Types of Encryption Software and Hardware

Encryption is a really important to keeping your data safe. When your files are encrypted, they are completely unreadable without the correct encryption key. If someone steals your encrypted files, they cannot view or change them. There are two types of encryption: hardware and software.

Software Encryption
As the name implies, software encryption uses software tools to encrypt your data. Some examples of these tools include BitLocker and 1Password password manager. Using encryption tools to protect information on your Device. Software encryption relies on a passwords, give the correct password, your files get decrypted, otherwise they remain locked. With encryption enabled, it is passed through a special algorithm that scrambles your data as it is written to disk. The same software unscrambles your data as it is read from the disk by an authenticated user.

Software encryption cheap to implement, making it very popular with developers. software-based encryption routines do not require any additional hardware. Software encryption is only as secure as Device . If a hacker can crack your password, the encryption is immediately undone. Encryption tools share the processing resources of your computer,  causing device to slow down as data is encrypted/decrypted. Opening and closing encrypted files is slower than normal because the process is resource intensive.

Hardware encryption
Hardware encryption has a separate processor dedicated to the task of authentication and encryption. This technology relies on a special key to encrypt and decrypt data, but this is randomly generated by the encryption processor. sometimes, hardware encryption devices replace regular passwords with biometric logons like fingerprints or a PIN number which is entered on an attached keypad. Hardware encryption is safer than software encryption as the encryption process is separate from the rest of the machine. This makes it harder to crack. Using a dedicated processor also relieves the burden on the rest of your device, speeding up the encryption and decryption process. Hardware-based encrypted storage is more expensive than the software option.

The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organisations. Although it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy duty encryption  purposes. AES is largely considered impervious to all attacks, with the exception of brute force, which attempts to decipher messages using all possible combinations in the 128, 192, or 256-bit cipher. Still, security experts believe that AES will become standard for encrypting data.

Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm, which hackers eventually learned to defeat with relative ease. At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry. Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it. Despite slowly being phased out, Triple DES still manages to make a dependable hardware encryption solution for some industries.

RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet. It also happens to be one of the methods used in our PGP and GPG programs. Unlike Triple DES, RSA is considered an asymmetric algorithm due to its use of a pair of keys. You’ve got your public key, which is what we use to encrypt our message, and a private key to decrypt it. The result of RSA encryption is a
huge batch of mumbo jumbo that takes attackers quite a bit of time and processing power to break.

Blowfish is another algorithm designed to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually. Blowfish is known for both its tremendous speed and overall effectiveness as many claim that it has never been
defeated. Meanwhile, vendors have taken full advantage of its free availability in the public domain. Blowfish can be found in software categories ranging from e-commerce platforms for securing payments to password management tools, where it used to protect passwords. It’s definitely one of the more flexible encryption methods available.

Hardware Security Module (HSM) is a physical computing device which safeguards and manages digital keys for strong authentication and provides cryptoprocessing. most modules come in the form of a plug-in card or an external device which attaches directly to a computer or network server.

Digital Signature is a mathematical scheme for presenting the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).

Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.

Cryptographic Protocol or encryption protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives.
A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program. Cryptographic protocols are widely used for secure application-level data transport.

Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption (also known as asymmetric key encryption).

Cryptography or cryptology ( “hidden, secret”) is the practice and study of techniques for secure communication. More generally, cryptography is about constructing and analysing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

Public-Key Encryption Schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that enables messages to be read.

Pretty Good Privacy (PGP) was written in 1991 by Phil Zimmermann, and distributed free of charge with source code; it was purchased by Symantec in 2010 and is regularly updated.

Transport Layer Security (TLS) – and its predecessor, Secure Sockets Layer (SSL), which is now deprecated by the Internet Engineering Task Force (IETF) – are cryptographic protocols that provide communications security over a computer network.

Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. This involves knowing how the system works and finding a secret key. Cryptanalysis is also referred to as codebreaking or cracking the code. Ciphertext is generally the easiest part of a cryptosystem to obtain and therefore is an important part of cryptanalysis

Ciphertext or Cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it.

Internet Engineering Task Force (IETF) develops and promotes voluntary Internet standards, in particular the standards that comprise the Internet protocol suite (TCP/IP). It is an open standards organisation, with no formal membership or membership requirements. All participants and managers are volunteers, though their work is usually funded by their employers or sponsors. IETF started out as an activity supported by the U.S. federal government, but since 1993 it has operated as a standards development function under the auspices of the Internet Society, an international membership-based non-profit organisation.

Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.

Cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography. It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, that is, a function which is infeasible to invert. The only way to recreate the input data from an ideal cryptographic hash function’s output is to attempt a brute-force search of possible inputs to see if they produce a match.

Message Authentication Code (MAC), sometimes known as a tag, is a short piece of information used to authenticate a message, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects both a message’s data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.

Media Access Control address (MAC address) of a device is a unique identifier assigned to network interface controllers for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and Wi-Fi. In this context, MAC addresses are used in the medium access control protocol sublayer.

Ethernet Hardware Address (EHA), hardware address or physical address (not to be confused with a memory physical address). This can be likened to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. In brief, MAC address is like a social security number which remains unchanged for a person’s life time (here, the device), while an IP address is like a postal code which can be changed. sometimes know as burned-in address (BIA)

American National Standards Institute (ANSI /’ænsi/ AN-see) is a private non-profit organisation that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States. The organization also coordinates U.S. standards with international standards so that American products can be used worldwide.

ANSI accredits standards that are developed by representatives of other standards organisations, government agencies, consumer groups, companies, and others. These standards ensure that the characteristics and performance of products are consistent, that people use the same definitions and terms, and that products are tested the same way. ANSI also accredits organisations that carry out product or personnel certification in accordance with requirements defined in international standards.

Institute of Electrical and Electronics Engineers (IEEE) is a professional association with its corporate office in New York City and its operations center in Piscataway, New Jersey. It was formed in 1963 from the amalgamation of the American Institute of Electrical Engineers and the Institute of Radio Engineers. Today, it is the world’s largest association of technical professionals with more than 420,000 members in over 160 countries around the world. Its objectives are the educational and technical advancement of electrical and electronic engineering, telecommunications, computer engineering and allied disciplines.

International Organisation for Standardisation (ISO) is an international standard-setting body composed of representatives from various national standards organisations. Founded on 23 February 1947, the organisation promotes worldwide proprietary, industrial and commercial standards. It is headquartered in Geneva, Switzerland, and works in 162 countries. It was one of the first organisation granted general consultative status with the United Nations Economic and Social Council.

substitution cipher is a method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.

Substitution ciphers can be compared with transposition ciphers. In a transposition cipher, the units of the plaintext are rearranged in a different and usually quite complex order, but the units themselves are left unchanged. By contrast, in a substitution cipher, the units of the plaintext are retained in the same sequence in the ciphertext, but the units themselves are altered. There are a number of different types of substitution cipher. If the cipher operates on single letters, it is termed a simple substitution cipher; a cipher that operates on larger groups of letters is termed polygraphic.

monoalphabetic cipher uses fixed substitution over the entire message, whereas a polyalphabetic cipher uses a number of substitutions at different positions in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice versa.

Transposition Cipher is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed (the plaintext is reordered). Mathematically a bijective function is used on the characters’ positions to encrypt and an inverse function to decrypt.

Transparent Encryption, also known as real-time encryption and on-the-fly encryption (OTFE), is a method used by some disk encryption software. “Transparent” refers to the fact that data is automatically encrypted or decrypted as it is loaded or saved. With transparent encryption, the files are accessible immediately after the key is provided, and the entire volume is typically mounted as if it were a physical drive, making the files just as accessible as any unencrypted ones. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. The entire file system within the volume is encrypted (including file names, folder names, file contents, and other meta-data). To be transparent to the end user, transparent encryption usually requires the use of device drivers to enable the encryption process. Although administrator access rights are normally required to install such drivers, encrypted volumes can typically be used by normal users without these rights .In general, every method in which data is transparently encrypted on write and decrypted on read can be called transparent encryption.

Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD) vendors, including: iStorage Limited, Seagate Technology, Hitachi, Western Digital, Samsung, Toshiba and also solid-state drive vendors such as OCZ, SanDisk, Samsung, Micron and Integral Memory. The symmetric encryption key is maintained independently from the CPU, thus removing computer memory as a potential attack vector. In relation to hard disk drives, the term Self-encrypting drive (SED) is in more common usage. 

This Post Has 2 Comments

  1. Hello
    I have an old version access database which runs our system. I had a GDPR consultant visit my office, he suggested migrating to a newer version of Microsoft and buying a new computer even though the system is working fine. The person who designed my system has been dead for years I wouldn’t know where to start developing a new one.
    Steve

    1. Hi Steven
      I am not sure why this was suggested, but something you might look at is transferring you legacy access system onto an encrypted drive/key; this would make your system more secure and tick several boxes for GDPR compliance.

Leave a Reply

Close Menu