Google follows Amazon with auto-encryption of cloud data

Google follows Amazon with auto-encryption of cloud data • The Register.

Would imagine this would be the first thing to cover in a cloud scenario, however, at least providers are getting on board!

“The change means data will be kept in RAM and encrypted via AES-128 upon upload into the service before being written to disk.”

 

Cryptography – Symmetric & Asymmetric

Please don’t be scared by the name of this post, it is all Office 365 related. This method of exchanging information between collaborating parties makes it very difficult for others to access the information. So when you look into this, think ADFS and the way your organisation talks to Microsoft.

Cryptography aims to allow you to transmit sensitive information across an insecure network, for example, the internet, so it cannot be ready by anyone except the intended receiving party.

Modern cryptography is based around mathematics, encryption. In addition to this, modern cryptography techniques can also be used to sign data so that any reader is aware of the origination of the data and ensure it is from the publisher who transmitted it.

The primary two types of encryption are;

  • Symmetric
  • Asymmetric (or public)

Encryption and decryption requires the use of secret information, known as a key.

This ‘key’ is shared between two parties in advance, this key is used for both the encryption and decryption of a message.

Provided the recipient knows the key, they will be able to decipher the message, anyone who tries to intercept the message but does not have the symmetric key will be unable to convert it to something decipherable, although this will depend on the complexity of the key (much like a login password!).

Symmetric Encryption

The same key is used for both encryption and decryption. The parties must agree on the secret key in advance and then keep it to themselves, once they have done this they will be able to send each other secured messages.

However, a simple substitution algorithm is relatively easy to crack, not necessarily at human level, but with regards to computing, it could well be ‘crackable’. You could increase the digits of the key to complicate it further however, you will need a careful balancing act between security and performance. Something with a massive key would take longer to encrypt and decrypt, whereas a shorter key would be faster.

Symmetric key encryption provides good performance compared to asymmetric encryption, and is a good choice for bulk encryption.

Symmetric key encryption does have a rather large catch;

In order to create this ‘collaboration’ with another party, you will need to send the key to the other party, however, until the key is in place both ends, you are unsecure in your transmissions. If you had a secure channel to transfer this key in the first place, there would be no need for this solution. So in theory, a brave attempt at security, but it still leaves that gap of a ‘what if’ scenario, most wouldn’t want to test. I’d certainly hope my banking data isn’t transferred using this method.

 

Asymmetric Encryption (Public Key encryption)

Asymmetric encryption was developed by Whitfield Diffie and Martin Hellman (Diffie Helman if that rings a bell), however this was overshadowed by the ‘RSA’ algorithm.

The core principle for asymmetric encryption; Encryption that is performed in one direction cannot simply be decrypted by applying a rule in reverse – anything encrypted with a public key can only be decrypted with the corresponding private key.

In this encryption, there is the use of two keys, a public key accessible by anyone, and one private key stored in the safest of locations by one party.

Anything encrypted with the public key can only ever be decrypted by the party with the private key, so in this case, unlike symmetric, there is no need for the physical exchange of a secret. Encryption with the private key is used to prove the source of the message, because if you receive a decryptable message using the public key, you know it came from the party with the private key.

Asymmetric is generally used to initiate a secure channel and provides a means to exchange a temporary symmetric encryption key, so by combining the two, you generate a safe way of securing collaboration between the two parties. This is also know as a ‘session key’

 

%d bloggers like this: