DRACOON - Data Security

Encryption of data and data transfers

The encryption of protect worthy data as well as the encoded data transfer via network-based transmission methods (LAN; WAN, WIFI, internet) is becoming the norm.
Not without reason there are hardly any unencrypted websites nowadays – the HTTPS-standard has become the routine.
Many browsers mark unencrypted HTTP-sites as “unsafe”.
Even public WIFI-networks are often encrypted with a known password, so as to hide data traffic from third parties.

Messenger-services advertise their products with end-to-end encryption.
Online shops are already legally obliged to only use encrypted payment methods.

The encryption of files and whole data storages has been used in enterprises since decades.
Also, in the private sector more and more encryption technologies are being used – ever more users use the encryption methods in cloud services from US-American cloud providers, in order to protect their files against third parties and to ensure data security.

Basics of encryption

Methods to transform a “plain text” into secret writing, have been known for thousands of years.
Within the information technology all kinds of information can be encrypted: from a simple text document over binary files (executable program files), to multimedia content, whose data can be, for example, decoded against payment (e.g. Pay-Tv or streaming services).

Encryption of Data

In order to encrypt files and documents (PDFs, photos, executable files etc.), the so called EncFS file system is being used in a Unix-like operating system such as Linux or BSD.
Here, the files are provided with a symmetric key that encrypts both the file content and name.
This method is often used in virtual cloud drives.
The user saves his files in an open directory, where they are automatically encrypted and provided in a virtual drive for data transmission over public networks.

In order to encrypt files under Windows, the EFS (Encrypted File System) feature has been integrated since the Windows 2000 version, which makes it possible to encrypt files with on-board resources.

Encryption of Transmission Paths

In order to secure a data transmission (e.g. file transfer or stream), end-to-end encryption is used.
Here the sender initiates an encryption that is only lifted on arrival at the recipient.

All intermediate instances (servers, gateways, etc.) forward the data exclusively in encrypted form and without becoming visible there.
Amongst others this is an important quality feature for messenger services.
Some of these services do not have an end-to-end encryption because the contents may be stored in a decrypted manner on the way to the receiver before being re-encrypted for the recipient.

Encryption within the Cloud

Modern cloud-services also offer end-to-end encryption.
Further information is available in the Whitepaper for client-sided encryption.

App-Data Encryption

In order to encrypt app data, appropriate functions are built into apps, where the encryption operations are carried out without further action by the user.

Encrypted FTP-Alternatives

The encrypted SSH File Transfer Protocol (SFTP) is increasingly replacing the insecure, unencrypted File Transfer Protocol (FTP).
SFTP enables the implementation of different encryptions and is integrated in many programs such as OpenSSH or PuTTY.

Confidential Messages Asymmetrically Encrypted with PGP

The encryption of e-mails with the PGP-method (Pretty Good Privacy) uses an asymmetrical encryption.
Here, two keys are used that have to fit together.

To encrypt a mail a public key is used.
The mail recipient needs the equivalent private key to decrypt the mail.

The advantage of this method is that not only the mail-content is encrypted, but the sender is also identified as the one who he claims to be.

Data Security in the Health Care Sector

The HIPAA-compliance (US: Health Insurance Portability and Accountability Act) is an obligation for all companies involved in the health care system to follow strict rules that should secure the integrity and confidentiality of patient data.

Here, sufficient arrangements need to be made in order to protect information from disclosure.
For this purpose, SafeNet encryption solutions have been created.

With them patient files can be encrypted and only made accessible with multi authentication methods.

DRACOON - Encryption