How to Secure Data During COVID-19

HTML Code shown on a screen
Photo by Sai Kiran Anagani on Unsplash

During these trying times, unscrupulous individuals have been displaying their nefarious methods in every way possible that ends up costing businesses money, as well as you and I.

Some of their plans are email phishing methods to scare you into paying money for COVID testing or vaccinations, infiltration of your computer or corporate computer servers. Lately, it is the process of stealing vaccine information so that they can sell it on the black market. And the list goes on.

The first thing you should do is to get familiar with the technical security terms that are associated with Internet security. In a later article, we’ll focus on how these technologies are used to attempt to scam you into getting unauthorized testing, buying unauthorized vaccines, as well as many other methods of fraud that they can think of.

If you never heard of an asymmetric block cipher or what an AES-256 symmetric algorithm is, you are not alone, but after you finish reading this article, you will have a clearer understanding of these data encryption terms and be able to understand how they work to keep your private information safe. 

Encryption – What Does it Mean?

Man at desk with laptopsLet’s start with what encryption does. According to the Google dictionary, encryption is: “the process of converting information or data into a code,”; thus, when data is sent through the Internet, such as your social security number, the number is converted into an unrecognizable pattern that only your computer and the receiving computer understands. 

More specifically, your computer will change the number using a coded pattern (encryption) and when this pattern is received by the recipient computer, it changes the pattern back to its original form, called decryption.

But how does the receiving computer know how to unencrypt the message?

It is sent a cipher and a key that explains how to decrypt the code. Only these two computers have the cipher and key needed to unravel the code.  

What is a Cipher?

A cipher uses mathematical algorithms to encrypt and decrypt a message and the process by which this is done is called cryptography.

Cipher Example:

Message: APPLE
Key:         37852
Encrypted Code: DWXQG

Cipher: Subtract numerical value listed in the key from the letter in the encrypted code. Substitute result with corresponding letter = message. 

Unless you know how the cipher is programmed and you know the key, you will not be able to break the code. Millions of ciphers are created every day. 

What are Some of the Technical Security terms that are Used Today?

Computer screen displaying cryptic data
Photo by Markus Spiske on Unsplash

Let’s start with the RC4 cipher. There are a number of versions, but before we discuss them, a technical vocabulary lesson would be appropriate here.

    • Bit: The most basic element in computer software. One bit represents that either it is ‘on’ or ‘off’. In other words, if the bit has electricity running through it, it is depicted as a ‘1’, but if it is a ‘0’, it is ‘dead’ – no electricity is running through it.  This state of on or off is detected by the computer and represents a value as mentioned before as a 1 or 0. When these bits are placed into a pattern, specifically a pattern of eight bits, where each one will have (1) or not have (0) an electrical current, the pattern will represent a character (A,B,C, a,b,c,1,2,3, !,@.#,%, etc.). For example, the letter A would be represented by 01000001. That means that there is no current for all the bits except the second and eighth bit. Additionally,  the letter B is represented by 01000010. These eight-bit patterns are called bytes and the process is called the Binary System (only uses two digits). A complete listing of the binary characters is called the ASCII Table. Putting these bytes together represents data. (e.g. The code ER759* is data. There are six bytes, which total 48 bits). If you look at the ASCII table, then you can determine which bits are ones and which are zeros; additionally, you can then determine which bits are receiving electric current and which are not and then the characters (ER759*) will be displayed on the screen. That’s 48 bits or six bytes, also known as characters.As an example, let’s consider the above six-character message as a password that is going to be sent through the Internet.
    • Key: A random set of bits that are created explicitly for scrambling (encrypting) and unscrambling (decrypting)  data. These keys use algorithms that are designed to ensure that every key is unpredictable and unique. Keys do not have to be the same amount of bytes that the password is. They can be longer, depending on how the formula in the algorithm is written. The longer the key, the harder it is to decipher.
    • Pseudorandom: A random set of characters that have been deduced via an algorithm based upon a mathematical calculation (refer to the cipher example above).
    • Stream Cipher: An algorithm that encrypts one byte at a time as it streams. It uses pseudorandom bits for the key.
    • Block Cipher:  This cipher encrypts data in blocks using a symmetric key (see below). They encrypt 128-bit blocks at a time.
    • RC4:  RC4 is a stream cipher based on the use of a random permutation.
    • RC5: This is an algorithm using a variable block and key size.
    • RC6: This is an upgrade to RC5.
    • Asymmetric Key: Asymmetric encryption is an encryption scheme that uses two keys to encrypt and decrypt messages. It uses a public and private key. This type of encryption takes longer to decrypt by the receiving machine.
    • Symmetric Key: Symmetric encryption is an encryption scheme that uses the same key to encrypt and decrypt messages. This type of encryption is faster than asymmetric encryption, but is easier to decrypt; however, it is estimated that it would take billions of years to decrypt a symmetric cipher using the computer systems that are available today.

There are known cases where criminals have attempted to access websites in order to obtain information on COVID-19 vaccines, as acquiring them would be a winner for them. So there is no doubt that they would try every method at their disposal to gain access and that doesn’t rule out breaking into a secure website.

In order to break the code (password) and read the encrypted password (if you don’t have the key), the computer would have to cycle through each of the 8-bit characters 128 times to find the correct one. Then it would have to do the same for the second character the third and so on.

In this case, in order to find the correct pattern, it would have to test each character, simultaneously with the other characters until it gets it right. No human can do this for a six-character password (or even fewer characters). It would require a computer program called Brute Force and even with this program, it could take billions of years to decipher it and the longer the password, the longer and harder to decrypt, because you have to add in another calculation of 128-bit cycles for each character, which makes it exponentially more difficult.

The 128-bit encryption method refers to the first 128 characters listed in the ASCII table. For greater encryption, it can use the entire ASCII table, which consists of 256 characters, but experts have pointed out that the 128 encryption method has never been broken yet.

What is the Most Popular Encryption Method Used Today

The most popular encryption method used today is the Advanced Encryption Standard (AES) method. It uses a symmetric block cipher using 128-bit data and 128, 192 or 25-bit keys.

So there you have it. I brief but decent explanation of data security. In our next lesson, we’ll discuss how criminals get around this unbreakable code in an attempt to acquire your password.