Showing posts with label RDS. Show all posts
Showing posts with label RDS. Show all posts

Monday, July 15, 2024

Encryption vs. Encoding

Encryption vs. Encoding

Encryption is a very important concept in cyber security. Enabling encryption by default for all services will help improving the confidentiality of those services and sensitive data. There are few different considerations when it comes to a good encryption.

Encryption and encoding are the two distinct processes used for data or information transformation, and they serve different purposes. This article will explain these processes in detail and highlight their differences.

What is Encryption?

Encryption is the process of transforming data or information into a secret code that is unintelligible and unreadable to unauthorized individuals and can only be unlocked with a key. It involves using mathematical algorithms and a secret key to transform plaintext (the original, readable data) into ciphertext (the encrypted, unreadable data). It ensures the confidentiality and privacy of sensitive information, making it difficult for unauthorized parties to understand or access the data.

The purpose of encryption is to secure data during data at rest, data in transit, or communication.

·        Data at Rest: Encryption protects data that is stored on a computer or other devices, such as a USB drive, hard drive, or cloud storage.

·        Data in Transit: Encryption is used to secure data that is transmitted between two devices, such as a laptop and a printer.

·        Secure Communication: Encryption is used to protect data that is shared over a network, like email, web browsing, and file transfers.

·        Disk level encryption: Where the information stored on a digital disk like a network storage or a computer hard drive is encrypted. SAN Storage encryption or Windows Bitlocker are examples in this category.

·        Database encryption: The information stored in a database (e.g. SQL or Oracle) is encrypted using a certificate, or a static key. This will minimize the risks of copying database files and opening them by unauthorized people.

·        File-based encryption: This is about encrypting files and their contents. Normally, it can be done using right management solutions. Encrypting Microsoft Office documents or Adobe PDF are examples in this category.

·        Backup encryption: When taking a backup, the backup files must be encrypted to prevent unauthorized access to the content that has been backed up.

·        Public cloud resources encryption: Public cloud services, like AWS, Azure, GCP services, need to be encrypted appropriately and normally that capability is provided by the service provider. Examples are AWS S3, RDS or Azure Blob.

·        Encryption in motion: Sensitive information must be encrypted when they are being transferred from on location to another. Some examples are, use traffic to an application, or data is transferred from a database server to an application server, or data that is transferred between two applications for integration purposes. There are a few different areas to consider when it comes to encryption in motion

·        Encrypted web traffic: Web is pretty much everything these days, and it is critical to ensure all web traffics, whether standard web application interface, APIs or any other type of web traffic is encrypted properly using HTTPS protocol.

·        Email Encryption: Email is the main type of communication for companies these days and unfortunately it is not encrypted by default. We need to make sure email traffic is encrypted in motion and at rest when dealing with sensitive information.

·        Encrypted services: Pretty much all standard network services provide encryption capabilities these days and it is important to switch to the encrypted version and avoid using clear-text protocols as much as possible. Examples of encrypted services are SFTP, SSH, SMTPS, POP3S, IMAPS, LDAPS, etc.

·        Key based Encryption:  Public/Private key encryption is used in a lot of services and integrations, e.g. PGP, to ensure network connectivity and data transfer is done in a secure and encrypted way.

·        Remote access: Remote access services like VPN must provide a secure and encrypted channel between end users and devices to the targets.

There are different types of encryption algorithms, such as symmetric and asymmetric encryption. Where a single key is used to encrypt and decrypt the data. AES 256 or AES 512 are the most common in this category.

Symmetric Encryption Algorithm

·        Advanced Encryption Standard (AES): Widely adopted for security and efficiency.

·        Triple DES: Applies DES three times for enhanced security.

·        Blowfish: Known for its flexibility and speed.

Asymmetric Encryption Algorithm

·        Elliptic Curve Cryptography (ECC): Based on elliptic curves, offering strong security with shorter key lengths.

·        RSA (Rivest-Shamir-Adleman): Used for key exchange and digital signatures.

·        Diffie-Hellman Key Exchange: Secure key exchange protocol without prior communication.

Where two separate keys (public/private) are used to encrypt and decrypt the data. RSA 2048 or RSA 4096 are examples in this category.

What is Encoding?

Encoding is the process of converting data or information into a specific format or code that can be easily stored, transmitted, or processed by a computer or another entity. It involves the use of specific rules, algorithms, or standards to transform data into a format better suited for a particular purpose or medium.

There are many different types of encoding, each with its purpose. Some common types of encoding include:

·        Character Encoding: Converts characters and symbols from the character set to unique code. ASCII, UTF-8, and UTF-16 are popular character encodings.

·        Image Encoding: Transforms images into a digital format. JPEG, GIF, and PNG are popular image encodings.

·        Video Encoding: Converts video signals into a digital format. MPEG-4, H.264, and HEVC are popular video encodings.

·        Audio Encoding: Converts sound waves into a digital format. MP3, WAV, WMA, and AAC are popular audio encodings.

Encoding Algorithms

·        Base64: Converts binary data into a string of ASCII characters.

·        URL Encoding (Percent-encoding): Encodes special characters in a URL.

·        Binary: Represents data using a binary representation.

·        HTML: Represent special characters and reserved symbols in HTML documents.

·        UTF-8: Encodes characters from the Unicode character set.

·        UTL: Encodes special characters for safe URL transmission.

Difference Between Encryption and Encoding

Encryption and encoding are both ways of transforming data into a different format. However, they have different purposes and use different methods.

Basis

Encryption

Encoding

Objective

It transforms data or information in such a way that it remains confidential and secure.

It represents or converts data into a specific format or representation to another.

Used For

It is used to maintain data confidentiality by converting it into an unreadable form using cryptographic algorithms.

It is used for character representation, multimedia compression, or data format conversions to maintain compatibility, efficiency, or data integrity.

Security

Very secure; it can only be decoded with the correct key.

Not secure; it can be easily decoded.

Reversibility

It is reversible, but only with the correct decryption key.

It is reversible.

Method

It uses an encryption algorithm and a key.

It uses a conversion algorithm.

Key Usage

It requires the use of secret keys.

It does not involve the use of secret keys.

Thanks to Mr. Rassoul Ghaznavi Zadeh for main inputs and learn to me.