3.2.b Encryption

Encryption is the process of encoding information (plaintext) into a secret code (ciphertext) to protect its confidentiality. Only authorized parties with the correct key can decode the ciphertext back into plaintext (decryption). In system design, we are primarily concerned with two states of data: in transit and at rest.

Encryption in Transit

This involves securing data as it travels over a network, such as the internet. The goal is to prevent eavesdropping, tampering, or "man-in-the-middle" (MITM) attacks.

  • Primary Technology: TLS (Transport Layer Security), the modern successor to SSL (Secure Sockets Layer).
  • How it's Used:
    • HTTPS: This is simply HTTP running over a TLS-encrypted connection. TLS provides the "S" for "Secure." It uses a combination of asymmetric (public-key) cryptography for an initial handshake and key exchange, and then faster symmetric cryptography for the actual data transfer. It's the standard for all web communication.
    • mTLS (Mutual TLS): In a standard TLS connection, only the client verifies the server's identity. In mTLS, both the client and the server present and verify each other's certificates. This is commonly used for server-to-server communication within a microservices architecture to ensure services only communicate with other trusted, authenticated services.
  • Best Practice: Encrypt all network traffic, both external (client-to-server) and internal (server-to-server).

Encryption at Rest

This involves securing data while it is stored on non-volatile media, such as hard drives, SSDs, databases, or in object storage. This protects the data in case of physical theft of hardware or unauthorized access to files.

  • Common Techniques:

    • Transparent Data Encryption (TDE): A feature offered by many database management systems (e.g., MySQL, Oracle, SQL Server) that automatically encrypts the data and log files on disk. The database handles the encryption and decryption, which is "transparent" to the application reading and writing data.
    • Filesystem/Disk-Level Encryption: Encrypting an entire disk volume or filesystem at the operating system level (e.g., using BitLocker on Windows or LUKS on Linux).
    • Application-Level Encryption: The application itself encrypts specific sensitive data fields (e.g., a user's social security number) before saving them to the database. This provides the highest level of security, as the data is never in plaintext within the database. However, it's more complex to manage because the application must manage the encryption keys and it can make querying the encrypted data difficult.

  • Key Management: A critical component of encryption is Key Management. Encryption keys must be securely generated, stored, rotated, and managed.

    • Best Practice: Never hardcode encryption keys in source code or configuration files. Use a dedicated Key Management Service (KMS) like AWS KMS, Google Cloud KMS, Azure Key Vault, or HashiCorp Vault. These services provide secure, hardware-backed storage for your keys and manage their lifecycle.

Summary for an Interview

  • Clearly state that your design will employ encryption both in transit and at rest.
  • For in transit, specify using TLS/HTTPS for all communication.
  • For at rest, mention using technologies like TDE for databases or filesystem-level encryption. For highly sensitive PII, consider application-level encryption.
  • Crucially, mention the need for a secure Key Management Service (KMS) to handle all encryption keys, demonstrating an understanding of operational security best practices.
Advertisement