Introduction
- Cryptography in various forms is one of the most standard and relatively reliable tools utilized in contemporary cyber security.
- Cryptographic protection of a system depends on two factors, 1) the strength of the keys and effectiveness of associated protocols, and 2) protection of said keys via key management (generation, storage, and distribution).
- Therefore, it is important to consider that strong algorithms combined with poor key management is just likely to fail as if there was strong key management with a poor algorithm.
- Three general classes of cryptographic algorithms approved by NIST – hash function, symmetric-key algorithm, and asymmetric-key algorithm (Turner, 2019).
- Each has its trade offs and depends on the security goal being accomplished.
Symmetric Key Cryptography Strengths
- Algorithm transforms data to be virtually unlockable without a key.
- Designated standard by U.S. government, combined with 256-bit key length, impossible even for a supercomputer to guess the combinations.
- Offers benefit of data confidentiality by using the same key for encryption and decryption.
- Symmetric key encryption is fast and efficient for large data amounts (Shinder & Cross, 2008).
- Can be used in payment applications, such for card transaction, with the PII being protected to prevent identity theft.
Symmetric Key Cryptography Weaknesses
- The key has to be shared with the party to whom the data is being relayed, making it vulnerable to intercept by malicious parties.
- Since symmetric key is universal, if a malicious party is able to have access to the key, they can decrypt everything from both sides.
- Every use of the key can leak some information which presents potential opportunity for an attacker to reconstruct it.
- The larger the system gets, the greater the need for a computerized key management system, for example key cards being released in the workplace (Smirnoff & Turner, 2019).
Asymmetric Key Cryptography Strengths
- Also known as public key encryption, asymmetric encryption creates a key pair generated to be used together. A private key is never shared and only used by its owner, and the public key is available to everyone.
- Logically it is mathematically unfeasible to re-create the private key based on the public key.
- If they system is compromised, attackers will only have access to half the data or communications.
- No need for safety of key transmission as the public key cannot be used alone, only the private key associated with that public key can decrypt a received message (Shinder & Cross, 2008).
Asymmetric Key Cryptography Weaknesses
- Technology used in encryption systems that require key exchange over public network, such as email security or web security.
- Asymmetric cryptography is generally slower than other methods due to the complex mathematical process of using two keys.
- No built-in authentication for public key, still allowing for identity theft or interception of messages.
- Computationally costly compared to counterparts as the keys must be much longer to have same level of security.
- Vulnerable to brute-force attacks (Blumenthal, n.d.).
How Encryption is Used by Criminals
- Encryption offers security to malicious parties just as it does to organizations or individuals.
- Criminal can encrypt all their incoming and outgoing communications, to the point where they can chat on public forums without anyone being able to decode.
- Transmission of key data in criminal/terrorist attacks with little possibility of being intercepted by law enforcement.
- Hiding criminal identity in communications for ransoms and otherwise (Oksholen, n.d.).
- Countermeasures may include projects such as CT-SNAIR that model criminal networks, physical interception of decryption keys by law enforcement, and counterhacking by cybersecurity experts trying to find vulnerabilities in criminal networks.
Conclusion
- Encryption is a strong protection measure used by organizations.
- Symmetric and asymmetric key cryptography approach encryption differently but each carries certain risks.
- Along with encryption, it is necessary to practice other security measures such as key management.
- Important to realize criminals and attackers may exploit cryptology to provide protection for themselves or deceive themselves.
References
Blumenthal, M. (n.d.). Encryption: Strengths and weaknesses of public-key cryptography. Web.
Oksholen, T. (n.d.). Encrypted crimes. Sintef. Web.
Shinder, L., & Cross, M. (2008). Scene of the cybercrime (2nd ed.). Syngress.
Smirnoff, P., & Turner, D. M. (2019). Symmetric Key Encryption – why, where and how it’s used in banking. Cryptomathic. Web.
Turner, D. M. (2019). Summary of cryptographic algorithms – according to NIST. Cryptomathic. Web.