Encryption

Revision as of 19:15, 5 March 2019 by Kbjarkefur (talk | contribs)
Jump to: navigation, search

In today's world of research we are sending data regularly over the internet, and we are storing the data in the cloud. At any point when the internet is involved we expose our data to some risk. There are tools that keeps our data safe, and most of those tools is in one way or another related to encryption. This page is discussing the the concept of encryption, if you are looking for instruction on how to encrypt something at a specific stage of a project, then go to the specific page for that topic. For example, Questionnaire Programming,


Read First

  • Almost all encryption depends on a public/private key pair.
  • Encryption in transit, i.e. encryption while data is sent over the internet is extremely important, but it is easy to implement so most services do this without you even noticing. There is never a case when not using encryption in transit is at all ok.
  • Encryption at rest , i.e. encryption when data is stored on a server or computer, is also important but not as extremely important as encryption at rest. There is no as seamless implementation of encryption at rest as the files are encrypted over a longer period of time, compared to the second or so the file has to be encrypted when it is sent over the internet.

Encryption in transit

This is by far the most important type of encryption, but luckily it is almost always taken care of by the service provider of the service we are using. Survey Solutions, SurveyCTO, OneDrive etc. all take care of this. But if you are using a less well-establish service you should make sure that they use encryption in transit.

If your service provider is using secure transfer methods, you will see https:// in the internet address instead of simply http://. In reality it is more complicated than that, as page you see in the browser use https:// but the data is sent back and from an API that is using http://, that can easily be spied on.

You should never send anything of importance over the internet unless the URL starts with HTTPS. Data transferred over an HTTP connection can often be openly read by every server that data passes through. Those servers are controlled by governments and private companies, and hackers can easily tap in to HTTP traffic and read data, copy files, read passwords etc. HTTPS is not the only secure way to transfer data over the internet, but it is the one researchers should know of as we use it frequently. If you set up advanced protocols to send files, you should make sure that they are set up to be secure. For example, if you are using FTP you should be using FTPS.

Encryption in transit has nothing to do with a service requiring a username or password. A password-protected resource can only be requested by someone with the correct password, but that does not protect the resource from being seen by the servers handling it while it being transferred to the authorized user, once they have entered the correct password. What you need to know is HTTP is never secure enough to send data, and that if a data collection service does not encrypt your data in transit, then it should absolutely never be used to send sensitive data.

Encryption at rest

Encryption at rest means that, in addition to being transferred securely, the data as it is stored on the server is scrambled in such a way that it is unreadable by anyone, even if they are able to access the file directly. If the data is not encrypted at rest, then anyone who has access to that server can read that data (including, for example, the host company and your team’s administrators). If the data is encrypted at rest, then the data is impossible to read even if someone gained unauthorized access to the database or the files where the data is stored. Encryption at rest uses an authorization tool called a public/private key pair.

Encryption at rest is unfortunately not as easy to implement as encryption in transit. Both encryption use a private/public key pair to make sure that no unauthorized person gets access to the data. Since the time the data needs to be encrypted in transit is so short, the web servers never need to give us humans the key pair. Once the transfer is complete the key pair is discarded and never needed ever again. However, in encryption at rest we encrypt the data at one point in time and will access the data at some later point in the future. The computers therefore has to give the key pair to a human, and as so often, the weakest link is always the human factor. No private/public key pair is secure if the computer that generated the key saves it or is able to re-generate it, so we humans must safe keep the key pair, and if we lose it the data is lost for ever, and there is no way whatsoever to regain access to it.

How encryption at rest is implemented depends on which service you use. So read the instruction specific to your service. See the section on private/public key pairs in this article for instructions to securely store your key pair.

Public/Private Key Pair

Almost all encryption uses some version of private/public key pair, but in many cases you do not have to worry about them. For example, in encryption in transit temporary keys are created by the server and then thrown away once the transfer is complete. Each time you browse the internet this happens hundreds of times, but you do not need to worry about it as the server can keep the key pair for the short duration of the data transfer. However, the server cannot securely do that if the encryption should be used over time, such as in encryption at rest, so then you must keep your own private key.

The keys in the private/public key pair is either a string or a small file. There is a complex mathematical relationship between the two keys (that we never need to understand) that allows anyone with the private key to decrypt anything someone with the public key has encrypted.

It can be described as a vault with two doors. One door has a tiny opening where you can only put things in to the vault but not take anything out. To open this door you only need the public key, and since that door cannot be used to take anything out of the vault, it is safe for multiple people to have this key. The second door is a big door that can be used to take out all the content of the vault. For this door you need the private key, and it is therefore very important that access to the private key is very restricted.

Exactly how the private/public key pair is created differ depending on the service you are using, but the following principles should always be the same:

  • If you lose your private key there is absolutely no way of decrypting your data ever again. Your data is lost forever.
  • The key pair can only be created once. Any services that claim to be able to re-generate the private key for you are not safe: this is equivalent to them having your password. This either means that the data is not properly encrypted or that they saved a copy of your private key which gives them full access to your encrypted data.
  • It is perfectly fine if the service keeps a copy of your public key. This allows them to encrypt new data as it is coming in. Some services only give you the private key and you do not have to worry about the public key. It depends on the context.
  • Most services provide a convenient way of decrypting your data, but if you are not asked for the key every time the data is viewed or decrypted, then your data is not encrypted properly.

The main burden with this type of encryption is that you need to keep a lot of keys safe and well-organized (one for each encryption object); and you can never store, organize, or transfer them using unsecure methods like email or Dropbox. However, there are tools that are convenient to use for this purpose as well as store your keys themselves safely. These are called password managers.

Storage of passwords and private keys

There are many solutions to storage of private keys and passwords that are both safe and convenient to use. Some of them even allows you to safely share passwords and keys across multiple accounts. The solution we are recommending is a software tool called password managers.

There are many password managers out there, and if you are already using one and are comfortable with it you can keep using it. We have identified one password manager that satisfies all requirements we think a research team will ever need and that is free to use for all its basic features. That password manager is LastPass. Note that it will promote its paid tiers to you (and which you may decide to prefer), but there is a free tier that you can use that will satisfy the typical needs of a research team if you create an account for the group.

Password managers can help you randomize passwords so that you have long strings that are impossible to guess as passwords. Since the password manager keeps this password for you, you will not need to memorize it, so it is not a problem that it is a long string that is impossible for a human to remember and you can easily have a different long random string for each account you have.

Some password managers allows you to store small text files or string fields which may be needed as private/public key pairs sometimes comes in the format of files. LastPass can save keys as small text files files or as strings for you as secure notes, which you can also use for other important information, like noting which encryption container the private key is for.

Some password managers allows you to share passwords across accounts. This is great feature as if one person updates the password then everyone else has the updated password in their account immediately. Sharing passwords or sharing passwords to many accounts are sometimes a paid feature, and one way around this is that the research team creates one account and share access to that account. However, make sure to not share this account to more people than who really needs it.

Back to Parent

This article is part of the topic Data Security