LE3.1.1.4
STANDARD METHODS FOR ENCRYPTION AND DECRIPTION
WHY YOU NEED TO ENCRYPT INFORMATION
In Regulation (EC) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of information, published in the Official Journal of the European Union on 4 May 2016, encryption is referred to as a mandatory technical and organizational security measure.
The need to encrypt the information arrays is determined by the following factors:
- Loss or theft of information carriers;
- Loss of information as a result of industrial espionage;
- Malicious actions by employees;
- Unauthorized access to computer systems or local area network;
- Server access by outsiders;
- Collection of technical means by authorized state structures, etc..
Note: According to official statistics, over 65% of companies are bankrupt as a result of loss of information or unauthorized access.
DATA ENCRYPTION AND CONTROL BY HASH-FUNCTION
Encrypting and decrypting files
File encryption allows the ability of other users to gain access to confidential information.
Protection of files can be performed as using the password (standard information protection) and without using one.
Encryption without password is in many cases much more reliable. In this case, instead of a password, you can use a local file, a digital image, or a text document with arbitrary content.
Note: Each of these methods has both advantages and disadvantages.
It is a good idea to choose a data protection mechanism to be tailored to the specifics of the information we encrypt.
If you encrypt Microsoft Office documents, scanned images, PDF files
and / or e-mail it is advisable to use a mechanism with high
reliability of the implemented protection.
To comply with all security requirements, the application needs to be
built in accordance with ISO/IEC 9979: 1999 or approved by GCHQ.
Standard encryption methods use a reliable chiper and hash-function.
While the cipher is used only as a security tool, the hash function is
used to verify data integrity, compress, and verify the source of data
(source authentication).
Note: Electronic signatures use hash functions.
Hash-functions
Hash-functions are a basic tool in the realization of Internet transactions.
They convert data regardless of their length into a fixed length
string. This process is called "hashing" and the end result is a "hash
function".
Hash functions are used
when comparing data. This kind of comparison is made to prevent
unauthorized changes in the information arrays or to check the right of
access to certain information.
In the File Protect System, hash functions are used to control the
integrity of the encrypted information. This is critical when
exchanging encrypted files over the Internet or LAN.
Keeping the generated hash functions for the processed files is done
through specialized reports. These reports are not directly related to
the content of the encrypted information. This ensures a high level of
security and prevention in case of unauthorized access.
Note: In addition to standard hash functions, FPS also uses checks that are subject to separate consideration.
The
signing of electronic documents by means of a qualified electronic
signature in no way contradicts the FPS systems used for hashing. These
two methods complement each other and allow better protection of
electronic documents.
With FPS, different documents or groups of documents (packages or file
lists) may be signed with unique, dynamic identifiers dynamically
generated. These identifiers carry a unique character and are tied to
the processing process.
There are two types of hash functions, as intended. The first type
serves to confirm the source of information. It is used when we share
data over the Internet or on a local network. This type of function is
called Message Authentication Code (MAC).
The second type is used to verify the integrity of the data. It applies
when it is necessary to check whether the file has been modified. This
type of feature is known as MDC (Modification Detection Code).
Example:
Hash function of the sentence:
If we change only one letter in this sentence and it is converted to
and the hash function will change to
Changes in hash are indicative of corrections being made to the text.
Parameters setting
File Protect System version LE allows you to control the following encryption process parameters:
- Choice of encryption algorithm (cipher selection).
- Select a hash function.
In order to check to what extent the chosen parameters correspond to
the objectives set, it is possible to test them according to the
requirements for testing, assessing and evaluating the effectiveness of
the technical and organizational measures according to European
Parliament Regulation 2016/679 of 27 April 2016.
The selection of the encryption algorithm and hash function is
performed through the encryption process setup panel. To activate, you
need to click on the "Cipher Settings" button or if a keyboard shortcut [ Alt+E ] is pressed.
In the following example, we'll look at how to test the selected cipher and hash function.
Example:
Let's choose the AES cipher and Haval [256 Bit, 5 passes] hash function as shown on the image.
After the parameters of the encryption process are set, we enter a test password.
The next step is to select an output file, encryption, and what name and extension will be saved to the encrypted file.
In order to test the entered settings, we need to click on the "Encryption" button.
If the parameters are entered
correctly and the test has passed without error, a system message will
appear that the file has been successfully encrypted and the result
indicator in the lower left corner will glow green.
The test is completed.
What is good to know is that not always
the speed of the process is tied to the length of the file. In the
above test example, a 1.2 MByte PDF file is selected. The processing
time is 125 ms (one hundred twenty-five thousandths of a second).
While this may seem like a very high processing speed, it is also necessary to carry out tests with other combinations.
Often, in the batch processing mode, several tens of thousands of files are encrypted within one process.
If the processing time is limited, even this speed may not be high enough.
It is also good to repeat the test for files of different formats but of the same length and the results to be compared.
Contents