What is encryption?
An interview with Learning Technologist, Mark Richardson.
Hi Mark, thanks for agreeing to be interviewed by DisCUss about encryption. We see a lot about data security in the news. It would be great to hear more about how an understanding of encryption could help us put these sometimes alarming headlines into perspective.
It has been in the news quite a lot recently and it is worrying. Nothing is ever totally safe online, but there are precautions and measures that big companies and institutions like the University take to keep risks to a minimum. One of these measures is encryption of data. The reason it does make headlines is that breaches in these security measures are thankfully quite rare.
What is encryption then?
Modern computer encryption is a set of mathematical algorithms which encodes data so only the intended recipient can read it. Nowadays we share huge amounts of data online whether we realise it or not. Your Google search history, for example, could tell someone quite a lot about you, possibly things you wouldn’t want them to know!
That huge amount of data has to be moved; between a seller and a buyer, for example. Our data is at its most vulnerable when it is being transferred from one place to another. Even the most private of secure communications can be prone to data breaches or targeted attacks. This is where encryption comes in.
Encryption enhances the security of a message or file by scrambling the content. It’s like sending secret messages between parties—if someone looks at a message without decrypting it, it would just appear as nonsense. To encrypt a message you need the right key, and you need the right key to decrypt it as well.
Messages or data ‘packets’ can be scrambled in one of two ways–either both parties have the same key–symmetric encryption or an internet packet can be encrypted with a public key, but require a private key to decrypt it–as with asymmetric encryption
Sounds complicated!
Well the principles used are the same as they have been for hundreds if not thousands of years, for as long as people have been sending messages they didn’t want others to read.
So let’s say that you live in the next city, or cave, and I want to send you a message, but how do I get it to you securely? Possibly the simplest way of stopping someone reading it would be to lock it in a box. But how do I make sure you can open it to read the message? I can’t send you the key to the box first, because someone could intercept the key and make a copy.
So I have two choices, either we meet first and both take away an exact copy of the same key to open the box (Symmetric encryption) or you send me a box, to which you have the key, which I put the message in. I then lock it for you to open it at the other end (Asymmetric encryption). The only difference today being that both the key and the box are mathematical.
That’s fair enough if the letter is being sent via messenger on horseback, why do we need such a complicated system nowadays?
We need a system like this more than ever! We have access to and share about 100 times the amount of data that our medieval ancestors had. And the bandits that want to intercept our messages can do so from home in their pyjamas, no horses required.
Facebook, Twitter and every other site you see make up around 10% of the true size of the internet. 90% is hidden in what is called the Dark Web. The Dark Web is not policed, monitored and will not show up in a Google search. Here, anything goes. Personal data lists are bought and sold as easily as buying music from iTunes.
Making sure your data doesn’t end up on these lists means taking some simple precautions. While encryption isn’t 100% secure, it does help to protect your identity. Make sure you have anti-virus software installed and up to date, don’t respond to spam or phishing emails, and avoid these ‘save my card for next time’ checkboxes at internet stores.
That’s because it is harder to control our data when it is held by others. For example, sportswear retailer Sports Directs entire workforce had their personal credentials stolen in an internal security breach. The attacker reportedly gained access through an unpatched content management system running on a free, open source website builder..
Things like this mean we constantly have to update our keys and boxes to make sure they are as strong as possible. The university also uses ‘encryption in storage’ which means that all data is stored encrypted even when not being sent. This means that even if an outsider got access to our systems, through the internet or physically, they would need the correct decryption keys to make any sense of the data. These are protected by passwords and user accounts, so keep your password safe!
Thank you for talking to us today about encryption Mark and I think you helped us all feel more comfortable about the data held at the University.
Anyone wanting to know more about encryption can study it as part of a Cyber Security course at CU Scarborough or CU London.