Alexander Vukcevic is the Director of Protection Labs & QA at Avira.
Encryption (opens in new tab) is simply the process of converting information or data into a code that only the selected parties can read. But unlike the substitution codes you might have made as a child – or even the German Enigma machine (opens in new tab) of the Second World War -- the modern encryption process has become both more complex and absolutely essential for everyday online life.
Get the terms straight
Unfortunately, just the terms used to describe encryption have become an almost undecipherable code of their own. Here are some of the more important terms:
Unencrypted data or messages are referred to as plaintext. Once a message has been encrypted, its unreadable form is referred to as ciphertext.
Symmetric or private key is the type of encryption most of us grew up with, where the sender and the recipient are the only ones with the decoding information. The keys for this can be made at the start of each session.
With asymmetric or public-key encryption schemes – the base philosophy behind modern encryption - the encryption key is published for anyone to use and encrypt messages. However, in a series of hand-offs, only the receiving party is given access to the decryption key that enables messages to be read.
Information stored on your hard drive or the cloud is data at rest. Information traveling from one point to another is data in motion. Both types of data can be encrypted or left in cleartext.
Let’s talk about the message
Encryption does not happen in a vacuum, it works with a message. In any historical cases, the encrypted message was in the form of a physical letter on paper.
In the modern era, our internet messages go out in the form of data packets. Instead of sending a nonstop stream of information like the electrical impulses from the telephones of our childhood, this message data is divided into individual data packets according to the guidelines set out in the TCP/IP suite or protocols.
Each packet comes with a set of information including the source IP address of the device sending it, the destination IP address of the recipient device, the sequential number of the packet so it can be reassembled, type of service, technical data, and, finally, the payload – the actual information.
The postcard paradox
You can think of a data packet as a series of electronic postcards which, when put together correctly, make the internet possible. And, like a postcard, it’s not encrypted and can be read by about anyone throughout the transmission chain. This is the situation with the internet HTTP standby. This protocol enabled the Internet to function, to go really global, but does not provide any user privacy or security.
Envelope strategy with HTTPS
The improvement to HTTP came with HTTPS, with the additional S standing for secure. This signifies that the message or the payload in the data packets are encrypted using Transport Layer Security or TLS, a set of cryptographic protocols. Think of it as an envelope for your letters, keeping prying eyes from reading the contents. It is usually shown as a little lock icon in the corner.
HTTPS used to be primarily for eshops and banking due to the cost of providing the certification for each transaction. However, this has changed dramatically as certification has become essentially free. By 2019, an estimated 70 percent of web traffic is in the encrypted, more secure HTTPS protocol.
The lack of a HTTPS mark has been a reliable symbol that the website was poorly assembled and was a warning flag of a phishing site. It is now so widespread, it has even been used in some phishing attempts.
Nonencryption and your DNS
Even when HTTPS is being, you’re not fully encrypted. For example, the Domain Name System (DNS) converts text URLs into numerical IP addresses and this information – essentially the top level domain of your destination – is not encrypted. It’s like a snail mail letter where your name, address, the person you are writing to, and the destination are plainly visible on the envelope.
This enables trackers and your ISP to know exactly where you have been going – but not the exact content accessed. Other nonencrypted information can include your own IP address, information about your device and operating system, and your location.
The VPN potential
VPN or a virtual private network tackles the gaps in HTTPS encryption and unsecure networks like a special mailman with a registered letter. Both the sender and recipient sign off for the letter and only the mailman should know the details. Here are the three major points to keep in mind:
- A VPN should encrypt the entire data packet, payload and DNS. There are a variety of encryption protocols that are used. OpenVPN is an industry standard, open source solution and some of the others are PPTP, L2TP/IPSec, SSTP, and IKEv2. WireGuard is a new, up-and-coming protocol that is still being refined but has gotten rave reviews for its speed and simplicity. You will be hearing more about this;
- Real location matters for your virtual location. The location of a VPNs servers is critical for helping you as the user establish the desired virtual location. This applies to being virtually at home when away on vacation – and an away location if you need to circumvent some restrictions on access or content;
- Your VPN mailman must be available and trustworthy. In your pursuit of full encryption and privacy, you are entrusting the VPN provider with unfettered access to your online activities. You are trusting that they will fully encrypt it, not tattle on you to snooping powers, or use this data for advertising.
Encryption is simply the technology used to retaining privacy in the online era. While the specific protocols and the process change over time, the goals remain consistent – seamless coverage of our online lives that protects our privacy and our security.
Alexander Vukcevic is the Director of Protection Labs & QA at Avira (opens in new tab).