暗号化とは何か、どのように機能するのか？

What is Encryption and How Does it Work? | Definition from TechTarget Home Data security and privacy Tech Accelerator What is data security? The ultimate guide Prev Next Download this guide 1 X Free Download What is data security? The ultimate guide Data is central to most every element of modern business -- employees and leaders alike need reliable data to make daily decisions and plan strategically. This guide to explores risks to data and explains the best practices to keep it secure throughout its lifecycle. Share this item with your network: By Robert Sheldon Peter Loshin, Former Senior Technology Editor Michael Cobb Published: Feb 07, 2024 What is encryption? Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography . Encryption has long been used to protect sensitive information . Historically, it was used by militaries and governments. In modern times, encryption is used to protect data both at rest and in motion . At-rest data is the type stored on computers and storage devices. In-motion data refers to data in transit between devices and over networks. Encryption is used in a variety of circumstances. Every time someone carries out a transaction on an ATM or buys something online with a smartphone, encryption protects the transmitted data. Businesses also rely on encryption to protect sensitive information from exposure in the event of a data breach or unauthorized individuals acquiring the data. Such exposure can have extensive financial implications and severely damage an organization's reputation. Why is encryption important? Encryption plays a vital role in securing different types of IT assets and personally identifiable information ( PII ). To this end, encryption serves four essential functions: This article is part of What is data security? The ultimate guide Which also includes: The importance of data security in the enterprise 5 data security challenges enterprises face today How to create a data security policy, with template Confidentiality. Encodes the data to prevent it from being understood if it is intercepted. Authentication. Verifies the origin of the data that has been encrypted. Integrity. Validates that the data has not been altered since it was encrypted. Nonrepudiation. Prevents senders from denying they sent the encrypted data. What are the benefits of encryption? The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted over the internet or other computer networks. It is used to safeguard a wide range of data, from PII to sensitive corporate assets to government and military secrets. By encrypting their data, organizations reduce the risk of exposing sensitive information, helping to avoid costly penalties, lengthy lawsuits, reduced revenue and tarnished reputations. Many organizations use encryption not only to protect their data, but also to meet compliance regulations that require sensitive data to be encrypted. Encryption ensures that unauthorized third parties or threat actors cannot understand the data in the event they gain access to it. For example, the Payment Card Industry Data Security Standard requires merchants to encrypt customer payment card data both at rest and when transmitted across public networks. What are the disadvantages of encryption? Although encryption keeps unauthorized individuals from being able to understand sensitive data, encryption can also prevent the data's owners from being able to access their own information. If the encryption keys get lost or destroyed, the data owners might be permanently locked out of that data. Cybercriminals might also go after the encryption keys, rather than the data itself. Once they've acquired the keys, they can easily decipher the data. Key management is one of the biggest challenges of building an enterprise encryption strategy because the keys to decrypt the ciphertext have to live somewhere in the environment, and attackers often have a good idea of where to look. There are plenty of best practices for encryption key management , but they add extra layers of complexity to the backup and restoration processes. If a major disaster should strike, retrieving the keys and adding them to a new backup server could increase the time that it takes to get started with the recovery operation. Having a key management system in place isn't enough. Administrators must also come up with a comprehensive plan for protecting the key management system. Typically, this means backing it up separately from everything else and storing those backups in a way that makes it easy to retrieve the keys in the event of a large-scale disaster. Another challenge with encryption is the fact that cybercriminals can also use it for their own purposes, which has led to an increasing number of ransomware attacks. In this scenario, the criminals gain access to the sensitive data, encrypt it with their own algorithms and then hold the data hostage until the victim organization comes up with the ransom, which can be quite steep. In a ransomware attack, cybercriminals gain access to sensitive data and then encrypt it to hold the data hostage. How does encryption work? An encryption system is made up of three major components: data, encryption engine and key manager. In application architectures , the three components usually run or are hosted in separate places to reduce the possibility that a single component is compromised and leads to the entire system being compromised. On a self-contained device, such as a laptop, all three components run on the same system. When an encryption system is in place, the data is always in one of two states: unencrypted or encrypted. Unencrypted data is also known as plaintext , and encrypted data is called ciphertext . Encryption algorithms, or ciphers , are used to encode and decode the data. An encryption algorithm is a mathematical method for encoding data according to a specific set of rules and logic. During the encryption process, the encryption engine uses an encryption algorithm to encode the data. A number of algorithms are available, differing in complexity and levels of protection. The engine also uses an encryption key in conjunction with the algorithm to ensure that the ciphertext that is output is unique. An encryption key is a randomly generated string of bits that are specific to the algorithm. How algorithms and keys are used to make a plaintext message unintelligible After the data is converted from plaintext to ciphertext, it can be decoded only through the use of the proper key. This key might be the same one used for encoding the data or a different one, depending on the type of algorithm -- symmetric or asymmetric . If it's a different key, it's often called a decryption key . When encrypted data is intercepted by an unauthorized entity, the intruder has to guess which cipher was used to encrypt the data and what key is required to decrypt the data. The time and difficulty of guessing this information is what makes encryption such a valuable security tool. The more extensive the encryption algorithm and key, the more difficult it becomes to decrypt the data. What are the two types of encryption? When setting up a system for encrypting data, a security team must determine which encryption algorithm to use to encode the data. Before doing that, however, the team should first decide on the type of algorithm. The two most common types are symmetric and asymmetric: Symmetric ciphers. Also referred to as secret key cyphers , these algorithms use a single key for both encrypting and decrypting data. The key is sometimes referred to as a shared secret because the sender or computing system doing the encryption must share the secret key with all entities authorized to decrypt the message. Symmetric key encryption is usually much faster than asymmetric encryption. The most widely used symmetric key cipher is the Advanced Encryption Standard ( AES ), which was designed to protect government-classified information. Asymmetric ciphers. Also known as public key encryption , these types of algorithms use two different -- but logically linked -- keys for encrypting and decrypting data. Asymmetric cryptography often uses prime numbers to create keys since it is computationally difficult to factor large prime numbers and reverse-engineer the encryption. The Rivest-Shamir-Adleman ( RSA ) encryption algorithm is currently the most widely used public key algorithm. With RSA, the public or the private key can be used to encrypt a message; whichever key is not used for encryption becomes the decryption key. Today, many cryptographic processes use a symmetric algorithm to encrypt data and an asymmetric algorithm to securely exchange the secret key. Encryption key management and wrapping Encryption is an effective way to secure data, but the cryptographic keys must be carefully managed to ensure data remains protected yet accessible when needed. Access to encryption keys should be monitored and limited to those individuals who absolutely need to use them. Organizations should have strategies in place for managing encryption keys throughout their lifecycle and protecting them from theft, loss or misuse. This process should begin with an audit that determines how the organization currently configures, controls, monitors and manages access to its keys. Key management software can help centralize key management, as well as protect keys from unauthorized access, substitution or modification. Key wrapping is a type of security feature found in some key management software suites that essentially encrypts an organization's encryption keys, either individually or in bulk. The process of decrypting keys that have been wrapped is called unwrapping . Key wrapping and unwrapping activities are usually carried out with symmetr