Why Encryption?
Encryption is, quite simply, a means of ensuring your information remains your (and only your) information. It disrupts the “mind your own business” adage by attempting to make it impossible for others to mind your business. Tracing the trail of encryption (or cryptography, as they were almost synonyms until more recently as encryption has become digital) back through time, some of the very earliest encryption was used to protect military orders. This isn’t surprising, as an effective military must keep its movements secret from the enemy. The Arabs, Greeks, Romans—almost all the cultures of the ancient world, in fact—used encryption in some form, though the Arabs are thought to be the first to document the subject. Military secrets needed to remain secret.
In his history of cryptography and encryption, The Codebreakers, David Kahn describes a 3″ x 2″ tablet from around 1500 B.C. This Mesopotamian tablet described the earliest known formula for making pottery glazes, protected with a cipher to safeguard trade secrets. Information was protected with encryption.
Fast-forward through time. More people in the world meant more secrets. Religions split and collided. Sciences grew, hid, grew more, and blossomed. And during all these changes and growth spurts, information about many topics had to be kept hidden from some group or another.
Today, information is just as valuable as ever and, since there is more of it and it is more accessible, protecting information has become a job in itself. Therefore, we encrypt to protect our organizations, our intellectual property, our families, our country, and, most importantly, our security.
But Really, Why Encryption?
We know there is information we need to protect, but is that the only reason we encrypt things? Nope! The tree of encryption bears three other fruits: authentication, integrity, and nonrepudiation.
Authentication refers to proving the sender is who they say they are. This is simple to picture. If you receive an encrypted message from someone and it’s using the encryption you both previously decided on, then you know the person sending you the message is the person you think it is. By using encryption, the sender has provided some proof of their identity or, at least, their authority to send an encrypted message.
Integrity provides assurance that the information hasn’t been altered. Again, this is simple to picture: if you take a piece of data, encrypt it, and then decrypt it, you will have the same piece of data. If anything happens to that data, it won’t decrypt properly, and you’ll have a mess of random characters. If you have a mess, you know the integrity of the information has been compromised.
Nonrepudiation is a fun word that means the sender can’t say they didn’t send the information. If only two people have the encryption keys and information is encrypted using those keys (and assuming the receiver didn’t send it to themselves), then the sender is the sender. If the sender says they didn’t send it, the fact that the encryption was used proves they did. That is, the sender is unable to repudiate (or disavow) they sent the information.
Dual Encryption Matters
So, your information is protected with encryption, which is great. But what if someone breaks that encryption? One virtual lock picked, and your information is now in peril. Perhaps the easiest way to visualize this is a door with both a door lock and deadbolt. Any attempted intrusion has to bypass both locks before the door can be opened. By using two levels of encryption, information is safeguarded against a single point of failure.
Encryption should ensure the amount of time required to defeat the encryption is longer than the amount of time the data is of value and required to be secure. With AES-256 encryption, the current accepted standard, block lengths support 256 bits from which to create a key. Imagine guessing an ATM pin that was 256 characters long and the variations that it could contain. That’s a lot of really long numbers.
To put this in another context, breaking a symmetric 256-bit key by brute force would theoretically take longer than our universe has existed—multiplied by a billion. Now imagine two layers of AES-256 encryption and you can see why dual encryption matters: having to brute force through two layers of such a tough encryption standard borders on statistically impossible.
Two Heads are Better than One
Most cryptographic solutions make use of a single software library to provide encryption and decryption of data. A single software library does give you encryption, true, but also comes with the risk that in the event of a zero-day compromise of the library, the entire encryption fails.
To combat this single point of compromise, Fognigma (our enterprise software solution which gives organizations the power to build encrypted, invisible, and anonymized cloud-based networks, thus securing your communications and online activities) offers the ability to add in a completely separate secondary software library to dual layers of encryption. In the event of a zero-day exploit or other compromise of one library, the second library remains uncompromised and your data remains safe.
In addition to the standard versions of these libraries (OpenSSL and wolfSSL), Fognigma also offer a FIPS 140-2 validated version of each library (OpenSSL – Certificate #3284; wolfSSL’s wolfCrypt – Certificate #2425). By using one or both of these FIPS-certified cryptographic libraries, Fognigma can comply with the most rigorous regulatory requirements.
Dual layers of encryption. Dual software libraries. Fognigma is ready to give you the power to protect everything your organization holds dear. Contact us today to learn more or to schedule a demo.