Zivver achieves DCB0129 status for NHS Clinical Safety Risk Assesment
Most people don't realize how easily an email can be sent to the wrong recipient. A typo in the address, a mistake in the configuration of a server, the wrong name selected from the automatic address book: they are all simple and common mistakes. In addition to the human error element, there is always a risk that hackers could compromise the mail server of a provider and potentially access any of the emails hosted on the network provider’s server. That’s why people should always use encryption when sending messages electronically. Using encryption reduces the likelihood that the wrong person will have access to a message with sensitive (personal) data. Read on for a short explanation about this interesting topic.
What is encryption?
Encryption is the encoding and decoding of data. When sent using an encrypted method and by using mathematical techniques (algorithms), electronic messages are made unreadable to unintended recipients. Only the individual with the corresponding mathematical formula can access the original message in a readable format. This mathematical formula is referred to as the key.
For starters, it is important to be aware that there are different forms of encryption. The first variant is symmetric encryption. This form of encryption requires the sender to exchange a key with the intended recipient beforehand. That key converts all data from readable to unreadable text and can only be reinstated to readable text by using the same key. The key is often a set of data, which works optimally if it is randomly generated.
The complexity about symmetric encryption is that you also have to store the key somewhere and it should only be accessible to the person who requires the key. The best analogy to this scenario is the use of a password on a computer. With the correct combination of letters, numbers or alphanumeric characters, you will be able to log-on to the computer. Another individual without the password details, however, will be unable to do that. One disadvantage with this system, naturally, is that if an unauthorized person manages to get their hands on this key (the password), the security measures in place are no longer effective.
Symmetric encryption is, for example, included with services that store encrypted data for a user (think of a backup in the cloud). The key always remains in the user's hands.
Asymmetric encryption does have some similarities to symmetric encryption: it makes data unreadable to unauthorized recipients while also making it readable to others with the correct key. Where it differs is that the recipient's key is not the same as that of the sender. This means they do not have to share the key. The data is made unreadable with a public key and a recipient uses their own personal key to make the data readable again. For two-way communication, you need two key pairs. Each party gives its visible half to the other.
Let’s use an example to illustrate how this system works in practice. Suppose Alice wants to send an electronic message to Bob. Bob is already in possession of a public key as well as a private key. Bob provides Alice with his public key information. She uses this key to encrypt the message before sending it to Bob. Bob then decrypts the message with his own private key to access the message.
A public key can be provided openly (it’s technically in the name). You can make it available on a public website as well as via a so-called key server. This enables anyone who wants to encrypt a message to easily access the appropriate public key. Meanwhile, the private key details are never disclosed, just like a personal password.
In some circumstances, asymmetric encryption can also facilitate data to be signed digitally. In this scenario, the private key generates a signature, after which the public key is used to authenticate it. When combined in this way it is practically impossible to send an email in someone else's name.
Asymmetric encryption is particularly useful when using the Internet, for example to establish a secure (HTTPS) connection between a browser and a website. It also enables you to establish a secure connection to remote servers. A computer uses this form of encryption too, when there are software updates that require a signature. As a result, the system knows automatically that the software comes from a trusted party.
Of course, asymmetric encryption also has its disadvantages. It is possible, for example, to intercept an encrypted connection by means of a so-called man-in-the-middle (MITM) attack. The MITM attack works as follows: if you want to send a message, you receive a public key to set up a secure connection. But with a MITM attack, you are actually communicating with a different party than your intended recipient. This party gives you their own public key and gives the person you want to communicate with a different public key, claiming that it is yours. With this method, they can intercept and read the data that is sent. That is far from an ideal situation when you send your bank details, for example. The only thing you can do to prevent this, is to first ensure that you have the correct public key details before transmitting any messages.
Do you want to know how we solved this problem at Zivver? Our team will be happy to explain it to you. Send your enquiry to email@example.com and we will get back to you as soon as possible!
Zivver’s encryption and privacy by design
Are you curious how Zivver uses asymmetric encryption and shapes privacy by design? Click here for more technical information about our innovative security solutions.