AES

What is PGP Encryption?

Photo by Zan on Unsplash

PGP encryption (Pretty Good Encryption) is a data encryption program used to authenticate and provide cryptographic privacy for data transfers.

PGP encryption is used to secure all forms of data and digital transmissions. It’s capable of encrypting and decrypting:

Text messages

Emails

Computer files

Disk partitions

PGP is a quick-to-implement and cost-effective encryption method.

What’s the Difference Between PGP and OpenPGP

PGP was originally created to protect files posted on Bulletin Board Systems (BBS). This computerized messaging system allowed users to post messages onto a public message board using a dial-up modem. Bulletin Board Systems were used until the mid-nineties. The retirement of this technology led to PGP being sold multiple times before it was finally acquired by Symantec in 2010. OpenPGP (also known as Open-source PGP, was created by one of the PGP’s inventors, Phil Zimmerman, to overcome the patent restrictions preventing PGP’s liberal use. OpenPGP Standard is now the Internet Engineering Task Force (IETF) approved standard that permits any company to develop and sell PGP-compatible products. GoAnywhere Open is an example of one such solution that offers PGP encryption free of charge. GnuPG is a variant of OpenPGP. It’s also free, but its algorithm differs slightly from PGP. The downside to using this encryption standard over the Symantec-owned PGP is that it doesn’t come with technical support – the bane of all open-source software.

Benefits of PGP Encryption

PGP’s current popularity is due to its original availability as freeware and its long history – originally created in 1990. It’s now the standard form of encryption in finance, healthcare, technology, and other highly regulated industries.

PGP encryption offers the following security benefits:

Reduces the risk of data loss prevention.

Prevents information from being modified during the transfer.

Protects sensitive information from unauthorized access.

Allows the secure sharing of information with multiple parties.

Verifies the authenticity of email senders.

Prevents the recovery of deleted sensitive data.

Ensures email communications are not intercepted.

Protects emails from malicious compromise.

Very blunt learning curve – no training is required to achieve PGP encryption proficiency.

How Does PGP Encryption Work?

To secure sensitive data, PGP combines data compression, password hashing, symmetric-key cryptography, and public-key cryptography.

This feature list is a combination of two file encryption types:

Symmetric key encryption

Public-key encryption

The encryption algorithm can protect data in transit and at rest – especially when coupled with a threat detection solution. PGP assigns users at each end of the communication trajectory with randomly generated public and private keys. For sent messages to be successfully decrypted, they must be authenticated with specific private keys that only intended recipients will have.

The end-to-end process of PGP email security is described below:

Sender A requests to send Recipient B a secure email.

Recipient B generates a random PGP public key and private key.

Recipient B keeps the private key and transmits the public key to Sender A.

Sender A uses the recipient’s public key to encrypt the message before sending it.

Recipient B receives the encrypted message and decrypts it with its retained private key. ​

Recipient B reads the message.

This process prevents anyone without the correct key pair from decrypting intercepted messages.

December 29, 2024 by Cryptography 0

How to Store Data Securely on a USB Flash Drive

Photo by Lc on Unsplash

It is strongly advised that you avoid storing confidential information on a USB flash drive and choose more secure storage devices to ensure the safety of your data. The compact size of USB flash drives makes them convenient to carry but also increases the chances of losing or stealing them. This vulnerability poses a severe threat of data loss, leaks, and breaches, which can result in significant financial loss and damage to the reputation of organizations.

Using a flash drive, follow these 7 tips to secure your data.

  1. Buy an Encrypted USB.

Encryption secures sensitive data by making it accessible only to those with a decryption key. When purchasing a flash drive, opt for a military-grade one with 256-bit AES hardware encryption, the most robust algorithm.

Other features to look for in an encrypted USB flash drive include:

  • Tamper-proof protection
  • Anti-virus scanning
  • Brute-force protection
  • Password protection
  • TAA Compliance
  • Remote management capabilities
  • FIPS 140-2 Certification (Level 3)
  • Compliance with industry security standards, such as HIPAA, SOX, and GLBA.

2. Use USB Encryption Software.

Microsoft Windows users can use BitLocker to encrypt their flash drives instead of buying an encrypted flashdrive. Note that encryption hardware provides better security than software.

Microsoft’s instructions for enabling BitLocker are available below:

View instructions for enabling BitLocker in Windows 10
View instructions for enabling BitLocker in Windows 11‍

3. Have a Backup

You may only recover the stored data if your flash drive is recovered, stolen, or damaged. Even if a lost or stolen flash drive is returned, you shouldn’t use it again as it could potentially have ransomware or another type of malware installed. The best assurance of recovering the data on your flash drive is to have a backup of all files saved in another storage location, such as cloud storage.

4. Delete Data After Use.

After you have saved, edited, and transferred your data from a USB stick, it is recommended that you delete it immediately. You should then remove the flash drive from the USB port and store it securely to prevent any possibility of losing it or having it stolen.

5. Install Anti-Virus Protection

With different types of malware emerging daily, keeping your software up-to-date is crucial. Use antivirus software that offers malware protection across all endpoints, including hard drives, USB devices, and SD cards – one can infect all.

6. Keep Software Up to Date

Zero-day exploits take advantage of unpatched software vulnerabilities – a common attack vector that can have devastating consequences. Cybercriminals can easily access, edit, and steal data from vulnerable systems and devices, including USB storage. Installing software updates as soon as possible prevents cybercriminals from taking advantage of these vulnerabilities. Most operating systems, including Microsoft Windows, Mac OS / Apple iOS, and Linux, offer auto-updates to ensure you remain protected.

7. Use Alternative Storage Methods

Flash drives, there are better answers than not to take your data security seriously. Even the most secure USB drives differ from modern data storage methods, like cloud storage. Cloud services offer many innovative security features, such as the Secure Access Service Edge (SASE). SASE is a cloud security model that leverages firewalls, cloud access service brokers (CASBs), secure web gateways (SWG), and zero-trust network access (ZTNA). Cloud security mechanisms include Cloud Security Posture Management and Cloud Infrastructure Entitlement Management (CIEM).

Despite their strong security capabilities, like all third-party vendors, cloud services carry third-party risks and other risks specific to their functionality. Organizations and individuals must conduct due diligence to ensure their cloud providers are following appropriate data security requirements.

October 18, 2024 by Privacy 0

Is AES secure?

Photo by FLY:D on Unsplash

In 2000, after a very thorough and open selection process, NIST announced that AES (formally known as Rijndael, after one of its creators) would replace DES as its recommended “unclassified, publicly disclosed encryption algorithm capable of protecting sensitive government information well into the next century.”

Based on NIST’s recommendation, the US government uses AES to secure its classified information:

“The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require the use of either the 192 or 256 key lengths.”Brute force attacks

The most basic form of attack possible on any encryption cipher is a brute force attack, which involves trying every possible key combination until the correct one is found.

As we discuss in Privacy Decrypted #3: Can encryption be broken? Fugaku is currently the most powerful (known) supercomputer in the world. If it dedicated its entire output to the task, it would take Fugaku 12 trillion years to exhaust all possible combinations for AES-128.

AES-256 is 340 billion-billion-billion-billion times harder to brute force than AES-128. To put this into perspective, the universe is 14 billion years old. It is, therefore, safe to say that even at its lower bit sizes, AES is highly resistant to brute force attacks from conventional computers.

It is often theorized that when quantum computing becomes available, modern encryption algorithms will be rendered all but useless. There is truth in this when it comes to asymmetric-key ciphers, but symmetric-key ciphers are relatively quantum-resistant, although quantum computers still reduce the security of AES by half. This means AES-256 remains secure, but AES-128 is less so.

Brute force attacks, however, are not the only way to compromise an encryption algorithm.

Key attacks

Over the years, a number of theoretical attacks on AES keys have been published by cryptographers, but all of these are either unworkable in practice, or are only effective on AES implementations that use a reduced number of rounds (see below).

The most successful attempt was a biclique attack published in 2011 that can reduce the time needed to brute force AES by a factor of four. However, it would still require billions of years to brute force AES on any current or foreseeable computer hardware.

No known key attack is practical against properly implemented AES-128 or higher.

Side channel attacks

A side-channel attack attempts to reduce the number of combinations required to make a successful brute force attack by looking for clues from the computer performing the encryption calculations. Clues can be gleaned by examining:

Timing – how long a computer takes to perform an operation

Electromagnetic leaks

Audio cues

Visual cues (picked up using a high-resolution camera).

Cache-timing attacks, in particular, have proven to be quite effective at successfully cracking AES. In the most notable example, researchers in 2016 were able to recover an AES-128 key using “only about 6 – 7 blocks of plaintext or ciphertext (theoretically even a single block would suffice)”.

However, there are a number of things that can be done to mitigate against the threat of side-channel attacks:

Properly implemented AES can prevent ways that data can be leaked. Hardware that integrates the AES instruction set further reduces the side-channel attack surface of AES. Randomization techniques can be used to disrupt the relationship between data protected by AES and any leaked data that could be collected using a side-channel attack.

It is also worth noting that, in many cases, side-channel attacks require the attacker to have close proximity or physical access to the device as it decrypts data (although remote attacks are possible if malicious software is installed on a device, particularly in the case of timing attacks).

The human factor

Security is only as strong as its weakest point. There is little point in encrypting your data with AES-256 if you then secure it using the password “12345”. Social engineering attacks and keylogger viruses are also a threat to AES-encrypted data.

Use of a good password manager, anti-virus software, and improved education about cybersecurity are the best forms of defence against these kinds of attacks. Note that this kind of attack is only a risk if you encrypt your own data with a password.

May 15, 2023 by Cryptography 0

Insecure Cryptographic Storage

Photo by Lia Trevarthen on Unsplash

Encrypting stored data is a standard best practice for preventing unauthorized access to or use of sensitive information. Encryption takes information stored in a readable format, such as PlainText, then uses mathematical algorithms to scramble it, making it unreadable. Encryption typically requires an encryption key, which is the technology that applies the algorithm that scrambles the data and is also used to make the information readable again. However, the protection no longer works if someone finds the encryption key.

The insecure cryptographic storage vulnerability means you have a problem with one or more of the following:

  • Not encrypting all sensitive data
  • Improper key storage and management
  • Easy to crack encryption algorithms
  • Internally-designed, untested algorithm
January 12, 2023 by Cryptography 0

What Is AES encryption?

Photo by Alex Motoc on Unsplash

AES is a fast, efficient, and secure encryption standard. Certified by the National Institute of Standards and Technology (NIST), AES is used by the United States government to secure classified data.

What does AES stand for?

AES stands for Advanced Encryption Standard and is a symmetric-key cipher. There are two fundamental kinds of cipher algorithms:

Asymmetric-key ciphers

These use public-key cryptography to allow the secure exchange of keys over a distance (such as over the internet). Data is encrypted using a public key, which is made widely available, but which can only be decrypted using the correct private key (which only the intended recipient should possess). Asymmetric-key ciphers require a high level of computational power. This makes them relatively slow, and thus most useful for encrypting small amounts of data. RSA, for example, is an asymmetric cipher used to encrypt just the keys during the TLS exchange that occurs when connecting to an HTTPS website.

Symmetric-key ciphers

The same key is used to both encrypt and decrypt the data. There may sometimes be a simple transformation between the two keys, but they are always derived from the same key. Symmetric-key ciphers require much less processing power than asymmetric-key ciphers and are therefore often cited as being around 1,000 times faster. This makes symmetric-key ciphers ideal for encrypting large volumes of data. Where large amounts of data need to be transmitted over a distance (such as over the internet), the data itself is encrypted using a symmetric-key cipher, such as AES, while the key exchange is secured using an asymmetric-key cipher, such as RSA.

June 15, 2022 by Cryptography 0

Recent Comments

No comments to show.