ENCRYPTION


What is Encryption?

Encryption is a method to render digital data unreadable by anyone other than authorised users.

It can be used to provide a layer of security by making the data unreadable to anyone who is not authorised to view it.

Data can be encrypted:

  • ‘In transit’ – i.e. when being transferred across a network or the internet between devices, or
  • ‘At rest’ – i.e. when it is stored and not being used, whether this be on a physical or virtual device.

Under what circumstances should data be encrypted?

Encryption should be used in circumstances when the risk associated with the data being accessed in an unauthorized fashion is high.

High-risk situations most commonly include:

  • When data that contains information that is considered “sensitive” or “protected” (e.g. Financial or Health Information) about an individual who is readily or potentially identifiable, or
  • When data is transferred across the internet (when it is susceptible to interception by unauthorised third parties)

How is data encrypted?

Data, which is ordinary readable text (or “plain text”), is encrypted using an encryption algorithm and an “encryption key”. This process generates “cypher text” that can only be viewed in its original form if decrypted with the correct encryption key. Decryption is simply the inverse of encryption, following the same steps but reversing the order in which the keys are applied.

The encryption key is a pseudo-random string of characters that is generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill would be required to do so. Anyone can decrypt the data if provided with the key.


What are the Australian Standards for Data Encryption?

The Australian Signals Directorate (ASD) provides guidance to Commonwealth entities surrounding encryption standards to safeguard data ranging in different levels of sensitivity, from “unclassified but sensitive or official information not intended for public release” (UD), through “protected” (P), to “Top Secret” (TS). Associated security controls are outlined in the ASD’s Information Security Manual (ISM).

Whilst it is only Australian Government agencies that are required to adopt the ASD controls outlined in the ISM, the controls also provide a useful framework for non-government organisations to consider when protecting data that ranges across various levels of sensitivity. Data of this type includes Personal Health Information that contains identifying aspects which is considered to be both “sensitive”[1] and “protected”[2].

The following ASD controls are issued for agencies in protecting data that are considered “unclassified but sensitive or official information not intended for public release” (UD) or “protected” (P).

ASD Approved Cryptographic Algorithms (AACA)

AACAs fall into three categories: asymmetric/public key algorithms, hashing algorithms and symmetric encryption algorithms.

The approved asymmetric/public key algorithms are:

  • Diffie–Hellman (DH) for agreeing on encryption session keys
  • Digital Signature Algorithm (DSA) for digital signatures
  • Elliptic Curve Diffie–Hellman (ECDH) for agreeing on encryption session keys
  • Elliptic Curve Digital Signature Algorithm (ECDSA) for digital signatures
  • Rivest–Shamir–Adleman (RSA) for digital signatures and passing encryption session keys or similar keys

The approved hashing algorithm is:

  • Secure Hashing Algorithm 2 (SHA–224, SHA–256, SHA–384 and SHA–512)

The approved symmetric encryption algorithms are:

  • AES using key lengths of 128, 192 and 256 bits
  • Triple Data Encryption Standard (3DES)

ASD Approved Cryptographic Protocols (AACP)

In general, ASD only approves the use of cryptographic products that have passed a formal evaluation. However, ASD approves the use of some commonly available cryptographic protocols even though their implementations in specific products have not been formally evaluated by ASD. This approval is limited to cases where they are used in accordance with the requirements in the ISM manual. The AACPs are:

  • TLS
  • Secure Shell (SSH)
  • Secure Multipurpose Internet Mail Extension (S/MIME)
  • OpenPGP Message Format
  • Internet Protocol Security (IPsec)
  • WPA2 (when used in accordance with the advice contained in the Wireless Local Area Networks section of the Network Security chapter).

 

Encryption at rest

ASD Control: 0459; Revision: 2, states that encryption of secure data at rest should use either:

  • Full disk encryption
  • Partial encryption where the access control will only allow writing to the encrypted partition.

Full disk encryption provides a greater level of protection than file–based encryption. While file–based encryption may encrypt individual files there is the possibility that unencrypted copies of the file may be left in temporary locations used by the operating system.

Data recovery

ASD Control: 0455; Revision: 1, states that where practical, cryptographic products must provide a means of data recovery to allow for circumstances where the encryption key is unavailable due to loss, damage or failure.

The requirement for an encryption product to provide a key escrow function, where practical, was issued under a Cabinet directive in July 1998 for Commonwealth entities.

ASD Control: 0481; Revision: 3 states that Agencies using a product that implements an AACP must ensure that only AACAs can be used.

Encryption in transit

ASD Control: 0469; Revision: 2 states that for particularly sensitive data (i.e. (AUSTEO) for Australian Eyes Only, or AGAO (Australian Government Access Only)) encryption is required when data of this type is being communicated over public network infrastructure (i.e. “In addition to any encryption already in place for communication mediums, agencies must, at minimum, use an AACP to protect AUSTEO and AGAO information when in transit”)


Are there any issues I should be aware of when using encryption?

  • If you want to analyse or use an algorithm to perform computational tasks on stored data that has been encrypted (and hence is in cypher format), it must first be decrypted back into plain text format prior to the analysis.
  • Encryption takes time to perform. If encrypting data in transit (prior-to, and following transfer across a network), the overall transfer will take longer.
  • Losing your key. If the provider of the data encryption service does not provide a key escrow (i.e. recovery) function, and you lose your encryption key, it will not be possible for the provider of the service (or anyone else) to decrypt your data for you. It’s like losing your only keys for a lock, but not having access to a locksmith.


[1] The Commonwealth Privacy Act (1988) (“The Privacy Act”) defines what is considered personal and sensitive information in Australia. Personal Information means information about an identified individual, or an individual who is reasonably identifiable, and of relevance to med.data, Sensitive Information includes: Information about an individual’s Racial or ethnic origin or Sexual orientation or practices; Health information; Genetic information and Biometric information.
[2] The US HIPPA Privacy Rule (http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html ) defines protected health information” as individually identifiable health information, including identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse. Genetic information is considered to be health information.