Last week, we attended a conference on General Data Protection Regulation and cryptographic solutions. Although this conference was not targeted at mobile apps specifically but at encryption of all devices, there were some interesting concepts applicable to the mobile world.
We have said before that Privacy cannot exist without Security. And encryption is one of the ways you can provide security to your mobile app. Different encryption types include:
- Symmetric Key An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message
- Asymmetric Key A form of encryption where keys come in pairs. What one key encrypts, only the other can decrypt. This is also known as Public Key Cryptography, since users typically create a matching key pair, and make one public while keeping the other secret.
- Cryptographic Hash Function A type of security mechanism that produces a hash value, message digest or checksum value for a specific data object. Cryptographic hash functions are implemented in information security to evaluate the integrity of data, authentication control and other security mechanisms. Cryptographic hash functions work by generating the checksum value of a data object. If the data is intentionally or unintentionally modified, the checksum value is changed. Thus, a data object’s integrity may be evaluated by comparing and verifying previous and current checksums.
- Digital Signature Not to be confused with a digital certificate, this is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document.
- File Encryption Software A program designed to guard the contents of computer files via the use of algorithms and adjoining keys.
The issues with encryption lie in knowing if the information within the files can be re-identified meaning that information that was guaranteed as confidential within a file protected by access keys, i.e. encryption, may be matched with associated keys and therefore accessed. See this example.
The good news is that security experts are finding workarounds to guarantee that this does not occur. One example that was given at the conference was the addition of Hash at the end of key numbers as a tool to prevent re-association. See more here.
The key advice we bring with us from the conference? In order to guarantee security of a device, provide a two-way identification for a password and a fingerprint.
You can read more about mobile application security in below presentation: