Share your valuable feedback, comments or suggestions on Storing Sensitive Data Using Encryption

Storing Sensitive Data Using EncryptionIn the business sector, there is an enormous demand for security enhancing solutions. Full disk encryption and long passcode cover the risk. It makes the stored information incomprehensible to anyone who does not have proper key or passcode.

Today's world of connected devices needs a lot of preparation against new security threats. There is a need for solutions and tools to keep confidential information and high-value assets safe. Protecting data or information is the priority to every business organization. The companies manage the devices which hold their intellectual property, email access, and communications. They want the tools to be multi-factor protected and get locked automatically when not coming in use. Automatically and periodically the data should get backed up on a remote location or cloud. The backup should also get encrypted.

Mostly senior executives keep everything on the phone.

Find my Phone' or ‘Erase my Device' features would work, only if it is turned on.

Encryption Techniques

A private key is an array of long strings of letters and numbers.

  • RSA (Rivest-Shamir-Adleman): the most common cryptosystems in use today, is based on prime factorization. A cracking of 2048-bit RSA private key would take 6.4 quadrillion years for a standard desktop computer, which can try only one combination at a time. But, with the latest qubit quantum computers like Google 72 Qubit, IBM's 50 qubits, guessing the private key is not so difficult and can be done quickly.
  • Leighton-Micali scheme
  • X.509 certificate
  • PKI/TLS certificates
  • Lattice-based cryptography
  • Multivariate cryptography
  • Hash-based cryptography
  • Code-based cryptography
  • Supersingular Elliptic Curve Isogeny cryptography

ENCRYPT (Ensuring National Constitutional Rights for Your Private Telecommunications) Act

To stop any government agencies from demanding manufacturer, developer or seller to alter security functions to allow surveillance. Hence no backdoors to encrypted devices.

Government Worry

Criminals and Terrorist might also use encryption technology and operate without detection.

  • Australia's Access and Assistance (A&A) 2018 bill: It pledges to force tech companies to assist Australian authorities to decode encrypted devices or be on the sharp end of an AU$10m fine. The government wants to impose obligations on communication service providers to facilitate investigative access to encrypted communications.
  • The UK Investigatory Powers Bill (IPB), 2016 requires UK communication service providers to break the encryption of their services and store Internet browsing records for one year.

User's Worry

If backdoor available for law enforcement agencies, then it could be exploited by anyone else by gaining the same access. Furthermore would weaken cybersecurity and encryption.

Quantum-Safe Encryption

DigiCert announced a partnership with Gemalto and ISARA to work on quantum-safe digital certificates and key management solutions, specifically for IoT devices. Traditional computers can have either 0 or 1 at one time, but in quantum computing, they can be in superposition, i.e., there can be both zero and one simultaneously.