Did you know that SmartLockr is amongst the 10 best European Cyber Security Providers 2018? Find out more and read the article from Enterprise...
Encryption for dummies (and pizza lovers!)
Let's take a moment to appreciate the miracle of ordering pizza: all that's standing between you and a pizza is a few taps on your phone.
It's amazing we live in a world where we can use our fingers to summon food. But have you ever wondered what happens to your order before it arrives at your doorstep? How many people know what pizza toppings you like, or where you live? And who can touch your food before you get to?
Every time you send and receive an email you're dealing with similar issues. Save for blenders we don't yet have the technology to encrypt our pizzas, but we can encrypt our emails.
Download our whitepaper “How to choose the right secure email solution?” for a step-by-step plan to help you make a choice.
The word encryption is a building block of the cybersecurity narrative, but what does it mean exactly? To most people, encryption is yet another IT enigma too complicated for the average computer user to be bothered with.
That's a shame, considering how big a role encryption plays in protecting your data. That's why - in the time it takes to order a pizza - we'll bring you up to speed on everything you need to know about encryption:
What is encryption?
When you encrypt a message, you encode it, giving you two versions: the original message (called 'plaintext') and its encoded, unreadable counterpart (called 'ciphertext'). As an example, here's a very simple encryption of your food order:
- Plaintext: Hawaiian pizza
- Ciphertext: 🍕🍍
Of course actual encoding is way more complicated, but the premise is the same: something that's understandable is converted into something that can only be deciphered if you have the right key.
Who gets to see what?
Now that we know any bit of content can be encrypted and decrypted with a key, the question is: can we be sure only the right person gets to decrypt your message?
The short answer: it depends.
An encrypted message in and of itself is unreadable. To translate ciphertext back to plaintext, you need the encryption key. In a perfect world, only you and your intended recipient have access to this key.
The not-so-perfect encryption: encryption-in-transit and encryption-at-rest
Not every type of encryption protects your privacy as well as you need it to. It's important to be aware of this, as the word 'encryption' can easily lead to a false sense of security.
Take encryption-in-transit for instance. As the name implies, it will protect your data as it's travelling. This means no one will have access to your message as it goes from your laptop to the cloud. But as you can probably guess, it's no longer encrypted once it has arrived.
In terms of your Hawaiian pizza, it prevents anyone from meddling with your food as it makes its way to your house. It does not protect your pizza from anything that might happen to it before or after.
That's why encryption-in-transit is often combined with encryption-at-rest, which encrypts your data whenever it's stored.
On the surface it might seem encryption-in-transit and encryption-at-rest together do a good job protecting your data.
Too bad there's one small problem: the encryption key - the one thing you don't want falling into the wrong hands - is stored in the cloud. In other words: whenever a hacker attacks the cloud, they can get access to your keys.
Encryption-in-transit and encryption-at-rest therefore are great if you want to feel safe, but not so great if you want to be safe.
Storing encryption keys in the cloud obviously falls short of protecting you and your data. End-to-end encryption marks a definite step up: using end-to-end encryption, only you and your recipients get access to the keys. This means your message is not vulnerable to attacks along the way, nor do anyone else but you and the recipient have access to it.
Pizzawise, imagine the pizza place sealing the pizza box with a combination lock and giving you the code once your pizza's been delivered.
No one, not the delivery driver nor anyone eyeing your pizza on its way to your house, has access to your dinner. No one but you.
This leads many to embrace end-to-end encryption as the gold standard of secure communication. After all, what could happen to your pizza if it's protected at the pizza place, on its way to your house, all the way to your doorstep?
Well, someone could hack your doorstep.
Zero knowledge end-to-end encryption
The unnerving reality is that cybercriminals are aggressive in their ways and won't shy away from using every possible loophole.
End-to-end encryption, while elegant, does leave room for data breaches. This is because it has one fatal flaw it shares with all other forms of encryption: it's based on trust.
When someone delivers pizza to your house, how do they know you're not an impostor? Likewise, how do you know for sure the person knocking is bringing pizza?
Cybercriminals abuse our trust when given the chance, so we had to come up with something better: math.
When you send a message using zero knowledge end-to-end encryption, you and the recipient engage in an exercise where one person has to prove they have the encryption key, over and over and over again. The setup is such that the sender watches from a safe distance as the recipient cracks the code again and again, until it's statistically impossible for the recipient to be an impostor.
If that last part had you scratching your head, here's what it would look like with your pizza order:
When you order from the "Zero knowledge end-to-end encryption pizza place", your dinner will be locked up every step of the way. However, when the delivery driver arrives, they want to be absolutely sure it's you.
You tell the driver you have the key for your pizza, but you don't want to share it with them, because you too want to be absolutely sure the driver is who they say they are.
What happens next is the driver lets you use your key to open a lock, but without hearing or seeing the combination themselves.
This way you're repeatedly demonstrating you have the right key, without actually showing it.
The driver now knows beyond any doubt you're you and proceeds to give your pizza, which you then unlock.
Final thought before dinner
There's one more important thing to know about zero knowledge end-to-end encryption, also known as zero knowledge proof. It's not only about trusting the recipient. It's also about any government, authority or service provider not knowing about your eating habits, or anything else you may want to keep private.
It's a common misconception that regular end-to-end encryption guarantees your privacy. It however offers no protection at all when a government deems it necessary to see your data. The US CLOUD act for instance allows the US to simply subpoena any American cloud provider that's encrypted your data and there's nothing you can do about it. In most cases they are not even allowed to notify you.
The only thing you can do about it is using zero knowledge end-to-end encryption. It's the only type of encryption that prevents any authority from accessing your data - not even the service provider itself can decrypt it.
Encryption can be complicated, but the most important thing to remember is that the word encryption in and of itself doesn't guarantee your data is adequately protected. If you want to be absolutely sure the emails, files and messages you send are protected, zero knowledge end-to-end encryption is the one option where nothing is left to chance.
Want to know more about how to choose an email solution that actually protects your privacy? Click on the link below!