Fundamentals of encryption

Companies use asymmetric, symmetric, and hybrid encryption methods to protect confidential data. Read on to find out why encryption is essential to today’s internet.

Given the increasing frequency of data breaches, no one doubts the importance of encrypting data for businesses, government agencies, and private users alike. Only encryption ultimately prevents unauthorized access to data – whether it involves data at rest or in transit. Securing communications via the internet by using encryption has played an increasingly important role in recent years.

How data encryption works

We are all familiar with postcards that people used to send back home from their vacation. Anyone who holds the postcard in their hands can read the content directly. With a sealed letter, the postcard’s content is protected from prying eyes. Encryption of data works in a similar way: It adds an additional layer that protects confidential data from unauthorized access.

One of the first known users of a rather simple encryption method was Julius Caesar. The encryption method named after him is essentially just a cipher where one letter of the unencrypted text is replaced by another letter according to a specific scheme. Caesar is even said to have used a shift of just three letters in the alphabet. The well-known Rot13 method is based on the same principle.

Leon Battista Alberti went on to develop this method 1500 years after Caesar. Alberti is credited with the cipher wheel, also known as the Caesar wheel. It consists of two round plates that share a common axis and can be shifted in an opposing direction. When the disc is shifted, the letters that need to be replaced for encrypting and decrypting the communication can be read.

Symmetric encryption explained

The simple encryption method of the cipher wheel is also called symmetric encryption, as the same key is used for both encryption and decryption. Symmetric encryption methods are often used, for example, in securing data in an encrypted vault or in backups. The most important symmetric encryption methods include:

• Data Encryption Standard (DES): The algorithm developed by IBM in the early 70s uses only a relatively short key length of 56 bits. This makes it vulnerable to brute-force attacks.
• Triple-DES: Since Triple-DES uses three keys, it results in a key length of 168 bits. However, due to the vulnerability to meet-in-the-middle attacks, the effective key length is only 112 bits. Nevertheless, Triple-DES is still used today.
• Advanced Encryption Standard (AES): AES or Rijndael, as the method was originally called, was introduced in the early 2000s by the National Institute of Standards and Technology (NIST). The standard supports key lengths of 128, 192, and 256 bits.

The latter and most secure variant is most commonly used. According to the current state, there are no feasible attacks against AES known in practice. In the USA, it is therefore approved for the Top Secret classification.

How asymmetric encryption works

In asymmetric encryption a key pair is used instead of single keys. One of the keys is public, the other private. They are closely related.

The public key can be freely distributed by the user. It is used to encrypt data. To decrypt, however, the private key and the associated passphrase are required. With the public key, it is not possible to make the encrypted data readable again. However, it can be used to verify a digital signature created with the private key.

The term Public Key Infrastructure (PKI) is often used as a synonym for asymmetric encryption. PKI methods are used to protect email messages, as well as to encrypt data when browsing the internet via Secure Sockets Layer (SSL) or Transport Layer Security (TLS).

Where encryption is used in practice

Corporate users may encounter encryption methods at various points.

• Hard drive encryption: Ensures that sensitive data does not fall into the wrong hands in the event of theft. This is especially true for all mobile devices, which should be fully encrypted.
• Email encryption: Emails pass through several stations before they reach their destination. For attackers, it is easy to intercept and read unencrypted emails at these nodes. PKI (Public Key Infrastructure) methods are usually used for encrypting emails.
• Encryption while web browsing: Today data between the local web browser and the remote web server is usually encrypted with TLS (Transport Layer Security).
• Encrypted tunnels: Virtual Private Networks (VPNs) are considered a proven method for securely connecting multiple locations or remote employees with the corporate network. IPsec (Internet Protocol Security) is recommended for encryption. This protocol combines asymmetric and symmetric encryption methods. It is known as a hybrid method.

Furthermore, companies typically also encrypt their databases, servers, local network communication, wireless networks, and cloud applications.

Encryption: Glossary of key terms

In the context of encryption, several other technical terms frequently come up. The most important are:

• Transport encryption: Prevents unauthorized individuals from reading the data during transit, such as from a company’s mail server to the provider’s mail server. After that, it is usually out of the user’s or company’s hands how the message is forwarded.
• End-to-end encryption: The user retains control over their data, as it is encrypted at the starting point and only decrypted at the destination. Encrypted information cannot be accessed from any intermediate nodes.
• Digital certificates: Certificates confirm the validity of a public key and the identity of its holder. Therefore, certificates contain the public key, information about the holder, and a digital signature from the certificate issuer. If this signature comes from an entity trusted by the operating system or application in use, the software accepts the certificate.
• Digital signatures: Serve to identify the sender of a message. Either a hierarchically structured PKI or a heterogeneous Web of Trust consisting of many users is used for verification.
• Authentication: Allows for the verification and confirmation of a person’s or machine’s identity. For example, before a user can access a remote resource, they must first authenticate themselves, for example, by using a username and password.

Encryption plays a crucial role in securing businesses – and this also applies to employees’ endpoint devices. It is particularly important to encrypt all confidential and sensitive data on these devices. Learn how endpoint security works exactly in our blog post “How endpoint security works.”