Decrypting Encryption for Pennsylvania Lawyers: Understanding Encryption Basics Before Considering Cloud Computing
Pennsylvania Lawyers Should Understand the Basics of Common Encryption Algorithms Before Engaging in Cloud Computing
You are considering cloud computing. The cloud provider ad reads:
Your cloud data is protected with military-grade, 256 bit, AES encryption.
“Wow!,” you think. Military grade. Sounds impressive. That must be good [enough]. But ….
As addressed in Navigating the Fog of Cloud Computing and Navigating the Fog of Cloud Computing: An Unofficial Supplement to The Pennsylvania Lawyer Article, Pennsylvania lawyers must make “reasonable efforts” to protect client confidential data stored in the cloud. See Pennsylvania Ethics Advisory Opinion on Cloud Computing—Inquiry 2010-60 (Jan. 10, 2011). Part of the “reasonable efforts” includes using reasonable encryption, and using reasonable encryption means understanding the basics of encryption.
In Cloud Computing: Who Holds the Encryption Keys? [And Why It May Matter to Lawyers] and Storing Files in the Cloud: Storage-as-a-Service for Lawyers–Encryption, I addressed the essential issue of “who holds the encryption keys?” This article now addresses the more complex issue of understanding the basic language of common encryption technologies.
First, a lawyer should know:
- all encryption algorithms are not the same,
- the end-use for the encryption may determine which type of encryption is appropriate, and
- simple comparisons of 128bit, 256bit, or 1024bit encryption key “strengths” alone are not an adequate level of inquiry (i.e., 256bit is not necessarily “twice” as strong as 128bit encryption, and one should not compare 128bit symmetric AES encryption to 1024bit asymmetric PKI encryption on key-strength alone).
Unfortunately, public cloud computing vendors do not always make meaningful encryption information easy for lawyers. Nevertheless, a lawyer cannot rest with simply citing the vendor claims that data is somehow encrypted to meet the “reasonable efforts” inquiry in Pennsylvania. A lawyer must obtain a basic understanding of what is encrypted, where it is encrypted, and how it is encrypted.
A Brief Overview of the Most Common Encryption Types for Lawyer’s
Today, common encryption algorithms use a key or two keys to encrypt or decrypt data. Two distinct categories of encryption algorithm are used:
- symmetric key (one key for both encryption and decryption) and
- asymmetric key (two keys, one for encrypting and one for decrypting).
Neither type is inherently “better” than the other. Rather, the end-application or end-use generally determines which type is better under the specific circumstances.[FN1]
Symmetric Key Encryption
In symmetric key encryption, only one key is used. The algorithm uses the same key to both encrypt and decrypt the “message” (the encrypted message is known as the ciphertext and the original is plaintext). Symmetric key encryption is ancient and is the common way people think about encryption—picture two spies agreeing that a specific word in a radio transmission will be the key to decrypt a previously transmitted, encrypted message.
Primary issues with symmetric key encryption are
- protecting the key,
- distributing the key, and
- managing the key.
Remember, the same key is used to encrypt and decrypt. Thus, by inference, any party encrypting or decrypting must have or share the same key.
Example of Symmetric Key Use
Assume Lawyer L and Client C. L drafts a equitable distribution agreement using a word processor. A word processor feature allows L to add a password (and encrypt) the equitable distribution draft. L chooses a password: Matter100060!EDdraft-7578175549. L emails the encrypted draft to C. L calls C and tells C the password. C receives the encrypted draft by email, verifies the sender, and opens the draft. When prompted for the password, C enters the password that L telephoned—note, the same password that L used to encrypt. C can then read the equitable distribution agreement draft.
Some Issues with Symmetric Key Encryption
Normally, a single key is not an issue or is easily managed. If you are the only one accessing your encrypted data using your key, the point is moot. But, if another party is accessing your data using your encryption key, the parties must have significant trust. Fundamentally, you must trust that the other party will not mis-use the key.
Public cloud computing perfectly illustrates this dilemma. In public cloud computing, the cloud computing provider might encrypt your data saved at the cloud vendor’s site using their key. Thus, your access to your data depends, by definition, on their key. This poses a challenge for lawyers who must assure continued access to, for example, client data stored in the cloud. It also may force the lawyer to “trust” the cloud provider. The problem is particularly evident with SaaS providers who frequently use simple, symmetric key encryption (AES is the most popular) to provide data protection at the cloud provider’s site. (Why don’t the vendors just allow you to use your key? An explanation far exceeds the scope of this article. But in a nutshell, the inherent system architectural structure of public cloud computing limits the ability of a vendor to offer personal key encryption. If offered, the personal key option might simply shift the issue from trust to securing key management—an equally complicated issue.)
Asymmetric Key Encryption
The “Example of Symmetric Key Use” above illustrates why asymmetric encryption (relatively new and invented in the 1970s) arose. In the Example, L needed to communicate the password (encryption key) to C. L did so by telephone because L should not simply include the key in the same email with the draft document. If L did include the key/password in the same email or even in another related email, an interloper (I) could intercept the key and decrypt the draft just as L and C can—obviating the security and benefit of the encryption.
Thus, distribution and management of encryption keys is a challenging issue with symmetric encryption. Note, this does not mean that symmetric key encryption should not be used or is somehow broken. (In fact, the only commonly known and truly unbreakable encryption remains one-time-pad, symmetric key encryption.) Rather, the Example simply identifies an issue inherent to using symmetric keys. In many cases, the symmetric nature is not an issue. But, with growing use of public cloud computing by lawyers, symmetric key encryption is becoming an issue.
To address the encryption key distribution-and-management issue, asymmetric encryption was invented in the 1970s. Asymmetric encryption uses a two-key, key-pair— a public key and a private key. Basically, one uses the public key to encrypt the message and then the private key to decrypt. What does that gain? The public key can be publicly, relatively safely, and easily distributed—unlike the symmetric key above. In other words, I can publicly post my public key on the internet, a person can encrypt a message to me using that key, and only I, as holder of the corresponding private key, can decrypt that message. (See my Contact Me section to get my GNUPG public-key.) In sharp contrast, one NEVER reveals one’s private key. The public-private key pair works together to allow encryption and decryption of messages. Asymmetric encryption is called public-key-infrastructure encryption or shortened to PKI. GNUPG, OpenPGP, and commercial PGP are all variants.
So, why doesn’t asymmetric key encryption replace symmetric key encryption? First, asymmetric key encryption is a companion to symmetric encryption and not a “replacement.” Second, asymmetric key encryption addresses the key distribution issue but not necessarily security itself. Third, asymmetric encryption is orders-of-magnitude less efficient than symmetric key encryption—in other words, asymmetric key encryption is slow, bulky, and less-efficient.[FN2]
Overview of Commonly Mentioned Encryption Methods Used By Cloud Providers
You might be saying: “Wow! Is it really that complicated?” Yes. Now, we will turn to applying the fundamentals above to commonly cited encryption forms used by cloud computing vendors.
AES Encryption—SYMMETRIC Encryption
One struggles not to find a cloud vendor promoting AES encryption. So what is AES?
- AES is the Advanced Encryption Standard (AES).
- AES is a symmetric encryption algorithm.
- AES is a US government standard (NIST defined) for encryption used by most US government agencies for up to Secret level protection (and top-secret in some cases).
- AES replaced the older DES (plain DES is no longer deemed secure for most at-rest storage applications).
- AES is commonly used for persistent, at-rest, or “file” encryption. [FN3]
- By definition, AES has three standard key lengths–128bit, 192bit, or 256bit.
Thus, AES describes one, government-standard, type of symmetric key encryption. Since AES is easily implemented, relatively efficient, and readily available, vendors widely use AES for data encryption. AES, for example, can encrypt at the file level (one file at a time) or at the “whole, hard disk” level. AES192 and AES256 are generally deemed secure.
DES, 3DES, RC4, and Other Symmetric Encryption Algorithms
DES, 3DES, and RC4 are other symmetric encryption algorithms that might be encountered by lawyers (for example, in mobile computing devices) but probably not for cloud applications. RC4 is used by current word processors to encrypt documents using a “password.” See Example above for description of this use. 3DES is a multiple-iteration of DES. 3DES or even DES might still be used in some limited circumstances when long-term security is not an issue.
Distinguish PKI Encryption—ASYMMETRIC Encryption
As noted above, PKI uses an asymmetric key-pair: one part public (to encrypt) and one part private (to decrypt). PKI relies on complex mathematics to generate the key-pair. But, PKI addresses the key distribution issue more than PKI focuses security. In other words, PKI might be an option when efficient key distribution trumps security or algorithm efficiency concerns. That is not to say that PKI is not secure. Rather, the mathematics behind PKI fundamentally differ from the mathematics of symmetric key encryption, and the asymmetric mathematics usually are far less efficient than symmetric algorithms. So, why don’t cloud providers simply switch to PKI? Unfortunately, there is not an easy answer. Suffice to say that PKI would be at minimum unwieldy and inefficient in a cloud computing type environment.
Sidebar: Don’t Be Confused by SSL
SSL (e.g., HTTPS:\\) ONLY provides transient, temporary encryption of data communicated from one computing device to another computing device. for example, SSL might secure a file upload from your browser running on your laptop to the remote cloud provider application (or vice-versa). See Navigating the Fog of Cloud Computing for more information about SSL. Thus, understand that SSL does not encrypt your files for long term storage and does not provide any protection at all once the internet session transmitting the file closes. Lawyers may get further confused because SSL might use the AES encryption algorithm! What? Remember, AES is simply a symmetric key algorithm and can be used with many protocols. One protocol is SSL. But, even though AES is mentioned (for example, AES 256bit, SSL, bank-grade encryption) in association with SSL, this form of AES is not the same as persistent, at-rest or file-based AES encryption. In the SSL-AES secures the data transmission. At-rest AES encrypts a file persistently—until specifically decrypted. (Confused? You are not alone. This is why the inquiry is far more complex than most lawyers realize.)
Addressing Cloud Computing Marketing
Cloud computing vendors, such as Software-as-a-Service (SaaS) providers,[FN4] promote their use of AES (of various bit lengths) to secure data stored by the SaaS provider. But, that is not the whole story or the end of inquiry for a Pennsylvania lawyer. Be especially wary if the mention of AES is only in association with SSL. (See above.)
Fictitious Example of Cloud Marketing
Assume a SaaS provider permits a lawyer to create legal documents “online” using a browser-based “word processor” hosted at the SaaS, cloud provider. The lawyer creates a contract document using the SaaS and saves the contract document “in the cloud” at the SaaS provider.
The SaaS provider likely states that the saved file is protected by AES (of varying bit lengths) encryption. That is probably true. But, the knowledgeable lawyer will recognize:
- wait, AES is a symmetric encryption algorithm (see lengthy discussion above),
- that means there is only one key, and
- so who holds that key?
Also, the lawyer might further recognize:
- wait, how does the vendor use AES?
- Just in the SSL transmission or
- specifically with at-rest, file encryption (or both)?
Thus, encryption use in cloud computing is truly a case where specifics are necessary. So, get details. Ask for exactly who, exactly where, exactly when, and exactly how.Probe to get real answers. If the vendor does not or cannot answer, you might need to consider the viability of the vendor for lawyer-related data storage.
The encryption issues does not obviate using a cloud provider, but does trigger additional and very specific analysis. For example, use of STaaS, Storage-as-a-Service, using AES256, might be appropriate if the lawyer controls the key and if the data is encrypted using, for example, AES256 before uploading to the cloud. (See Data Backup Basics for Pennsylvania Lawyers and Storing Files in the Cloud: Storage-as-a-Service for Lawyers—Encryption for definitions of STaaS and SaaS.) But as I have noted before, SaaS options for lawyers, unfortunately raise very tricky issues. (See Navigating the Fog of Cloud Computing for mention of this conundrum.)
The Conclusion: It Isn’t Easy But Is Necessary
Thus, the discussion above illustrates the need for specific follow-up by Pennsylvania lawyers using the cloud. And that, is the point of this lengthy article. Before embarking, a Pennsylvania lawyer must first understand the basics of encryption (and even the basics are very complicated) to knowledgeably and responsibly inquire at the level necessary to apparently meet the “reasonable efforts” threshold before using cloud computing. Simply relying on claims that the data is somehow encrypted or relying on the seemingly “compelling” claims of military-grade-bank-strength-256bit-AES-encryption (after all, before reading this article, didn’t that sound impressive?) may lead a Pennsylvania lawyer astray and result in problems.
No, the inquiry is not easy. No, the issues are not easy. No, there are no shortcuts. However, this does not mean that a Pennsylvania lawyer cannot use public cloud computing. Rather, this article illustrates that the issues are deep. Snap-inquiries or marketing reliance alone might not be good enough.
Original release: 06 October 2011
Revisions: 14 November 2011
FN1—To complicate matters, the forms are not mutually exclusive. In other words, an application might use both symmetric and asymmetric keys at different points or for different, but related, purposes in the application deployment.
FN2—While far beyond this little article, that is also, in part, why asymmetric key encryption uses huge keys (1024bit, 2048bit, 3096bit, or above) to reach roughly the same encryption “strength” as 128bit or 192bit symmetric keys.The mathematical foundation of asymmetric encryption also differs fundamentally from symmetric encryption.
FN3— See Navigating the Fog of Cloud Computing and Navigating the Fog of Cloud Computing: An Unofficial Supplement to The Pennsylvania Lawyer Article for more details about at-rest encryption.
FN4—See Navigating the Fog of Cloud Computing for definitions of SaaS and STaaS.