Security Awareness – Encryption | Office of Information …

Posted on by

PGP Whole Disk Encryption

OIToffers and supports PGP software and licenses to faculty and staff for whole disk encryption. Whole disk encryption will keep educational records and confidential data secure in case your laptop is lost or stolen. This information should only be stored on a mobile device, like a laptop, when there is a specific business purpose. Find out if PGP whole disk encryption is right for you.

If we had a number we wished to keep secret (say the combination to a safe), one option to protect it is to encrypt the number, after all we can't store the combination to the safe inside the safe. Let's say the combination is 12-28-11 which we shorten to just 122811. Let's use some simple math to make it into a scrambled number.

Here's an equation that adds a secret number (n) to the combination and then multiplies the result by the same secret number:

If we pick 5 as our secret number, then we get:

Our scrambled number, 614080, is an encrypted version of our safe combination. To get our combination number back, we need to know our secret number and the formula used to create the scrambled number. Here's the formula:

We insert our secret number and our scrambled number:

And solve the equation to find our combination:

We have successfully developed our own encryption process for our safe combination.

The process of transforming readable information into an unreadable form. Making the safe combination into the scrambled number.

Decrypt

The process of transforming encrypted information back into its readable form. Making the scrambled number back into the safe combination.

Key

The item used, along with the algorithm, to encrypt and decrypt information. . In the example above, the secret number, n, was our key. The key could be a password, a special file or a hardware device often called a token Strong encryption processes may use multiple keys like both a password and a token.

Key length

Algorithm

The mathematical technique used, along with the key(s), to encrypt and decrypt information. In the example above, the equation, n*(combination + n)=scrambled number, was our algorithm. Popular encryption algorithms include: AES, DES, triple-DES, RSA, blowfish, IDEA

Information is considered "at rest" when it is saved to a computer or storage device (like a CD, tape or thumbdrive) which is usually in contrast to "in transit". Note that data can be considered "at rest" while physically moving like someone carrying a CD with information.

Information is "in transit" when it is being transferred over a network. This could be copying a file from a file server, submitting a webpage order form or sending an email.

The behavior of an encryption technology/product which keeps a file encrypted when it is moved between disks or computers. Many forms of encryption only keep information encrypted when stored in a particular location.

Symmetrical vs Asymmetrical

Encryption/decryption processes are often referred to as being either symmetrical or asymmetrical, which relates to what keys are used to encrypt and decrypt information.

In symmetrical encryption, the same key is used to encrypt and decrypt the information. The most common use of this technique is password encryption where the same password is used to encrypt and decrypt the information. This method is simple and useful when sharing the key isn't problematic (either the key isn't shared or all parties are trusted with the information). It requires that all parties who need to encrypt or decrypt the information safely obtain the key.

In asymmetrical encryption, there are two different keys one used to encrypt the information and one used to decrypt the information. In this approach, the key used to encrypt the information cannot be used to decrypt it. This technique is useful when sharing a key might be problematic. These two keys are often referred to as public and private keys. As the names imply, the public key is openly distributed as it can only be used to encrypt information and the private key that can decrypt the information is protected.

Key management Perhaps the most important aspect of encryption deployment is management of keys. This includes what types of keys are used (passwords, files, tokens, certificates, etc), how they are given to users, how they are protected and how to deal with a lost key scenario. Each technology and product handles this differently, but the lost key scenario is usually the most concerning since it could lead to either an unauthorized person decrypting information or the inability for authorized people to decrypt information. Many encryption horror stories come in the form of not being able to decrypt the only copy of very important information. Pay careful attention to key generation, distribution, use, recovery and security when looking into encryption options.

Impacts to system/data management When files or disks are encrypted, an IT administrator might have to adapt some of their management processes or tools. For example, what impact do encrypted hard drives have on system imaging? What about the use of wake-on-LAN for management? The answers to these questions vary with your management processes and the encryption product, so it's important to understand how encryption products will impact your IT environment.

When does encryption stay with the file? Many forms of encryption only protect information while it is transferred over the network (like a website using SSL) or while it is stored in a particular place (like on an encrypted hard drive). This means that once the file is moved out of the situation, it is no longer encrypted. This often confuses users who think encryption "sticks" to files and they can email a file stored on an encrypted disk and it will stay encrypted as an email attachment, or copy a file from an encrypted disk to a thumb drive and the file will remain encrypted. It's important to understand the conditions under which a file will be encrypted and explain those conditions to those in your department. Since encryption conditions vary by technology, product and implementation, there isn't a general rule.

Read more:
Security Awareness - Encryption | Office of Information ...

Related Posts
This entry was posted in $1$s. Bookmark the permalink.