Encryption at Rest and in Transit
Encryption is the process of converting readable data (plaintext) into an unreadable format (ciphertext) using a mathematical algorithm and a key.
# Encryption at Rest and in Transit
Definition
Encryption is the process of converting readable data (plaintext) into an unreadable format (ciphertext) using a mathematical algorithm and a key. Only someone who possesses the correct key can reverse the transformation and recover the original data. Encryption protects data confidentiality: even if an attacker accesses the storage medium or intercepts the network traffic, the data remains unreadable without the key.
Encryption at rest protects data stored on disk: databases, file systems, backup repositories, cloud storage, endpoint hard drives, mobile devices, and removable media. Encryption in transit protects data moving across networks: between a user's browser and a web server, between application components, between data centers, and between an organization and its cloud providers.
Together, encryption at rest and in transit ensure that data is protected in both states it occupies during normal operations. A third state, encryption in use (protecting data while it is being processed in memory), is an emerging capability with technologies like confidential computing, homomorphic encryption, and secure enclaves, but it is not yet widely deployed in production environments.
Encryption is the primary control in the DPS (Data Protection and Sovereignty) domain of the Planetary Defense Model because it functions independently of every other layer. If the network is breached (VSD failure), if the endpoint is compromised (SPH failure), if credentials are stolen (IAT failure), if the threat was not detected (TID failure), the data remains protected if the encryption holds. Encryption is the vault door that still works when every outer wall has fallen.
How It Works
Symmetric Encryption
Symmetric encryption uses a single key for both encryption and decryption. The same key that locks the data unlocks it. Symmetric algorithms are fast and efficient, making them suitable for encrypting large volumes of data.
AES (Advanced Encryption Standard). The dominant symmetric encryption algorithm. AES operates on 128-bit blocks and supports key lengths of 128, 192, and 256 bits. AES-256 (256-bit key) is the standard for sensitive data. AES is approved by NIST (FIPS 197), adopted globally, and has no known practical attacks against the full algorithm with proper implementation. AES replaced DES (Data Encryption Standard) and 3DES, which are deprecated due to insufficient key length and block size.
ChaCha20. An alternative symmetric cipher used in some modern protocols (WireGuard VPN, some TLS implementations). ChaCha20 performs well on hardware that lacks AES-specific instruction sets and is resistant to timing attacks. Google adopted ChaCha20-Poly1305 for TLS on mobile devices where AES hardware acceleration is unavailable.
The operational challenge with symmetric encryption is key distribution: both parties must possess the same secret key. Transmitting the key securely is itself a problem that asymmetric encryption solves.
Asymmetric Encryption
Asymmetric encryption uses a key pair: a public key (shared openly) and a private key (kept secret). Data encrypted with the public key can only be decrypted with the corresponding private key. This solves the key distribution problem: the public key can be transmitted openly because it can only encrypt, not decrypt.
RSA. The most widely deployed asymmetric algorithm for key exchange and digital signatures. RSA key lengths of 2048 bits are the current minimum; 4096 bits are recommended for long-term protection. RSA's security relies on the computational difficulty of factoring large prime numbers.
Elliptic Curve Cryptography (ECC). Provides equivalent security to RSA with shorter key lengths (a 256-bit ECC key provides security comparable to a 3072-bit RSA key). ECC is faster and more efficient than RSA, making it preferred for resource-constrained environments (mobile devices, IoT) and modern protocols.
Post-quantum considerations. Both RSA and ECC are vulnerable to quantum computing attacks (specifically Shor's algorithm, which can factor large numbers and compute discrete logarithms efficiently on a quantum computer). NIST standardized three post-quantum cryptographic algorithms in 2024: ML-KEM (FIPS 203, key encapsulation), ML-DSA (FIPS 204, digital signatures), and SLH-DSA (FIPS 205, stateless hash-based signatures). Organizations should begin crypto-agility planning: the ability to migrate to post-quantum algorithms when required, without redesigning the entire encryption architecture.
Hybrid Encryption (How TLS Works)
In practice, most encryption systems use both symmetric and asymmetric encryption together. This is hybrid encryption, and it is how TLS (Transport Layer Security) protects data in transit:
- The client connects to the server and initiates a TLS handshake.
- The server presents its certificate (containing its public key).
- The client and server negotiate a shared symmetric session key using an asymmetric key exchange protocol (ECDHE in modern TLS).
- All subsequent data is encrypted with the symmetric session key (AES-256 or ChaCha20).
- The session key is ephemeral: it is generated for this session and discarded afterward (forward secrecy).
Hybrid encryption combines the strengths of both: asymmetric encryption solves key distribution (no pre-shared secret needed), and symmetric encryption provides the speed needed for bulk data transfer.
Encryption at Rest: Implementation
Full-disk encryption (FDE). Encrypts the entire storage volume. BitLocker (Windows), FileVault (macOS), LUKS (Linux). FDE protects against physical theft: a stolen laptop with FDE enabled yields encrypted data that is unreadable without the boot authentication credential. FDE does not protect against attacks that occur while the system is running and the disk is decrypted (the operating system decrypts transparently for the authenticated user and for any malware running in that user's context).
Database encryption. Transparent Data Encryption (TDE) encrypts database files at rest. The database engine decrypts data transparently when authorized queries execute. TDE protects against unauthorized access to database files (stolen backup, compromised storage) but does not protect against SQL injection or compromised database credentials (the attacker authenticates normally, and the database decrypts data for their queries).
File-level encryption. Individual files or folders are encrypted. Microsoft Information Protection (MIP), VeraCrypt containers, and PGP-encrypted files provide file-level protection. File-level encryption is more granular than FDE (individual files remain encrypted even when the disk is decrypted) but operationally more complex (each file requires key management).
Cloud storage encryption. Cloud providers offer server-side encryption by default (AWS S3, Azure Blob Storage, GCP Cloud Storage all encrypt at rest automatically). The critical question is key management: does the cloud provider manage the key (simplest, least control), does the customer manage the key in the provider's key management service (more control), or does the customer manage the key in their own HSM outside the provider's infrastructure (maximum control, maximum complexity)?
CDA's Sovereign Data Protocol (SDP) position: "Your data lives where you decide. Period." For data classified as Confidential or Restricted, customer-managed keys (BYOK or HYOK) provide the sovereignty guarantee that provider-managed keys do not. If the cloud provider manages the encryption key, the cloud provider can decrypt the data (and could be compelled to do so by a government subpoena in the provider's jurisdiction). Customer-managed keys preserve sovereignty.
Encryption in Transit: Implementation
TLS 1.3. The current standard for encrypting data in transit over networks. TLS 1.3 (finalized 2018) eliminated vulnerable features from TLS 1.2 (removed RSA key exchange, removed cipher suites with known weaknesses, mandatory forward secrecy). Every internet-facing service should use TLS 1.3. TLS 1.0 and 1.1 are deprecated. TLS 1.2 is acceptable with strong cipher suite configuration but should be migrated to 1.3.
VPN encryption. VPN tunnels encrypt traffic between endpoints using protocols like IPsec or WireGuard. VPN encryption protects data traversing untrusted networks (the internet, public Wi-Fi) by wrapping all traffic in an encrypted tunnel.
Internal network encryption. Zero trust architecture mandates encrypting traffic even on internal networks (NIST SP 800-207). The assumption that internal networks are trusted is obsolete. An attacker who has achieved lateral movement on the internal network can intercept unencrypted internal traffic (credential relays, database queries, file transfers). Encrypting internal traffic (mutual TLS between services, IPsec between network segments) eliminates this exposure.
Email encryption. S/MIME and PGP provide end-to-end email encryption. TLS between mail servers (STARTTLS, MTA-STS) encrypts email in transit between servers but does not provide end-to-end protection (the mail server can read the message). For sensitive communications, end-to-end encryption is required.
Why It Matters
The Last Line of Defense
Encryption is the DPS control that works when every other layer has failed. If an attacker steals a database backup (VSD failure allowed access, IAT failure allowed authentication, SPH failure allowed the backup server to be reached, TID failure missed the access), the encrypted database backup is useless without the key. Encryption transforms a data breach into a data theft of unreadable material.
This is not theoretical. Organizations with properly implemented encryption at rest that experience data theft face significantly lower regulatory, financial, and reputational consequences. GDPR provides that encrypted personal data that is breached may not require individual notification if the encryption renders the data unintelligible (Article 34(3)(a)). HIPAA's Breach Notification Rule contains a safe harbor for encrypted PHI. Encryption does not prevent breaches. It dramatically reduces their impact.
Regulatory Mandates
Encryption is mandated or strongly recommended by every major compliance framework. NIST CSF 2.0 PR.DS (Data Security) includes encryption as a core protective control. PCI DSS 4.0 Requirement 3 mandates encryption of stored cardholder data and Requirement 4 mandates encryption of cardholder data in transit. HIPAA requires encryption of ePHI (the Security Rule's addressable specification that is treated as required by most auditors). ISO 27001 A.8.24 (Use of Cryptography) requires a cryptographic policy. CMMC 2.0 requires encryption of CUI at rest and in transit.
Post-Quantum Urgency
The timeline for quantum computers capable of breaking RSA and ECC is debated (estimates range from 5 to 15 years), but the threat is actionable today because of "harvest now, decrypt later" attacks. Nation-state adversaries are collecting encrypted data today with the intent to decrypt it when quantum computers become available. Data that must remain confidential for more than 10 years (government classified data, long-lived trade secrets, health records) should be protected with post-quantum algorithms now, or at minimum, the organization should have a crypto-agility plan that enables migration when NIST post-quantum standards are widely implemented in commercial products.
CDA Perspective
Encryption is the foundational control in DPS (Data Protection and Sovereignty). CDA's Sovereign Data Protocol (SDP) treats encryption as the bedrock: "Your data lives where you decide. Period." That sovereignty guarantee is enforced through encryption and key management. If the data is encrypted and you control the key, you control the data regardless of where it physically resides.
Three TOP missions connect directly to encryption:
- DPS-R03 (Encryption Posture Review): Assess current encryption coverage. What data is encrypted at rest? What data is encrypted in transit? What algorithms and key lengths are in use? Are any deprecated algorithms still deployed? Is key management centralized? 12 estimated hours.
- DPS-B02 (Encryption Standards Deployment): Deploy encryption standards across the environment. Define approved algorithms, key lengths, certificate authorities, key rotation schedules, and key management architecture. 32 estimated hours. This is a complex Build mission because encryption touches every system that stores or transmits data.
- DPS-H03 (Key Management Hardening): Harden the key management infrastructure. Implement HSMs for critical key material. Automate key rotation. Audit access to key management systems. Develop crypto-agility plan for post-quantum migration. 24 estimated hours.
The historical parallel: Julius Caesar used a substitution cipher to protect military communications 2,000 years ago. The algorithm was simple (a three-position alphabetic shift). The principle was identical to modern encryption: render data unreadable without the key. The Caesar cipher is documented in CDA.Wiki's dedicated article as history's first encryption standard. The principle has not changed. The mathematics have evolved from alphabetic shifts to 256-bit symmetric keys to lattice-based post-quantum algorithms. The domain is the same. The mission is the same.
Key Takeaways
- Encryption at rest protects stored data. Encryption in transit protects data moving across networks. Together they cover the two primary data states in normal operations.
- AES-256 is the standard symmetric algorithm. RSA and ECC are the standard asymmetric algorithms. Post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) are standardized and organizations should begin migration planning.
- Encryption is the DPS control that works when every other layer has failed. Properly encrypted stolen data is unreadable, reducing breach impact and enabling regulatory safe harbors.
- Key management is the operational challenge. Who controls the key controls the data. Customer-managed keys preserve sovereignty. Provider-managed keys create a trust dependency.
- "Harvest now, decrypt later" makes post-quantum planning urgent today, not when quantum computers arrive.
Related Articles
- Data Protection and Sovereignty (DPS): The Geological Core
- The Caesar Cipher: History's First Encryption Standard
- Data Classification
- Backup and Recovery Architecture
- Zero Trust Architecture
- Key Management
Sources
- National Institute of Standards and Technology (NIST). "Advanced Encryption Standard (AES): FIPS PUB 197." U.S. Department of Commerce, November 2001.
- National Institute of Standards and Technology (NIST). "Post-Quantum Cryptography Standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA)." U.S. Department of Commerce, 2024.
- Internet Engineering Task Force. "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3." IETF, August 2018.
- European Parliament and Council. "General Data Protection Regulation (GDPR): Article 34(3)(a)." Official Journal of the European Union, 2016.
- PCI Security Standards Council. "PCI DSS v4.0: Requirements 3 and 4." PCI SSC, March 2022.
Word count: 1,954
Related CDA Missions
CDA Theater missions that address topics covered in this article.
Written by Evan Morgan
Found an issue? Help improve this article.