By Rick Tilley
Keeping people from accessing sensitive information by encrypting data gives a level of security that allows files and data packets to be transferred across the Internet securely. The data is in plain sight but is scrambled by some encryption algorithm that requires a key to decrypt. Usually the algorithm uses pairs of large prime numbers multiplied by each other and hashed. Because the chosen prime numbers are NP hard to calculate, even cloud computing mainframes cannot break some encryptions within centuries. Some of the weaker encryptions can be broken within days or months with large scale cloud servers.
Most encryption is two way encryption. That is, it can be decrypted after it is encrypted. To encrypt data a public key is used. The keys look like 500 or so characters of text gibberish and characters (figure 1). The encrypted file is then retrieved by the owner of the private key, who uses their key and password to decrypt the data. This can be very efficient for privacy. However if the private key falls into the wrong hands, that person could guess your password and decrypt your data.
There are several forms of encryption. Kleopatra / GPG4Win is a program that encrypts individual files. Similarly, Proton Mail encrypts your e-mail messages automatically for you. DiskCryptor encrypts an entire partition on your hard drive, so you can have a drive letter that is encrypted. Signal encrypts messaging in a chat room style interface. Tor and encrypted VPN are another form of encryption. Here network packets are encrypted end-to-end. This is similar to encrypting a file, sending it, and decrypting it at its destination. What encryption method and at what point is the network packet encrypted and decrypted may be of differing methods. Security is found in good encryption algorithms and encrypting at the sender’s computer and at the receiver’s computer (end-to-end), rather than only at the server level. Https:// websites also encrypt the network packets to and from the web-server to the user’s browser. Tor offers increased anonymity by stripping network identifying information from the headers of network packets and bouncing the packet through a series of relay computers to make it difficult to trace the route that the packet came from. VPNs act as a door to the internet. Network packets are (hopefully) encrypted end-to-end from your computer to the VPN you are dialed into. The VPN then decrypts and reroutes your network packets/requests from its servers into the Internet. The idea is that the VPN uses their network credentials in the network packets so the user appears to be originating from the VPN and not their own home. A search and seizure of the VPN’s cloud network backup logs would be required to trace the traffic back to the user. This search and seizure could be government issued or just a hacker attaining access to the VPN’s servers. Also your ISP can see everywhere you connect to the Internet. In the case of a VPN, it will see you are connected to the VPN, and the encrypted network packets that are sent back and forth. Similarly, an ISP can see you are connecting to the Tor directory server, and then a Tor relay. Furthermore they can see the encrypted packets that have the header information stripped and discern that. I cannot vouch for the efficiency and integrity of the encryption and anonymity methods of Tor nor the many VPN services offered out there. That is further research that I will leave up to you to ponder.
Should your computer be infected with malware and anti-virus/anti-malware programs are unable to remove it, you will need to format your computer’s hard drives. If you do decide to go that route and reinstall your operating system, I recommend creating a limited user setup for security purposes. You may also want to partition your hard drive into multiple partitions when you install Windows so that you can have an encrypted partition separate from the partition your operating system and programs are installed on. Be sure to give your main partition plenty of drive space. Immediately after installing windows give your main windows administrator account, that you create upon install, a password. Then create a second user that is not an administrator but is a limited user. When installing programs, use your administrator account. For most daily usage, such as writing papers, browsing the Internet, or playing games, use your secondary ‘limited user’ account. Be sure to give this one a password too, just for good measure. The benefit is that when you have the security privileges of a ‘limited user’ account, you do not have access to the operating system configuration or other user’s configurations. This greatly limits the reach of malware should it make its way into your system while you are logged on under this account. At that point you could just delete the user account and create another limited user account sometimes to remove the malware. That being said, it is not fool proof in blocking malware, and a good anti-malware software will probably be needed as well. Here is an article describing how to create a limited user account.
Hopefully this gives some ideas on how to better secure your data. We can encrypt data so that it can be stored insecurely and still remain secure. You can also increase the security of your computer system to prevent the chances of your files becoming compromised. The main sources of vulnerability are from clicking on and installing programs infected with malware, opening files with malware, and network packet snooping. Network packets contain header information that contains the sender’s information and the route that the packet took. Malware has the ability to do anything the user can do, and can create a back door into your computer that can be accessed remotely. By being aware of your computer’s use and taking security measures to protect your system and data, you can effectively secure your data from being compromised. Keep in mind that no system is 100% secure, and no matter how much security you use, there will always be a way through. The trick is minimizing the probability to a small enough margin that it never happens.