Complex Made Simple

Encryption for the Rest of Us

Cryptography (or the study of encryption) is a complicated science, and there isn’t enough time or space to try and make you an expert here. But..

If your password can be compromised, a hacker doesn’t have the almost impossible task of finding the correct encryption key One of the most recommended encryption standards used by the government and in many hardware and software products is the Advanced Encryption Standard or AES For data in motion over the Internet, the printer should support TLS v1.x, which can be configured to use AES 256 bit encryption as part of a cipher suite

By Garland Nichols, PhD., Xerox Vice President of Engineering

What this article will do is give you a high-level overview to expand your understanding of encryption in general and what it can do (or can’t do) for you if used properly.

At the most simplistic level, encryption is the process of scrambling data to make it unreadable, and decryption is the process of unscrambling that data to make it readable again. Encryption is used to protect the confidentiality and integrity of data. You may have heard of encryption of data at rest, such as encrypted phones, databases and laptop hard drives, and encryption of data in motion, such as encrypted browsing sessions for data traversing the Internet for online transactions involving sensitive data such as personally identifiable information (PII) and credit cards. One thing we know if nothing else is – encryption=good, not using encryption=bad, but what is it about encryption anyway that makes it such a GOOD thing to protect our data, other than cybersecurity experts telling us we need it?

Read: Organizations worldwide are failing to adequately protect sensitive data in the cloud

Your First Experiment with Encryption – Maybe?

Do you remember as a kid taking the alphabet and using numbers to substitute for letters to create secret messages? If you do (and even if you don’t), that’s an example of a substitution cipher, and you probably didn’t think of it as encryption; it was just fun. The “key” for your “kiddie cipher” was what each number represented. You would use your key to encrypt your secret messages, and your best friend would use the same key for decryption to find out your mom had vanilla ice cream with sprinkles.

That was about as complicated as it got, and you protected your encryption key by folding it up and putting it in your back pocket. Passwords (and not pockets) and encryption keys however, go hand in hand. A password is often required to access the decryption key for data at rest. An example would be an encrypted phone that requires a password to decrypt or unlock the phone. The password allows access to the decryption key, which will unencrypt your phone. So, if your password can be compromised, a hacker doesn’t have the almost impossible task of finding the correct encryption key.

Without a password, the decryption key has to be determined some other way if a hacker has gotten hold of encrypted data. Encryption keys today, however, are not compromised by humans trying all possible combinations or picking the back pocket of your jeans, but by the powerful processing power of computers that can try billions of combinations per second.

Read: Middle East posts world’s second-highest average data breach costs at $6 Million

Advanced Encryption Standard and Data Security

One of the most recommended encryption standards used by the government and in many hardware and software products is the Advanced Encryption Standard or AES. It comes in three key lengths, but we are going to focus on AES-256 bit encryption. We should probably explain what a bit is before we move on. Note that a computer does not see the alphabet as we do; it only knows 1s and 0s (each is a bit of data), so each letter of the alphabet which includes upper and lower case and special characters, has its own unique combination of 1s and Os and is 1 byte long or 8 bits.

You might be asking, just how secure is AES 256 bit encryption? Even if you had 100 thousand supercomputers and each one could try a million, billion keys per second, it would still take trillions of years to find the key and decipher 256 bit encrypted messages. A computer would need to try at least half of 115, 792,089,237,316,195,423,570,985, 008,687,907,853,269,984,665,640,564,039,457, 584,007,913,129,639,936 possible combinations. No such computer exists today (that can break any of the three key sizes of AES encryption), and it may take a few hundred years for such technology to become available based on current scientific projections.

Read: The GCC can benefit vastly if it recognizes the value of data: Strategy& and INSEAD Report

Protecting Data at Rest and in Motion

How does a printer protect your data using encryption at rest and in motion? We talked about encryption at rest and in motion and focused on AES 256 bit encryption. The main thing is that you hopefully now understand a little bit s more about what encryption is, along with how and why it protects data. Now we are going to talk about the printer and features that use the power of encryption to protect your data at rest and in motion.

For data in motion over the Internet, the printer should support TLS v1.x, which can be configured to use AES 256 bit encryption as part of a cipher suite. There are various cipher suites to choose from, allowing you to select the one that best fits your security policies. This means when using scan-to-email, as your data is sent over the Internet, it can be encrypted end-to-end using TLS 1.2 encryption. The printer should also offer use of IPsec and HTTPS to provide encryption for print job data sent to the printer as it travels across the network.

Maybe we didn’t make you an expert, but hopefully you have a better understanding of how encryption can protect data at rest or in motion by scrambling it to make it unreadable, which protects data from being read by unauthorized parties. In addition, we covered how a decryption key is often required to descramble or decrypt encrypted data, and how sometimes those keys are protected by passwords. We talked about how strong encryption such as AES protects data and how difficult it is to determine the encryption key to decrypt or decipher a message encrypted with AES 256 bit encryption. Lastly, and most important we shared information on how a printer can use the security that encryption provides to keep your data safe. Just be sure to keep your passwords and encryption keys out of your back pocket!