Cryptography and Security Services - Case Study Example

Introduction The National Security Agency (NSA) was chartered in 1952 and it plays a major role in coding systems, breaking codes and creating codes in the government of the United States. The NSA obtains foreign intelligence and supplies it to the various agencies that need it in the U.S. government (Dulaney 344). Moreover, Cryptographic Interoperability Strategy (CIS) was first developed in the United States to enhance sharing of information both within and beyond U.S. Cryptography is the main business carried out by the National Security Agency in the United States, and it has the largest number of employed mathematicians in the World. In the past, cryptography was primarily used for military and government intelligence, which is still very important to date. However, advancement in electronic communication systems especially the internet has fueled the use of cryptography in sending private messages and information such as medical records, banking data and credit card numbers among others via electronic channels. Cryptography ensures rapid, secure and confidential electronic communication between two or more people (Nsa.gov, 2). Garfinkel points out that mathematical cryptography involves the use of mathematical processes for sending secret information. It uses the method of encryption, which only the recipient can comprehend. Through this method, a plaintext message is converted into ciphertext, which is sent to the other party. The receiver of the message converts the ciphertext back to plaintext using decryption. The channels through which the messages are sent may be open or accessible to outside parties who intercept messages but these people cannot understand or interfere with the information. A Cryptographic system is a process, method or system that provides security in terms of integrity, non-reputation, authentication, access control and confidentiality. The system provides encryption and decryption, which may be software, hardware or even a manually performed process. A cryptographic system ensures confidentiality of information by preventing its disclosure to unauthorized persons either in a local network or across a network. Therefore, for a cryptographic system to be effective in preventing unauthorized decryption of messages, it should be strong, making it hard to crack and to break the system. However, a system is considered weak if it is easily decrypted, has defects in its designs or if it allows weak keys (Dulaney 326). The cryptographic system should also provide an assurance that the recipient receives the original message from the sender. It should not allow any kind of modification on the message during transmission because if this happens, the message is altered and it becomes unintelligible and inaccurate, which may have serious consequences on the recipient. For instance, if such alterations happened in medical records that involved drug prescriptions, the patient under medication may be in danger. Therefore, a cryptographic system should ensure integrity in its process by having mechanisms that will indicate that the message was altered or corrupted, hence allowing proper precautions (Dulaney 327). There are four fundamental principles behind cryptography. The first principle implies the use of a plaintext, which is the message that the sender wishes to encrypt. After the encryption, the message becomes a ciphertext, which is the second principle. The third principle involves a mathematical function known as encryption algorithm that encrypts the message and the fourth principle implies the type of key or keys used in cryptography. The key(s) can be a phrase, a number or a word that is used by the mathematical function for encryption. The main goal of cryptography is to ensure that the original plaintext cannot be reproduced from the ciphertext without using the corresponding key(s) (Garfinkel, 33). Cryptography requires both the sender and the receiver to have the knowledge of the procedures involved in encryption and decryption. The use of a prearranged code that is only known to the sender and the receiver is one of the simplest ways of sending a secret message. For instance, a person may want to communicate a particular message to the other person, but may not be in a position to access a computer or hire a mathematician who can help in making modern codes for such communication. In such a case, one can create a simple codebook and make two copies of the same, keep one and give the other copy to other party. In the codebook, a single code word may represent a wide meaning and once spoken, only the colleague understands the meaning. If another person happens to use a different word, the recipient is able to differentiate (Garfinkel, 34-35). Garfinkel further notes that during the first time when the codes are used, they are unbreakable and remain a secret for the two parties involved. However, the codes may lose security with time making a third party intercepting the communication understand it. This may eventually have a serious consequence for the intentions of the message. In addition, this problem may require one to come up with a codebook containing hundreds of codes. In so doing, the sender will be able to use a different word each day for the same meaning in order to prevent the disclosure of the message to other people intercepting the communication. This makes the method very tedious. Another disadvantage is that the codebook is limited to the length of information it can send. It is ideal for sending only small-prearranged messages. Another method of sending secret messages involves the use of ciphers. This is a technique whereby the sender scrambles the characters of a message so that the intended recipient can unscramble them but it remains indecipherable to the enemy who may try to intercept the message. Substitution cyphers are the simplest cyphers and they involve substituting each letter of a message with a different one. An example of a substitution cipher is the Caesar Cipher, which was once used by Julius Caeser to secretly communicate from Gaul to Rome. Through this system, one encodes a message by simply changing the alphabetic letter with the one that is three places to the right. Nonetheless, the king of Plutonia further modified the version of Caesar cipher by changing the alphabetic letter with the character ten places to the right (Epp, 478). A secret message can also be sent using a series of photons that look like random noise through a method referred to as quantum cryptography. Only a person with the knowledge of the sequence and polarity of the photons has the ability of encoding the message. Interception of the photons changes the polarity of some photons, which alters the message making it unreadable. However, this system is advantageous because the receiver gets an alert regarding the interception and then informs the sender. The sender can therefore use a different pattern with a new photon position key to resend the message. The problem with the quantum cryptography is that it is quite expensive and has a limited range of messages that it can sent. However, it is an available security for private users (Dulaney 319). Cryptanalysts are the people who attack cryptographic systems. The main goal of a cryptanalyst may be to discover the plaintext if he/she has the ciphertext, or to discover the cryptographic key used to encrypt a message using the ciphertext. The key is then used in the decryption of other messages. There are common code-breaking techniques employed in cryptography. Frequency analysis is one of the techniques used, whereby the cryptanalyst looks at the pattern used in an encrypted message. Over time, a determined cryptanalyst may be able to know the method used to encrypt a message by carefully studying the pattern used. At times the cryptanalyst may take a lot of time and effort to deduce the method used but sometimes the process can be simple (Garfinkel 41). Algorithms errors, as a technique of code breaking, can lead to decryption of the encrypted message by outsiders. Algorithm are implemented to give instructions and to perform repetitive operations in computer programs. Results from a complex algorithm may compromise the entire encryption algorithm. This can create a weakness, which may in turn affect the entire coding system. The weakness created may leave the system open leading to decryption of the message regardless of the complexity of the methods used in algorithm. Brute-force attacks, also called key search attacks, are other code-breaking techniques in cryptography. This involves searching every possible combination of keys for the correct one. Although this technique may take long before one gets the correct key, there is a possibility that he/she will finally find the key, especially for messages with few characters. Nevertheless, the technique may not be applicable for messages with too many keys (Dulaney 320). The methods of encryption use either stream or block cipher. The block cipher points to the algorithm working on huge data where it encrypts one and moves on to the next, while stream cipher involves encryption of data bit by bit (Garfinkel 42). There are different types of encryption systems. Private Key cryptography, also known as secret key cryptography or symmetric cryptography, is one of the encryption systems and it has been in use for many centuries. In private key cryptography both the sender and the recipient of a message share a key, known only to the two of them and that should not be disclosed to unauthorized persons for the encryption system. Therefore, for one to be able to communicate secretly with the other person, the person must first know the cryptographic key that will be used for the communication process. The key acts as the security for the communication. If for instance the key is stolen or gets lost, the entire process of encryption is breached. This means that the private key requires special care and protection from the participants (Dulaney, 323). According to Mogollon, a new key should not be sent across the same channel of encryption because it may be compromised if the current one has been compromised. Keys are typically sent through an out-of-band method by courier, letter or using other methods. However, this approach may be tiresome and may subject the key to social engineering exploitation or human error. The private key cryptography becomes a problem especially if many people are to access the message. This means that every person must have the key, which becomes difficult to keep a secret. Moreover, if a person wants to convey secret information to many different people it also becomes hard to master the different keys used by the different persons. This may end up consuming a lot of time trying to remember which key belongs to whom. Many private key algorithms have been successful in encryption systems. Some of the most popular standards that use private key algorithms are as discussed below. As one of the standards, the U.S. government adopted and primarily used Data Encryption Standard (DES) in 1977. The DES is considered a strong and efficient algorithm that uses 56-bit key. However, recent research has shown that a very powerful machine can break a DES encrypted message in a few hours. Despite the fact that DES offers integrity and security, it has become outdated because of the advancement in technology and AES is slowly replacing it (Garfinkel 43 & Dulaney 324). Advanced Encryption Standard (AES) is the current standard that has replaced DES. Vincent Rijmen and Joan Deamen developed it and it is currently the new product used by the U.S. Government agencies. AES uses the Rijndael algorithm and a default key of size128 bits. AES also supports the key of sizes 192 and 256 bits. Another standard in private key algorithm is the AES-256. AES-256 is commonly used by the U.S. Government and has been classified as the Top secret by the government. It uses the key size of 256 bits instead of 128. Triple-DES is also another standard that use private key algorithm. It is an upgrade of DES and is considerably more secure than DES. 3DES is a bit harder to break compared to many other systems (Garfinkel 43). CAST is another algorithm that Stafford Travelers and Carlisle Adams developed. It is very fast and efficient, and IBM and Microsoft mostly use it. It uses the key sizes of between 40-128 bits. Rivest's Cipher, as another standard, is also called Ron Rivest. It is an algorithm produced by RSA laboratories and that Ron Rivest discovered. RC is considered a very strong system and uses a key of up to 2,048 bits. Blowfish is another algorithm produced by Counterpane Systems and uses a key size of 64-bits to perform a block cipher. It can use variable length keys at very high speeds. International Data Encryption Algorithm (IDEA) is the other encryption system that uses key of 128 bits. A Swiss consortium developed IDEA and it is similar in speed and performance to DES. However, IDEA is more secure than DES and is mostly used in Pretty Good Privacy (PGP) where many people use the encryption system for email (Dulaney324). A. Shamir, L. Adleman, and R. Rivest discovered Public Key Cryptography in early 1970's. Since then, this method has been very useful in electronic communication and especially those involving financial transactions. Public key Cryptography is also known as asymmetric cryptography. It uses two keys to encrypt and decrypt a message. The two keys include the private or secret key and the public key. In Public Key Cryptography, two related keys are generated for each individual through a mathematical process whereby one key is used to encrypt a message while the other one is used to decrypt the message. The public algorithm is mostly used to transmit keys across public networks in a secure manner (Beardon, 1). The public key can be exposed to anyone but the private or secret key must be confidential. In Public Key Cryptography, the sender encrypts a message with the recipient's public key. On receiving the message, the recipient decrypts it with his or her secret key. There are different public algorithms. The main ones include Diffie-Hellman, RSA and Merkle-Hellman. Two people in a conversation normally use the Diffie-Hellman algorithm system where each person starts with his or her own private key. With the conversation based on the secret keys, one can develop a third key, known as the session key. The participants then use the derived session key in the encryption of all their future messages. This makes it hard for an enemy to determine the session key because he/she did not participate in the conversation (Garfinkel 50). The RSA algorithm uses a readily available public key to encrypt a message. The encrypted message can only be decrypted by a person with a matching secret key. RSA is considered a very powerful form of asymmetric cryptography and it is mainly used by PGP. Merkle-Hellman encryption system was developed based on a mathematical game known as the “knapsack” problem. However, after much exploration the Merkle-Hellman algorithm was deemed useless for practical purposes (Mogollon 103). According to Garfinkel, asymmetric cryptography has a major advantage over symmetric cryptography. One can make the encryption key public either on the business card, stationery, in an electronic phone book, among others. This means that anyone can use the key to encrypt the recepient a message and nobody else can access the encrypted message except the recipient alone because he/she is the only person with the secret key. In public key cryptography, one can also receive an encrypted mail from people they have never met before, which is impossible in the private key cryptography seeing that the participants must first meet and exchange the keys before the message is sent. Moreover, one can publish the public key, unlike in the private key system, which remains a secret between the parties involved. The public key cryptography also gives one a chance to sign the messages with a digital signature, which does not happen with the private key cryptography (Garfinkel 51). The Public Key Infrastructure (PKI) provides all the aspects of security including integrity, non-reputation, authentication, access control and confidentiality to transactions and messages sent through the electronic channels. The main goal of Public Key Infrastructure is to come up with an infrastructure that will be able to work across many systems, networks and vendors. PKI is an asymmetric system that uses two keys. It has four components including Registration Authority (RA), RSA, Certificate Authority (CA) and digital certificates. In PKI encryption system, the sender encrypts a message with a public key and the recipient decrypts the sent encrypted message with a private key. PKI system is being used to address the universal issues of secure transactions, information privacy, and e-commerce. PKI is not a technology but a framework whose implementations are dependent on the software manufacturers. Nevertheless, research has shown lack of compatibility in the existing PKI implementations because the infrastructures are being implemented based on the choices of different vendors (Mogollon 217). It is important to note that although Cryptography is a powerful system that ensures privacy in electronic communication, it cannot protect the unencrypted document that was left on the computer from the original document, after the encrypted message was sent. This makes such files vulnerable to attacks from outsiders if not deleted. Moreover, cryptography can protect attackers from accessing cryptography keys but cannot protect them from destructive attacks such as erasing of personal documents. Additionally, cryptography cannot protect one from a traitor or against stolen encryption keys, which makes it possible for an unauthorized person to decrypt the encrypted sent messages in case he/she comes across the lost key or even purchases the exact key (Garfinkel 55). Conclusion Apparently, cryptography is a very powerful system that is majorly facilitated by the National Security Agency in the United States. As discussed in this paper, it ensures rapid, secure and confidential communication through various electronic channels by preventing unauthorized access to the encrypted message. Cryptography system has its fundamental principles and different keys and standards as discussed earlier. However, the system also has its own limitations and weaknesses and therefore, users need to be very careful while using the system. Works Cited Beardon, T. Public Key Cryptography. NRICH. 2004. Web. 30 June 2012. . Dulaney, Emmett, A. CompTIA Security+ Deluxe study guide. Indianapolis, Ind.: Wiley Pub. 2009. Print. Epp, Susanna S. Discrete Mathematics with Applications. Boston, MA: Brooks/Cole. 2011. Print. Garfinkel, Simson. Pgp: Good Privacy Sebastopol. Calif: O'Reilly. 1995. Print. Mogollon, Manuel. Cryptography and Security Services: Mechanisms and Applications. Hershey, PA: CyberTech Pub. 2007. Print. Nsa.gov. NSA Suite B Cryptography. National Security Agency. 2009. Web. 30 June 2012. . Read More