Blog
Apple's Spat With Feds Clarifies Importance of Understanding Encryption
By Bill Kenealy | March 17, 2016
Leaving aside the legal and philosophical aspects of the debate, Apple's protracted, public fight with the FBI and the Justice Department over a court order to unlock an iPhone 5C belonging to a terrorist is notable for the amount of attention it has focused on the somewhat arcane issue of encryption. Given this, one thing that has struck me is that while approaching ubiquity, encryption technologies are not well understood, even by those who are conversant in many other aspects of technology.
Indeed, despite the widespread acknowledgment in companies regarding the need to safeguard data, encryption is regarded by many as a subject matter best left to a subset of math-crazed cryptographers, intelligence agencies, IT security professionals and cyber criminals. Those seeking a broad overview of encryption technologies and how they work, should take note of upcoming LNO courses from cybersecurity expert Rafiq Wayani.
As part of a larger course on IT security, Wayani, an experienced systems architect and software engineer, discusses the history and merits of five of the most common encryption protocols in use today. Wayani notes that all encryption schemes are essentially reliant on algorithms to convert electronic data into a form that that is unreadable for users who lack the proper key or password. The similarities end there. For example, one widely used encryption algorithm Triple DES (data encryption standard) uses key sizes of 56, 112, or 168 bits and is symmetric, which means that the same key can be used for both encrypting and decrypting data.
Conversely, another widely used standard, RSA, is asymmetric and relies upon the difficulty of factoring the product of two large prime numbers in order to keep data secure. AES (advanced encryption standard) was developed by the National Institute of Standards and Technology and uses keys of 128, 192 or 256 bits in length. 256-bit encryption is, for now, largely considered impervious to all attacks, Wayani says. Indeed, FBI officials say that they are unable to access the iPhone 5C used by Syed Farook, one of two terrorists who killed 14 people at a party in San Bernardino, California, due to Apple's use of 256-bit AES encryption. "Experts believe that AES will eventually be hailed as the de facto standard for encrypting data in the private sector," Wayani notes in the course.
Irrespective of Apple's legal fate in the case, it is clear that is the use of encryption, and the need for companies to educate their employees about it, will not abate. Just this week Google released data indicating that encryption now shields 77% of the global requests sent to its data centers, up from 52% at the end of 2013. While the complex mathematical equations behind encryption methods are likely to remain inscrutable to most, there may be no better time to afford people in your organization the training they need to gain a deeper understanding of the practical applications of encryption.
