A variety of encryption algorithms have been developed to provide Cloud users with data security. These algorithms are said to support compliance, protect the user against data breach incidents, and secure information against advanced persistent threats. A few Cloud services claim to have obtained 3rd party certification on the security of the particular algorithm that they use in data encryption. Others claim that their algorithm is military-grade or bank-grade. But, what are these algorithms? How do they work?
Symmetric key algorithms use the same key for encryption and decryption. Therefore, these encryptions are also called private key encryptions. It is one of the oldest methods of encryption in use in the world today and is secure because the user must have the key to decrypt and read the data. The encryption may use a stream cipher or block cipher based on the amount of data that needs to be encrypted. Stream ciphers encrypt one character at a time, while block ciphers will encrypt block of data. Popular encryption algorithms in this category are Data Encryption standard (DES), Advanced Encryption Standard (AES), International Data encryption Algorithm (DEA) and Blowfish algorithm.
Let us look at two of the most popular symmetric key encryption algorithms in use with Cloud backup and recovery services.
- AES Algorithms: AES is an abbreviation for Advanced Encryption Standard. This algorithm was established by the National Institute of Standards and Technology (NIST) in 2001; and is based on a cipher known as the Rijndael cipher. It was developed by two Belgian cryptographers called Joan Daemen and Vincent Rijmen. This algorithm is used by many governments round the world. AES is often described as a symmetric key algorithm as the same key is used for both encryption and decryption of the data. It works on the principle of substitution-permutation at both the software and hardware level. The block sizes used can be 128, 192 or 256; and uses a 4×4 column major order matrix of bytes (called State). The key size specifies the number of cycles or rounds that have to be performed on the data so that it is encrypted. Commonly, 10, 12 or 14 cycles are used for transforming plain text into encrypted text. A set of reverse rounds are applied to decrypt the text.
- Blowfish algorithm: This is another popular algorithm that is used for Cloud computing. This is also a symmetric block cipher that was designed by Bruce Schneier in 1993. It was originally designed as a general purpose algorithm. It uses key dependent S-Boxes and highly complex key-schedules. It uses a 64 bit block size and variable key length that can range from 32 bits to 448 bits. 16 rounds are performed and its structure resembles CAST-128. Decryption is performed by initiating reverse rounds.