• Vaultree

Encrypted Data In The Cloud – The Future (1/4)

Data Breaches

We have seen numerous data breaches in recent years where sensitive data is leaked. Global data privacy and protection legislation is still poorly enforced, partially creating more confusion and misinterpretation. A new paradigm is needed so that third parties are not responsible for the 'keys of the kingdom' but rather individuals or organisations retain sole ownership of the decryption keys. Data Security and Data Privacy are two of the most commonly cited issues with Cloud Computing. There exists a genuine fear amongst many that Cloud Service Providers (CSPs) mine and exploit customer data for their own means (including the sharing of customer data with other third parties). To alleviate these fears, CSPs introduced support for data encryption. Whilst encryption is synonymous with data security, the matter in which it is utilised by CSPs fails to offer absolute security.


Encryption

As used in its traditional form, encryption guarantees the security of data-in-transit and data-at-rest; however, it must be decrypted once received or retrieved from storage in order to allow any type of computation to be performed on it. In order to retain the ability to process encrypted customer data, CSPs require access to the associated decryption keys. Such keys may be stored on the premises of the CSP or forwarded to the CSP by the customer whenever they require access to their data. Whilst this approach goes some way towards addressing the data security and privacy fears associated with the cloud, it is not considered truly secure by virtue of the fact that customers must disclose their decryption keys. This is not a workable solution when the entire world is moving their data into the cloud.


A Brief History Of Modern Cryptography

The history of modern cryptography dates back to the early 20th century, where various devices and aids were used for encryption. During World War II, several mechanical devices were invented for performing encryption, this included rotor machines, most notably the Enigma cipher. The ciphers implemented by these machines brought about a significant increase in the complexity of cryptanalysis. The art of cryptography actually reaches back as far as 1900 BC when an Egyptian scribe used a derivation of hieroglyphics to communicate. Throughout history there have been many people responsible for the growth of cryptography, many of these were quite famous and one of them was Julius Caesar. He used a substitution of characters and just moved them about. Another historical figure who used and changed cryptography was Thomas Jefferson. He developed a wheel cipher that was made back in 1790. This cipher was then to be used to create the Strip cipher, which was used by the US Navy during the Second World War. Encryption methods have historically been divided into two categories: substitution ciphers and transposition ciphers. Substitution ciphers preserve the order of the plaintext symbols but disguise them. Transposition ciphers, in contrast, reorder the letters but do not disguise them. Plaintext is the common term for the original text of a message before it has been encrypted.

Enigma

Other attempts included tattooing messages onto a person's head, waiting for the hair to grow and then sending them onwards. We wonder what the bandwidth was in that system? Kids of course learn to use the Caesar Cipher which simply is there to substitute say a 'B' for an 'A' and a 'C' for a 'B' on so on but of course that is just to teach kids how substitution ciphers work. Our favourite example of cryptography is Code Talkers. This is a term used to describe people who talk using a coded language. The most famous example is the 400 Native American Marines who served in the United States Marine Corps whose job was the transmission of secret tactical messages. Code talkers transmitted their messages over military telephone or radio communications nets using formal or informally developed codes built upon their native languages. Because Navajo has a complex grammar, it is not nearly mutually intelligible enough with even its closest relatives within the Na-Dene family to provide meaningful information, and was at this time an unwritten language. Navajo answered the military requirement for an indecipherable code. Using a substitution method similar to the Navajo, the Comanche code word for tank was "turtle", bomber was "pregnant airplane", and machine gun was "sewing machine“. You see, people have understood the need to protect information for many years.


It is actually possible to devise a code so strong that it is absolutely unbreakable. It is called a One-Time Pad. The sender and receiver each need identical copies of the one-time pad, which consists of a very long totally random string of letters from the alphabet. You could for instance choose the works of Shakesphere or any other random book. Since a key word does not end before the message is concluded - no cycle of ciphers. Also as each individual letter in the key word is random, and bears no relation to any other letter, the string that is transmitted is itself a totally random string. After the message is transmitted, the sender destroys the pad, as does the receiver after he has deciphered the message. Even the lengths of individual words can be masked, symbols like punctuation marks and spaces can themselves be given a symbol in an augmented alphabet. The only thing you have to ensure is that the “enemy” does not figure out which 'pad' (book in this case) you were using. A one-time padded message cannot be broken, because every possible plaintext message is an equally probable candidate, the message can only be decrypted by someone who knows the correct key. There are certain disadvantages to this: For example, the key must be at least as long as the bit string to be encrypted. Since the key will be a long random bit string, it would be very difficult to memorise, so both the sender and the receiver will need written copies of the key, and having written copies of keys is a security risk if there is any chance of the key falling into the wrong hands.


Another interesting area is steganography. Computer-based steganography allows changes to be made to what are known as digital carriers such as images or sounds. The changes represent the hidden message, but result, if successful, in no discernible change to the carrier. The information may have nothing to do with the carrier sound or image or it might be information about the carrier such as the author or a digital watermark or fingerprint. Cryptography and steganography are different however. Cryptographic techniques can be used to scramble a message so that if it is discovered it cannot be read. If a cryptographic message is discovered it is generally known to be a piece of hidden information (anyone intercepting it will be suspicious) but it is scrambled so that it is difficult or impossible to understand and decode. Steganography hides the very existence of a message so that if successful, it generally attracts no suspicion at all. Using steganography, information can be hidden in carriers such as images, audio files, text files, videos and data transmissions. When the message is hidden in the carrier, a stego-carrier is formed, for example a stego-image. Hopefully it will be perceived to be as close as possible to the original carrier or cover image by the human senses. Images are the most widespread carrier medium, they are used for steganography in the following way: The message may firstly be encrypted. The sender (or embedder) embeds the secret message to be sent into a graphic file (the cover image or the carrier). This results in the production of what is called a stego-image. Additional secret data may be needed in the hiding process, e.g. a stego key. The stego-image is then transmitted to the recipient, the recipient (or extractor) extracts the message from the carrier image. The message can only be extracted if there is a shared secret between the sender and the recipient.


These examples are historical and none of them solves the problem of securing data in the cloud.


Up next: The Second Wave - Symmetric Encryption