Data Encryption

Encryption is about encoding messages, information and data in such a way that only authorised parties can have access to it. It is important to note that in terms of IT security, encryption does not by itself prevent interception, but denies access to the message, information and data to the interceptor even if this happens.

How does it work?

An encryption scheme uses an encryption algorithm to scramble up the original message, information or data known as plaintext, in a mathematical operation generating ciphertext that can only be read in a reversible decryption process. This encryption scheme usually uses a pseudo-random encryption mechanism, based on a "key" generated by an algorithm.

Encryption isn't 100% secure because it is in principle theoretically possible to decrypt ciphertext without having access to the key, but for well-designed and proven encryption schemes very advanced mathematical techniques and extremely large computational resources are required to "crack" this encryption without a key. The same message, information or data is easily decrypted by authorised recipients with the key provisioned by the sender or originator of the data.

Encryption schemes

Broadly speaking there are two main types of encryption schemes in use today. Symmetric key encryption schemes work on the basis that for encrypting and decrypting data, the same key is employed in both instances. This means that both communicating parties must have the same key before a secure communication channel can be established. As both the sender and the receiver relies on this "private" key for the encryption scheme to work, symmetric encryption schemes are also known as private key schemes. This was how encryption worked from classical Greek and Roman times until fairly recently.

In asymmetric or public key encryption schemes, the encryption key is made publicly available and "published" for anyone to use and encrypt messages, but only the receiving party has the decryption key that enable messages, information and data to be decrypted and read. The breakthrough in public-key encryption was first described in a highly classified document produced by the British intelligence service GCHQ in 1973, and its implementation is underpinned by advanced mathematics and cryptography concepts.

In 1991 Phil Zimmermann produced and distributed a freely available public key encryption application suite called Pretty Good Privacy, PGP. PGP was distributed for free with source code for the pubic good in line with open source principles. Symantec purchased the rights to PGP in 2010 and has integrated it into its suite of internet and IT security products and services ever since.

Why is it important?

From classical times since the days of Julius Caesar up to the modern era, governments and militaries have always relied on encryption to facilitate secure and secret communications. Fast forward to the present day, encryption is now routinely used to protect information within many kinds of non-classified civilian and commercial systems. The Computer Security Institute reported in 2007 that 71% of companies polled used some sort of encryption for their data in transmission and transit, and 53% used encryption for some of their data in storage and stasis.

For files on computers and storage devices, e.g. removable media and long-term archiving tape, encryption can be provided to protect data "at rest". Encrypting confidential and sensitive data such as customers' personal details ensure that should physical security measures fail through instances of loss or theft of laptops and backup devices, prying third parties and malignant hackers will still not be able to compromise the information held on such physical devices.

For protecting data "in transit", encryption can also be used for data being transmitted via proprietary or "closed" networks as well as the open internet. Modern e-commerce relies on this and in addition to securing the transactions from the originating device where e-commerce is being conducted, mobile phones, wireless access points, and even bank cashpoints (also known as Automatic Teller Machines, or ATM for short) have been able to benefit from this technology.

Encryption is often used together with digital signatures to protect the authenticity and integrity of a message. During the encryption phase when the data is being scrambled, an integrated digital signature is used to "sign" the data in conjunction with the encryption key at the same time. This ensures that any attempts to tamper with the data, message or information will be flagged up as suspect, when the purported digital signature of the sender won't match with information available from the sender's public key.