Difference between revisions of "Encryption"
Kbjarkefur (talk | contribs) |
Kbjarkefur (talk | contribs) |
||
Line 17: | Line 17: | ||
== Encryption at rest == | == Encryption at rest == | ||
Encryption at rest means that, in addition to being transferred securely, the data as it is stored on the server is scrambled in such a way that it is unreadable by anyone, even if they are able to access the file directly. If the data is not encrypted at rest, then anyone who has access to that server can read that data (including, for example, the host company and your team’s administrators). If the data is encrypted at rest, then the data is impossible to read even if someone gained unauthorized access to the database or the files where the data is stored. Encryption at rest uses an authorization tool called a private/public key pair. | |||
Encryption at rest is unfortunately not as easy to implement as encryption in transit. Both encryption use a private/public key pair to make sure that no unauthorized person gets access to the data. Since the time the data needs to be encrypted in transit is so short, the web servers never need to give us humans the key pair. Once the transfer is complete the key pair is discarded and never needed ever again. However, in encryption at rest we encrypt the data at one point in time and will access the data at some later point in the future. The computers therefore has to give the key pair to a human, and as so often, the weakest link is always the human factor. No private/public key pair is secure if the computer that generated the key saves it or is able to re-generate it, so we humans must safe keep the key pair, and if we lose it the data is lost for ever, and there is no way whatsoever to regain access to it. | |||
How encryption at rest is implemented depends on which service you use. So read the instruction specific to your service. See the section on private/public key pairs in this article for instructions to securely store your key pair. | |||
== Public/Private Key Pair == | == Public/Private Key Pair == | ||
* organize information on the topic into subsections. for each subsection, include a brief description / overview, with links to articles that provide details | * organize information on the topic into subsections. for each subsection, include a brief description / overview, with links to articles that provide details |
Revision as of 19:03, 5 March 2019
In today's world of research we are sending data regularly over the internet, and we are storing the data in the cloud. At any point when the internet is involved we expose our data to some risk. There are tools that keeps our data safe, and most of those tools is in one way or another related to encryption. This page is discussing the the concept of encryption, if you are looking for instruction on how to encrypt something at a specific stage of a project, then go to the specific page for that topic. For example, Questionnaire Programming,
Read First
- Almost all encryption depends on a private/public key pair.
- Encryption in transit, i.e. encryption while data is sent over the internet is extremely important, but it is easy to implement so most services do this without you even noticing. There is never a case when not using encryption in transit is at all ok.
- Encryption at rest, i.e. encryption when data is stored on a server or computer, is also important but not as extremely important as encryption at rest. There is no as seamless implementation of encryption at rest as the files are encrypted over a longer period of time, compared to the second or so the file has to be encrypted when it is sent over the internet.
Encryption in transit
This is by far the most important type of encryption, but luckily it is almost always taken care of by the service provider of the service we are using. Survey Solutions, SurveyCTO, OneDrive etc. all take care of this. But if you are using a less well-establish service you should make sure that they use encryption in transit.
If your service provider is using secure transfer methods, you will see https://
in the internet address instead of simply http://
. In reality it is more complicated than that, as page you see in the browser use https://
but the data is sent back and from an API that is using http://
, that can easily be spied on.
You should never send anything of importance over the internet unless the URL starts with HTTPS. Data transferred over an HTTP connection can often be openly read by every server that data passes through. Those servers are controlled by governments and private companies, and hackers can easily tap in to HTTP traffic and read data, copy files, read passwords etc. HTTPS is not the only secure way to transfer data over the internet, but it is the one researchers should know of as we use it frequently. If you set up advanced protocols to send files, you should make sure that they are set up to be secure. For example, if you are using FTP you should be using FTPS.
Encryption in transit has nothing to do with a service requiring a username or password. A password-protected resource can only be requested by someone with the correct password, but that does not protect the resource from being seen by the servers handling it while it being transferred to the authorized user, once they have entered the correct password. What you need to know is HTTP is never secure enough to send data, and that if a data collection service does not encrypt your data in transit, then it should absolutely never be used to send sensitive data.
Encryption at rest
Encryption at rest means that, in addition to being transferred securely, the data as it is stored on the server is scrambled in such a way that it is unreadable by anyone, even if they are able to access the file directly. If the data is not encrypted at rest, then anyone who has access to that server can read that data (including, for example, the host company and your team’s administrators). If the data is encrypted at rest, then the data is impossible to read even if someone gained unauthorized access to the database or the files where the data is stored. Encryption at rest uses an authorization tool called a private/public key pair.
Encryption at rest is unfortunately not as easy to implement as encryption in transit. Both encryption use a private/public key pair to make sure that no unauthorized person gets access to the data. Since the time the data needs to be encrypted in transit is so short, the web servers never need to give us humans the key pair. Once the transfer is complete the key pair is discarded and never needed ever again. However, in encryption at rest we encrypt the data at one point in time and will access the data at some later point in the future. The computers therefore has to give the key pair to a human, and as so often, the weakest link is always the human factor. No private/public key pair is secure if the computer that generated the key saves it or is able to re-generate it, so we humans must safe keep the key pair, and if we lose it the data is lost for ever, and there is no way whatsoever to regain access to it.
How encryption at rest is implemented depends on which service you use. So read the instruction specific to your service. See the section on private/public key pairs in this article for instructions to securely store your key pair.
Public/Private Key Pair
- organize information on the topic into subsections. for each subsection, include a brief description / overview, with links to articles that provide details
Subsection 1
Subsection 2
Subsection 3
Back to Parent
This article is part of the topic *topic name, as listed on main page*
Additional Resources
- list here other articles related to this topic, with a brief description and link