Cryptographic Algorithms: The Use in Cyber Security Essay

Exclusively available on Available only on IvyPanda® • No AI

Table of Contents

Introduction

Cryptography in various forms is one of the most standard and relatively reliable tools utilized in contemporary cyber security.
Cryptographic protection of a system depends on two factors, 1) the strength of the keys and effectiveness of associated protocols, and 2) protection of said keys via key management (generation, storage, and distribution).
Therefore, it is important to consider that strong algorithms combined with poor key management is just likely to fail as if there was strong key management with a poor algorithm.
Three general classes of cryptographic algorithms approved by NIST – hash function, symmetric-key algorithm, and asymmetric-key algorithm (Turner, 2019).
Each has its trade offs and depends on the security goal being accomplished.

Algorithm transforms data to be virtually unlockable without a key.
Designated standard by U.S. government, combined with 256-bit key length, impossible even for a supercomputer to guess the combinations.
Offers benefit of data confidentiality by using the same key for encryption and decryption.
Symmetric key encryption is fast and efficient for large data amounts (Shinder & Cross, 2008).
Can be used in payment applications, such for card transaction, with the PII being protected to prevent identity theft.

The key has to be shared with the party to whom the data is being relayed, making it vulnerable to intercept by malicious parties.
Since symmetric key is universal, if a malicious party is able to have access to the key, they can decrypt everything from both sides.
Every use of the key can leak some information which presents potential opportunity for an attacker to reconstruct it.
The larger the system gets, the greater the need for a computerized key management system, for example key cards being released in the workplace (Smirnoff & Turner, 2019).

Also known as public key encryption, asymmetric encryption creates a key pair generated to be used together. A private key is never shared and only used by its owner, and the public key is available to everyone.
Logically it is mathematically unfeasible to re-create the private key based on the public key.
If they system is compromised, attackers will only have access to half the data or communications.
No need for safety of key transmission as the public key cannot be used alone, only the private key associated with that public key can decrypt a received message (Shinder & Cross, 2008).

Technology used in encryption systems that require key exchange over public network, such as email security or web security.
Asymmetric cryptography is generally slower than other methods due to the complex mathematical process of using two keys.
No built-in authentication for public key, still allowing for identity theft or interception of messages.
Computationally costly compared to counterparts as the keys must be much longer to have same level of security.
Vulnerable to brute-force attacks (Blumenthal, n.d.).

Encryption offers security to malicious parties just as it does to organizations or individuals.
Criminal can encrypt all their incoming and outgoing communications, to the point where they can chat on public forums without anyone being able to decode.
Transmission of key data in criminal/terrorist attacks with little possibility of being intercepted by law enforcement.
Hiding criminal identity in communications for ransoms and otherwise (Oksholen, n.d.).
Countermeasures may include projects such as CT-SNAIR that model criminal networks, physical interception of decryption keys by law enforcement, and counterhacking by cybersecurity experts trying to find vulnerabilities in criminal networks.

Encryption is a strong protection measure used by organizations.
Symmetric and asymmetric key cryptography approach encryption differently but each carries certain risks.
Along with encryption, it is necessary to practice other security measures such as key management.
Important to realize criminals and attackers may exploit cryptology to provide protection for themselves or deceive themselves.

Oksholen, T. (n.d.). Encrypted crimes. Sintef. Web.

Shinder, L., & Cross, M. (2008). Scene of the cybercrime (2nd ed.). Syngress.

Smirnoff, P., & Turner, D. M. (2019). Symmetric Key Encryption – why, where and how it’s used in banking. Cryptomathic. Web.

Turner, D. M. (2019). Summary of cryptographic algorithms – according to NIST. Cryptomathic. Web.