Encryption | CompTIA Tech+ FC0-U71 | 6.4

Encryption is a key element in protecting sensitive data in today’s digital world.  In this post, we’ll cover the following:

• Plaintext vs. ciphertext
• Data at rest encryption (file-level, disk-level, and mobile devices)
• Data in transit encryption (email, HTTPS, VPN, and mobile applications)

By the end of this post, you’ll have a solid understanding of how encryption is applied in various real-world scenarios.

Plaintext vs. Ciphertext 

To understand encryption, we need to start with the basics:  plaintext and ciphertext.

• Plaintext
  • Plaintext is data that is readable by humans and computers without any special decryption or decoding.
  • Examples include emails, word documents, and messages before they are encrypted.
  • Plaintext is vulnerable because anyone who intercepts the data can easily read it.
• Ciphertext
  • Ciphertext is the result of encrypting plaintext.  It appears as a jumble of seemingly random characters.
  • To convert plaintext into ciphertext, an encryption algorithm (or cipher) and a key are used.  Only someone with the appropriate decryption key can revert ciphertext back into its original plaintext form.

Real-World Example:  Imagine sending an unencrypted email over the internet.  This email is in plaintext, meaning anyone who intercepts it can read its contents.  If you encrypt the email, however, the email content becomes ciphertext.  Only the intended recipient, who has the decryption key, can read the email.

Transitioning from plaintext to ciphertext is the foundation of securing sensitive information.  Let’s now look at where this encrypted data resides.

Data at Rest Encryption

Data at rest refers to data that is stored on a device or medium and is not actively moving from one location to another.  Encrypting data at rest ensures that it remains secure even when the device is off or if the physical storage is compromised.  There are different levels of encryption for data at rest.

File-Level Encryption

File-level encryption protects individual files by encrypting them independently.  Each file is encrypted with its own key, ensuring that even if one key is compromised, it does not grant access to other files.

• Use Cases
  • Protecting sensitive documents like contracts, reports, or spreadsheets on a personal computer.
  • Ensuring that specific files on shared network storage are only accessible to authorized users.

Real-World Example:  A financial department encrypting spreadsheets that contain payroll data.  Even if someone gets unauthorized access to the file system, the encrypted files remain protected.

Disk-Level Encryption

Disk-level encryption, also known as full-disk encryption (FDE), encrypts the entire storage device, including the operating system, applications, and files.

• Use Cases
  • Protecting entire hard drives on laptops or desktops in case of theft or loss.
  • Ensuring all data on backup storage devices (like external hard drives) is encrypted.

Real-World Example:  Many modern laptops use technologies like BitLocker (for Windows) or FileVault (for macOS) to provide disk-level encryption.  If a laptop is stolen, the thief cannot access the data on the encrypted hard drive without the decryption key or password.

Mobile Device Encryption

Mobile devices, such as smartphones and tablets, are often vulnerable to theft or loss, making encryption crucial.

• Use Cases
  • Encrypting sensitive data on mobile devices, such as contacts, emails, or banking apps.
  • Ensuring that mobile devices used for business (BYOD:  bring your own device) are secure.

Real-World Example:  Most smartphones today come with built-in encryption options.  For instance, Android and iOS encrypt the entire device by default, ensuring that sensitive data, like financial apps or work-related files, cannot be accessed without a proper passcode or fingerprint.

Encrypting data at rest – whether at the file, disk, or mobile device level – is essential to securing information from unauthorized access.  Next, let’s look at how encryption works when data is being transmitted.

Data in Transit Encryption

Data in transit, also called data in motion, refers to data actively moving from one location to another, whether across the internet, a private network, or even between devices.  Encrypting data in transit ensures that no one can intercept and read the data while it’s being transmitted.

Email Encryption

Emails are one of the most common forms of communication, but sending emails without encryption is like sending a postcard in the mail – anyone who intercepts it can read its contents.

• Use Cases
  • Encrypting sensitive emails between business partners or clients.
  • Preventing email interception in transit over public or untrusted networks.

Real-World Example:  Protocols like Secure/Multipurpose Internet Mail Extensions (S/MIME) or Pretty Good Privacy (PGP) encrypt email contents, making them unreadable to unauthorized parties.  Only the intended recipient, who has the decryption key, can access the email content.

HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is a secure version of HTTP used to encrypt data transmitted between a web browser and a server.

• Use Cases
  • Securing sensitive web transactions, such as online banking or shopping.
  • Ensuring the confidentiality of login credentials, form submissions, and any sensitive data transmitted over a website.

Real-World Example:  When you see the padlock icon in your browser’s address bar, it indicates that the website is using HTTPS.  This ensures that any information you submit – like your credit card number during an online purchase – is encrypted, preventing eavesdropping.

VPN (Virtual Private Network)

A VPN creates a secure tunnel for data to pass through, encrypting all information traveling between the user’s device and the internet.

• Use Cases
  • Encrypting data when accessing the internet over public WiFi networks.
  • Ensuring secure communication between remote employees and their company’s network.

Real-World Example:  A remote worker accessing corporate resources while on a public coffee shop WiFi will use a VPN to secure their connection.  The VPN encrypts all their traffic, ensuring that no one on the public network can intercept sensitive information like work emails or project data.

Mobile Application Encryption

Mobile applications, especially those that deal with sensitive data, often encrypt data in transit to ensure that information like login credentials or personal data is protected.

• Use Cases
  • Protecting personal information (e.g., login credentials, credit card numbers) when using mobile apps.
  • Ensuring secure transactions and communications between mobile apps and servers.

Real-World Example:  Most mobile banking apps use encryption to protect customer information while it is transmitted between the app and the bank’s servers.  This ensures that sensitive data, such as account numbers or transaction details, cannot be intercepted by malicious actors.

Conclusion

To wrap things up, encryption plays a crucial role in protecting sensitive data both when it’s stored and when it’s transmitted.  Here’s a quick recap:

• Plaintext is human-readable, but it’s vulnerable to interception.  Ciphertext is what we get after encrypting plaintext, rendering it unreadable without the right decryption key.
• For data at rest:
  • Email encryption secures sensitive email content.
  • HTTPS ensures safe communication between browsers and websites.
  • VPNs encrypt all traffic between a device and the internet, protecting users on untrusted networks.
  • Mobile app encryption secures the data transmitted between mobile applications and their servers.

Understanding these common encryption use cases is essential to safeguarding sensitive information and is a key component of the CompTIA Tech+ certification exam.