Cryptography – Questions & Answers
Q. 1. Cryptography has been used in one form or another for over 4,000 years, and the attacks on cryptography have probably been in place for 3,999 years and 364 days. As one group of people works to find new ways to hide and transmit secrets, another group of people is right on their heels finding holes in the newly developed ideas and products. This can be viewed as evil and destructive behavior, or as the thorn in the side of the computing world that pushes it to build better and more secure products and environments. Describe these two types of people where one can build to secure the cryptography, and another to break it.
Cryptography has its roots back in 9th century, when it was used to communicate with people at long distance (Rijmenants, 2016). The technique was used to encrypt the message so that the message written in the letter could be read only by the intended receive. The cryptographer use algorithms in order to encrypt the information so that it could be decrypted only with a key that could decrypt the message. Cryptography is still in used and has got more and more importance with the passage of time and with its implementation in our digital world as well. All of our digital devices like computers, smartphone and applications are our means to communicate with one another. There is really need to secure that communication so that only the intended receiver could receive our message and not any intruder. In order to secure the communication the information sent is first encrypted with a special key that would decrypt the message when received by the authorized user or receive (Schneier, 1998). These people are motivated to ensure the privacy of people so that no one could get into private communication between people. On the other hand there are also people who are always looking for crypto analysis so that they could get their hands on other people’s private information or communication. They are focused on finding loop holes in the security that enable the encryption or cryptography of information. There are several encryption methods that are used for cryptography of important information and number of algorithms are also developed but still there is possibility that the intruders could get into the secure system. Only applying encryption does not solve the problem of privacy, there are other important implications that must be in place as well to ensure strong cryptography. It is like people are building new algorithms every day to ensure the privacy of communication on the other hand another team of people is working to break that code and decipher that information without permission of sender and receiver.
It is known that all the companies and organizations have been implement best encryption methodologies to secure their products and services, however still they cannot totally ensure complete privacy and security of information. This is kind of war that will keep on going one party will be implementing and inventing better methodologies to ensure the privacy of people and their information on the other hand, the other party will be looking to find loop holes and get unauthorized access to secure systems and extract important information.
Q. 2. Cryptography algorithms provide the underlying tools to most security protocols used in today’s infrastructures. The algorithms work off of mathematical functions and provide various types of functionality and level of security. A big leap was made when encryption wen from purely symmetric key used to public key cryptography. This evolution provided users and maintainers much more freedom and flexibility when it came to communicating with a variety of users all over the world. Explain these two types of cryptography with examples of real-world application.
Cryptography of information is very important when the information has to be transferred over the network through insecure physical medium. The information is meant to be encrypted so that no intruder or unintended user could read the message or information. There are two types of encryption methods used; symmetric key cryptography and public key cryptography. Symmetric key is also known as shared key and it is sent along the message so that the receiver could decrypt the message using that key (Interview, 2015). Symmetric key cryptography is quite useful when it is used over a private network, however on the other hand when it is sent over a shared network then it cannot be fully secure, it is because the shared key is also sent over the same medium along with message. If we used symmetric key cryptography for sending information over shared network then the key can also be accessed from the intruder with the message and he can use that key to decrypt the message. This method is quite fast and the transmission of data is quite easy.
Talking about public key cryptography it involves two keys, one is public key and the other is private key (Posey, 2000). Both the keys are required in order to decrypt the message. Public key is sent with the message while the private key is in the possession of the receiver only and it remains secure as it is not transferred over a shared network. If the private key is not provided for decryption then the information stays secure. However the process of public key cryptography is quite slow and is resource intensive. It makes the transfer of larger files over network quite difficult. These types of encryptions are used in where secure transaction over the network is required. Most of the website where money and other important transactions are involved use public key encryption to ensure the safety and security of information being transferred from server to the end computer user.
Q.3. Encryption can be supplied at different layers of OSI model by a range of applications, protocols and mechanisms. Today, not much thought has to be given to cryptography and encryption because it is taken care of in the background by many operating systems, applications and protocols. Explain each protocol stack where encryption can be used and how it is used in real-world applications. Support your arguments with examples.
Encryption is applied on layer 6 of OSI model that is at second from the top. The 6th layer of OSI is model offers very limited but specific functions as compared to other layers. It is also important to know that this layer might not be required in some functions. The purpose of this layer is to present data, it handles any issues arising when data is sent from one system to system that might have different method for viewing data. The basic need of this layer rises when the network might be connected to different kinds of systems like Windows, Mac, UNIX or servers. All these systems have different characters and present data in their own way or they might be using different character sets (Guide, 2005). The presentation layer performs its role by hiding the differences between different machines and presenting data in best possible format. Considering the functionality of this layer, the encryption or decryption of information is performed on this layer. This layer is responsible for the security of information being transferred over the network. Secure Stock Layer is the most commonly used encryption technique that is used over presentation layer. It does not mean that all the encryption is done on layer 6, there is another layer where encryption is done that is at protocol stack. This encryption is done for technologies like IPsec (Guide, 2005).
Gregg, M. (2007, 2). OSI: Securing the Stack, Layer 6 — Encryption. Retrieved from Tech Target: http://searchnetworking.techtarget.com/tip/OSI-Securing-the-Stack-Layer-6-Encryption
Guide, T. (2005, 9 11). Presentation Layer (Layer 6). Retrieved from TCP/IP Guide: http://www.tcpipguide.com/free/t_PresentationLayerLayer6.htm
Interview, P. (2015). What are the differences between symmetric and public key cryptography. Also give an example of when you would use each one. Retrieved from Programmer Interview: http://www.programmerinterview.com/index.php/general-miscellaneous/symmetric-vs-public-key-cryptography/
Posey, B. M. (2000, 8 24). Understand the differences between public key and symmetric key encryption. Retrieved from Enterprise Networking Planet: http://www.enterprisenetworkingplanet.com/netsecur/article.php/623901/Understand-the-differences-between-public-key-and-symmetric-key-encryption.htm
Rijmenants, D. (2016). What is Cryptography. Retrieved from CIPHER MACHINES AND CRYPTOLOGY: http://users.telenet.be/d.rijmenants/en/cryptography.htm
Schneier, B. (1998). Security Pitfalls in Cryptography. Retrieved from Schneier: https://www.schneier.com/essays/archives/1998/01/security_pitfalls_in.html