Sensitive Data Encryption

Data encryption is a way of protecting data classified as sensitive. It's a process that involves converting information into an unreadable format. This technique is used to safeguard confidential data against unauthorized access.

Encrypting data makes it incomprehensible to anyone without a key to decrypt the information, meaning that even if the data is stolen, it remains unusable.

Cryptography is omnipresent in our daily lives, often in invisible ways. The HTTPS protocol, symbolized by a small padlock icon next to the URL in your browser's address bar, is an excellent example of this integration. This protocol uses cryptography to secure communications between your browser and web servers, ensuring that exchanged data remains confidential and intact.

When creating an account on a website or application, you need to choose a password to restrict access to that account. This password is typically encrypted and stored in a database.

Encryption involves transforming a password like "chihuahua10" into a series of characters like this :
"2fd4e1c67a2d28fced849ee1bb76e7391b93eb12".

When logging into the account, the entered password is also encrypted using the same algorithm and compared with the one that was encrypted and stored when the account was created. If the two correspond, access is granted.

 There are actually several reasons why encrypting data is important.

Encryption helps to keep sensitive data confidential by ensuring that only authorized individuals and systems can access it. This is crucial for ensuring privacy protection and information security.

It provides protection against cyber attacks. By making data unreadable, encryption prevents it from being intercepted, stolen, or used for malicious purposes.

It's essential for securing online communications. Whether it's emails, instant messaging, or financial transactions, data encryption ensures that exchanged information is protected against interception or alteration during transmission.

When data stored on your electronic devices is encrypted, it remains secure even in case of loss or theft.

Finally, there are regulations that require data to be encrypted. This is the case, for example, with the nLPD (New Data Protection Law), the GDPR (General Data Protection Regulation), or the PCI DSS (Payment Card Industry Data Security Standard) for transactions involving credit cards.

Firstly, what is BenefitMe? BenefitMe is a platform that centralizes, presents, simulates, and manages all the benefits offered to your employees. Integrated or not into your HR portal, it allows each employee to visualize the benefits they have in terms of salaries, time, insurance, provident funds, as well as in-kind benefits. Employees can perform simulations at will, incorporating the tax impacts of their choices, before submitting them to HR for validation.

BenefitMe uses the PHP Laravel framework, which allows for securely encrypting passwords. Bcrypt encryption is a crucial mechanism for securing user passwords in applications. When a user creates an account or changes their password, Laravel uses bcrypt to hash the password before storing it in the database. Here's a detailed explanation of this process:

1) Password hashing: When a user enters their password, Laravel does not store the password in plain text in the database. Instead, it uses the bcrypt function to hash the password.

2) Automatic salting: Bcrypt automatically generates a "salt" (a random string of characters) that is added to the password before the hashing process. This ensures that even if two users have the same password, their hashes will be different.

3) Cost factor: The cost factor in bcrypt determines the number of iterations of the hashing process, making the creation of the hash slower and therefore harder to attack by brute force.

4) Storage of the hash: Once the password is hashed, Laravel stores the result in the database.

BenefitMe is a platform that centralizes highly confidential data, such as salaries, dates of birth, addresses, and other personal information. To ensure optimal protection of user data, all sensitive fields in the database are encrypted using, among others, the AES-256 algorithm.

The main challenge of this project was to encrypt all sensitive fields while preserving the ability to search through these encrypted data. To overcome this challenge, we implemented a sophisticated technique using an indexing table, allowing us to retrieve information in a completely secure manner. It is crucial to emphasize that only the server possessing the appropriate key can decrypt the data and perform searches on these specific fields before securely transmitting them to the client via HTTPS (as seen previously).

In conclusion, BenefitMe applies a rigorous security strategy by integrating encryption at every level of its infrastructure. For password protection, the Laravel framework is used to implement bcrypt hashing, providing enhanced security through automatic salting and the cost factor. In parallel, AES-256 encryption is implemented to encrypt sensitive data in the database, ensuring solid protection of confidential and sensitive information. Finally, communication between the server and the client is secured via HTTPS, guaranteeing the integrity and confidentiality of exchanged data.

Encrypting data is essential to ensure the confidentiality and security of sensitive information. In a context where digital technologies are constantly expanding, it is crucial to adopt robust encryption methods to strengthen cybersecurity.