IT Authentication Basics
authentication is the summons of determining if a claim is true — normally a claim about person or something ’ randomness identity — using a mystery or piece of testify called a “ factor. ” When you sign onto an electronic mail account, you ’ re asserting a statement ( “ I am
Because secrets can be stolen or guessed, users can use multiple factors to make it harder for a bad actor to gain access. For model, G Suite security two-factor authentication requires users to input a password and a erstwhile code, texted to their earphone before they can login. similarly, an organization might require employees to present both an ID poster and fingerprint read to access a medium area.
How Encryption Authentication Works
If you ’ re protecting a file on a computer that isn ’ deoxythymidine monophosphate connected to anything, encrypted authentication is reasonably easily. Encrypt the file, keep the key somewhere safe ( ideally, protected by a password ) and you ’ ll be secure .
But in defile applications such as e-mail encoding, authentication is harder. These applications use public-key encoding, which uses two keys : one to encrypt the datum, and one to decrypt it. As the name implies, the public key is much publicly available, but the secret key has to be kept secret. In PGP email encoding and like methods, you obtain the recipient ’ s public identify, and use it to encrypt a message to them. Because they keep their private key confidential, lone they can decrypt it .
Attackers can read your data by stealing your individual key, but they can besides do it by tricking the transmitter into using the improper populace winder with a Man-in-the-Middle ( MitM ) attack. For case, imagine Sara wants to send you a secret message and Andy wants to steal it. If Andy tricks Sara into using his public key rather of yours, he can decode your message with his individual key, then send it on to you, using your real public key. He can tied alter it if he wants to, and you ’ ll be none the wise .
Encryption authentication prevents these attacks with digital signatures — special codes unique to each party. An authority confirms that the key signature and identify are authentic. With PGP, the residential district as a whole is the authority. Users can vouch for each other by signing each early ’ s keys — either in-person at key signing parties, or using the Web of Trust ( WoT ). so if you and Sara believe Becky, and Becky has signed both of your public keys, you can trust Sara ’ s populace key and vice versa .
unfortunately, WoT doesn ’ metric ton scale well once you start adding extra degrees of separation. For model, let ’ s say Becky has not signed your key, but has signed Tim ’ s key. To trust your public key, Sara has to believe that :
- Becky’s key is authentic.
- Becky can be trusted to authenticate keys.
- Tim’s key is authentic.
- Tim can be trusted to only sign authentic keys.
- Your key is authentic.
There are all kinds of ways this could fail. Becky could have been tricked into signing the wrong keystone, Tim could maliciously pass off Andy ’ s keystone as yours, or a hack could have compromised person ’ second private key after signing, and then on. All it takes is one person making a regretful decisiveness or losing command of their key, and the solid chain collapses .
To make encoding authentication more fasten, SSL/TLS uses a trustworthy Certificate Authority ( CA ) to verify each party, and handles encoding key management mechanically. When you send an e-mail with TLS, your client creates an code connection with your chain mail server, and sends your message .
The summons is repeated from your server to your recipient ’ randomness server, and from their server to their client. The main problem is, you have no way to know if one of these servers has been hacked or is using a compromise interpretation of TLS. Because data is decrypted at each stage of the process, there are multiple opportunities for a MitM attack .
How Virtru Handles Encryption Authentication
Read more: A Few Thoughts on Cryptographic Engineering
Virtru Encryption authentication uses a trust CA like PGP, but does not suffer from its weaknesses. When a user sends an code electronic mail, the Virtru customer on their device encrypts the message using a erstwhile key, and the key is sent to Virtru ’ sulfur secure waiter using an code connection. meanwhile, the code e-mail is sent by the sender ’ randomness electronic mail customer to recipient ’ second e-mail server in the normal direction .
When the recipient clicks the e-mail, their Virtru customer conducts a tripartite school term with the Virtru server and a 3rd party identity supplier such as OAuth or OpenID, which enables the encoding authentication and authority summons. First, the customer confirms the recipient is who they claim to be, and checks the electronic mail ’ mho access policies to ensure the recipient is inactive authorized to access it. If the recipient is permitted, the Virtru waiter securely transfers the key to the recipient ’ sulfur Virtru node .
This averts the undependability of PGP-like encoding authentication, because it doesn ’ deoxythymidine monophosphate count on a wholly chain of parties. And unlike SSL/TLS, messages aren ’ t encrypted or decrypted by arbitrary servers on the open Internet, which may be improperly configured .
Virtru Authenticated Encryption and Government Surveillance
Virtru is dedicated to user privacy from government surveillance. We have never disclosed user keys, and are in a impregnable legal position to resist FISA and other broad surveillance orders if we ’ rhenium always asked to in the future .
Limits of Virtru Encryption Authentication
No tool can replace security awareness. Virtru protects users against attacks and the dangers of unencrypted electronic mail, but it doesn ’ triiodothyronine stop consonant you from reusing passwords, or other insecure practices that already put you at hazard. You should use a solid, singular passwords, and enable two-factor authentication so that a hack can ’ thyroxine entree your account if they manage to gain access to your password .
For mobile devices, we highly recommend that you use password-protected iPhone or Android encoding to protect personal data in the apps you use for shopping, bank, and other activities, should your device be stolen. For more security tips, check out the resources below.
Take Control of Your Cloud Security
Virtru stops hackers from spying on your emails and cloud files with potent, no-fuss encoding. Use these other resources to learn more about keeping your data safe and secret .
The Simple Guide to Encryption Key Management [ eBook ]