With the release of our new encryption product we thought it may be a good time to explain what encryption is, why it is important, and how using Spark Encryption can help you keep your data safe.
Encryption is the process of encoding a message (called plaintext or PT) following an algorithm in a way that only those with the key can decode (making a ciphertext or CT). This theoretically makes it so improbable to decrypt that it could not be done in a reasonable timeframe (think millions or billions of years).
There are two main forms of encryption. Encryption at-rest and in-transit. At-rest encryption allows you to encrypt files and data while it is on your device or system. If you transmit that file, it is encrypted but will not be automatically decrypted when it arrives at the other side. In-transit encryption encrypts the file as it leaves your device and decrypts it when it arrives at its destination. Encrypted texting is an example of this.
Once you have decided what kinds form of encryption you need, you need to look at the encryption itself. There are three primary attributes when looking at an encryption scheme:
The first is the cipher. The cipher is the algorithm that is followed when transforming your data from plaintext to ciphertext, and vice versa. For example, the most common in modern times is called AES (originally known as Rijndael), which stands for the advanced encryption standard. There are many good ciphers, however for most purposes, a version of AES is best for compatibility and compliance.
The second is the mode. The mode is how the cipher is applied to the data you are encrypting. The two modes we will talk about today are known as the Electronic Codebook (EBC) and Counter (CTR) modes. The EBC mode is the most straight forward, as the cipher is applied to 16 bytes of data at a time in a liner manner. This is no longer recognized as secure however because it has no randomness. There is a famous example of this insecurity, with Tux the Linux bird on the left, and a picture encrypted with the EBC mode on the right:
You may notice that the penguin is still visible. This is because each block, while transformed, still makes up a non random picture. The CTR mode applies the AES cipher to each byte instead of blocks of bytes, and then uses a counter to ensure that the same form is not repeated for a long time. Some of the benefits are that it is faster, more secure, the data looks different every time it is encrypted, and two pieces of different data can look identical, making guessing that much more difficult. Below is an image encrypted with the CTR mode:
Finally, there is the key-size. The key-size is extremely important because it (usually) increases the strength of the algorithm. There are 2 to the power of n possible keys for a given encryption scheme, with n being the key-size. For example, 128-bit AES has 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys. To guess your key, an attacker has to try up to that many keys. Yes, that is a HUGE number. However, 256-bit AES is even stronger. And it is not twice as strong. It is 128 factor as strong. The attacker in this scenario would have to try 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 keys, which is far more than the number of molecules in the entire universe. The benefit for you? No one is brute forcing your 256-bit key.
Who should be using encryption? Well the easy answer is everyone. Large companies, governments, and organizations mine your data to gather information on you. Criminals use malware to steal your or your customers files and records. While everyone can benefit, there are certain industries that can benefit more than others from using encryption. The financial sector is a huge one. Real estate agents, for example, collect addresses, social security numbers, taxpayer ID’s, email addresses, account numbers, and more from many of their clients. All 50 states plus the District of Colombia, Puerto Rico, Guam, and the Virgin Islands have laws that require anyone dealing with an individual’s private information to notify them if their information becomes exposed. This can also open the agent up to legal action. This is to say nothing of that individual’s information now being out there to be used against them.
Another industry requiring encryption is law. Discovery and evidence in law can contain the most intimate and private of details, many of which are legally required to be kept in confidence between the attorney and client. Let’s say an attorney’s laptop is breached and a discovery is stolen. All the details in the case are now in the control of someone other than the attorney. This has breached attorney client privilege and it means others may learn details of a case. If this was a civil matter, how much would a large company pay to have the entire plaintiff or defendant’s case? Does this sound far-fetched? A recent American Bar Association report stated “26% of respondents report that their firms have experienced some sort of security breach” in 2019. That means over a quarter of law firms are breached per year.
But what makes Spark better than the competition? Our web app allows our partners to use encryption from anywhere. You may be on a business trip and not have access to your primary computer, allowing you to use encryption from public workstations. Perhaps you are on a computer you cannot install software on, and still require encryption. Spark can also retain the initial file extensions so large providers like Google and Dropbox cannot discriminate against your data, for example by saying they will not allow you to upload encrypted files. It also prevents them from mining and selling your data because it is unreadable.
Spark Encryption is also incredibly easy to use, with one step decryption and automatic encryption available. Spark uses the maximum key-size possible for each cipher we support, uses the Counter mode for encryption, and is astoundingly fast.
Good modern encryption like Spark takes advanced steps to stop decryption. One example we use is called a nonce. This is a number that the rest of the algorithm is factored off, making the ciphertext of a message look different each time it is encrypted, but can always be decrypted using the correct key. Consider the example below:
Encrypting the text “This is a secret.” with AES creates the ciphertext “S9Ï¤ý+—Ž‘í¯½—3i8óõR@%Ð D+¢6d¥y”.
Encrypting the text "This is a secret." again creates the ciphertext “H¼€ðÆÙÊ°6úQ»SªFO‰“A%hŽÙÎª½Ì‑ðS¿œEp”.
Why is that important? Attackers cannot try all possible plaintexts and know your message when the ciphertext matches. This also provides forward security for future messages.
This is just one example of the measures Spark takes to secure your data. Head over to our Operation Spark page and get started!