Encryption for privacy could pose security risks
DAVID HOLMES Computationally onerous encryption systems remain vulnerable to denial of service attacks on companies
Users expect all data transmissions to be encrypted to ensure privacy, but these same privacy measures, which typically mask Internet communications, also enable malware to infiltrate organisations and networks, says integrated network management company F5 Networks security solutions expert David Holmes.
The exposure and leaking of surveillance information and methods of national crime-fighting organisations has raised the level of awareness of online privacy and has led to demands for all network traffic to be securely encrypted, typically through encryption protocols such as secure socket layers (SSL).
The threat of surveillance has led to the development of perfect forward secrecy protocols, which ensure that data cannot be compromised, even in the future, should a main encryption key, such as on a lost or disused machine, be exposed.
However, achieving ubiquitous and secure encryption will introduce significant additional computational requirements for data centres and servers and can also enable malware to infiltrate an organisation’s network through infected personal devices that cannot be scanned, owing to privacy measures.
Meanwhile, privacy must be balanced against the ability to detect and neutralise cybercrime attacks, and many companies’ security strategies aim to expose Internet connections and actively block malware.
Further, many network optimisation systems, which typically monitor the availability and use of applications or network components, cannot function effectively in an environment where all traffic is encrypted, and it is inefficient to decode all the information in a stream to extract the data relevant to its function.
“SSL encryption adds significant computational requirements, while Diffie-Helman key exchange systems, for perfect forward secrecy, add even more. In addition, these systems can be even more vulnerable to denial of service attacks on companies, which typically flood the cryptographic processors with streams of data to analyse and process, effectively shutting them down,” says Holmes.
The dichotomy presented by the requirements for privacy of private citizens and the requirement to be able to monitor threats posed by cyber criminals, who use the same methods to screen their activities, makes the two concepts difficult to reconcile in practice.
“There is a need for monitoring to detect criminal elements, including cybercrime, to improve policing and security. However, agencies can also use that same monitoring apparatus to gather broad-spectrum surveillance information about citizens at large. It is a complex problem.”
Companies must design a strategy around these topics, as most workers expect to bring their own devices into their environments, yet retain privacy for their personal communications.
Encrypted personal-device connections may be blocked or users may be required to use their own connections without having access to the corporate network, while different levels of encryption can be used for different levels of employees to secure company information without adding significant computational requirements.
These competing and complex networking requirements have led to intelligent networking and security components moving closer to the edge of companies’ networks to protect them from risks, while all subsequent exchanges within the networks are blind to the data streams.
“While F5 Networks can provide advice, we prefer to develop systems to meet companies’ strategic requirements and objectives. This is done to ensure that business efficiency and cost effectiveness are maintained, including the unconstrained, integrated and smart use of applications in organisations through network optimisation, which is a core capability of ours,” concludes Holmes.
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation