WhatsApp with Encryption

Securing Data In-Transit and At-Rest

“Let’s say I’m emailing about ‘Black Panther’ within WhatsApp … do I get a ‘Black Panther banner ad?”

Brian Schatz, Senator from Hawaii

The answer, from Facebook[1] CEO, Mark Zuckerberg was, “No, we don’t see any of the content in Whatsapp, it’s fully encrypted.” The continued line of questioning in the same vein asking if some algorithm “reads” the message betrays how much the term “fully encrypted” is misunderstood. But that’s only half the story. Any data, even Whatsapp messages, is either data in motion across networks, or data at rest, on a server or storage device. Data in transit is considered more vulnerable, but data at rest is a juicier target.[2] Data encryption is so pervasive today that it is virtually impossible to send information electronically without using some form of data encryption.

Data Encryption

Data encryption is defined as: the use of an algorithm to obfuscate information so it can be securely transmitted between two parties without being deciphered. Data encryption began with the advent of computers, and has become necessary thanks to hackers who have taken advantage of their ability to tap internet communication. Data encryption can be broken into two categories: Data At Rest and Data In Transit.[3]

As you may know, data travels in packets with headers that serve as address labels with information about how to reassemble the data once it gets to where it is going. The most secure form of data transmission is fully encrypted on a point-to-point tunnel.[4] The idea is that encrypted data packets are unreadable by anyone without a quantum computer or a billion billion years to try all the possible combinations to decipher them.[5] Tunneling can be done in several different ways using different protocols and levels of the OSI model (like the Transport- or Data-Link Layers) and each provide their own level of security vs performance.


Data in Transit

Data in transit refers to data that is being transmitted between two or more devices. Data in transit can be encrypted using a variety of different algorithms, but the most common algorithm is Transport Layer Security (TLS). TLS is a protocol that is used to encrypt data that is being transmitted over the internet. TLS is a successor to Secure Sockets Layer (SSL), which was the most common encryption protocol until it was usurped by TLS in 2011

Data at Rest

Data at rest refers to data that is stored on either a hard drive or any other storage device. Data at rest is usually encrypted using a key that is known only to the owner of the data. This type of encryption is used, for example, when someone wants to store files on a computer. Data at rest can also be stored in the cloud, which is a service that allows users to store their data on remote servers. Data that is stored in the cloud is also encrypted using a key that is known only to the owner of the data.

AES

AES is one of the most common encryption methods. It uses a key to encrypt and decrypt data. The key can be a password, a number, or a string of text. AES is considered very secure, and is often used for sensitive information such as bank details and credit card numbers.

There are several different AES encryption methods, each with its own strengths and weaknesses. AES-128 is the simplest form of AES encryption, while AES-256 is the most complex. AES-128 is faster than AES-256, but less secure. AES-256 is more secure but slower.

Symmetrical vs Asymmetrical

There are two main types of Data Encryption: symmetrical and asymmetrical. Symmetrical encryption uses one key, called “shared secret”, to both encrypt and decrypt information. Symmetric algorithms are fast and efficient but also have a major drawback: The user must exchange keys securely before two parties can communicate with each other. Symmetric encryption solutions provide confidentiality as long as the shared secret remains private. Symmetric encryption solutions are best suited for applications where secure key distribution is not an issue and where data can be safely held for extended periods. Symmetric encryption is not the best choice to secure network traffic, but it can be used if absolute performance and throughput are required.

Quantum Computing Implications

Quantum computing has the potential to change how data encryption and security are handled. Because quantum computers can theoretically break many of the current encryption algorithms, researchers are working on developing new algorithms that are quantum-resistant.

One example of a quantum resistant algorithm is called Quantum Key Distribution (QKD).[6] QKD uses photons to exchange keys between two parties. The keys are generated by each party separately and are never shared online or in any other way that could be compromised. This makes them virtually impossible to hack.

Other proposed quantum resistant algorithms include lattice-based cryptography and hash-based cryptography.[7] However, it is still unclear which of these methods will be most successful in resisting attack by quantum computers.

Despite the potential for quantum computing to break current encryption algorithms, it is important to remember that quantum computers are still in their infancy. It is likely that they will not be able to break all encryption algorithms for many years, if at all. In the meantime, we can continue to use existing encryption methods with confidence.

Conclusion

Data encryption is a complicated topic. It’s not just about encrypting data at rest, or in transit or even when it leaves your company and goes to the cloud-based storage provider. There are many different types of encryption algorithms that you need to be aware of as well as what type of key management strategy best suits your needs for accessing encrypted files on demand from anywhere around the world without compromising security. In this blog post we discussed some basic concepts behind AES, one popular algorithm used by organizations with sensitive data. If you want more information about how 1st Basis Consulting can help keep your organization safe from cyber attacks contact us today!

[1] Facebook bought Whatsapp in 2014. These Confidential Charts Show Why Facebook Bought WhatsApp https://www.buzzfeednews.com/article/charliewarzel/why-facebook-bought-whatsapp

[2] https://digitalguardian.com/blog/data-protection-data-in-transit-vs-data-at-rest

[3] https://docs.aws.amazon.com/whitepapers/latest/logical-separation/encrypting-data-at-rest-and–in-transit.html

[4] Actually data on a storage medium is probably more secure, but that violates our definition of “in transit”

[5] https://www.kryptall.com/index.php/2015-09-24-06-28-54/how-safe-is-safe-is-aes-encryption-safe

[6] https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/

[7] https://www.isara.com/blog-posts/hash-based-cryptography.html

 

PHOTO CREDIT

https://pixabay.com/images/id-1863880/

https://pixabay.com/images/id-5475661/

https://pixabay.com/images/id-3044387/

In the case of videoconferencing during the time of COVID, necessity is the mother of adoption as much as invention. Video Conferencing platforms have been around for awhile, and they’ve been used in business quite a lot, but the pressure to continue day-to-day operations as much as possible while preventing the spread of the Coronavirus and protecting the health of employees has spiked their popularity for day-to-day use in all kinds of business settings.

Prior to COVID, many businesses were reluctant to have their employees regularly work from home. Management was concerned that they would not be as productive as in a normal work setting, where they could be monitored. They were concerned that employees working from home would be easily distracted and spend more time, unproductively. Studies have shown that both assumptions are probably untrue, but managers were reluctant (wish some notable exceptions) to try working from home in large numbers without a significant reason to attempt such an experiment—COVID-19 has given them that reason.

Working from home has significant advantages, however. People in densely populated areas save themselves the expense and aggravation of tedious commutes to and from work, which saves a lot of psychological wear and tear. In cases of bad weather, provided broadband stays up, people can still ‘get to work.’ In many cases, it is the workplace itself that offers more distractions than the home. From home, you are much less likely to spend time socializing with co-workers or being interrupted by micromanaging supervisors. Getting a meal is easy (maybe too easy) rather than a one-hour lunch break. During break times, employees can attend to personal business, freeing up more of their time after their work is done for the day; a win win.

The past decade has seen a lot of government policies and directives aimed at pushing people into cities to minimize urban sprawl and other negative environmental impact. The severity of the pandemic in urban areas is causing some people to reconsider living in cities and the emergence of work-from-home options afforded by videoconferencing and other platforms and systems for tracking, aiding, and integrating workflow, may fuel a reversal of this push. Less commuting means less congestion and pollution. Less time spent at physical sites means less need for expensive of offices.

Many of the IT tools that companies rely on work much better on non-portable hardware than on highly portable devices such as smartphones. This is one area of opportunity for IT developers. Improvements to predictive text and voice-to-text transcription will be key to this next migration. Videoconferencing is also limited in conveying people’s full presence, though it is certainly closer than text or audio-only. Some developers are working to move meetings from video conferencing platforms to virtual reality platforms. What seemed a futuristic pipe dream when Princess Leia was imploring Obi-Wan for help in an R2-D2 holographic projection may soon be coming to the virtual business space—sans the droid.

Let’s hope that COVID-19 is in our rear view mirror soon, but some of the changes it has wrought to how we work are certain to persist.

Steve Jobs did not let his kids have iPhones. Google built a woodworking lab for their employees. Why? They realized the consequences of overusing technology. While the digital age has opened so many doors, over indulgence has many serious repercussions on our health, relationships, psychological wellbeing and many other aspects of our lives.

The average adult looks at their smartphone 150 times a day and spends more than 2.5 hours responding to their share of the 269 billion emails sent every day.  We feel obligated to be connected at all times, urgently (albeit reluctantly) jumping at every notification. This is so common that the term “nomophobia” has been added to the lexicon to describe the fear or the stress of not being able to access your phone.

The human brain is designed to respond to stimuli. When we see something shiny, we must investigate. Each notification sparks that instinctive urge to look. The unknown of what is hiding behind that alert provides a shot of dopamine, feeding our addiction regardless of the true payoff or the underlying frustration at the distraction.

Those of us glued to our phone are prone to many side effects including lack of sleep, burnout, increased anxiety, poor mental health, cognitive loss, strained relationships, eye strain, hearing loss, back and neck pain, and even carpel tunnel or tendonitis (texting thumb and selfie wrist are now diagnosable conditions). In addition, many of us risk our safety and security when we overshare by wrongly assuming that it will only be seen by our trusted friends. “Checking in” or sharing things that might not seem like sensitive information on the surface has led to stalking, assault, kidnapping, burglaries, and many other serious situations.

A few years ago, my parents “checked in” on Facebook, saying they would be stuck at the hospital for several hours. They returned to find their house ransacked—doors ripped off the hinges, holes punched into walls, and their hidden safe found and emptied. We later realized they had posted a photo a few days prior without noticing their address and street sign were in the background. The police concluded that they were one of many families targeted because of similar posts. As many as 1 in 12 individuals are burglarized after sharing their location on social media.

With the many side effects of the digital age, it is vital to set clear boundaries and be mindful of your digital wellness. One study proved that limiting your digital indulgence can increase your happiness by 91% . It is not practical for most of us to cut ourselves off completely considering all of the benefits technology offers. However, moderating your screen time with a “digital diet” can significantly improve your quality of life.

Top 5 Digital Diet Tips:

  1. Set Priorities
    • Decide which emails can be left unread or require a response.
    • Prioritize interactions that make you feel connected and happy versus drained, stressed.
    • Change ringtones for specific contacts to distinguish them as urgent, allowing you to tune out others.
  2. Limit notifications
    • Use “do not disturb” to avoid notifications when you are spending time with loved ones or taking time for yourself. You can even customize this setting with automated time frames and allowing “favorite” contacts or emergency situations to override the block.
    • Turn off notifications to noisy apps that do not require urgent responses.
    • Change email settings to funnel marketing emails into a separate folder to be checked only on a schedule that you decide and unsubscribe from any bothersome lists.
  3. Create a routine
    • Set a schedule to check your email, allowing you to focus on priorities the rest of the day. The average person takes 25 minutes to regain their focus after being distracted by 1 email notification.
    • Set time limits for apps demanding too much of your time with tools like Google’s Digital Wellbeing app and Apple’s Screen Time.
  4. Create a “phone home” such as the dresser or a basket on the counter
    • Leaving your phone in eye sight or in your pocket creates a reactionary pull to check every notification while leaving it in its “home” will lessen that urge.
    • Make a conscious effort to only pick up your phone when you choose to interact with it, rather than letting it control you with every buzz.
  5. Change how you use social media
    • Declutter your news feed by unfollowing or snoozing connections that increase your stress level, or that you don’t interact with regularly.
    • Become an active participant rather than mindlessly scrolling–share your unique ideas or reach out directly to your connections to have natural conversations and remind yourself why you care about them, instead of battling in the comments of an opinionated meme.
    • Remove shortcuts from your home screen and delete saved passwords—adding steps to log in will increase your awareness of your habits and help you cut back.

Ultimately, the most important thing to realize is that unplugging isn’t a test or a challenge to endure for a certain amount of time, but a lifestyle shift back to what is valuable to you. Moderating your digital life gives you back the ability to indulge in what you truly care about, whatever that may be. Enjoy the present and turn off the buzz in the background.

“People are not machines. For machines, downtime is a bug; for humans, downtime is a feature. The science is clear…there’s simply no way you can make good decisions and achieve your world-changing ambitions while running on empty.” Arianna Huffington, founder and CEO of Thrive Global