Embed Size (px)
Citation preview
What is Cryptography?
Cryptography= Science of Encrypting Information
The science of encrypting information is called cryptography. It is the method of storing and transmitting data in a form that only those for whom it is intended can read and process it. The desire to conceal information in communications is nearly as old as written language itself. We first discovered how to share information with one another without actually being face-to-face. We wrote messages. Soon we also recognized the value of hiding information from others.
Early Cryptography The ancient Spartans were one of the first (400 B.C.) to apply encryption. They used a ribbon wrapped around a specific thickness cylinder, and wrote the message on the wrapped cylinder. Once unwrapped, the ribbon looked like random characters. The person to whom the message was intended could wrap the ribbon around a same-gauge cylinder to see the real message. This technique is an example of a transposition cipher, where the order of the characters in a message is changed. The ancient Romans later (100-44 B.C.) devised a different technique. They would send encrypted communications into the battlefield by shifting any letter in the alphabet by a fixed number of positions. All that the commander in the battlefield needed to know was the shift value, and the message could easily be decrypted. This technique is called a shift cipher. It’s also sometimes known as its nickname, the Caesar Cipher.
Advances in Cryptography In the 16th century Blaise de Vigenere created a new cipher for Henry III. This was based on a monoalphabetic, Caesar cipher, but amped up the complexity of the encryption and decryption process. The Vigenere cipher employs 27 shift alphabets. A two-dimensional table (you guessed it- the “Vigenere Table”) of the shifted characters comprises the core of the cipher (algorithm). The evolution of cryptography continued through the years, and by the late 1800’s cryptography was commonly used by militaries all over the world. One of the most famous application was WWII Germany’s Enigma machine. The Enigma used several rotors, a plugboard, and a reflecting motor to instrument a sort of very complex substitution cipher. The operators at either end would need to know the settings and increments for proper decryption of the message.
Computer Automation of Cryptography
The advent of electronic data processing exponentially expanded the possibilities for data encryption. One of the most well known early electronic cryptography projects was called Lucifer, developed by IBM. The Lucifer project employed complex mathematical computations for encryption which were later adopted by the U.S. National Security Agency (NSA) for the federal Data Encryption Standard (DES). DES has had a rich life of its own spanning over 25 years.
Pervasive application of Cryptography
A majority of the protocols and processes used for data protection, email, web transactions, wireless communications, faxes, and phone calls have been upgraded to include cryptography.
Cryptoanalysis
Cryptoanalysis is the science of studying and breaking encryption processes, compromising authentication schemes, and reverse-engineering protocols. As fast as new techniques are developed, “the bad guys” find ways to break them. An encryption technique is declared flawed, not only when someone proves it can be broken, but also if it’s proven that the cost to break the code (in terms of computing resources, time, etc.) is sufficiently within the reach of criminal organizations. Indeed, even governments are in on the act, lowering the bar for when a technique can be declared as flawed.
Yes, but what about the Key? All this encryption stuff is great, but how does the receiver know what the secret is for decoding? That is, how do we agree on the key for decryption? An encryption key is a piece of information that enables operation of the chosen cryptographic function. This is one of the tricky bits about cryptography. Somehow, we have to get both the sender and the receiver to agree on what the key to the cryptographic code is. Otherwise, it just doesn’t work. This is one of the challenges with cryptography. The cryptographic function depends on both the sender and receiver knowing the secret key, but how do I send a secret key in a secure way? This is the subject of discussions in later chapters, because it’s a central topic of the types of cryptography chosen for an application.
Cryptography and the Datacenter
So why do we talk about cryptography in the context of datacenters? Well, if you agree that the datacenter is at its core a risk management device,… a building in which your business’ most valuable assets (data) are stored, then you’d have to recognize the value of cryptography to the datacenter. Indeed, if not just for cyber security purposes, new legislation is emerging almost on a monthly basis, which aims to protect Personally Identifiable Information (PII). The new General Data Protection Regulation (GDPR) for example, strongly suggests pseudonymization of all PII. Encryption and tokenization are pseudonymization techniques that can help to accomplish compliance with such regulations.
boblandstrom.com @DataCenterBob
RUINED FOR ORDINARY...
