Encryption vs.
Encoding
Encryption is a very important concept in cyber security. Enabling encryption by default for all services will help improving the confidentiality of those services and sensitive data. There are few different considerations when it comes to a good encryption.
Encryption
and encoding are the two distinct processes used for data or information transformation,
and they serve different purposes. This article will explain these processes in
detail and highlight their differences.
What is Encryption?
Encryption is the process of transforming data or information into a secret code that is unintelligible and unreadable to unauthorized individuals and can only be unlocked with a key. It involves using mathematical algorithms and a secret key to transform plaintext (the original, readable data) into ciphertext (the encrypted, unreadable data). It ensures the confidentiality and privacy of sensitive information, making it difficult for unauthorized parties to understand or access the data.
The
purpose of encryption is to secure data during data at rest, data in transit,
or communication.
·
Data at
Rest: Encryption
protects data that is stored on a computer or other devices, such as a USB
drive, hard drive, or cloud storage.
·
Data in
Transit: Encryption
is used to secure data that is transmitted between two devices, such as a
laptop and a printer.
·
Secure
Communication: Encryption
is used to protect data that is shared over a network, like email, web
browsing, and file transfers.
·
Disk
level encryption: Where the information stored on a
digital disk like a network storage or a computer hard drive is encrypted. SAN
Storage encryption or Windows Bitlocker are examples in this category.
·
Database
encryption: The
information stored in a database (e.g. SQL or Oracle) is encrypted using a
certificate, or a static key. This will minimize the risks of copying database
files and opening them by unauthorized people.
·
File-based
encryption: This is about encrypting files and
their contents. Normally, it can be done using right management solutions.
Encrypting Microsoft Office documents or Adobe PDF are examples in this
category.
·
Backup
encryption: When taking a backup, the backup
files must be encrypted to prevent unauthorized access to the content that has
been backed up.
·
Public
cloud resources encryption: Public cloud services, like AWS,
Azure, GCP services, need to be encrypted appropriately and normally that
capability is provided by the service provider. Examples are AWS S3, RDS or
Azure Blob.
· Encryption in motion: Sensitive information must be encrypted when they are being transferred from on location to another. Some examples are, use traffic to an application, or data is transferred from a database server to an application server, or data that is transferred between two applications for integration purposes. There are a few different areas to consider when it comes to encryption in motion
·
Encrypted
web traffic: Web is pretty much everything these
days, and it is critical to ensure all web traffics, whether standard web
application interface, APIs or any other type of web traffic is encrypted
properly using HTTPS protocol.
·
Email
Encryption: Email
is the main type of communication for companies these days and unfortunately it
is not encrypted by default. We need to make sure email traffic is encrypted in
motion and at rest when dealing with sensitive information.
·
Encrypted
services: Pretty much all standard network
services provide encryption capabilities these days and it is important to
switch to the encrypted version and avoid using clear-text protocols as much as
possible. Examples of encrypted services are SFTP, SSH, SMTPS, POP3S, IMAPS,
LDAPS, etc.
·
Key
based Encryption: Public/Private key encryption
is used in a lot of services and integrations, e.g. PGP, to ensure network
connectivity and data transfer is done in a secure and encrypted way.
· Remote access: Remote access services like VPN must provide a secure and encrypted channel between end users and devices to the targets.
There are different types of encryption algorithms, such as symmetric and asymmetric encryption. Where a single key is used to encrypt and decrypt the data. AES 256 or AES 512 are the most common in this category.
·
Advanced Encryption Standard (AES): Widely adopted for security and efficiency.
·
Triple DES: Applies DES three times for enhanced security.
·
Blowfish: Known for its flexibility and speed.
Asymmetric Encryption
Algorithm
·
Elliptic Curve Cryptography (ECC): Based on elliptic curves, offering strong security
with shorter key lengths.
·
RSA (Rivest-Shamir-Adleman): Used for key exchange and digital signatures.
·
Diffie-Hellman Key Exchange: Secure key exchange protocol without prior
communication.
Where two separate keys (public/private) are used to encrypt and decrypt the data. RSA 2048 or RSA 4096 are examples in this category.
What is Encoding?
Encoding
is the process of converting data or information into a specific format or code
that can be easily stored, transmitted, or processed by a computer or another
entity. It involves the use of specific rules, algorithms, or standards to
transform data into a format better suited for a particular purpose or medium.
There are many different types of encoding, each with
its purpose. Some common types of encoding include:
·
Character Encoding: Converts characters and symbols from the character set
to unique code. ASCII, UTF-8, and UTF-16 are popular character encodings.
·
Image Encoding: Transforms images into a digital format. JPEG,
GIF, and PNG are popular image encodings.
·
Video Encoding: Converts video signals into a digital format.
MPEG-4, H.264, and HEVC are popular video encodings.
·
Audio Encoding: Converts sound waves into a digital format. MP3,
WAV, WMA, and AAC are popular audio encodings.
Encoding Algorithms
·
Base64: Converts binary data into a string of ASCII
characters.
·
URL Encoding (Percent-encoding): Encodes special characters in a URL.
·
Binary: Represents data using a binary representation.
·
HTML: Represent special characters and reserved symbols
in HTML documents.
·
UTF-8: Encodes characters from the Unicode character set.
· UTL: Encodes special characters for safe URL transmission.
Difference Between Encryption and
Encoding
Encryption
and encoding are both ways of transforming data into a different format.
However, they have different purposes and use different methods.
|
Basis |
Encryption |
Encoding |
|
Objective |
It
transforms data or information in such a way that it remains confidential and
secure. |
It
represents or converts data into a specific format or representation to
another. |
|
Used For |
It is
used to maintain data confidentiality by converting it into an unreadable
form using cryptographic algorithms. |
It is
used for character representation, multimedia compression, or data format
conversions to maintain compatibility, efficiency, or data integrity. |
|
Security |
Very
secure; it can only be decoded with the correct key. |
Not
secure; it can be easily decoded. |
|
Reversibility |
It is
reversible, but only with the correct decryption key. |
It is
reversible. |
|
Method |
It
uses an encryption algorithm and a key. |
It
uses a conversion algorithm. |
|
Key Usage |
It
requires the use of secret keys. |
It
does not involve the use of secret keys. |
Thanks to
Mr. Rassoul Ghaznavi Zadeh for main inputs and learn to
me.
