IAPP CIPT – Privacy in Systems and Applications Part 2

4. Data Encryption

Crypto design and Implementation Considerations deploying encryption for an organization is not an easy task. Different types of encryption may be deployed depending on the scenario, contractual agreements, or regulatory requirements. Encryption size may increase the number of bytes needed for storing the data. When using block chippers such as RSA or Advanced Encryption Standard or AAS, the size of the chipper text will be multiples of the block size.

For example, if the text being encrypted has four bytes and the block size is 16 bytes, then the encrypted text will be 16 bytes. Quadrupling the size. Encryption Performance the act of encrypting and decrypting data will add time to all other processing that will occur for data. The time it takes to encrypt a block of data will depend on the type of encryption being used, speed of processor, size of the data, and the size of the encryption key. Complexity the degree of complexity encountered when encrypting data will depend on how the encryption is implemented.

Using an application that performs the encryption with just a few settings will simplify deployment. When creating a line of business application that use encryption, the implementation will be more complex. Utility when a piece of data is encrypted, only a limited set of operations can be performed on the original value, and those operations require special computing functions. For example, performing, searching, sorting, mathematics, or modeling are all much more difficult on encrypting data. Applications Encryption many applications provide built in encryption. Alleviating the need for developing encryption routines, databases, word processors, email programs, and communication programs are examples of applications that provide encryption services as part of their list of features. This can be a huge benefit for organizations that do not have the resources to develop encryption features for their own applications.

The drawback to using built in encryption is there is often little choice in the type of encryption that can be applied to the data. Record versus Filled Encryption Record encryption encrypts one record at a time within an entire data set. For databases, this would represent a row in a table. This type of encryption can provide better protection than disk, file or table encryption because the protection is more granular. If an assailant gains access to an encrypted disk, file or table, more data will be accessible to the azalem than if record based encryption is used where each record is encrypted with a different keyword sold. Field encryption provides the ability to encrypt only sensitive fields within a record while leaving other less sensitive fields unencrypted. For example, a customer table might have the name, account ID, addresses and phone numbers in the clear, but encrypt the credit card and Social Security numbers. The last four digits of a credit card number or Social Security number may exist in the clear in a separate column to permit identifying records when there is a need to perform customer support functions while leaving the remaining value protected. File Encryption File encryption covers the encryption of the entire contents of a file.

A file can be encrypted in several ways. Password Protection this method accepts a password from the user, which is typically applied to the creation of an encrypted key used for encrypting a file. This is a simple method for encrypting a file, as the user does not have to learn an encryption algorithm or deal with managing encryption keys. The user will have to share the password with anyone who needs to access the file. Care should be taken to prevent leakage of the password or to rotate the password on occasion to prevent previously stolen keys from working. Third party Program this method requires that the third party program be used to encrypt and decrypt the file. The user can pick the type of encryption to be used based on the level of protection desired, understanding that the cryptographic performance and size of the file will be impacted by the type of encryption chosen and DRM.

Digital Rights Management this mechanism can encrypt the file as well as restrict the operations that the receiver of the file is able to perform. For example, a user may be able to read the file but not print it out or share it with anyone via email. Rights management requires that users have access to the Rights management service in order to access documents. There may also be a requirement that the service hold a copy of the encryption keys, giving the service access to the file. This Encryption this technology provides the ability to encrypt the entire hard drive on a computer. This is one of the simplest ways to mitigate the risk of data being inappropriately accessed.

If a computer is stolen, most people aren’t aware that even though a person may not be able to log into the computer, the hard drive can be removed and the data on it easily read. Another risk is the loss of the password used to encrypt the drive, which would cause loss of all the data on the disk. To mitigate that risk, important data should always be backed up and that includes password. Lux Disk Encryption Linux Unified Key Setup is a disk encryption specification that can be used to encrypt an entire disk. The key file for a Lux encrypted drive can be stored on a USB key. This can provide protection if a computer is stolen or confiscated. Encryption Regulation There are several regulations that govern the encryption of data. Most national privacy laws suggest the use of encryption as a means for protecting personal information. Be aware that some countries have regulations against encryption in order to enforce censorship.

There are some examples of industry specific encryption regulations on the slide basal Free requires mandatory encryption for financial reporting data and other related sensitive information at rest and in transit. HIPAA suggests the use of encryption technology to help ensure the confidentiality of patient health information. PCI DSS requires encrypted transmission of cardholder data across open public networks and financial instruments, and exchange Law of Japan requires encryption of sensitive data related to financial reporting in public. Cryptographic standards fall into three categories asymmetric, symmetric and hashes. Each has its own benefits and weaknesses. It is important to understand the scenarios where each category of cryptography is practical.

Asymmetric or public key encryption uses a different key for encryption and decryption. An individual looking to share encrypted messages would generate two keys for himself or herself one to encrypt messages and one to decrypt them. The encryption key is typically called a public key as it can be shared with the general public. People who wish to send this person protected messages would encrypt the message with the public key. He or she would use the other key called the private key, to decrypt the message. This encryption method ensures that only the person who can read the message is the intended recipient. ERSA and Algoma are examples of asymmetric encryption algorithm. Symmetric encryption uses the same key for encryption and decryption.

This is a more practical means for encrypting large blocks of data and data to be shared with multiple people. Key distribution can be an issue as losing the key will expose encrypting data to anyone who has the key. Asymmetric encryption is a good means for sharing symmetric encryption keys. Data encryption. Standard, Des and AES are examples of symmetric encryption algorithms.

Hashing Functions hashing provides the ability to encrypt data so it can never be decrypted. This technique is valuable for encrypted sensitive data such as credit card or Social Security numbers that do not need to be decrypted. The beauty of hashes is that a lookup can be performed on a record that uses a hashed value as an index by getting the original value, hashing it and performing the lookup. The idea is that only the owner of the value ever knows the original value.

5. Other Privacy enhancing technologies

Automated data retrieval. Users who have access to a database often have access to the entire database or table where records they need to retrieve are stored. This may give them access to records or fields within a record that are not needed for the employee’s job. By using a form or application between the employee and the database, the user can be prevented from accessing data without authorization. When employees have access to personal data, it is often difficult to determine if each time an employee views a personal data record, it is a legitimate access. One way to mitigate the risk of improper data access is to limit the viewing of personal data to one record at a time and tie the record access to a work order or other task that validates the employees need to access a record.

For example, whenever a customer calls customer support, a tracking record is created for the call. The employee handling the call will be able to view a customer record as long as there is an associated tracking record for the access. Automated system audits can be used to validate system logs to ensure that each access to customer record has an associated customer call records. Data masking is a means of permitting parts of a sensitive value to be visible while leaving the remainder of the value shielded from view. Masking a Social Security number or credit card number is a common example of this privacy technique.

It is important to note that for the best protection, a value should be stored mask instead of just masking it when it is displayed. Consumer application often exposed the last four digits of a credit card number or Social Security number for identity verification while leaving the remaining digits masked. The last octet of an IP address is often removed to reduce the risk of identifying the owner of the address while still allowing programs to discern other characteristics of the IP address. When entering a password, the password characters are masked by a character such as an asterisk, so the user can see how many characters were entered. Obfuscation is a means of hiding the contents of value while maintaining its utility. Password masking where the original value is obscured, but something can still be known about the value is also a means of obfuscation.

Obfuscation can be performed by encrypting a value, performing simple math on the value, or changing the value’s precision. Hashing a password before storing it protects the original password but permits the hashed value to be used for password verification by hashing the password whenever it is presented by the user. Care must be taken when using obfuscation as a means of hiding the identity of an individual. Because identification can occur when office gated data is combined with other data. For example, a simple zip code combined with a person’s birth date and gender provides a high probability of identifying.

A person data loss prevention helps to ensure that sensitive data is not inadvertently released to the wrong person or entity. With so many ways for data to leak out of an organization, a multipronged approach should be taken to minimize DLP that includes the following policies and training getting employees to do the right things begins with the creation of policies and practices that describe desired expectations around DLP, followed by training in the policies and practices for avoiding DLP. Physical Security limiting physical access to sensitive areas in computers that contain sensitive data is an important policy.

Access Security all data should have access controls to help prevent inappropriate access. Hardware constraints limit the movement of hardware. For instance, the attempted removal of a desktop computer should be scrutinized. The use of personal devices and USB drives should be limited. Network monitoring networks can be protected with encryption firewalls, intelligent routers, and data monitors.

The Tort attempts to send sensitive data outside the company software tools on personal computers and devices, software such as antivirus protection, data encryption, data monitors, and block protocols, closed ports and rights management can help prevent data loss. As technology advances, so will the number of possible exploits that can result in data loss from an organization. Current trends in DLP tools as well as new threats, should be periodically examined to determine how they might impact an organization’s DLP strategy.

• Category: Uncategorized