Ask Control Engineering

Ask Control EngineeringThe Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control and embedded systems. Control Engineering answers questions from readers of Control Engineering's print and online magazines, newsletters and other publications. To comment on any blog posting, click on the post's highlighted question and scroll to the "Post a Comment" box at the bottom. Submit questions as comments to any existing post.

See all Ask Control Engineering blogs and comments

Are cloud communication protocols secure?

There’s security and there’s security. While a hacker might not break the encrypted communication directly, that doesn’t mean there aren’t other ways.

March 02, 2012

Dear Control Engineering: I was reading the article about networking protocols, and there is a statement that Skype, and by implication, other cloud technologies, are secure. Is this true?

Yes, it is if you are specific about what means exactly. Let’s digress for a moment and consider a historical parallel. Back during WWII, the German armed services used a device called an Enigma machine that encrypted messages sent by radio using Morse code. While the allies were able to intercept the radio traffic, without breaking the code, they were unable to understand the messages. So, there were enormous efforts to find ways to break the process. Those stories are fascinating and you can read them elsewhere, but successes usually came as a result of sloppy radio operators or largely brute force methods to simply try every possible key using early electro-mechanical computers.

Modern encryption is far more complex. The AES (advanced encryption standard) used with most communication on the Internet can employ a 256-bit key which would require 2200 operations to break by brute force. So it isn’t possible to decode the information by intercepting the transmission. That doesn’t mean it is secure necessarily. A determined hacker will simply find another way, and that probably means getting the message by going after one of the people that is sending or receiving. Even if the code is unbreakable, if someone breaks into my computer from outside, he or she can likely see the same information I can. My security depends on how well I protect the information once it is decoded. Using my earlier analogy, it would be like looking over the radio operator’s shoulder and seeing the message in plain text before it’s encoded.

Peter Welander, pwelander(at)