Data Encryption with AES
Data Encryption and its Benefits
Data security must be considered part of the management of your systems. Disregarding the risks of security breaches leads to your software being vulnerable to different situations, for example, exposing sensitive information, allowing users actions that should be restricted for them, opening doors for hackers, and so on.
Encryption is a solution to protect your information. To encrypt data is the process of taking the original information and creating a ciphered result that is unreadable, according to Porter (2020), a writer who works for NortonLifeLock. The idea is that only the person with the correct key can decrypt that result and have access to the original content.
There are many other benefits beyond just securing your secrets. The experts from Kaspersky (2020), another important company specialized in security, highlight that “encryption also provides a means of proving that information is authentic and comes from the point of origin it claims to come from.” Therefore, encryption is a must; it is not only necessary, but expected.
However, “you should never, ever, try to implement your own security using code that you have written” (Miles, 2019, p. 237), even if there could be developers in your team that want to create their own security functionalities. Nowadays, there is a variety of algorithms and protocols that have been tested and approved by official institutes and agencies.
One of the main standard algorithms that is used worldwide to encrypt and decrypt data is the AES (Advanced Encryption Standard). At the beginning, its name was Rijndael, and it was created by Joan Daemen and Vincent Rijmen, two Belgian cryptographers. But, after it won a competition against other algorithms, it was finally named AES by NIST (National Institute of Standards and Technology). It became the new standard for the government of the United States in 2002. Then, one year later, it started being used to protect classified information and was approved by the NSA (National Security Agency) to cipher top secret information, as Mardisalu (2017) explains in one of his security articles.
Technically, AES is a symmetric encryption algorithm, and categorized as a block cipher, because, as Allen (2006) describes, it takes a block of plain text input and a block of encryption key to generate a block of cipher text.
Some examples of tools, applications and systems that Mardisalu (2017) found in which AES is used by multiples companies are:
- The protection of compressed files in compression tools like 7Zip and WinZip.
- Tools for encrypting files, partitions or disks like BitLocker.
- VPN (Virtual Private Networks).
- Messaging applications like WhatsApp and Facebook Messenger.
AES in C# Language
This ciphered algorithm can be used in two different ways in the C# programming language. RijndaelManaged is the class to use the classic version of Rijndael, and Aes class is the version that implements the algorithm AES with the default settings established as a standard. Microsoft (2020) recommends using Aes class instead of RijndaelManaged to meet the security standards.
Miles, R. (2019). Exam Ref 70-483 Programming in C#, Second Edition. n.p.: Pearson Education.
Author: Antony Sandoval Bonilla.