Applied cryptography for data protection

Cryptography

Cryptography is a method used to conceal important data that becomes imperceptible to the naked eye by being hidden. This may be the simplest way to describe what cryptography is. 

But… What is data?

When we talk about data, we refer to numbers, names, surnames, facts, elements and information, among others, that physically identify a person or entity.

 

Personal Data Protection Law

In Panama, Law 81 of March 26, 2019 on the Protection of Personal Data, which establishes the principles, rights, obligations and procedures that regulate the protection of personal data. Data Protection considering the fundamental rights and freedoms of citizens by natural or legal persons, with public or private law, profitable or not, and that the handling does not contain these personal data.

Data containers?

When we talk about personal data containers we refer to any digital or physical media that contains information or data of value to users and that handle them according to the authorization, provision of the owners of these data, provided they have the consent for their manipulation and management, In the event that the user owner of the data has no knowledge of how their data is handled or manipulated. The entity that handles and holds this data must tell the user how the data will be handled to ensure that their personal information is safeguarded, as stipulated by law. 

Encrypt as much as possible.

It should be noted that it is important that the user gives value to their data, in this fair measure gives priority to ensure that the information contained in their digital devices requires taking security measures such as: strong passwords, double authentication and encryption of data, encryption of operating systems or files and key protection of devices such as routers in home environments or SMEs.

 In the case of companies that wish to safeguard their users’ information, they must comply with the provisions of the law, in addition to taking security measures within their infrastructure, where their valuable information is contained.

Types of protection

There are different types of protection, depending on the type of data and devices being managed, among which we can classify them as follows:

Data protection at rest:

1. Protection through the encryption of information contained in devices such as PCs, cell phones, Tablets, Laptops, servers, among others, etc.
2. Encrypting database with sensitive information (Full encryption, or field encryption).

Data protection in transit:

1. Make use of TLS in all communications, both internal and external.
2. Implement remote network access using secure communication channels using VPN.

Protection in authentication processes:

1. Credential protection by means of secure credential and key containers.
2. Passwords with security phrases and double authentication. 
3. Make use of secure encryption algorithms.

What can I use to protect my data?

We present a set of Open Source and Commercial tools that will make your life easier.

Encryption tools for email

First of all, it is important to clarify that the tools alone do not do the magic, additional configurations are required and that both parties have certificates and share the public ones for the email encryption process to be effective and, in the case of the signature, that the signer has a previously generated private key. SMIME (Secure/Multipurpose Internet Mail Extensions) protocol is used for e-mail.

• GnuPG: GNU Privacy Guard is an open source program created in 1999. As provided by the OpenPGP standard, GPG is a hybrid system, combining symmetric key algorithms and public key algorithms. Users are also authenticated with a digital signature.
• GPG4WIN: the free implementation of GnuPG for Windows with public source code. The program helps to set up a private key and provides tools for encrypting and decrypting data.
• Enigmail: add-on for the Mozilla/Netscape email client and for Mozilla Thunderbird, therefore usable on Windows, Macintrosh and Linux. With Enigmail it is possible to send encrypted emails. The key can be generated directly with Enigmail or using third party software such as GPG4WIN.
• K-9 Mail: a free, standalone, open source APP for Android that allows you to set up multiple email accounts. Supports POP3 and IMAP, as well as IDLE for real-time notifications. Email encryption is done through additional software such as OpenKeychain.

Browser encryption tools

• HTTPS Everywhere: this software converts unencrypted data transfer on web pages into an encrypted transfer. It is available free of charge for Mozilla Firefox and Google Chrome.

Hard disk encryption tool

• VeraCrypt: allows the encryption of folders, hard disks, removable media or the entire system. Free and open source for Windows, Mac and Linux.
• BitLocker: a hard disk encryption program developed by Microsoft. It uses TPM (Trusted Platform Module) to protect the operating system and all user files. BitLocker is only available for Windows.

Tools for Cloud Storage encryption (Dropbox, Google Drive, etc.)

• Boxcryptor: encryption software for files stored through cloud hosting services such as Dropbox, Google Drive and others. Proprietary software is free for private users.

Password storage tools

• KeePass: is a free open source password manager, which helps you manage your passwords securely. You can store all your passwords in a database, which is locked with a master key.
• Bitwarden. Another interesting option for open source lovers.
• LastPass. It is a good alternative for those who are looking for an application that in its free version has almost all the essential functions, leaving the Premium version to share passwords or cloud storage.

 

Do you have any tips on applied cryptography for data protection  we missed? If so, feel free to let us know below in the comments.