Encryption Security Methods

Submitted by rick_t on Sat, 04/15/2017 - 23:06

By Rick Tilley

Keeping people from accessing sensitive information by encrypting data gives a level of security that allows files and data packets to be transferred across the Internet securely.  The data is in plain sight but is scrambled by some encryption algorithm that requires a key to decrypt.  Usually the algorithm uses pairs of large prime numbers multiplied by each other and hashed.  Because the chosen prime numbers are NP hard to calculate, even cloud computing mainframes cannot break some encryptions within centuries.  Some of the weaker encryptions can be broken within days or months with large scale cloud servers. 

Public Key Sample

Most encryption is two way encryption.  That is, it can be decrypted after it is encrypted.  To encrypt data a public key is used.  The keys look like 500 or so characters of text gibberish and characters (figure 1).  The encrypted file is then retrieved by the owner of the private key, who uses their key and password to decrypt the data.  This can be very efficient for privacy.  However if the private key falls into the wrong hands, that person could guess your password and decrypt your data.

There are several forms of encryption.  Kleopatra / GPG4Win is a program that encrypts individual files.  Similarly, Proton Mail encrypts your e-mail messages automatically for you.  DiskCryptor encrypts an entire partition on your hard drive, so you can have a drive letter that is encrypted.  Signal encrypts messaging in a chat room style interface. Tor and encrypted VPN are another form of encryption.  Here network packets are encrypted end-to-end.  This is similar to encrypting a file, sending it, and decrypting it at its destination.  What encryption method and at what point is the network packet encrypted and decrypted may be of differing methods.  Security is found in good encryption algorithms and encrypting at the sender’s computer and at the receiver’s computer (end-to-end), rather than only at the server level.  Https:// websites also encrypt the network packets to and from the web-server to the user’s browser.  Tor offers increased anonymity by stripping network identifying information from the headers of network packets and bouncing the packet through a series of relay computers to make it difficult to trace the route that the packet came from.  VPNs act as a door to the internet.  Network packets are (hopefully) encrypted end-to-end from your computer to the VPN you are dialed into.  The VPN then decrypts and reroutes your network packets/requests from its servers into the Internet.  The idea is that the VPN uses their network credentials in the network packets so the user appears to be originating from the VPN and not their own home.  A search and seizure of the VPN’s cloud network backup logs would be required to trace the traffic back to the user.  This search and seizure could be government issued or just a hacker attaining access to the VPN’s servers.  Also your ISP can see everywhere you connect to the Internet.  In the case of a VPN, it will see you are connected to the VPN, and the encrypted network packets that are sent back and forth.  Similarly, an ISP can see you are connecting to the Tor directory server, and then a Tor relay.  Furthermore they can see the encrypted packets that have the header information stripped and discern that.  I cannot vouch for the efficiency and integrity of the encryption and anonymity methods of Tor nor the many VPN services offered out there.  That is further research that I will leave up to you to ponder.

So after all this effort, in order for someone to spy your data they would have to be you right?  Well consider what if you left your computer unlocked with data temporarily decrypted.  Couldn’t someone walk up and copy that to a flash drive and walk away with it?  Or even worse, what if that flash drive installed a computer virus, malware, trojan or worm that left a back door connection open between your computer and zombie computers distributed across the Internet?  Now your computer is another zombie computer on the spyware’s network.  The hacker could access your files, user input devices, peripheral cameras and microphones, and any networks connected.  This malware could be installed by other means, such as downloading a file and opening it.  The file may open and look innocent, but now the malware has already been installed.  Unsecure browsers may susceptible to certain Javascript exploits or tainted browser extensions.  One way to prevent browser delivery infections is by always updating to the most recent version.  This being said the software we use isn’t perfect, and often hackers find ways to exploit that software to gain access and install malware on your system.  Software engineers are constantly tasked with writing secure code and finding exploits to patch.  This is why we have antivirus / antimalware programs such as MalwareBytes.  These are programs that actively scan system activity and file system for suspicious patterns and known malicious code.  They can then quarantine and remove the malware.

Should your computer be infected with malware and anti-virus/anti-malware programs are unable to remove it, you will need to format your computer’s hard drives.  If you do decide to go that route and reinstall your operating system, I recommend creating a limited user setup for security purposes.  You may also want to partition your hard drive into multiple partitions when you install Windows so that you can have an encrypted partition separate from the partition your operating system and programs are installed on.  Be sure to give your main partition plenty of drive space.  Immediately after installing windows give your main windows administrator account, that you create upon install, a password.  Then create a second user that is not an administrator but is a limited user.  When installing programs, use your administrator account.  For most daily usage, such as writing papers, browsing the Internet, or playing games, use your secondary ‘limited user’ account.  Be sure to give this one a password too, just for good measure.  The benefit is that when you have the security privileges of a ‘limited user’ account, you do not have access to the operating system configuration or other user’s configurations.  This greatly limits the reach of malware should it make its way into your system while you are logged on under this account.  At that point you could just delete the user account and create another limited user account sometimes to remove the malware.  That being said, it is not fool proof in blocking malware, and a good anti-malware software will probably be needed as well.  Here is an article describing how to create a limited user account.

Hopefully this gives some ideas on how to better secure your data.  We can encrypt data so that it can be stored insecurely and still remain secure.  You can also increase the security of your computer system to prevent the chances of your files becoming compromised.  The main sources of vulnerability are from clicking on and installing programs infected with malware, opening files with malware, and network packet snooping.  Network packets contain header information that contains the sender’s information and the route that the packet took.  Malware has the ability to do anything the user can do, and can create a back door into your computer that can be accessed remotely.  By being aware of your computer’s use and taking security measures to protect your system and data, you can effectively secure your data from being compromised.  Keep in mind that no system is 100% secure, and no matter how much security you use, there will always be a way through.  The trick is minimizing the probability to a small enough margin that it never happens.