Encryption Fundamentals for System Security and Data Protection

Securing communication channels with protocols like TLS (the foundation of HTTPS) ensures that data is transmitted securely between systems.

However, true data protection extends beyond transmission. Information must remain secure not only during transmission but also when stored or backed up. This is where encryption becomes essential; it ensures that even if unauthorized parties gain access to data, they cannot understand or misuse it.

In this lesson, we’ll build on that foundation by exploring the fundamentals of encryption and understanding how symmetric and asymmetric encryption techniques, along with hashing, work together to protect data both in transit and at rest.

Introduction to cryptography

As we’ve discussed earlier, secure System Design relies on principles like the CIA triad, strong authentication and authorization, and protected communication channels.

These mechanisms ensure that systems can verify identities, control access, and protect communication channels. However, there’s still a critical piece that underpins all these layers, the ability to make data unreadable to unauthorized entities, even if it’s exposed.

That capability comes from cryptography.

In System Design, cryptography serves as the mathematical and logical foundation that reinforces the security guarantees of the entire architecture. It ensures that confidentiality, integrity, and authenticity are mathematically enforced through transformations and verifiable cryptographic operations applied to the data.

Whether information is being transmitted, stored, or processed, cryptography ensures it remains protected against unauthorized access or tampering.

The following diagram illustrates the typical application of different cryptographic methods within a System Design architecture, spanning from user interactions to data storage.

Now, let’s start with symmetric algorithms, the workhorse of data encryption.

Symmetric encryption

Symmetric encryption, also known as secret-key encryption, is a straightforward and powerful cryptographic method.

It uses a single key for both encrypting (locking) plaintext into ciphertext and decrypting (unlocking) ciphertext back into plaintext. Imagine you and a friend share a unique, physical key to a mailbox. You can use the key to lock a message inside, and your friend can use the exact same key to unlock it.

Anyone without that specific key is out of luck.

The primary advantage of symmetric encryption is its speed and efficiency. The algorithms are computationally less intensive than their asymmetric counterparts, making them ideal for encrypting large volumes of data. This is why they are frequently used for tasks like full-disk encryption, database encryption, or securing large files before transmission.

However, symmetric encryption faces the significant challenge of key distribution.

How do we securely share the secret key with the intended recipient without an adversary intercepting it? If the key is compromised, the entire security of the encrypted data is lost. This is the central problem that secure key exchange protocols aim to solve, which we’ll touch on later.

There are many symmetric encryption algorithms, such as DESData encryption standard, an early symmetric encryption algorithm that became outdated due to its short 56-bit key length, making it vulnerable to brute-force attacks. and 3DESTriple DES, an enhanced version of DES that applies the algorithm three times for better security, but is slower and still less efficient compared to modern standards like AES., but each has its own limitations. To provide a ...