By Matt Bogan
You’re aware of the need for data encryption. However, you may not have a clear picture of how it works.
Cryptography—the study of secure communications—is a complex field of science, intersecting a wide range of disciplines and constantly evolving. Cryptography predates computers, with roots reaching back to ancient Greece and Egypt. It’s believed that Julius Caesar sent secure messages to his most trusted staff by replacing each letter of the alphabet with the letter three places after it: A became D, B became E, and so forth. This method of data encryption is sometimes called a Caesar cipher. By the ninth century, mathematicians applied statistical analysis to defeat simple substitution ciphers such as the Caesar cipher. Thus we have perhaps the first historical instance of an encryption algorithm being cracked.
As long as we’ve needed to encode information, there have been others wanting to decode it for nefarious reasons. In WWII, Allied cryptanalysts working to crack encrypted Axis communications are widely credited with shortening the war by months or even years.
Today, computer scientists called “white-hat hackers” work to defeat existing encryption protocols to identify weaknesses before they can be exploited. The complexity of encryption algorithms and the protocols that implement them have increased dramatically. Despite that, having an uncrackable encryption remains hypothetical.
Instead, data security aims for a moving target: difficult enough to crack with present technology that it’s astronomically unlikely anyone would be able to. Yet available computing power continues to increase, turning unlikely into likely. A protocol that today would be considered too complex for even a supercomputer to crack in any reasonable amount of time may be trivial to defeat on consumer-grade hardware in a handful of years.
DES (Data Encryption Standard), a protocol developed by IBM and implemented by government agencies and militaries around the world as recently as the early 1990s, was cracked in less than a day in 1999 by a cluster of thousands of computers working together. By 2016, it was cracked by a single computer using off-the-shelf components, and today, using advanced cryptographic attack methods, DES can be defeated in under a minute with hardware you can pick up at your favorite big-box store. Like their ninth-century counterparts using mathematics to peer behind the curtain of simple substitution ciphers, modern cryptanalysts apply the latest technological advances to accomplish what was previously impossible.
If everyone’s motive in defeating encryption was altruism, this discussion might be academic, but this is not the case. Far from the image of loosely affiliated teenage malcontents portrayed in popular media, hacking in the twenty-first century is big business. With backing from organized crime syndicates and foreign governments, the goals are a lot more sinister than causing a little digital mischief. Your data is a battlefield, and encryption is the arms race.
The cryptographically secure lifespan of a common algorithm known as MD5 was roughly a decade, and the SHA-1 algorithm fared only slightly better. Concerns over vulnerability have contributed to tech giants like Apple, Google, and Microsoft deprecating protocols based on them. The 1.0 and 1.1 versions of TLS (Transport Layer Security) have recently joined Caesar ciphers and DES in the boneyard of obsolete cryptography. These methods once seemed functionally impenetrable, but with subsequent technological advancements, they now offer only moderate inconvenience to a well-resourced attacker.
With the successors already being subjected to the scrutiny of security professionals on both sides of the battle, we can be sure more encryption methods will eventually join them. With the target of “safe enough” advancing, as businesspeople, solution providers, and individual consumers, it’s critical to ensure we keep pace.
Ask your vendors what they’re doing to stay current with the latest data encryption advancements. Remember that not all encryption is equal. Older products relying on encryption methods that were state-of-the-art when they were originally developed are unlikely to offer much protection against an attack today.
When assessing products to sell to your clients or use in your own business, keep in mind that marketing terms such as secure and compliant are only as meaningful as the person or organization making that claim. Savvy consumers should look for products that have been audited by independent security experts. And once you have purchased a solution, make sure you keep it current with vendor-recommended updates. It’s the only way to be certain your data will be as safe tomorrow as it is today.
Matt Bogan is the product manager for Startel, a leading provider of best-in-class contact center solutions. He has been involved in the contact center industry for over fifteen years. Startel’s upcoming CMC 16.0 release incorporates the latest in encryption technology.