Encryption

Encryption is a method for protecting the confidentiality and integrity of data. The following are some features of encryption:

  • Encryption changes a legible format to an illegible format using symmetric and asymmetric methods in order to prevent interceptors from reading the information.
  • Encryption is a process that depends on the sharing of a mutually established key, or that is carried out through a private/public key set.
  • The currently accepted National Institute of Standards and Technology (NIST) standard for strong encryption algorithms is Advanced Encryption Standard 256-bit (AES256-bit).

In encryption, algorithms are used to transform data input called plaintext into an unreadable format called ciphertext. Only the user who possesses the decryption key can transform the ciphertext back into the original plaintext. Encryption is an effective way of preserving the confidentiality and integrity of an organization's data.

Several common types of encryption can be used based on the requirements of an organization. Symmetric-key encryption requires communicants to have the same keys in order to encrypt and decrypt communications. Public-key encryption has a public encryption key, but in order to read (decrypt) messages, the receiving communicant must also have the decryption key. Organizations and individuals use encryption as a means for safeguarding their sensitive data. Additionally, many device manufacturers are including encryption as a built-in tool, as seen with smartphones.

Encryption is a concern for digital forensics examiner when possible evidence is on an encrypted device, like a smartphone. Special techniques must be followed to gather readable data, either by decryption or other means. During an investigation, when encrypted files or data are located, an examiner needs to ascertain the level to which a device is encrypted. There may only be a few encrypted files, or the entire hard drive disk may be protected (full disk encryption).

Since decryption can be time-consuming, there are a couple of quick checks to follow that may unlock encrypted areas, including checking for passwords and looking for file copies. People will often use the same passwords for multiple purposes, so if any of a user’s passwords can be retrieved, they can be checked against the encryption tool (e.g., web browsing passwords). Since a copy of a modified or deleted file is retained in memory until it is overwritten, there may be an older version of a file (that is now encrypted), which can provide information to an investigation.

References

Balogen, A. M., & Zhu, S. Y. (2013). Privacy impacts of data encryption on the efficiency of digital forensics technology. International Journal of Advanced Computer Science and Applications, 4(5), 36–40. https://arxiv.org/ftp/arxiv/papers/1312/1312.3183.pdf

Casey, E., & Stellatos, G. J. (2008). The impact of full disk encryption on digital forensics. ACM SIGOPS Operating Systems Review, 42(2), 93–98. http://dx.doi.org/10.1145/1368506.1368519

Check Your Knowledge

Choose the best answer to each question:

Question 1
Which parts of the CIA triad does encryption protect?
confidentiality and nonrepudiation
confidentiality and integrity
availability and authentication
confidentiality and availability
Question 2
Which of the following is true of encryption?
Encryption uses symmetric and asymmetric methods.
Encryption depends on the sharing of mutually established keys.
Encryption is not currently accepted by the NIST.
The first two answer choices are both true.
The first and third answer choices are both true.
Question 3
Which of the following encryption schemes are based on the concepts of substitution and permutation?
symmetric and asymmetric
symmetric and AES
asymmetric and AES
AES only
Question 4
Which of the following encryption schemes is based on the concept of solving difficult mathematical problems?
symmetric
asymmetric
MDA
RSA
Question 5
Which of the following is the most commonly used type of symmetric-key cipher?
stream cipher
RSA cipher
block cipher
none of the above
Question 6
Which of the following is the most well-known symmetric-key encryption?
RSA
DES
AER
RC4
Question 7
Stream ciphers encrypt plaintext one bit at a time. Which of the following is not true of stream ciphers?
The keystream needs to appear to be a stream of random numbers.
If the keystream is random, the ciphertext that is generated will also be random.
The key needs to be long enough to ward off brute-force attacks—at least 128 bits.
A stream cipher with a properly designed pseudorandom number generator cannot be as secure as a block cipher of comparable key length.
Question 8
Which of the following uses a stream cipher?

SSL

TLS
WEP and WPA
all of the above

Licenses and Attributions

Encryption from Wikimedia Commons is in the public domain. UMGC has modified this work.