Monday, July 15, 2024

Encryption vs. Encoding

Encryption vs. Encoding

Encryption is a very important concept in cyber security. Enabling encryption by default for all services will help improving the confidentiality of those services and sensitive data. There are few different considerations when it comes to a good encryption.

Encryption and encoding are the two distinct processes used for data or information transformation, and they serve different purposes. This article will explain these processes in detail and highlight their differences.

What is Encryption?

Encryption is the process of transforming data or information into a secret code that is unintelligible and unreadable to unauthorized individuals and can only be unlocked with a key. It involves using mathematical algorithms and a secret key to transform plaintext (the original, readable data) into ciphertext (the encrypted, unreadable data). It ensures the confidentiality and privacy of sensitive information, making it difficult for unauthorized parties to understand or access the data.

The purpose of encryption is to secure data during data at rest, data in transit, or communication.

·        Data at Rest: Encryption protects data that is stored on a computer or other devices, such as a USB drive, hard drive, or cloud storage.

·        Data in Transit: Encryption is used to secure data that is transmitted between two devices, such as a laptop and a printer.

·        Secure Communication: Encryption is used to protect data that is shared over a network, like email, web browsing, and file transfers.

·        Disk level encryption: Where the information stored on a digital disk like a network storage or a computer hard drive is encrypted. SAN Storage encryption or Windows Bitlocker are examples in this category.

·        Database encryption: The information stored in a database (e.g. SQL or Oracle) is encrypted using a certificate, or a static key. This will minimize the risks of copying database files and opening them by unauthorized people.

·        File-based encryption: This is about encrypting files and their contents. Normally, it can be done using right management solutions. Encrypting Microsoft Office documents or Adobe PDF are examples in this category.

·        Backup encryption: When taking a backup, the backup files must be encrypted to prevent unauthorized access to the content that has been backed up.

·        Public cloud resources encryption: Public cloud services, like AWS, Azure, GCP services, need to be encrypted appropriately and normally that capability is provided by the service provider. Examples are AWS S3, RDS or Azure Blob.

·        Encryption in motion: Sensitive information must be encrypted when they are being transferred from on location to another. Some examples are, use traffic to an application, or data is transferred from a database server to an application server, or data that is transferred between two applications for integration purposes. There are a few different areas to consider when it comes to encryption in motion

·        Encrypted web traffic: Web is pretty much everything these days, and it is critical to ensure all web traffics, whether standard web application interface, APIs or any other type of web traffic is encrypted properly using HTTPS protocol.

·        Email Encryption: Email is the main type of communication for companies these days and unfortunately it is not encrypted by default. We need to make sure email traffic is encrypted in motion and at rest when dealing with sensitive information.

·        Encrypted services: Pretty much all standard network services provide encryption capabilities these days and it is important to switch to the encrypted version and avoid using clear-text protocols as much as possible. Examples of encrypted services are SFTP, SSH, SMTPS, POP3S, IMAPS, LDAPS, etc.

·        Key based Encryption:  Public/Private key encryption is used in a lot of services and integrations, e.g. PGP, to ensure network connectivity and data transfer is done in a secure and encrypted way.

·        Remote access: Remote access services like VPN must provide a secure and encrypted channel between end users and devices to the targets.

There are different types of encryption algorithms, such as symmetric and asymmetric encryption. Where a single key is used to encrypt and decrypt the data. AES 256 or AES 512 are the most common in this category.

Symmetric Encryption Algorithm

·        Advanced Encryption Standard (AES): Widely adopted for security and efficiency.

·        Triple DES: Applies DES three times for enhanced security.

·        Blowfish: Known for its flexibility and speed.

Asymmetric Encryption Algorithm

·        Elliptic Curve Cryptography (ECC): Based on elliptic curves, offering strong security with shorter key lengths.

·        RSA (Rivest-Shamir-Adleman): Used for key exchange and digital signatures.

·        Diffie-Hellman Key Exchange: Secure key exchange protocol without prior communication.

Where two separate keys (public/private) are used to encrypt and decrypt the data. RSA 2048 or RSA 4096 are examples in this category.

What is Encoding?

Encoding is the process of converting data or information into a specific format or code that can be easily stored, transmitted, or processed by a computer or another entity. It involves the use of specific rules, algorithms, or standards to transform data into a format better suited for a particular purpose or medium.

There are many different types of encoding, each with its purpose. Some common types of encoding include:

·        Character Encoding: Converts characters and symbols from the character set to unique code. ASCII, UTF-8, and UTF-16 are popular character encodings.

·        Image Encoding: Transforms images into a digital format. JPEG, GIF, and PNG are popular image encodings.

·        Video Encoding: Converts video signals into a digital format. MPEG-4, H.264, and HEVC are popular video encodings.

·        Audio Encoding: Converts sound waves into a digital format. MP3, WAV, WMA, and AAC are popular audio encodings.

Encoding Algorithms

·        Base64: Converts binary data into a string of ASCII characters.

·        URL Encoding (Percent-encoding): Encodes special characters in a URL.

·        Binary: Represents data using a binary representation.

·        HTML: Represent special characters and reserved symbols in HTML documents.

·        UTF-8: Encodes characters from the Unicode character set.

·        UTL: Encodes special characters for safe URL transmission.

Difference Between Encryption and Encoding

Encryption and encoding are both ways of transforming data into a different format. However, they have different purposes and use different methods.

Basis

Encryption

Encoding

Objective

It transforms data or information in such a way that it remains confidential and secure.

It represents or converts data into a specific format or representation to another.

Used For

It is used to maintain data confidentiality by converting it into an unreadable form using cryptographic algorithms.

It is used for character representation, multimedia compression, or data format conversions to maintain compatibility, efficiency, or data integrity.

Security

Very secure; it can only be decoded with the correct key.

Not secure; it can be easily decoded.

Reversibility

It is reversible, but only with the correct decryption key.

It is reversible.

Method

It uses an encryption algorithm and a key.

It uses a conversion algorithm.

Key Usage

It requires the use of secret keys.

It does not involve the use of secret keys.

Thanks to Mr. Rassoul Ghaznavi Zadeh for main inputs and learn to me.

 

Monday, July 1, 2024

System Integrators Start with IIoT

System Integrators Start with IIoT Now 

“Companies whose investment processes demand quantification of market sizes and financial returns before they can enter a market get paralyzed or make serious mistakes when faced with disruptive technologies” Clayton M Christensen – The Innovator’s Dilemma. The excerpt above sums up what I believe may be happening in the system integration space with regards Industrial IoT (IIoT) implementation and will be the subject that I seek to address in this post.

An IoT system integrator is a qualified business that offers companies consulting services, training and solutions to setup and maintain all aspects of IoT (Internet of Things), from hardware to software. There are a lot of system integrators who are IIoT savvy, but most are filled with skepticism and they still see it as a hype. So they eagerly wait on the side-lines for the wave to pass or to adopt the technology next year or the year after when the hype has died down. Another reason could be that they do not yet fully comprehend the opportunities afforded by IIoT. Whatever reason they may have for dragging their feet, the reality is that those who fail to act quickly will be forced to share the plant floor with new competition.

But here is the kicker, there is a new breed of integrators crossing over from the commercial sector. The ones that specialise in smart devices. They are willing and ready to move into manufacturing and industry in general. However, automation systems integrators are well positioned to fill the gap now more than ever, because in most businesses the acquisitions of IoT solutions has shifted from being handled by the IT department to operations. And due to an existing relationship between operations and system integrators they happen to speak the same language and it will therefore be easy for systems integrators to liaise with IIoT vendors and quickly step in to fill the void. Consequently, with investment in the knowledge of embedded systems, wireless applications, front-end and back-end solutions they can provide an entire chain on IIoT and in turn offer efficient systems to the user. Creating a win win situation.

Nowadays, almost all automation devices are being shipped IP and cloud ready. The challenge though, as i have personally experienced, is that IIoT vendors are still emphasising on locking in market share. Making it difficult to aggregate all the information from different sensors and devices onto a single platform as opposed to using separate cloud components for each device or sensor. But then again this also presents itself as an opportunity for the IIoT savvy system integrator to act as a differentiator by providing solutions that make it easy to move data between systems, unlocking all the value for their customers.

The idea is simple. The data that is already being used within automation systems for operation happens to contain a wealth of useful information for running the business more effectively in areas such as energy consumption, asset utilisation, supply chain management and predictive maintenance to name a few. Its not just connecting to the PLC and exchanging data, its something more. Its about the system integrators getting involved as the needed experts on big data, connectivity and cloud computing etc. Because no one, not even the vendors have as much knowledge as system integrators on the businesses these IIoT systems are being sold to.

A master systems integrator provides a single (core) user interface to monitor and manage every aspect of a facility. This gives owners a competitive edge in today's sophisticated market. Master systems integrators also install and manage the systems that make your building run.

In conclusion, Its only a matter of time before non-automation companies come down into the manufacturing space and I envisage it getting a little bit crowded. What action can be taken? System integrators need to start building their skills in applying these technologies and incorporating fresh ideas.

ASi-5 – high data bandwidth for demanding applications

Machine data, process data and diagnostic data - today, machines and systems generate huge amounts of data. But only a fraction of this data necessarily belongs in the higher-level PLC. In order to successfully implement Industry 4.0 projects, the majority of the data needs to be processed and analyzed in IT. Coordinated interaction is only possible when all devices in the cyber-physical system communicate with each other.

 

A powerful data shuttle such as ASi-5 is needed. The new ASi generation offers a high data bandwidth and short cycle times. This makes it easy to integrate the smart sensors like IO-Link that are so important for Industry 4.0.

 

Our modern ASi-5/ASi-3 gateways also play an important role. They have two independent interfaces - for OPC UA and a fieldbus - which allow the respective data to be transferred directly to IT or the control. The gateways also act as a link between field devices and higher-level IT systems, collecting valuable diagnostic data that usefully supplements the device data from the field.

 

Since more connectivity increases cyber risks, we rely on encrypted communication and authentication. Thanks to field update capability, the ASi-5/ASi-3 gateways also meet future security requirements.