Skip to main content

Handling sensitive data in your company network

Your users create and handle sensitive company data every day, either on their laptops or smartphones. How is this information transmitted and stored securely?

One of the most important tools to secure your data is cryptography. It has to achieve three things:

  1. Confidentiality
    Can it keep your data undecipherable for third parties and therefore private?
  2. Message integrity
    Can it ensure that an attacker is unable to modify your data during transmission?
  3. Authenticity
    Are you sending/receiving data to/from the entity that you are expecting?

How is this done in practice?

image.png

An example of cryptography in practice becomes visible every time you use your web browser. Upon connecting to a website, a green padlock icon appears in the address bar. You can view the security behind the connection by clicking on it, which shows something like:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA256

This tells us the various components of the cryptographic chain that is being used:

image.png

  • TLS: Transport Layer Security, formerly called SSL. The overarching protocol responsible for ensuring your data is secure.
  • Confidentiality
    • ECDHE: Elliptic-Curve Diffie-Hellman Key Exchange: Creates a mutual initial key between your browser and the server. This key is subsequently used for actual data encryption.
    • AES_256: The algorithm that encrypts plaintext to ciphertext, and decrypts it at the receiving side.
  • Authenticity
    • RSA: A signature protocol to verify that you are talking to the website you are expecting on the other side.
  • Message integrity
    • GCM: The encryption algorithm AES256, when used in Galois/Counter Mode (GCM), also ensures data integrity.
    • SHA256: A cryptographic hash function used in various places, for example the handshake.

Now we know what a typical cryptographic protocol consists of – but what is the problem when Quantum Computers come into play?