Data Encryption in NCache
This feature is only available in NCache Enterprise Edition.
In a distributed environment, caching systems mostly interact with network channels for transferring data between clients and remote servers. The data travels and resides in the cache in its serialized form, and anyone eavesdropping on your connection can intercept your data easily, if it is not encrypted.
Encryption is a form of data security, in which information is converted to ciphertext. Only authorized people (who have the key) can decipher the code and access the original plaintext information. In even simpler terms, encryption is a way to render data unreadable to an unauthorized party.
The data encryption feature provided by NCache is very important to secure your sensitive data by reducing the security risk, if data travels through the network or is stored in the cache unprotected.
An encryption algorithm is the method used to transform data into ciphertext. An algorithm will use the encryption key in order to alter the data in a predictable way, so that even though the encrypted data will appear random, it can be turned back into plaintext by using the decryption key.
NCache supports a rich set of standardized encryption algorithms that are nearly impossible to break. This ensures that your sensitive data is really well protected. NCache supports the following encryption algorithms that you can choose from:
- Triple Data Encryption Standard (3DES)
- Advanced Encryption Standard (AES)
- Advanced Encryption Standard - Federal Information Processing Standards (AES-FIPS)
Triple Data Encryption Standard (3DES)
Triple Data Encryption Standard algorithm (3DES), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. Different variations of 3DES algorithm supported by NCache are:
- 3DES-128: 128 bit encryption
- 3DES-192: 192 bit encryption
Advanced Encryption Standard (AES)
Advanced Encryption Standard algorithm (AES) is a symmetric block cipher algorithm with a block/chunk size of 128 bits. It converts these individual blocks using keys of 128, 192, and 256 bits. Once it encrypts these blocks, it joins them together to form the ciphertext. Different variations of AES algorithm supported by NCache are:
- AES-128: 128 bit encryption
- AES-192: 192 bit encryption
- AES-256: 256 bit encryption
Advanced Encryption Standard - Federal Information Processing Standards (AES-FIPS)
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data called Advanced Encryption Standard - Federal Information Processing Standards (AES-FIPS). Different variations of AES-FIPS algorithm supported by NCache are:
- AES-FIPS 128: 128 bit encryption
- AES-FIPS 192: 192 bit encryption
- AES-FIPS 256: 256 bit encryption
Security Strength Comparison between 3DES and AES
Triple Data Encryption Standard Algorithm (3DES) is a way of using DES encryption three times. But even Triple DES was proven ineffective against brute force attacks (in addition to slowing down the process substantially).
AES data encryption is a more mathematically efficient and elegant cryptographic algorithm, but its main strength rests in the option for various key lengths. AES allows you to choose a 128-bit, 192-bit, or 256-bit key, making it exponentially stronger than the 56-bit key of DES. The larger the key length, the harder it is to break.
Performance-wise Comparison between 3DES and AES
Encryption/Decryption time taken by AES is relatively less than 3DES, while both algorithms consume almost same amount of memory.
The process of 3DES
encryption using 3DES is much longer than AES because repeating
the same encryption process three times in 3DES takes some time
when compared to the AES encryption process which is much faster.
Processing Time: AES is much faster than 3DES.
Memory Usage: AES and 3DES take nearly the same amount of memory.
Where does Encryption occur
NCache data encryption and decryption mostly occurs inside your application process. If encryption is enabled for a cache, the data resides in the cache in encrypted form.
Once encryption is enabled, NCache client automatically starts encrypting your objects before sending them to the cache. And it automatically decrypts objects fetched from the cache before delivering them to your application. When encryption is enabled, data being added using Cache API, Cache startup loader, and Read-Through provider is encrypted.
You can enable encryption through NCache management tool without any programming effort on your part. To learn how to enable encryption, see Configure Encryption in the NCache's Administrator Guide.