Guest post by Garland Nichols, PhD. Xerox Vice President, Information Security, Research and Product Development
Cryptography (or the study of encryption) is a complicated science, and there isn’t enough time or space to try and make you an expert here. What this article will do is give you a high-level overview to expand your understanding of encryption in general and what it can do (or can’t do) for you if used properly. It will also explain how the Xerox AltaLink® printer can protect your data using encryption.
At the most simplistic level, encryption is the process of scrambling data to make it unreadable, and decryption is the process of unscrambling that data to make it readable again. Encryption is used to protect the confidentiality and integrity of data. You may have heard of encryption of data at rest, such as encrypted phones, databases and laptop hard drives, and encryption of data in motion, such as encrypted browsing sessions for data traversing the Internet for online transactions involving sensitive data such as personally identifiable information (PII) and credit cards. One thing we know if nothing else is – encryption=good, not using encryption=bad, but what is it about encryption anyway that makes it such a GOOD thing to protect our data, other than cybersecurity experts telling us we need it?
Your First Experiment with Encryption – Maybe?
Do you remember as a kid taking the alphabet and using numbers to substitute for letters to create secret messages? If you do (and even if you don’t), that’s an example of a substitution cipher, and you probably didn’t think of it as encryption; it was just fun. The “key” for your “kiddie cipher” was what each number represented. You would use your key to encrypt your secret messages, and your best friend would use the same key for decryption to find out your mom had vanilla ice cream with sprinkles.
That was about as complicated as it got, and you protected your encryption key by folding it up and putting it in your back pocket. Passwords (and not pockets) and encryption keys however, go hand in hand. A password is often required to access the decryption key for data at rest. An example would be an encrypted phone that requires a password to decrypt or unlock the phone. The password allows access to the decryption key, which will unencrypt your phone. So if your password can be compromised, a hacker doesn’t have the almost impossible task of finding the correct encryption key.
Without a password, the decryption key has to be determined some other way if a hacker has gotten hold of encrypted data. Encryption keys today however, are not compromised by humans trying all possible combinations or picking the back pocket of your jeans, but by the powerful processing power of computers that can try billions of combinations per second.
Advanced Encryption Standard and Data Security
One of the most recommended encryption standards used by the government and in many hardware and software products is the Advanced Encryption Standard or AES. It comes in three key lengths, but we are going to focus on AES-256 bit encryption. We should probably explain what a bit is before we move on. Note that a computer does not see the alphabet as we do; it only knows 1s and 0s (each is a bit of data), so each letter of the alphabet which includes upper and lower case and special characters, has its own unique combination of 1s and Os and is 1 byte long or 8 bits.
You might be asking, just how secure is AES 256 bit encryption? Even if you had 100 thousand supercomputers and each one could try a million, billion keys per second, it would still take trillions of years to find the key and decipher 256 bit encrypted messages. A computer would need to try at least half of 115, 792,089,237,316,195,423,570,985, 008,687,907,853,269,984,665,640,564,039,457, 584,007,913,129,639,936 possible combinations. No such computer exists today (that can break any of the three key sizes of AES encryption), and it may take a few hundred years for such technology to become available based on current scientific projections.
Protecting Data at Rest and in Motion
How does the Xerox AltaLink® printer protect your data using encryption at rest and in motion? We talked about encryption at rest and in motion and focused on AES 256 bit encryption. The main thing is that you hopefully now understand a little bit (no pun intended!) more about what encryption is, along with how and why it protects data. Now we are going to talk about the AltaLink printer and features that use the power of encryption to protect your data at rest and in motion.
For data in motion over the Internet, the AltaLink supports TLS v1.x (AltaLink currently supports TLS 1.0 and 1.2), which can be configured to use AES 256 bit encryption as part of a cipher suite. There are various cipher suites to choose from, allowing you to select the one that best fits your security policies. This means when using scan-to-email, as your data is sent over the Internet, it can be encrypted end-to-end using TLS 1.2 encryption. The AltaLink also offers use of IPsec and HTTPS to provide encryption for print job data sent to the printer as it travels across the network.
FIPS 140-2 Support Important for Regulated Industries
The AltaLink also supports FIPS 140-2, which is required by many federal agencies, healthcare providers and other regulated industries. In addition, the contractors and partners of an organization that uses FIPS must also use FIPS themselves. FIPS 140-2 defines encryption standards for cryptographic modules in devices that may be hardware, software or firmware. AES 256 bit encryption is one of the required methods of encryption that must be supported in order to be FIPS 140-2 compliant. FIPS 140-2 compliant modules can be used to protect data at rest and in motion.
Last, but not least is the AES 256 bit encryption available on the AltaLink hard drive. This means image data stored on the hard drive is extremely secure. Remember that currently it would take a few trillion years to break AES 256 bit encryption? If a trillion years isn’t secure enough for you, a full image overwrite can be performed using an algorithm which conforms to NIST Special Publication 800-88 Rev1.
Maybe we didn’t make you an expert, but hopefully you have a better understanding of how encryption can protect data at rest or in motion by scrambling it to make it unreadable, which protects data from being read by unauthorized parties. In addition, we covered how a decryption key is often required to descramble or decrypt encrypted data, and how sometimes those keys are protected by passwords. We talked about how strong encryption such as AES protects data and how difficult it is to determine the encryption key to decrypt or decipher a message encrypted with AES 256 bit encryption. Lastly, and most important we shared information on how the Xerox AltaLink printer can use the security that encryption provides to keep your data safe. Just be sure to keep your passwords and encryption keys out of your back pocket!
Want to learn more about endpoint security and what you can do to protect your data? The “Document and Endpoint Security” guide includes discussion guides to help your organization make the best choices for protecting business documents and securing MFP endpoints.