About the Author
Alexander Vukcevic is Director of Protection Labs & QA at Avira.
Encryption is simply the process of converting information or data into code that only selected parts can read. But unlike the substitution codes you may have created in your childhood, or even the German Enigma machine from WWII, the modern encryption process has become more complex and absolutely essential in everyday life. the line.
Get the terms directly
Unfortunately, only the terms used to describe the encryption have become almost indecipherable code. These are some of the most important terms:
The unencrypted data or messages are called plain text. Once a message has been encrypted, its unreadable form is called encrypted text.
The private or symmetric key is the type of encryption used by most of us, with the sender and recipient being the only ones who have decryption information. Keys for this can be done at the beginning of each session.
With asymmetric or public key encryption schemes, the basic philosophy of modern encryption, the encryption key is published for anyone to use and encrypt messages. However, in a series of transfers, only the receiving party receives access to the decryption key that enables the messages to be read.
Information stored on your hard drive or in the cloud is data at rest. The information that travels from one point to another is data in motion. Both types of data can be encrypted or left unencrypted.
Let's talk about the message.
Encryption is not done in a vacuum, it works with a message. In all historical cases, the encrypted message was in the form of a physical letter on paper.
In the modern age, our Internet messages are distributed as packets of data. Instead of sending out a continuous stream of information, like the electrical impulses from our childhood phones, the data in this message is divided into individual data packets according to the guidelines defined in the TCP / IP packet or protocols.
Each packet comes with a set of information including the source IP address of the sending device, the destination IP address of the receiving device, the sequence number of the packet so that it can be used. can be reassembled, the type of service, the technical data and, finally, the payload - the actual information.
The paradox of the postcard.
You can think of a data package as a series of electronic postcards that, when assembled correctly, make the Internet possible. And, like a postcard, it is not encrypted and can be read by anyone along the transmission chain. This is the situation with the HTTP server waiting for the Internet. This protocol has allowed the Internet to work, to become truly global, but it does not provide privacy or security to the user.
HTTPS envelope strategy
The HTTP enhancement came with HTTPS, with the extra S for security. This means that the message or payload in the data packets is encrypted using Transport Layer Security or TLS, a set of cryptographic protocols. Think of it as an envelope for your letters, preventing prying eyes from reading the content. It is usually represented by a small padlock icon in the corner.
Previously, HTTPS was primarily targeted at stores and banks due to the cost of certification for each transaction. However, this has changed dramatically as certification has become essentially free. By 2019, approximately 70% of web traffic is on the more secure and encrypted HTTPS protocol.
The absence of the HTTPS mark is a reliable symbol of the fact that the website has been badly assembled and is a red flag for a phishing site. Now it is so prevalent that it has even been used in some phishing attempts.
No encryption and your DNS
Even when HTTPS is enabled, it is not fully encrypted. For example, the Domain Name System (DNS) converts text URLs to digital IP addresses, and this information, essentially the top-level domain of your destination, is not encrypted. It is like a postal letter where your name, your address, the person you are writing to, and the destination are clearly visible on the envelope.
This allows followers and your ISP to know exactly where you are going, but not the exact content that you have accessed. Other unencrypted information may include your own IP address, information about your device and operating system, and your location.
VPN potential
A virtual private network or virtual private network fixes gaps in HTTPS encryption and unsecured networks, such as a special postman with a registered letter. The sender and recipient approve the letter and only the postman needs to know the details. These are the three main points to keep in mind:
Encryption is simply the technology used to preserve privacy in the age of the online connection. Although the specific protocols and processes change over time, the goals remain the same: continuous coverage of our lives online that protects our privacy and security.
Alexander Vukcevic is Director of Protection Labs & QA at Avira.