What is Cyber Security? It Starts With Cryptology
October 9, 2015
The mathematical basis for all cyber security is cryptology, the study of the hidden.
Cryptology provides the means to keep electronic information secure by protecting the electronic system as a whole, and by securing individual pieces of information (“bit”), even if the system itself is compromised. However, the Achilles heel to all data protection methods is that none is mathematically perfect. That is, no protection algorithm, even removing the computer from an Internet connection, guarantees data security.
Encryption is an element of cryptography. Cryptography is the most utilized method of data security and the primary focus of this series. At a basic level, encryption is easy to understand. It is just the process of using a cypher.
For example, if I want to exchange a written note with someone, but I don’t want others to be able to read it, I will use a cypher. Let’s say that I want to send my classmate a message, “This class is boring.” My classmate and I agree on the method that every letter in the message will be moved one letter over in the alphabet and “z” will be “a.” This is called the encryption “key.” So the message would read, “Sijt dmbtt jt cpsjoh.” Because my classmate also knows the key, he can decypher the message, and, no doubt, promptly agree.
This is a “symmetric-key algorithm,” because both my classmate and I must know the same key in order to use the cypher. Computer networks generally find this system completely unfeasible, because one has to manage all of these private keys and remember what key belongs to what message. Moreover, the number of keys grows exponentially with the number of network members. So, only 100 network members requires 10,000 different keys, all of which must be kept secret and correctly assigned.
The “public-key algorithm” solves this problem by giving a user a “public key” and a “private key.” Anyone wishing to send a message would find a readily accessible public key and apply it to the message before sending it to a user. Thus, anyone who wants to send a user an encrypted message can do so. However, to decrypt the message that user needs to use his or her private key.
Beyond the obvious problem of someone stealing the private key in either scenario is the problem that someone can figure it out. If someone looks at the message I sent earlier, “Sijt dmbtt jt cpsjoh,” through a simple process of guess-and-check, one might figure out that all I did was move each letter over one spot in the alphabet. Computers can perform a guess-and-check regime against encryption to “crack” the secret key. Therefore, to make the keys secure, computer encryption relies on “mathematical hardness,” or that the math involved to crack the key is so involved that not even a supercomputer, working at the problem for years, can crack it.
This is the basic idea behind encryption and keeping data secure. However, any method, including those not discussed here, has either mathematical weaknesses or practical weaknesses. In short, no system is truly secure. The consequences can be devastating. However, good practice and knowledge of both lawful protections and lawful remedies can minimize risk and maximize efficiency for operating in an ever-increasing digital world.
Cyber Insecurity: Ashley Madison Encrypted Passwords Cracked.
Survey Reveals Many Business Executives Lack Cybersecurity Confidence
Top Cybersecurity Threats Unveiled by Hackers – Is Anyone Safe?
Additional information and resources:
Cyber Security And Data Protection Group