What is data encryption?
Data encryption is a set of techniques for encrypting sensitive and personal data, to ensure its confidentiality.
The objective is to prevent anyone from accessing it without permission, by making it unreadable for anyone without a decryption key. Learn how encryption works, and how it provides effective protection against online threats, theft and disclosure of sensitive data.
Understanding what data encryption means
Data encryption definition
Encryption is a form of cryptography that involves scrambling data to make it incomprehensible at first glance. Text information written in plain-text language, i.e. readable by a human being, is converted into coded language — resulting in unreadable or ‘encrypted’ text.
Why is the term encryption used?
Encryption refers to a set of symbols, such as letters, numbers or signs. These are used to replace the plain-text characters.
>> Encryption Operation >>
The scrambled data is only understandable by authorised persons. But how do they manage to read the encrypted information?
Data is not randomly encrypted: the operation is performed using an encryption algorithm.
The person who wants to read the encrypted data must have the right key to decrypt it, by converting it into plain text.
Did you know?
Etymologically, the term ‘cryptography’ means ‘hidden writing’. Numbers have been used as vectors of message confidentiality since ancient times. The most well-known one is Caesar code, also known as “offset encryption”. This involves staggering the letters by one or more values in the alphabet. For example, ABC becomes DEF.
Finally, please note that encryption is possible for:
- Stored data or “data at rest” (hard disk encryption).
- Data in transit or “data in progress” (when transmitted over the internet or any other network).
What is an encryption algorithm?
An encryption algorithm is a mathematical formula that uses an encryption key to encrypt data. This allows for predictable data transformation — so even if the result seems completely random, knowing the encryption key enables you to perform the opposite operation, and make a completely hermetic text readable.
The cryptographic key corresponds to a string (e.g. 6846A649B880FCFE1797D67AEAF).
The challenge of data encryption: Protection against hacking
Today, the cloud and connected servers store and manage high volumes of sensitive data. These can be the prime target of hacking, so it is necessary to set up safeguards with proven effectiveness.
Encryption is one of the tools used to counter cyberattacks. From ransomware and malware to brute-force attacks, cybercriminals are deploying an increasingly diverse array of offensive tactics. In addition to this, the cybersecurity figures for France in 2021 are worrying. In its 2022 annual barometer for company cybersecurity, CESIN (the Club of Information and Digital Security Experts), 54% of French companies fell victim to cyberattacks in 2021.
In this context, data encryption is an integral part of the security measures that can be put in place.
What are the different data encryption models?
There are several encryption methods. Different security requirements lead to the development of different solutions. However, there are now two main models for encrypting data — symmetric and asymmetric encryption.
Symmetric encryption involves using a single secret key, both to encrypt the original message and to decode the text. Both the sender and recipient of encrypted data use the same secret key to perform encryption and decryption, so there's symmetry in the technique used for each of these operations.
The Enigma machine, used by the German army during the Second World War, was symmetrical.
Asymmetric encryption, or public key cryptography, uses two different cryptographic keys: one to encrypt the data and the other to decrypt it. The first is called the ‘public key’, simply because it is accessible to everyone. The second, the decryption key or ‘private key’, is kept by the recipient only. Only the private key can decipher the message.
Symmetric and asymmetric encryption algorithms
Initially, encryption algorithms used 56-bit cryptographic keys to protect data. This is the case, for example, with the Data Encryption Standard (DES) method. These keys are no longer complex enough to withstand increasingly sophisticated hacking techniques.
The following table lists the current encryption methods.
Symmetric encryption methods
|3DES or Triple DES|
The Triple DES algorithm uses three 56-bit keys.
This sequence of operations slows down the encryption process. In addition, the use of longer blocks by newer algorithms makes the Triple DES algorithm increasingly obsolete.
|Advanced Encryption Standard (AES)|
This algorithm encrypts data in 128-bit blocks using keys of different lengths (128, 192, or 256 bits).
It is a symmetric algorithm that is often used in financial institutions and government agencies.
Twofish also encrypts data in 128-bit blocks with keys from 128 to 256 bits. However, it processes the blocks in 16 rounds, regardless of how much data there is.
|Perfect Forward Secrecy (PFS)|
PFS uses session-specific temporary private keys. Any new session generates a new key, which ensures that other sessions remain confidential in the event of a security breach.
The PFS function is included in the Diffie-Hellman algorithm.
This system is used by Google, WhatsApp, and Facebook Messenger.
Commonly used symmetric encryption algorithms
Asymmetric encryption methods
The RSA encryption algorithm relies on factoring very high-value prime numbers. Since this technology is becoming increasingly advanced, keys below 2,048 bits are no longer considered reliable. Currently, the recommendation is to have keys that are 4,096 bits in length.
However, this feature increases the encryption time for large files.
PKI (Public Key Infrastructure)
The PKI is an architecture with different servers that allows both delivery and management of the certificate lifecycle. A certificate is a signed and trusted ‘ID card’ that provides encryption keys. One of the most well-known cases is the creation of an HTTPS tunnel.
Elliptic Curve Cryptography (ECC)
The ECC encryption method relies on objects that are more sophisticated than whole numbers, namely points on elliptic curves.
As key sizes are generally reduced, the encryption process is shortened.
Commonly used asymmetric encryption algorithms
The difference between in-transit and end-to-end encryption
In-transit encryption ensures that information is protected during communication, i.e. during data transfer between the sender and the server. The data is not encrypted to the recipient. The server decrypts the data before re-encrypting it to send it to the recipient. This means there is a point where data is vulnerable, as it is written in plain text — and thus susceptible to exploitation by a third party.
With end-to-end encryption, data is encrypted without a break between sender and recipient. Only they have the keys to decrypt the data. The servers located on the path have no access to the plain-text message at any time, so data protection is fully ensured throughout the entire journey. This encryption method is used by the Telegram app, for example.
What is homomorphic encryption?
Homomorphic encryption is a method for asymmetric encryption systems. A third party with the public key can perform arbitrary calculations on messages encrypted by the data owner. As a result, the third party does not have access to the unencrypted messages, and provides the owner with the result of their calculations — i.e. new encrypted messages. The administrator can then decrypt the result of the calculations with their private key, and get their message in plain text.
This method can be used to outsource the storage and processing of sensitive data to the cloud securely. This way, complex and resource-intensive operations that take a lot of time can be outsourced to third-party datacentres.
Five reasons why data encryption is essential today
Data encryption ensures confidentiality for data in transit, in the context of communications. Only the owner of the data and/or its recipient can read it. If malicious parties intercept messages, it is impossible for them to read the sensitive data.
Encryption secures data against hacking and privacy violations. If a business computer is stolen, the encrypted data stored on it remains inaccessible — so sensitive company data cannot be disclosed.
Messages transmitted over the internet can be intercepted and modified without the sender and recipient being aware of it. Encryption is a tool to that guarantees data integrity by ensuring that it is not altered while in transit.
TLS 1.3 guarantees the integrity of exchanges, which is not the case for all algorithms. For example, man-in-the-middle attacks involve the attacker inserting themselves into an encrypted communication and altering the exchange on the fly, with no integrity checks being carried out.
Encryption is part of certain system access controls. Authenticating an access request is the same as verifying the request’s legitimacy.
To combat malicious behaviour and the risk of losing or revealing sensitive data, several regulations are currently enforced. Some industry and government organisations require encryption before user data is stored. Examples include HIPAA (Health Insurance Portability and Accountability Act) for the transmission of electronic health records, PCI DSS for bank data security, and the GDPR, which processes personal data in the European Union.
OVHcloud and data encryption
Companies and administrations must take great care to guarantee the security of their data. To help them comply with the GDPR and stay protected against cyberattacks, OVHcloud works actively to secure data:
The Hosted Private Cloud solution
holds the SecNumCloud qualification recommended by the French government. The level of security and trust guaranteed by this qualification has been audited by the National Agency for Information System Security (ANSSI).
Let's Encrypt and Sectigo SSL certificates
are offered to guarantee the confidentiality of communications with websites hosted by OVHcloud, and protect the transactions of e-commerce stores.