By Garland Nichols, PhD., Xerox Vice President of Engineering
What this article will do is give you a high-level overview to expand your understanding of encryption in general and what it can do (or can’t do) for you if used properly.
At the most simplistic level, encryption is the process of scrambling data to make it unreadable, and decryption is the process of unscrambling that data to make it readable again. Encryption is used to protect the confidentiality and integrity of data. You may have heard of encryption of data at rest, such as encrypted phones, databases and laptop hard drives, and encryption of data in motion, such as encrypted browsing sessions for data traversing the Internet for online transactions involving sensitive data such as personally identifiable information (PII) and credit cards. One thing we know if nothing else is – encryption=good, not using encryption=bad, but what is it about encryption anyway that makes it such a GOOD thing to protect our data, other than cybersecurity experts telling us we need it?
Your First Experiment with Encryption – Maybe?
Do you remember as a kid taking the alphabet and using numbers to substitute for letters to create secret messages? If you do (and even if you don’t), that’s an example of a substitution cipher, and you probably didn’t think of it as encryption; it was just fun. The “key” for your “kiddie cipher” was what each number represented. You would use your key to encrypt your secret messages, and your best friend would use the same key for decryption to find out your mom had vanilla ice cream with sprinkles.
That was about as complicated as it got, and you protected your encryption key by folding it up and putting it in your back pocket. Passwords (and not pockets) and encryption keys however, go hand in hand. A password is often required to access the decryption key for data at rest. An example would be an encrypted phone that requires a password to decrypt or unlock the phone. The password allows access to the decryption key, which will unencrypt your phone. So, if your password can be compromised, a hacker doesn’t have the almost impossible task of finding the correct encryption key.
Without a password, the decryption key has to be determined some other way if a hacker has gotten hold of encrypted data. Encryption keys today, however, are not compromised by humans trying all possible combinations or picking the back pocket of your jeans, but by the powerful processing power of computers that can try billions of combinations per second.
Advanced Encryption Standard and Data Security
One of the most recommended encryption standards used by the government and in many hardware and software products is the Advanced Encryption Standard or AES. It comes in three key lengths, but we are going to focus on AES-256 bit encryption. We should probably explain what a bit is before we move on. Note that a computer does not see the alphabet as we do; it only knows 1s and 0s (each is a bit of data), so each letter of the alphabet which includes upper and lower case and special characters, has its own unique combination of 1s and Os and is 1 byte long or 8 bits.
You might be asking, just how secure is AES 256 bit encryption? Even if you had 100 thousand supercomputers and each one could try a million, billion keys per second, it would still take trillions of years to find the key and decipher 256 bit encrypted messages. A computer would need to try at least half of 115, 792,089,237,316,195,423,570,985, 008,687,907,853,269,984,665,640,564,039,457, 584,007,913,129,639,936 possible combinations. No such computer exists today (that can break any of the three key sizes of AES encryption), and it may take a few hundred years for such technology to become available based on current scientific projections.
Protecting Data at Rest and in Motion
How does a printer protect your data using encryption at rest and in motion? We talked about encryption at rest and in motion and focused on AES 256 bit encryption. The main thing is that you hopefully now understand a little bit s more about what encryption is, along with how and why it protects data. Now we are going to talk about the printer and features that use the power of encryption to protect your data at rest and in motion.
For data in motion over the Internet, the printer should support TLS v1.x, which can be configured to use AES 256 bit encryption as part of a cipher suite. There are various cipher suites to choose from, allowing you to select the one that best fits your security policies. This means when using scan-to-email, as your data is sent over the Internet, it can be encrypted end-to-end using TLS 1.2 encryption. The printer should also offer use of IPsec and HTTPS to provide encryption for print job data sent to the printer as it travels across the network.
Maybe we didn’t make you an expert, but hopefully you have a better understanding of how encryption can protect data at rest or in motion by scrambling it to make it unreadable, which protects data from being read by unauthorized parties. In addition, we covered how a decryption key is often required to descramble or decrypt encrypted data, and how sometimes those keys are protected by passwords. We talked about how strong encryption such as AES protects data and how difficult it is to determine the encryption key to decrypt or decipher a message encrypted with AES 256 bit encryption. Lastly, and most important we shared information on how a printer can use the security that encryption provides to keep your data safe. Just be sure to keep your passwords and encryption keys out of your back pocket!