally released by the developer by re-calculating and verifying the software developer’s original hash themselves. Once a match is made, the software may be safely installed knowing nothing was added by a third party after the developer released their program.
Richard A. Vera
Richard A. Vera II, CPA, CITP, MBA, MSc, CFE, CSA, CFCE, AQA is the director of Financial & Digital Forensics for Critical Elements, Inc, and formerly senior forensic auditor for the U.S. Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives.