We usually want to back up the most important files and other types of data that we currently have. In fact, we want to protect our data against the threats of computer viruses, ransomware, and even hard disk drive malfunction. While there are many computer data storage options available out there, we usually chose either the best cloud storage option or the best cloud backup service provider to store the critical data that we want to keep.
However, certain questions still remain. How can we be assured that all of the files, critical data and sensitive information that we store in the cloud remain secured? How can we be sure that our privacy is not violated? How strong are the data encryption procedures being implemented by a certain online backup service? Because of these issues, we want to explore the different types and methods of data encryption that are previously used as well as the data encryption algorithms that are being currently used in the data security industry. If you are interested to know more, then I suggest you read the entire article as I will discuss the 5 types and methods of data encryption.
Data Encryption Method #1: Data Encryption Standard (DES)
The Data Encryption Standard (DES) is one of the oldest versions of data encryption systems that have been previously massively used. It was first developed by IBM in the early part of the 1970s to address the data security needs of the information technology industry. It was later submitted to the National Institute of Standards and Technology (NIST) in order to gain credibility and recognition from the public and from the data security industry.
In 1976, an opportunity arose for IBM to introduce the data encryption model they have produced to the intelligence gathering community of the government of the United States. They consulted the National Security Agency about the data encryption method and made some changes to the existing data encryption system. It was strengthened against the code-breaking capabilities of differential cryptanalysis but such change made the data encryption weaker against possible brute-force attacks. One year later, in 1977, the Data Encryption Standard (DES) became a Federal Information Processing Standard.
The data encryption method uses a 56-bit key size which in today’s standard is too small to withstand the computational powers of the supercomputers built in this new generation. It runs on 64-bit block size and performs 16 rounds of data transformation. It follows the Balanced Feistel Network cypher structure.
In 1999, two companies collaborated to publicly show that the Data Encryption Standard can actually be broken. They succeeded and actually were able to break a DES key in just 22 hours and 15 minutes. That time frame is less than a day. Imagine how things would be if we try to break a DES 56-bit key code today. It could probably just take 1 minute to beat the encryption. For this reason, the recognition of becoming the first Federal Information Processing Standard (FIPS) was fully withdrawn.
Data Encryption Method #2: Triple DES
The Triple DES data encryption method is actually the improved version of the Data Encryption Standard. It uses the same principle as the DES but the process is repeated 3 times to 3 different DES 56-bit keys. The hackers need to break 3 different DES keys first in order to access the data. In theory, the data can be more secure with this type of data encryption system. However, since it uses the same principle as the earlier version, it can easily be cracked wide open by brute-force especially with the development of supercomputers.
Since it has 3 different 56-bit DES keys, it can be presumed that the Triple-DES data encryption has a 168-bit key size. However, based on the analysis of the experts, because of the discovery of the Meet-In-The-Middle (MITM) attacks, the efficiency of the key size can only be comparable to a 112-bit key in terms of data encryption strength. Thus, it can still possibly be broken by hackers with enough computational power support from supercomputers. As a matter of fact, in one research paper written by Elaine Barker of the NIST in January 2016, the Triple-DES has only an 80-bit key of actual data encryption key strength.
Although we now consider Triple DES as weak, there are certain industries such as the financial services that still partly use this particular data encryption system in some of their programs. ATM machines, Point-of-Sale (POS) terminals as well as EMV chips in debit cards and credit cards are some of the applications of the Triple-DES data encryption system that are still widely available today. One reason why Triple DES is not applicable in encrypting data that are stored in the cloud is that it works slower but is a more secure type of encryption than the DES since the data needs to be encrypted 3 times. This means that it undergoes 48 rounds of data transformation on 64-bit block size making the Triple-DES system very slow.
Data Encryption Method #3: Advanced Encryption Standard (AES)
Since Triple DES is not enough to answer the data security needs of the rapidly evolving landscape of information technology, The Advanced Encryption Standard (AES) was invented in 1998. Three years later, it was already included in the Federal Information Processing Standard (FIPS) of the NIST in 2001. One year later after such inclusion in the FIPS, the AES data encryption system was also included in the ISO/IEC 18033-3 standard in 2002 after it has been approved by the Secretary of Commerce.
Because this particular data encryption system has gained several recognitions from the U.S. government, it has been massively adopted worldwide by companies across various industries. As of the moment, the Advanced Encryption Standard (AES) is the data encryption method being implemented by various government agencies, military institutions as well as the financial industries across the globe.
There are currently 3 different types of AES data encryption systems. First, we have the 128-bit key AES encryption system. It works by undergoing 10 rounds of data transformation to create a ciphertext from the plaintext. Second, we also have the 192-bit key AES encryption system which works by letting the plaintext converted to the ciphertext in 12 rounds of data transformation. Third, we also have the 256-bit key AES encryption system which allows the plaintext to be converted to a ciphertext through 14 rounds of data transformation. All of these types of AES encryption systems use the 128-bit block size which makes it harder for hackers to exploit than the DES and Triple DES data encryption systems. The AES encryption method follows the Substitution–permutation network cypher structure.
Throughout the years, various research papers have been published exploring the weaknesses of the AES data encryption systems. For the 128-bit AES data encryption model, there is a published research study in 2009 of a theoretical possibility than can actually break the encryption system. However, you should note that the code can only be broken if it uses only 8 rounds of data transformation. We might as well laugh at this particular study since the weakest version of the AES at 128-bit key uses 10 rounds of data transformation.
In both theory and practice, the code is considered to be unbreakable. The practicality of the theories presented in breaking the code is deemed to be very inefficient and ineffective. Even with the emergence of supercomputers with vast computational powers, the 128-bit key AES data encryption system can’t still be broken.
For this reason alone, most of the best cloud backup service providers are currently using the AES data encryption system. Look at the table below to learn more about the online backup service providers offering the AES data encryption system and other types of data encryption.
Data Encryption Method #4: Blowfish
The Blowfish data encryption system was actually created by Bruce Schneier in 1993 and was patterned after the Feistel Network cipher structure. Using this data encryption method, a plaintext is running on 64-bit block size and performs 16 rounds of data transformation during the encryption process.
Since it uses a 64-bit block size, it is weaker compared to the AES encryption system which actually uses 128-bit block size. It also uses a variable encryption key system ranging from 32-bit keys to 448-bit keys. Aside from that, it is also slower than the AES because the Blowfish data encryption method uses 16 rounds of data transformation. Even the strongest 256-bit key AES encryption system performs only 14 rounds of data transformation.
It is vulnerable to birthday attacks. Because of the small block-size being used by the Blowfish, you should not use this particular data encryption method for encrypting files larger than 4 GB as prescribed by the GNU Privacy Guard. Because of this, the Blowfish data encryption technology is inefficient and ineffective in terms of strength and performance.
Data Encryption Method #5: Twofish
In order to address the problems that the Blowfish data encryption exhibits, Bruce Schneier invented the Twofish system in 1998. It combined the best features of the AES encryption system and the Blowfish encryption system. Just like the AES encryption system, it uses the 128-bit key, 192-bit key, and 256-bit key running on 128-bit block size. On top of that, just like the Blowfish, it uses 16 rounds of data transformation.
Twofish is more secure than the AES data encryption system since Twofish uses 16 rounds of data transformation regardless of the size of the encryption key as opposed to the maximum 14 rounds of data transformation in AES for the 256-bit key size. However, Twofish is much slower than AES because of the number of rounds in data transformation.