Cryptography – this word might not mean much to you, but chances are you’ve heard of encryption (or at least you’ve seen it mentioned on those WhatsApp ads that seem to be popping up everywhere). Encryption may seem like computer magic, but in this article, we are going to demystify what is really going on behind the curtains, in a way that everyone can understand. Whether you’re a business owner, a sales representative, or just a mobile device user, you may be surprised to learn how encryption is built into almost every Internet connected device that you use.
Understanding the Terminology
There are a few key terms that might be useful to review before getting started.
- Encryption – The process of converting a human-readable text into an unreadable format so that only authorized parties can decrypt the text to understand it.
- Cipher – An algorithm used to perform encryption or decryption.
- End-to-end encryption – A secure communications process that ensures that data transferred from one endpoint to another remain private throughout the communication.
- Symmetric Encryption – A type of encryption that uses the same key for both encryption and decryption.
- Asymmetric Encryption – A type of encryption where different keys are used for encryption and decryption. This is also called public key encryption.
The Basics of Encryption
Let’s start simple by taking a regular text message as an example. In unencrypted text or SMS messages, a message is sent from one device and gets passed to the nearest cell tower, which then forwards the message to a cell tower near the receiving device. Since there isn’t a secure channel from the sending to the receiving device, the connection itself can be tampered with. Meaning that a motivated hacker could either intercept or alter your messages. For example, a hacker could use a device that mimics a cell phone tower to trick your cell phone into sending its messages to the fake cell tower. The hacker could then intercept the grocery list you were sending to your friend, and instead, send a text message asking them to send money to the hackers' bank account.
With encrypted messages, it becomes mathematically impossible for anyone other than the intended recipient to read the message. When end-to-end encryption is turned on for both devices, nobody aside from the sender and the recipient is able to decrypt the message, whether they are the government, an Internet Service Provider, or a hacker. There are many messaging providers including WhatsApp, Telegram and Signal that offer end-to-end encryption. These messaging sending text messages over the internet rather than the traditional method of a cell phone tower.
For example, when a user signs up for a WhatsApp account, their device creates two different keys (I.e., a public and private key), which are used for encryption and decryption. This is called asymmetric encryption. To simplify this process, we will take two users, Alice and Bob as an example. When Alice wants to send a message to Bob, Alice’s device will use Bob’s public key to “lock” or encrypt the message. Alice’s device uses a cipher to change her original message into a mixture of random numbers, letters, and symbols. This encrypted message is sent to Bob’s device. Bob’s device uses his private key to decrypt the message, translating the encrypted text into the original message that Alice sent. Alice and Bob’s devices generate their own private keys, which are stored securely in their device’s key management service (KMS). As their name implies, these keys are never shared – even with the messaging provider – making all communications secure and confidential.
Asymmetric encryption diagram
Why Encryption Matters
Perhaps the thought has crossed your mind that all this encryption and decryption seems excessive, especially if you feel like you don't have anything to hide. But the applications of encryption go far beyond just text messages. Consider the scenario where you have to send confidential data to a customer. If your communication channel is not secure, any hacker could intercept and read your data. Ultimately, this could lead you to losing customers or even legal ramifications. In order to protect your data, encryption can and should be built into almost every touch point between your computer and your customer.
Practical Applications of Encryption
Your confidential data starts by being stored in an encrypted database, such as SAP’s encrypted HANA database. This is called encrypted data-at-rest. When you access this data, you could be accessing it through a Virtual Private Network (VPN), which encrypts all your web traffic to prevent it from being intercepted or read by a third party. If you are sending your confidential data through an email, your Internet connection to your email provider should be encrypted through the use of HTTPS (that lock icon next to the URL). When you send your email, your email provider could also encrypt your message; this is called encrypted data in transit. When your customer accesses the data, whatever searches or operations they perform on the data could also be encrypted by using a secure enclave. This allows a user to process their sensitive data in an isolated computer environment, separating the data from all users. This is called encrypted data-in-use. The security trifecta is having sensitive data encrypted at rest, in transit, and in use. Although it is sometimes infeasible to enable encryption in use, as it can be expensive or logistically complicated, having data encrypted at rest and in transit is usually sufficient.
Achieving the trifecta of encrypted data at rest, in transit, and in use may seem daunting but many companies, such as SAP, offer easy to use encryption. While data is sitting in an SAP HANA database, it can be fully encrypted. Data in transit can be encrypted by using TLS/SSL with SAP HANA 2.0. Private keys can be stored and managed with SAP’s Data Custodian. Runtime encryption can be achieved by using an SAP partners’ secure environment offering. Data encryption is a complicated topic, but by learning the fundamental processes behind it, you can gain a deeper understanding of why and how to secure yourself and your data online.
Learn more about encryption at SAP: