Encryption is a technique to code and scramble data to prevent them from being read without authorization. It enables information to be stored or sent across communication networks without losing confidentiality or integrity. When a computer system or network cannot be trusted, encryption can provide such assurance.
When encryption is used, an algorithm transforms plaintext into a coded equivalent known as ciphertext for transmission or storage. The coded text is subsequently decoded (decrypted) at the receiving or retrieval end and restored to plaintext.
Encryption uses an algorithm and a key to turn plaintext into coded information that cannot be decoded without the same algorithm and the appropriate key. A key is used to make encryption unique to the same user or a small group of users. The key is randomly generated by encryption software, and it consists of a string of binary digits that generally ranges from 56 to 2,048 bits. Like a password, the longer the key and the more frequently it is changed, the more difficult it is for an intruder to break the encryption. Safeguarding the key is also critical. For example, a key recorded in a computer without strong password protection serves little value in protecting the stored data. A similar weakness is to store a smart card holding the key in the same bag with the computer.
Common Encryption Techniques
Private (Symmetric) Key Encryption
In private key algorithms, the same key is used to encrypt and decrypt the data. This private key must be kept secret for the information to remain secure; thus, a different shared key is required for each pair of users. The system is symmetric in that the same key is used for encryption and decryption. Using the same key at both ends simplifies the process. However, this makes it very important to safeguard the key. A symmetric key typically ranges from 56 to 256 bits long.
A major drawback of using symmetric keys is that the number of keys to maintain can be unwieldy. For example, two people who communicate with each other using encryption can use the same key. Three people who communicate secretly with each other should not use the same key, because the value of encryption will start to be eroded. For three people—Al, Bill and Charlene—to use unique symmetric keys, Al will need two keys, one for communicating with Bill and another for communicating with Charlene. Bill and Charlene will also need two unique keys each; however, there is some overlap, because the two unique keys used by Al can also be used by Bill and Charlene, e.g., the key between Al and Bill is the same as the key between Bill and Al. Therefore, for a group of three people, three keys are needed. For a group of four people, six keys are needed. At this point, the number is quite manageable. The formula for calculating the number of keys needed is (n2-n)/2, with n being the number of parties in the group. For an organization with 50,000 employees who communicate with each other using encrypted e-mail, the number of keys is 1,249,975,000. It can be difficult to manage.
The above analysis seems to suggest that symmetric key encryption is not practical. That is not true. Temporary keys are often used to encrypt data that travel on the Internet, for example, to encrypt data communication in a virtual private network (VPN). Because such a key expires as soon as the user signs off the VPN session, there is no need to maintain a large file of keys, and the key management overhead described in the preceding paragraph does not apply. Common symmetric key encryption algorithms include Data Encryption Standard (DES) and Advanced Encryption Standard (AES). Some would argue that AES is a method, and a number of algorithms can be used to apply this method. For example, the method endorsed by the US government is Rijndael.
Public (Asymmetric) Key Encryption
The other major type of algorithm in popular use is public key encryption, which is based on a pair of keys, a private key and a public key. Generally, the public key is used to encrypt data and the private key to decrypt. The two keys are mathematically related, but the algorithm is not symmetric, so knowing one key is no help in deriving the other. A user wanting to receive confidential information can freely announce his/her public key, which then is used by the sender to encrypt data. The data can be decrypted only by the holder of the corresponding private key.
The public key system reduces the number of keys that need to be managed because each user needs only two keys, regardless of the number of parties involved in communication. Compare this with the symmetric key system, where a unique key has to be used to communicate with each person. The number of keys needed for a group of n parties to communicate with each other using the public key system can be calculated as 2 x n. For an organization with 50,000 employees, only 100,000 keys have to be managed, as opposed to 1,249,975,000 under the symmetric key system.
In a public key system, it is critical to ensure that the public key is authentic and really belongs to its announced owner. A public key can be attached to a digital certificate, which authenticates the user's identity.
Public keys are typically 512 to 2,048 bits long. They are longer than symmetric keys because, to prevent a cracker from deriving one key from the other in the pair, more rigorous mathematics is used. Public key (asymmetric) algorithms, therefore, are slower to execute than symmetric key algorithms.
Common asymmetric key algorithms include RSA (Rivest, Shamir, Adleman) and Diffie-Hellman.
Public Key Infrastructure
A public key infrastructure (PKI) is the underlying technical and institutional framework that allows public key encryption technology to be deployed widely within an organization and among organizations.
The public key system also allows the sender of a message to digitally sign the message by using his/her private key. The recipient can authenticate this signature by using the corresponding key. Digital signatures are difficult to counterfeit and easy to verify, making them superior to handwritten signatures. A digital signature is established by creating a message digest of an electronic communication, which is then encrypted with the sender's private key. A recipient who has the sender's public key can verify that the digest was encrypted using the corresponding private key and find out whether the message has been altered since the digest was generated. Because of the nature of the public key encryption algorithm, only the public key can decrypt a digest encrypted with the corresponding private key. This process establishes that only the holder of the private key could have created the digitally signed message.
The digital signing process described above lets the recipient authenticate the sender, but it does not encrypt the message to preserve confidentiality. By reversing the use of the private and public keys, the message can be encrypted. The sender will use the public key of the recipient to encrypt the message, and the recipient will use his/her private key to decrypt. Therefore, the holder of a digital certificate has two keys. He/she uses the private key to sign messages and sends the public key to his/her correspondents, so they can use it to authenticate the messages when received and to send him/her encrypted messages. In summary, one uses his/her own private key to digitally sign and uses others' public keys to encrypt content for confidentiality. Similarly, one uses others' public keys to authenticate the digital signatures and his/her own private key to decrypt content. Over time, a user will have access to his/her own private key and many public keys, one for each correspondent.
Public key algorithm and digital signatures are also used in e-commerce, and the latter is, for example, legally binding in Ontario, Canada, in accordance with its Electronic Commerce Act.
A digital certificate contains the digital signature and other identifying information about the person or organization to whom or which the signature pertains. Such information can include the name, address, nature of business, etc. Digital certificates are commonly used in e-commerce to authenticate a server and for the server to authenticate users. To be trustworthy, certificates used between parties should be issued by independent organizations. Such an organization is called a certificate authority.
One important difference between single-key and public-key cryptographic systems is the way the keys are managed. The critical issue is how to store and validate public keys, which need to be accessed and relied on by a large group of indeterminable users. One solution to this problem is to have a trusted third party vouch for the authenticity of the public key, either by storing it in a centralized, online database or by distributing it with a certificate. The certificate—basically a copy of the user's public key that has been digitally signed by a trusted third party—binds the identity of the key owner to the public key value. The organization that performs this binding is known as a certificate authority. A certificate authority starts with a root key that is the foundation of all the other certificates it distributes.
Secure Sockets Layer
Secure Sockets Layer (SSL) is the de facto encryption standard for e-commerce. Here are some common features:
- It does not require user effort, as the need to encrypt is determined by the web site being accessed.
- It provides end-to-end encryption between browsers and servers and can be used to authenticate servers and clients.
- It can encrypt, authenticate and validate all protocols supported by SSL-enabled browsers, such as File Transfer Protocol and web-based e-mail.
Need for Encryption
As organizations open their networks to the public, the confidentiality of business and customer privacy becomes more critical to protect. Encryption has become the norm for securing sensitive information as it travels on the Internet. Many organizations also find it necessary to encrypt data in their own networks to preserve confidentiality and integrity.
Encryption can prevent confidential information, such as credit card numbers, from being accessed by unauthorized individuals while in transit on the Internet. It can also prevent session hijacking, a method used by crackers to intercept and alter transactions. The industry standard Secure Sockets Layer uses a 128-bit symmetric key generated by the browser. This key is sent to the e-commerce organization encrypted with the web server's public key. This process does not require customer effort.
Encryption and digital signatures should be used to protect e-mail that contains sensitive information. Internet mail is notoriously insecure; even internal mail is not really private, because system administrators can access it. Encryption can also prevent inadvertent sending of e-mail to the wrong party. For example, if one wants to send mail to firstname.lastname@example.org, but inadvertently types email@example.com, before transmitting, the e-mail program will notify the sender that the public key cannot be found; this should alert the sender to correct the address.
Common programs used for e-mail encryption include Entrust's PKI system and Pretty Good Privacy (PGP). PGP is not designed for PKI; however, it can be flexibly managed by individual users and organizations. PGP can also be used to send encrypted files to be read by people who do not have encryption programs by sharing the passphrase for a symmetric key that is built in the encrypted file.
The importance of e-mail in terms of confidentiality is sometimes underestimated. It is no longer used just for message transmission. Instead, it is increasingly used to transmit business transaction data, such as insurance policy applications. E-mail is now a mission-critical system.
Virtual Private Network
A VPN typically uses the Internet. Encryption is needed to make the connection virtually private. A popular VPN technology is IPSec, which commonly uses the DES, Triple DES or AES encryption algorithms. DES uses 56-bit keys and Triple DES applies the key three times to achieve an effective key length of 168 bits. AES is a new standard adopted in 2001 that uses keys that can be 128, 192 or 256 bits long and a block size of 128 bits (vs. 64-bit blocks used in DES).
Wireless data transmission is subject to a higher risk of interception than wired traffic, just as it is easier to intercept cell phones than landline telephones. Wireless transmission of confidential information should be protected with strong encryption. An insecure wireless connection exposes users to eavesdropping, which can lead to the exposure of confidential information, intercepted messages or abused connections. Here are some examples:
- E-mail can be intercepted and read or changed.
- A hacker who hijacks a session can replace a user's credential with false information that leads to the destination server rejecting the user's access attempts, thereby causing denial of service.
- An unauthorized person can log on to a wireless network that is not secure and use the resources, including free connectivity to the Internet.
Wireless security standards are evolving. The most commonly used method for wireless local area networks is Wired Equivalency Protocol (WEP). An increasing number of organizations and vendors are replacing this with Wi-Fi Protected Access (WPA), which uses dynamic keys and an authentication server with credentials to increase protection against hackers.
WEP and WPA comply with the evolving versions of the 802.11 wireless standard specified by the Institute of Electrical and Electronic Engineers, with WPA being compatible with more advanced versions of 802.11. Even WPA has shortcomings, e.g., the key is protected with a passphrase that does not have a rigorously enforced length. WPA is a subset of the developing 802.11i standard. The full standard will call for enhanced security by implementing AES.
WEP and WPA are applicable to most wireless networks and commonly used in networks that involve PCs. Messages transmitted using portable wireless devices should also be protected with encryption. For example, the Blackberry enterprise server model integrates the device with corporate e-mail and uses Triple DES to encrypt information between the Blackberry unit and a corporate mail server.
Public keys are also used in mobile devices. Ecliptic curve cryptography (ECC) is widely used on smart cards and personal digital assistants (PDAs) and is increasingly deployed for cell phones. ECC is suited for small devices because the algorithm, by combining plane geometry with algebra, can achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic factoring. Smaller keys are more suitable to mobile devices such as PDAs and smart cards. However, ECC, although invented in 1985, has a shorter history than algorithms like RSA, and with increasing computing power, the length of keys is becoming a less important issue for PC-based applications. Some would argue that ECC is not as rigorous as traditional public key algorithms, because it is less proven.
Encryption is an effective and increasingly practical way to restrict access to confidential information while in storage. The traditional protection method—a password—has inherent weaknesses and, in many cases, is easily guessable. Access control lists that define who has access are also effective, but often have to be used in conjunction with operating systems or applications. Further, access control lists cannot prevent improper use of information by systems administrators, as the latter can have total control of a computer. Encryption can fill the security gap. It can also protect data from hackers who, by means of malicious software, can obtain systems administration rights. Encryption would also be valuable, or invaluable, for keeping data protected when a computer or a disk falls into the wrong hands.
Many of the e-mail encryption programs can also be applied to stored data. There are also some encryption products that focus on file protection for computers and PDAs.
The risk of cell phones is similar to that of wireless networks, i.e., confidential conversations can be exposed to eavesdroppers. Digital phones are more difficult to tap than analog phones, but a determined person with easily obtainable tools can access and decode the digital packets. Phone companies are becoming more conscious of security and have implemented scrambling and encryption.
Of the digital cell phone standards—Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA) and Global System for Mobile Communication (GSM)—GSM is the only standard that uses true encryption with 128-bit keys. CDMA uses pseudo encryption with the phone's hard-coded key and a dynamic random number. TDMA uses scrambling with very small time units as the variable; a unit is a small fraction of a second. TDMA is being phased out, and CDMA is still the most popular standard in North America, because GSM, although very strong in Europe and Asia, has low coverage in the United States.
General Packet Radio Services (GPRS), a packet-based wireless communication service that promises data rates from 56k to 114k bits per second and continuous connection to the Internet for mobile phone and computer users, is based on GSM and therefore also uses encryption.
Third-generation (3G) wireless, the near-future developments in personal and business wireless technology for mobile communications, expected to mature in the next year, will support enhanced multimedia, multifunctions (voice, e-mail, paging, fax, video-conferencing and web browsing), two megabits per second and roaming throughout Europe, Asia and North America. The current design uses some form of optional encryption. Security experts are proposing compliance with AES.
Encryption usually cannot prevent the deletion of the entire data file.
Another limitation is that it relies on the encryption key, so there must be a process for key recovery in the event that the key or the associated password cannot be obtained, because of human memory lapse, accidental deletion, misplacement of a smart card holding the key, or the departure of the staff members holding the key or password. Most encryption software tools include a feature for an encryption administrator to use a special key to recover a user key. Such a special key should be kept offline under joint custody, similar to keys to a safety deposit box.
How It Works With Other Technologies
Encryption is often used with other techniques, such as:
- Storing the encryption key and applying the algorithm using a smart card
- Transmitting smart card values in encrypted format
- Encrypting a password
- Requiring a strong password to protect an encryption key
- Using a token to activate an encryption key
- Encrypting biometrics
However, other technologies can also be limited because encryption is used. The purpose of encryption is to prevent unauthorized disclosure. That means encrypted data can be read only with the proper keys and algorithms. Encrypted traffic, therefore, may not be subject to inspection by other security mechanisms, such as firewalls, antivirus engines and intrusion detection systems. To enable these mechanisms to function effectively, network traffic, in most cases, is decrypted even before the business applications process the data. The point for decryption represents a risk-based tradeoff between confidentiality and the need to weed out malicious traffic.
Access control is a key control area in any audit that involves information systems, and encryption can provide strong access controls. This is accomplished by encrypting data files and using public keys to authenticate users. The following tables show examples of how encryption and its derivative application to authentication can affect the common types of audit engagements.
Financial Statement Audits
Figure 1 shows the effects on financial statement audits.
Internal and Value-for-money Audits
In addition, internal audit and value-for-money audits are also concerned about confidentiality, privacy, system effectiveness, efficiency and profitability (see figure 2).
Other Attest Audits
Audits that attest to the effectiveness of information system controls are increasing because of the growing use of the Internet and information technology. The common types are service organization audit, WebTrust and SysTrust. Although the audit and control objectives differ for each engagement, these audits are primarily concerned about system reliability and information integrity, and are carried out to express an opinion on management assertions about controls. Figure 3 shows how encryption can help ensure management assertions are met.
Assertions already outlined in figures 1 and 2 are not repeated.
To assess the effectiveness of encryption to support management assertions, auditors should carry out the following:
- Review the organization's information security policy to determine whether it provides sufficient guidance in information classification and application of encryption.
- Review and test the encryption software to assess whether it adequately supports the information security policy and information classification.
- Review and test key management procedures to assess their adequacy in supporting the information security policy.
- Review the points of decryption and assess whether data custodians and owners are aware of the need for compensating controls.
- Review user procedures and interview selected users to determine whether encryption is effectively applied.
- Review contracts with certificate authorities and other service organizations to assess whether responsibilities and obligations are clearly understood.
- Where applicable, review the external control assurance report on CAs and other service organizations.
- Review the extent of deployment of encryption in relation to statutory requirements and expectations.
- Review procedures and infrastructure controls for wireless networks to assess whether encryption provides comparable security wired networks.
- Review procedures and infrastructure controls for mobile devices to assess whether encryption provides comparable security to workstations.
David Chan, CISA, CISM, CFE, CPA
is business manager of the Information Protection Centre in the government of Ontario, Canada. He has more than 20 years of IT audit and security experience in the private and public sectors. He has been published in CA Magazine and is a member of the IT Advisory Committee of the Canadian Institute of Chartered Accountants.