The chapter starts off with the history of cryptography, some I knew, much I was not aware of. Then the text went on to mention that a common security goal is confidentiality which means if your messages are captured, no one can read them. This was the original purpose for encryption. Reading about the different methods used in cryptography section 3.9 Cryptographic Systems was section I the most familiar but I realized I did not know as much as I thought I did. For instance, I was not aware that Cryptographic Systems combines all the cryptographic protections to include, confidentiality, authentication, and integrity into a single system.
I was able to gather a better understanding of how VPNs worked. Explanations on why VPNs are used along with the various types of VPNs, how they are used, and what scenario to utilize them. I have always likened VPNs Harry Potter wearing his invisibility cloak and just moving around unbeknownst to the rest of the world. Secure, safe, and only seen by those who are too deemed safe. VPNs are not immune to all cybersecurity threats, meaning a VPN cannot protect you from a social engineering attack, stolen password, or compromised device. Yet still VPNs are one of the more secure Cryptographic Systems in my opinion.
Great job on this succinct elucidation, Erskine,
The way the concept of cryptography and VPN are intertwined i would have said cryptography is VPN and VPN is cryptography but base on my professional exposure in cybersecurity I would opine that Virtual Private Networks (VPNs) utilize cryptography as a cornerstone of their security framework. Cryptography involves the conversion of data into a format that only authorized parties can decipher, substantiating the confidentiality of VPNs. This encryption and decryption process used by VPNs enhances secure data transmission across public networks. Thus, cryptography is integral to VPNs as it provides privacy, verifies authenticity, and preserves the integrity of data communicated over potentially insecure environments.
I enjoyed the history section in the chapter. I knew prior that cryptography is important but didn’t could determine outcomes of wars etc. I too did not know about the CIA and Cryptographic systems but as I read more into the cryptography, last semester is starting to compliment this semester. I sell products daily that assist various types of professional and SMB, so the VPN part was not too suspiring but did give me more in-depth knowledge about them. I feel that cryptography in general could be a course all by itself and make take me a long time to fully understand it in great detail 100%
Indeed, the historical background given in the chapter gives cryptography’s significance an intriguing new angle. The significant significance that cryptographic systems have played in historical events, such as wars and intelligence organizations like the CIA, are fascinating to see.
It’s excellent that your prior knowledge is enhancing your comprehension of cryptography at this time. The connections between ideas, particularly in light of your real-world product sales expertise catering to SMB and professional demands, must offer a useful viewpoint.
You are absolutely correct that cryptography is a broad and intricate field. The subject matter is profoundly deep, and many people find resonance in your recognition that it might be studied as a stand-alone course. You should be commended for your dedication to gaining a thorough understanding of this ongoing learning process.
Hi Jeff,
I also didn’t know about CIA in cryptography until I read this chapter. It now makes sense that whatever one is doing regarding security, confidentiality, integrity, and availability should always be considered.
Your analogy of VPNs to Harry Potter’s invisibility cloak is spot-on, portraying the sense of security they provide but also your awareness of their limitations, like vulnerability to social engineering attacks or compromised devices, is super important for users to understand that VPNs are great and really helpful but they aren’t invincibility. Given the evolving nature of threats, what additional measures or practices do you think could complement VPNs to create a more comprehensive defense against potential risks?
I liked the example you gave about VPN’s and the invisibility cloak. VPNS in general are quite interesting. It’s because of them why people from other countries are able to access content they otherwise wouldn’t be able to because it’s banned from their country. But it was also good that you confirmed at the end of your analysis that VPN’s aren’t completely immune from cyberattacks, they’re more-so used as a way to mask your identity. I also liked learning more about cryptography. Very interesting topic and it’s good that this chapter was able to go into great detail about it.
Chapter 3 focuses on cryptography, cryptograms, and the importance of encryption in modern security and IT. What stood out to me in this chapter was not only how thorough cryptography is in its current state, but also how it has evolved over the years. The chapter does an excellent job of outlining the history of cryptography, and really puts into perspective how we’ve more or less automates so many of the cryptographic processes that used to take much longer and had to be done by hand. This for me put into context not only how far modern cryptography has come, especially when considering the robust measures outlined in the chapter, but also made me think about how cryptography may evolve. As with all systems, cryptography must adapt to meet the needs of a changing world and changing security requirements. Ensuring that new developments, beyond just bit rate increases, are properly in place to combat new security threats will require the way we think about cryptography to evolve as well and will likely make our standards now look dated by the standards 30-40 years from now or more
HI Andrew,
In line with your submission,In my summation,I would say they both did a great work in elucidating the constant evolution of cryptography, initially used for mere concealment of messages to now safeguarding digital systems. Responsive to increasing security demands, cryptography has transformed from basic substitution ciphers to complex algorithms like RSA and AES. Its application includes ensuring confidentiality, data integrity, and authentication. Thus, cryptography’s evolution, as highlighted by Boyle and Panko, reflects technological advancement and societal necessities
Agreed, the necessary requirements to protect the three security objectives will and must constantly evolve to accommodate new changes in technology, which means new challenges as well. Advances in technological development mean more vulnerabilities as well as new tools for bad actors such as hackers to exploit. If cryptography is to maintain relevance and applicability it must adapt to changing forces in technological development to meet the challenges of the future as well as the present
I agree with your analysis on Chapter 3’s coverage of cryptography. It’s fascinating to see how cryptography has evolved and adapted to modern security needs. I agree with the point you made on the need for ongoing adaptation in cryptography to address future security challenges. It’s crucial to anticipate and incorporate new developments to stay ahead of emerging threats.
Boyle and Panko chapter on cryptography offers an enlightening exploration on the subject of cryptography. The authors ensure the introduction of key concepts such as keys, algorithms, encryption and decryption. I exemplifies the inherent complexity and layers of cryptographical systems, expanding on cryptographic sensibilities that aid the protection of information.
Intricately examined are cryptanalytic attacks where the attacker, to decrypt the information, employs a cipher without access to the key. The concept of symmetrical encryption, where the same key is used for encryption and decryption, was discussed as a traditional method of cryptography. Its counterpart, asymmetrical encryption, was likewise dissected, showcasing a system where different keys are used for encryption and decryption phases.
The authors also broach the topic of cryptographical integrity. They assert that the strength of cryptography lies more in the secrecy of the key and less in the secrecy of the algorithm. But despite this, the cybersecurity landscape necessitates a consistent unpredictable and sophisticated algorithmic evolution.
In summary, Boyle and Panko shed light on the intricate realm of cryptography, explicating the fundamentals to elucidate the criticality and complexity of securing digital information.
I completely agree with your analysis! Boyle and Panko do an excellent job in unraveling the intricacies of cryptography. Your summary captures the essence of their exploration, emphasizing the significance of key management, encryption methods, and the evolving nature of cybersecurity. It’s fascinating to see how they underscore the importance of key secrecy over algorithm secrecy, highlighting the dynamic challenges in maintaining digital security. Well-articulated summary!
In this chapter, the author talks about cryptography, different types of cryptography, the underlying technology, and their evolution over time he explains how it started from simple mathematic operations to more sophisticated methodologies. Cryptography is very important in cybersecurity. It protects data and users, ensuring confidentiality which is one of the security objectives, and prevents cyber criminals from intercepting sensitive corporate information.
The author talked about cryptographic processes and how they apply to each type of encryption, for example, symmetric key encryption provides confidentiality however it does not provide any authentication whereas asymmetric or public key encryption provides both confidentiality and authentication using private and public keys of the senders and receiver.
The author introduces quantum security and the potentiality of quantum computers to break current encryption due to their powerful nature that they can crack thousands of keys at once, current developments in cryptography include Quantum Key Distribution which uses a one-time key as long as a message cannot be cracked by cryptanalysis and when an attacker reads part of the message in transit it will become known.
Although the post-quantum era seems to be far away I couldn’t help but wonder what these new encryption standards that NIST is working on realizing will look like and the impact they’ll have on the current technologies.
Hi Mariam,
Just to add a voice to this expository insight you brought up.
Encryption plays a pivotal role in sustaining the Confidentiality, Integrity, and Availability (CIA) of information systems. Symmetrical encryption utilizes one key for both encryption and decryption, hence increases confidentiality due to the singular key usage. However, it may threaten integrity and availability as the loss or compromise of this solitary key can render data inaccessible.
Conversely, asymmetrical encryption utilizes a pair of keys: one public, one private. This simultaneous usage facilitates confidentiality as the private key remains undisclosed. Similarly, integrity is enhanced as illicit modifications can be detected. Availability is also ensured, as loss of one key doesn’t compromise the entire system. Understanding these encryption types allows better security provisioning in the realm of CIA.
Great repose Michael and explanation. This gave me a full circle understanding of the CIA and Cryptography. Mariam, you also did a very good job on the post, and I also brought up the quantum and makes me think how fast this technology can change cryptography r what else will come out security wise to help combat against this is a cyber criminals get their hands on this technology. I fell that is something we will all see in the next few years.
Cryptography is something that is a learning process for me. We did cover it my first semester, but I found it challenging. Now this semester, I see it being the same, but it is starting to absorb more and more as we go on. I found this chapter on Cryptography jam packed with information. The chapter pointed out many things. First on how the US was able to intercept Japan’s message in WW2 because the Japanese Navy were sending too many messages, and the US finally was able to figure out who they were coming from and learn how to decrypt them.
RC4 stood out to me as well and it has two advantages with its speed and the small amount of RAM needed which makes it ideal for small handheld devices, like cell phones. It also uses a broad range of key lengths but primarily uses a smaller shorter optional length into 40 bits. Even though RC4 is convenient, it is dangerous as if it is not implemented correctly, its protection is minimal. The book states, “Poor RC4 implementation is what made WEP such a weak protection for wireless LAN’s”. I was also not aware that there are many other key encryption ciphers and countries use different ones. For example, IDEA is in Europe, SEED is S. Korea, GOST is Russia and Camellia is Japan. I also never knew that there are cryptographic systems, which are a packaged set of cryptographic countermeasures for protecting dialogues. Also, when two parties begin to communicate via cryptographic system standard, they go through three handshaking stages which are negotiation, initial authentication and keying. According to the text, “After the two sides have authenticated each other and keys have been exchanged, the handshaking stages are over. The ongoing communication begins, and the two parties send many messages back and forth. The two parties usually apply several cryptographic protections during ongoing communication on a message-by message basis”. This makes more sense to me and is able to be followed as it uses the same policies per se as if you were logging into a VPN etc. One thing that keeps sticking out to me is how cryptography is rapidly changing due to how fast technology is changing but how quantum security and quantum key cracking can be used to crack keys quickly by trying dozens, hundreds or potentially thousands of keys at once. This makes me think how this will most likely ramp up and be more evident in the coming years. You see it weekly in the news now, wait until quantum comes more mainstream and how cryptography will change or morph into something new. That also makes me think on how standards will be constantly changing. The need to stay up and educated in the cyber security world is a must.
I agree Jeff, this chapter, while very comprehensive, did provide great contextualization for info we learned last semester. I also felt a bit overwhelmed by the technical info dump we received from our readings last semester, but being able to see things more clearly and thoroughly like in this chapter has given me a more detailed understanding of the general cryptography systems and how they apply to security systems, networks, and services to ensure secure communication and information transfers
One key point from the assigned reading I enjoyed was the detailed explanation of the three handshaking stages in cryptographic systems in section 3.3. I had prior knowledge of this sort of thing, but I felt that this section explained it much better than other sources I have read in the past.
These stages – negotiation, initial authentication, and keying – are crucial for secure communication between two parties. The negotiation stage involves selecting cryptographic methods and options, such as a cipher suite, to be used during the communication session. The initial authentication stage ensures the identity of the communication partners before the actual communication begins, with a distinction between one-way and mutual authentication. The keying stage, coming after authentication, involves exchanging keys or secrets necessary for confidentiality and integrity.
Hey Nicholas, I also was attracted to the part in the chapter where the authors emphasized the secure exchange of symmetric session keys during the keying handshaking stage using methods such as public key distribution and Diffie-Hellman key exchange. Entrusted with ensuring authentication and integrity, HMACs and digital signatures stand as the two types of electronic signatures in secure message exchanges during the communication stage.
Hi Nicholas, I like how you mentioned the three handshaking stages. The keying stage which follows authentication is critical in the process as it facilitates the exchange of secrets which forms the cornerstone of cryptographic protocols, enabling secure data transmission.
I also liked section 3.3, I found it easy to understand considering they broke it down into three stages. I do think it’s interesting that authentication and keying are both separate stages. I know that they have different purposes but both of them involve similar principles. For future reference, I wonder if there would ever be an extra stage added? and if it were to be, how would it be done? would we have to change how computers communicate with each other? would this be a software and hardware issue that would need to be remodeled? Or, is it likely that there are some computers that use more complex steps but rather it’s limited to government organizations.
Cryptography is a very ancient method of sending information that has existed since as early as 1900 BC when ancient Egyptians may have used different hieroglyphs than expected in written text to hide information. A more well-known early instance of cryptography is the concept of the Caesar Cipher. One key point that I found particularly interesting from this chapter was the human issues related to cryptography. Regardless of how long keys are for a cryptographic cipher and regardless of how well-tested a cipher is, if the key secret is leaked then it does not matter how secure one thinks the cipher is. For example, the textbook discusses that the Japanese Navy sent too many encrypted messages which resulted in the Allied cryptologists having a large base of messages to examine to determine the cipher. Through “known plaintext”, a large amount of encrypted text could inadvertently reveal the key cipher for understanding how a cipher works.
I was intrigued by history section of this chapter. I never knew it went that far back and it was also used to win wars. Like you pointed out in your post, as did I , I found it interesting that the way the Japanese were caught was due to them sending too many messages which ultimately got them caught. It makes me think how long it took the US to crack their messages vs today where a WEP key can be broken in 2 or 3 minutes.
From your post, cryptography, tracing back to 1900 BC with Egyptians using unconventional hieroglyphs, represents a long-standing method of concealing information, exemplified by the Caesar Cipher. You also made it clearer this chapter underscores the importance of human factors in cryptography, stressing on the implications of compromised key secrets regardless of cipher robustness. A pertinent example elucidates how excessive encrypted communication by the Japanese navy allowed Allied cryptologists to decipher their key, demonstrating that excessive usage of encrypted text could unintentionally expose the cipher key. Long live History! Thank you Kenneth!
This proves to me that it doesn’t matter how far we may be into the future, we will still do things that have already been done back then. Cryptography being a prime example of it. It’s human nature to want to be able to communicate in ways unknown by others and while the way we do it now is far more advanced than what our ancestors did, it’s still cool to see that we follow a lot of the same principles with cryptography. That being said, I wonder what’s next for cryptography, and how it will continue to shape our world.
Here, Boyle and Panko delve into the pillars of secure communication for IT professionals, shining light on the complexities behind cryptography. It explores the core digital protection mechanisms, particularly emphasizing encryption’s role in confidentiality. Symmetric key encryption advocates the use of identical keys for both the sender and receiver, while public key encryption employs bifurcated public and private keys(which we learnt last semester with protection of information assets course). Furthermore, the chapter stresses the necessity of extensive keys, recommending minimum lengths of 112 bits for symmetric encryption and 1,024 bits for RSA keys, to ensure resilience against exhaustive search attacks. The chapter also explores critical areas like authentication, where an entity proves its identity via credentials. This includes a vivid discussion on mutual authentication, particularly focusing on Microsoft’s MS-CHAP authentication and its weaknesses. The chapter proceeds to study the secure exchange of symmetric session keys during the keying handshaking stage using methods such as public key distribution and Diffie-Hellman key exchange. Entrusted with ensuring authentication and integrity, HMACs and digital signatures stand as the two types of electronic signatures in secure message exchanges during the communication stage. Ultimately, the chapter underscores the necessity for the strategic integration of cryptographic systems into secure dialogues, advocating stages of negotiation, authentication, and key exchange that adhere to corporate policies and prevent weak methods.
Wonderful summary! You demonstrate a thorough understanding of the chapter’s material with your explanation of symmetric and public key encryption and your emphasis on key lengths for resilience. Your knowledge is strengthened by the mention of mutual authentication, authentication, and MS-CHAP vulnerabilities. You have excellent knowledge into how to exchange keys securely and how digital signatures and HMACs work to ensure integrity and authentication. I like how you emphasize the need of strategic integration and the need to follow business guidelines in order to avoid using subpar techniques. A well-written and comprehensive synopsis!
Well done, Ikenna. I acknowledge your concise deductions from chapter 3 and how you highlighted the multifaceted role of cryptography in securing communication channels, protecting data confidentiality, ensuring authentication, and preserving message integrity. Good job!
The field of study known as cryptography focuses on methods for safe communication when facing adversaries or other third parties. In cryptography, protocols are created and examined to ensure information confidentiality, integrity, and validity, as well as to prevent illegal access.
Cryptography comes in a variety of forms, such as symmetric-key cryptography, which uses an identical key for both encryption and decryption, and asymmetric-key cryptography, which uses separate keys for these operations. Numerous other uses for cryptography exist, including the protection of passwords and other sensitive information, the creation of secure digital signatures, and the securing of communication channels.
The history of cryptography is lengthy and intriguing, going all the way back to prehistoric times thousands of years ago. It is now essential to contemporary communication and information security, safeguarding financial transactions, government secrets, and private correspondence among other things.
You are definitely spot on with your deductions. Focusing on safe communication in cryptography cannot be overemphasized. The primary objective is to develop and analyze protocols that guarantee information confidentiality, integrity, and validity, while also preventing unauthorized access.
Hi Samuel, cryptography is indeed like a protective shield for our digital communications, ensuring our messages remain private and secure. It’s fascinating how it has evolved over time, becoming an essential tool in safeguarding our sensitive information. In today’s interconnected world, cryptography plays a crucial role in protecting our transactions, secrets, and personal conversations, making it indispensable in our digital lives.
As explained in the book, cryptography involves the application of mathematical operations to safeguard messages transmitted between parties or stored on a computer. One crucial aspect emphasized in this text is the human element within cryptography. While one might assume that employing lengthy keys and a robust, well-tested cipher in symmetric key encryption ensures confidentiality that is nearly impossible to breach, the vulnerability arises if the key is not kept secret by the sender or receiver. In such cases, an eavesdropper could discover the key and gain access to every message. This underscores the importance of effective communication, as poor communication can compromise the security provided by long keys and well-established ciphers. Companies must uphold organizational processes without undermining the technical robustness of cryptography.
Several symmetric key encryption ciphers are available for secure communication, with some common ones being RC4, DES, 3DES, and AES. Among these, AES stands out for its superior strength, speed, and efficiency in terms of processing power and RAM requirements. It comes in three alternative key lengths: 128 bits, 192 bits, and 256 bits. While longer key lengths provide enhanced strength and are considerably challenging to crack, it’s essential to note that the security of AES is contingent on correct implementation.
Recognizing the human element in cryptography is spot on. It’s incredible how the robustness of encryption can be compromised not just by the technicalities but by the way keys are handled. Effective communication becomes essential in ensuring the security of these keys. How do you see the role of communication and collaboration evolving within organizations to address both technical and human aspects of cryptography?
Boyle and Panko’s Chapter 3 Dives into cryptography, the art of securing digital information. They start with the fundamentals like symmetric vs. asymmetric encryption, hashing functions, and digital signatures for data privacy, integrity, and authenticity. Then, they explored specific techniques like popular encryption algorithms, MACs for data integrity, and digital certificates for secure communication. Additionally, they addressed challenges like crucial management, emerging threats, and balancing security with usability in the digital age.
Its true this chapter covered everything from the basics like symmetric vs. asymmetric encryption to more advanced techniques like digital signatures and digital certificates. The inclusion of challenges like key management, emerging threats, and finding that sweet spot between security and usability is crucial in the ever-evolving digital landscape, so its important that we stay up to date with it. Given the rapid pace of the field, how do you see cryptography evolving to match new emerging threats?
During the reading this week I really enjoyed 3.6 The Keying Stage and it was my favorite section, I especially enjoyed the analogy they presented in 3.6.2 with Bob giving Alice his padlocks and keeping his key that unlocks them too introduce public key encryption. It really helps explain it to someone for the first time. The costs associated with public key encryption on the other hand lead it to be reserved for much more niche situations as it ends up taking way too much time and resources to widely use this method for everyday communications although it is usually more secure.
You bring up an excellent point on the cost of public key encryption compared to other encryption methods like symmetric-key encryption. Public key encryption relies on the public posting of an encryption key that must not reveal anything about the decryption key, which already requires more computational power to accomplish. Additionally, when you utilize a public key for encryption, that means anyone can use the key for encrypting any data. This could allow a malicious threat actor to have access to a very large sample size of encrypted data which could lead to them discovering the decryption key given enough time. As such, the encryption method utilizing the key should include some randomness to prevent an attacker from eventually discovering the decryption/private key.
I agree, the Boyle and Panko book has done a great job so far with relaying not only case studies, but also general visualizations and real world examples to contextualize more complex or high level concepts. Being able to view things from a real/practical sense provides a clearer understanding of how these systems work at a technical level and can provide better conceptualization for students like us to understand them
Cryptography was discussed in the chapter. Cryptography is a way messages/ communication can be safeguarded during their transmission. As we have learned so far in the course, confidentiality, integrity, and Availability (CIA) are also supported by Cryptography. With confidentiality, intercepted transmissions are useless because only the intended recipient can understand them. Integrity ensures that communication can’t be altered without detection.
I agree with you Akintunde, I think cryptography is a very important topic in cybersecurity. I like that some of the cryptography algorithms include authentication and non-repudiation.
Cryptography as a whole is a subject I was always intrigued by. Whether I saw it in a video online or in a movie, I was interested in it. So I was glad to see it being the topic of this week’s chapter reading. My favorite section of this was 3.3, since it helped me understand where cryptography plays a role into todays society. I thought it was interesting how there is a negotiation process, where there is something called the handshaking stage 1, where there is initial negotiation of security parameters, then initial authentication, and keying. Keying stuck out to me because it seems like it’s a more elaborate version of initial authentication, where keys or secrets are sent securely. This chapter showed me that computers in a way, speak their own language, and this language has it’s own set of rules and it’s own way of verifying itself amongst other devices.
I also agree with how interesting the usage of a handshake protocol is and this protocol is how computers communicate with each other. Computers utilize a three-way handshake for network connections in the TCP protocol through the initial SYN packet -> the responding SYN-ACK to the user -> and the last ACK packet from the user acknowledging the successful connection from the server. Even outside of TCP, the idea of handshakes is often used in describing the connection between a client and server in TLS as well as in general data not being fully sent until both connections acknowledge their own connection as successful.
I agree with you, Hasheem. Whenever I think of a handshake, I usually associate it with the TCP protocol. I never realized that cryptography also utilizes handshaking. That was very informative! It’s good to know all the complexities that go on in the background.
Erskine Payton says
The chapter starts off with the history of cryptography, some I knew, much I was not aware of. Then the text went on to mention that a common security goal is confidentiality which means if your messages are captured, no one can read them. This was the original purpose for encryption. Reading about the different methods used in cryptography section 3.9 Cryptographic Systems was section I the most familiar but I realized I did not know as much as I thought I did. For instance, I was not aware that Cryptographic Systems combines all the cryptographic protections to include, confidentiality, authentication, and integrity into a single system.
I was able to gather a better understanding of how VPNs worked. Explanations on why VPNs are used along with the various types of VPNs, how they are used, and what scenario to utilize them. I have always likened VPNs Harry Potter wearing his invisibility cloak and just moving around unbeknownst to the rest of the world. Secure, safe, and only seen by those who are too deemed safe. VPNs are not immune to all cybersecurity threats, meaning a VPN cannot protect you from a social engineering attack, stolen password, or compromised device. Yet still VPNs are one of the more secure Cryptographic Systems in my opinion.
Michael Obiukwu says
Great job on this succinct elucidation, Erskine,
The way the concept of cryptography and VPN are intertwined i would have said cryptography is VPN and VPN is cryptography but base on my professional exposure in cybersecurity I would opine that Virtual Private Networks (VPNs) utilize cryptography as a cornerstone of their security framework. Cryptography involves the conversion of data into a format that only authorized parties can decipher, substantiating the confidentiality of VPNs. This encryption and decryption process used by VPNs enhances secure data transmission across public networks. Thus, cryptography is integral to VPNs as it provides privacy, verifies authenticity, and preserves the integrity of data communicated over potentially insecure environments.
Jeffrey Sullivan says
I enjoyed the history section in the chapter. I knew prior that cryptography is important but didn’t could determine outcomes of wars etc. I too did not know about the CIA and Cryptographic systems but as I read more into the cryptography, last semester is starting to compliment this semester. I sell products daily that assist various types of professional and SMB, so the VPN part was not too suspiring but did give me more in-depth knowledge about them. I feel that cryptography in general could be a course all by itself and make take me a long time to fully understand it in great detail 100%
Samuel Omotosho says
Hi Jeffrey,
Indeed, the historical background given in the chapter gives cryptography’s significance an intriguing new angle. The significant significance that cryptographic systems have played in historical events, such as wars and intelligence organizations like the CIA, are fascinating to see.
It’s excellent that your prior knowledge is enhancing your comprehension of cryptography at this time. The connections between ideas, particularly in light of your real-world product sales expertise catering to SMB and professional demands, must offer a useful viewpoint.
You are absolutely correct that cryptography is a broad and intricate field. The subject matter is profoundly deep, and many people find resonance in your recognition that it might be studied as a stand-alone course. You should be commended for your dedication to gaining a thorough understanding of this ongoing learning process.
Akintunde Akinmusire says
Hi Jeff,
I also didn’t know about CIA in cryptography until I read this chapter. It now makes sense that whatever one is doing regarding security, confidentiality, integrity, and availability should always be considered.
Alex Ruiz says
Your analogy of VPNs to Harry Potter’s invisibility cloak is spot-on, portraying the sense of security they provide but also your awareness of their limitations, like vulnerability to social engineering attacks or compromised devices, is super important for users to understand that VPNs are great and really helpful but they aren’t invincibility. Given the evolving nature of threats, what additional measures or practices do you think could complement VPNs to create a more comprehensive defense against potential risks?
Hashem Alsharif says
Hello Erskine,
I liked the example you gave about VPN’s and the invisibility cloak. VPNS in general are quite interesting. It’s because of them why people from other countries are able to access content they otherwise wouldn’t be able to because it’s banned from their country. But it was also good that you confirmed at the end of your analysis that VPN’s aren’t completely immune from cyberattacks, they’re more-so used as a way to mask your identity. I also liked learning more about cryptography. Very interesting topic and it’s good that this chapter was able to go into great detail about it.
Andrew Young says
Chapter 3 focuses on cryptography, cryptograms, and the importance of encryption in modern security and IT. What stood out to me in this chapter was not only how thorough cryptography is in its current state, but also how it has evolved over the years. The chapter does an excellent job of outlining the history of cryptography, and really puts into perspective how we’ve more or less automates so many of the cryptographic processes that used to take much longer and had to be done by hand. This for me put into context not only how far modern cryptography has come, especially when considering the robust measures outlined in the chapter, but also made me think about how cryptography may evolve. As with all systems, cryptography must adapt to meet the needs of a changing world and changing security requirements. Ensuring that new developments, beyond just bit rate increases, are properly in place to combat new security threats will require the way we think about cryptography to evolve as well and will likely make our standards now look dated by the standards 30-40 years from now or more
Michael Obiukwu says
HI Andrew,
In line with your submission,In my summation,I would say they both did a great work in elucidating the constant evolution of cryptography, initially used for mere concealment of messages to now safeguarding digital systems. Responsive to increasing security demands, cryptography has transformed from basic substitution ciphers to complex algorithms like RSA and AES. Its application includes ensuring confidentiality, data integrity, and authentication. Thus, cryptography’s evolution, as highlighted by Boyle and Panko, reflects technological advancement and societal necessities
Andrew Young says
Agreed, the necessary requirements to protect the three security objectives will and must constantly evolve to accommodate new changes in technology, which means new challenges as well. Advances in technological development mean more vulnerabilities as well as new tools for bad actors such as hackers to exploit. If cryptography is to maintain relevance and applicability it must adapt to changing forces in technological development to meet the challenges of the future as well as the present
Mariam Hazali says
I agree with your analysis on Chapter 3’s coverage of cryptography. It’s fascinating to see how cryptography has evolved and adapted to modern security needs. I agree with the point you made on the need for ongoing adaptation in cryptography to address future security challenges. It’s crucial to anticipate and incorporate new developments to stay ahead of emerging threats.
Michael Obiukwu says
Boyle and Panko chapter on cryptography offers an enlightening exploration on the subject of cryptography. The authors ensure the introduction of key concepts such as keys, algorithms, encryption and decryption. I exemplifies the inherent complexity and layers of cryptographical systems, expanding on cryptographic sensibilities that aid the protection of information.
Intricately examined are cryptanalytic attacks where the attacker, to decrypt the information, employs a cipher without access to the key. The concept of symmetrical encryption, where the same key is used for encryption and decryption, was discussed as a traditional method of cryptography. Its counterpart, asymmetrical encryption, was likewise dissected, showcasing a system where different keys are used for encryption and decryption phases.
The authors also broach the topic of cryptographical integrity. They assert that the strength of cryptography lies more in the secrecy of the key and less in the secrecy of the algorithm. But despite this, the cybersecurity landscape necessitates a consistent unpredictable and sophisticated algorithmic evolution.
In summary, Boyle and Panko shed light on the intricate realm of cryptography, explicating the fundamentals to elucidate the criticality and complexity of securing digital information.
Samuel Omotosho says
Hi Michael,
I completely agree with your analysis! Boyle and Panko do an excellent job in unraveling the intricacies of cryptography. Your summary captures the essence of their exploration, emphasizing the significance of key management, encryption methods, and the evolving nature of cybersecurity. It’s fascinating to see how they underscore the importance of key secrecy over algorithm secrecy, highlighting the dynamic challenges in maintaining digital security. Well-articulated summary!
Cheers!!!
Mariam Hazali says
In this chapter, the author talks about cryptography, different types of cryptography, the underlying technology, and their evolution over time he explains how it started from simple mathematic operations to more sophisticated methodologies. Cryptography is very important in cybersecurity. It protects data and users, ensuring confidentiality which is one of the security objectives, and prevents cyber criminals from intercepting sensitive corporate information.
The author talked about cryptographic processes and how they apply to each type of encryption, for example, symmetric key encryption provides confidentiality however it does not provide any authentication whereas asymmetric or public key encryption provides both confidentiality and authentication using private and public keys of the senders and receiver.
The author introduces quantum security and the potentiality of quantum computers to break current encryption due to their powerful nature that they can crack thousands of keys at once, current developments in cryptography include Quantum Key Distribution which uses a one-time key as long as a message cannot be cracked by cryptanalysis and when an attacker reads part of the message in transit it will become known.
Although the post-quantum era seems to be far away I couldn’t help but wonder what these new encryption standards that NIST is working on realizing will look like and the impact they’ll have on the current technologies.
Michael Obiukwu says
Hi Mariam,
Just to add a voice to this expository insight you brought up.
Encryption plays a pivotal role in sustaining the Confidentiality, Integrity, and Availability (CIA) of information systems. Symmetrical encryption utilizes one key for both encryption and decryption, hence increases confidentiality due to the singular key usage. However, it may threaten integrity and availability as the loss or compromise of this solitary key can render data inaccessible.
Conversely, asymmetrical encryption utilizes a pair of keys: one public, one private. This simultaneous usage facilitates confidentiality as the private key remains undisclosed. Similarly, integrity is enhanced as illicit modifications can be detected. Availability is also ensured, as loss of one key doesn’t compromise the entire system. Understanding these encryption types allows better security provisioning in the realm of CIA.
Jeffrey Sullivan says
Great repose Michael and explanation. This gave me a full circle understanding of the CIA and Cryptography. Mariam, you also did a very good job on the post, and I also brought up the quantum and makes me think how fast this technology can change cryptography r what else will come out security wise to help combat against this is a cyber criminals get their hands on this technology. I fell that is something we will all see in the next few years.
Jeffrey Sullivan says
Cryptography is something that is a learning process for me. We did cover it my first semester, but I found it challenging. Now this semester, I see it being the same, but it is starting to absorb more and more as we go on. I found this chapter on Cryptography jam packed with information. The chapter pointed out many things. First on how the US was able to intercept Japan’s message in WW2 because the Japanese Navy were sending too many messages, and the US finally was able to figure out who they were coming from and learn how to decrypt them.
RC4 stood out to me as well and it has two advantages with its speed and the small amount of RAM needed which makes it ideal for small handheld devices, like cell phones. It also uses a broad range of key lengths but primarily uses a smaller shorter optional length into 40 bits. Even though RC4 is convenient, it is dangerous as if it is not implemented correctly, its protection is minimal. The book states, “Poor RC4 implementation is what made WEP such a weak protection for wireless LAN’s”. I was also not aware that there are many other key encryption ciphers and countries use different ones. For example, IDEA is in Europe, SEED is S. Korea, GOST is Russia and Camellia is Japan. I also never knew that there are cryptographic systems, which are a packaged set of cryptographic countermeasures for protecting dialogues. Also, when two parties begin to communicate via cryptographic system standard, they go through three handshaking stages which are negotiation, initial authentication and keying. According to the text, “After the two sides have authenticated each other and keys have been exchanged, the handshaking stages are over. The ongoing communication begins, and the two parties send many messages back and forth. The two parties usually apply several cryptographic protections during ongoing communication on a message-by message basis”. This makes more sense to me and is able to be followed as it uses the same policies per se as if you were logging into a VPN etc. One thing that keeps sticking out to me is how cryptography is rapidly changing due to how fast technology is changing but how quantum security and quantum key cracking can be used to crack keys quickly by trying dozens, hundreds or potentially thousands of keys at once. This makes me think how this will most likely ramp up and be more evident in the coming years. You see it weekly in the news now, wait until quantum comes more mainstream and how cryptography will change or morph into something new. That also makes me think on how standards will be constantly changing. The need to stay up and educated in the cyber security world is a must.
Andrew Young says
I agree Jeff, this chapter, while very comprehensive, did provide great contextualization for info we learned last semester. I also felt a bit overwhelmed by the technical info dump we received from our readings last semester, but being able to see things more clearly and thoroughly like in this chapter has given me a more detailed understanding of the general cryptography systems and how they apply to security systems, networks, and services to ensure secure communication and information transfers
Nicholas Nirenberg says
One key point from the assigned reading I enjoyed was the detailed explanation of the three handshaking stages in cryptographic systems in section 3.3. I had prior knowledge of this sort of thing, but I felt that this section explained it much better than other sources I have read in the past.
These stages – negotiation, initial authentication, and keying – are crucial for secure communication between two parties. The negotiation stage involves selecting cryptographic methods and options, such as a cipher suite, to be used during the communication session. The initial authentication stage ensures the identity of the communication partners before the actual communication begins, with a distinction between one-way and mutual authentication. The keying stage, coming after authentication, involves exchanging keys or secrets necessary for confidentiality and integrity.
Ikenna Alajemba says
Hey Nicholas, I also was attracted to the part in the chapter where the authors emphasized the secure exchange of symmetric session keys during the keying handshaking stage using methods such as public key distribution and Diffie-Hellman key exchange. Entrusted with ensuring authentication and integrity, HMACs and digital signatures stand as the two types of electronic signatures in secure message exchanges during the communication stage.
Chidiebere Okafor says
Hi Nicholas, I like how you mentioned the three handshaking stages. The keying stage which follows authentication is critical in the process as it facilitates the exchange of secrets which forms the cornerstone of cryptographic protocols, enabling secure data transmission.
Hashem Alsharif says
Hello Nicholas,
I also liked section 3.3, I found it easy to understand considering they broke it down into three stages. I do think it’s interesting that authentication and keying are both separate stages. I know that they have different purposes but both of them involve similar principles. For future reference, I wonder if there would ever be an extra stage added? and if it were to be, how would it be done? would we have to change how computers communicate with each other? would this be a software and hardware issue that would need to be remodeled? Or, is it likely that there are some computers that use more complex steps but rather it’s limited to government organizations.
Kenneth Saltisky says
Cryptography is a very ancient method of sending information that has existed since as early as 1900 BC when ancient Egyptians may have used different hieroglyphs than expected in written text to hide information. A more well-known early instance of cryptography is the concept of the Caesar Cipher. One key point that I found particularly interesting from this chapter was the human issues related to cryptography. Regardless of how long keys are for a cryptographic cipher and regardless of how well-tested a cipher is, if the key secret is leaked then it does not matter how secure one thinks the cipher is. For example, the textbook discusses that the Japanese Navy sent too many encrypted messages which resulted in the Allied cryptologists having a large base of messages to examine to determine the cipher. Through “known plaintext”, a large amount of encrypted text could inadvertently reveal the key cipher for understanding how a cipher works.
Jeffrey Sullivan says
I was intrigued by history section of this chapter. I never knew it went that far back and it was also used to win wars. Like you pointed out in your post, as did I , I found it interesting that the way the Japanese were caught was due to them sending too many messages which ultimately got them caught. It makes me think how long it took the US to crack their messages vs today where a WEP key can be broken in 2 or 3 minutes.
Ikenna Alajemba says
From your post, cryptography, tracing back to 1900 BC with Egyptians using unconventional hieroglyphs, represents a long-standing method of concealing information, exemplified by the Caesar Cipher. You also made it clearer this chapter underscores the importance of human factors in cryptography, stressing on the implications of compromised key secrets regardless of cipher robustness. A pertinent example elucidates how excessive encrypted communication by the Japanese navy allowed Allied cryptologists to decipher their key, demonstrating that excessive usage of encrypted text could unintentionally expose the cipher key. Long live History! Thank you Kenneth!
Hashem Alsharif says
Hello Kenneth,
This proves to me that it doesn’t matter how far we may be into the future, we will still do things that have already been done back then. Cryptography being a prime example of it. It’s human nature to want to be able to communicate in ways unknown by others and while the way we do it now is far more advanced than what our ancestors did, it’s still cool to see that we follow a lot of the same principles with cryptography. That being said, I wonder what’s next for cryptography, and how it will continue to shape our world.
Ikenna Alajemba says
Here, Boyle and Panko delve into the pillars of secure communication for IT professionals, shining light on the complexities behind cryptography. It explores the core digital protection mechanisms, particularly emphasizing encryption’s role in confidentiality. Symmetric key encryption advocates the use of identical keys for both the sender and receiver, while public key encryption employs bifurcated public and private keys(which we learnt last semester with protection of information assets course). Furthermore, the chapter stresses the necessity of extensive keys, recommending minimum lengths of 112 bits for symmetric encryption and 1,024 bits for RSA keys, to ensure resilience against exhaustive search attacks. The chapter also explores critical areas like authentication, where an entity proves its identity via credentials. This includes a vivid discussion on mutual authentication, particularly focusing on Microsoft’s MS-CHAP authentication and its weaknesses. The chapter proceeds to study the secure exchange of symmetric session keys during the keying handshaking stage using methods such as public key distribution and Diffie-Hellman key exchange. Entrusted with ensuring authentication and integrity, HMACs and digital signatures stand as the two types of electronic signatures in secure message exchanges during the communication stage. Ultimately, the chapter underscores the necessity for the strategic integration of cryptographic systems into secure dialogues, advocating stages of negotiation, authentication, and key exchange that adhere to corporate policies and prevent weak methods.
Samuel Omotosho says
Hi Ikenna,
Wonderful summary! You demonstrate a thorough understanding of the chapter’s material with your explanation of symmetric and public key encryption and your emphasis on key lengths for resilience. Your knowledge is strengthened by the mention of mutual authentication, authentication, and MS-CHAP vulnerabilities. You have excellent knowledge into how to exchange keys securely and how digital signatures and HMACs work to ensure integrity and authentication. I like how you emphasize the need of strategic integration and the need to follow business guidelines in order to avoid using subpar techniques. A well-written and comprehensive synopsis!
Cheers!!!
Chidiebere Okafor says
Well done, Ikenna. I acknowledge your concise deductions from chapter 3 and how you highlighted the multifaceted role of cryptography in securing communication channels, protecting data confidentiality, ensuring authentication, and preserving message integrity. Good job!
Samuel Omotosho says
The field of study known as cryptography focuses on methods for safe communication when facing adversaries or other third parties. In cryptography, protocols are created and examined to ensure information confidentiality, integrity, and validity, as well as to prevent illegal access.
Cryptography comes in a variety of forms, such as symmetric-key cryptography, which uses an identical key for both encryption and decryption, and asymmetric-key cryptography, which uses separate keys for these operations. Numerous other uses for cryptography exist, including the protection of passwords and other sensitive information, the creation of secure digital signatures, and the securing of communication channels.
The history of cryptography is lengthy and intriguing, going all the way back to prehistoric times thousands of years ago. It is now essential to contemporary communication and information security, safeguarding financial transactions, government secrets, and private correspondence among other things.
Chidiebere Okafor says
You are definitely spot on with your deductions. Focusing on safe communication in cryptography cannot be overemphasized. The primary objective is to develop and analyze protocols that guarantee information confidentiality, integrity, and validity, while also preventing unauthorized access.
Nicholas Nirenberg says
Hi Samuel, cryptography is indeed like a protective shield for our digital communications, ensuring our messages remain private and secure. It’s fascinating how it has evolved over time, becoming an essential tool in safeguarding our sensitive information. In today’s interconnected world, cryptography plays a crucial role in protecting our transactions, secrets, and personal conversations, making it indispensable in our digital lives.
Chidiebere Okafor says
As explained in the book, cryptography involves the application of mathematical operations to safeguard messages transmitted between parties or stored on a computer. One crucial aspect emphasized in this text is the human element within cryptography. While one might assume that employing lengthy keys and a robust, well-tested cipher in symmetric key encryption ensures confidentiality that is nearly impossible to breach, the vulnerability arises if the key is not kept secret by the sender or receiver. In such cases, an eavesdropper could discover the key and gain access to every message. This underscores the importance of effective communication, as poor communication can compromise the security provided by long keys and well-established ciphers. Companies must uphold organizational processes without undermining the technical robustness of cryptography.
Several symmetric key encryption ciphers are available for secure communication, with some common ones being RC4, DES, 3DES, and AES. Among these, AES stands out for its superior strength, speed, and efficiency in terms of processing power and RAM requirements. It comes in three alternative key lengths: 128 bits, 192 bits, and 256 bits. While longer key lengths provide enhanced strength and are considerably challenging to crack, it’s essential to note that the security of AES is contingent on correct implementation.
Alex Ruiz says
Recognizing the human element in cryptography is spot on. It’s incredible how the robustness of encryption can be compromised not just by the technicalities but by the way keys are handled. Effective communication becomes essential in ensuring the security of these keys. How do you see the role of communication and collaboration evolving within organizations to address both technical and human aspects of cryptography?
Kelly Conger says
Boyle and Panko’s Chapter 3 Dives into cryptography, the art of securing digital information. They start with the fundamentals like symmetric vs. asymmetric encryption, hashing functions, and digital signatures for data privacy, integrity, and authenticity. Then, they explored specific techniques like popular encryption algorithms, MACs for data integrity, and digital certificates for secure communication. Additionally, they addressed challenges like crucial management, emerging threats, and balancing security with usability in the digital age.
Alex Ruiz says
Its true this chapter covered everything from the basics like symmetric vs. asymmetric encryption to more advanced techniques like digital signatures and digital certificates. The inclusion of challenges like key management, emerging threats, and finding that sweet spot between security and usability is crucial in the ever-evolving digital landscape, so its important that we stay up to date with it. Given the rapid pace of the field, how do you see cryptography evolving to match new emerging threats?
Alex Ruiz says
During the reading this week I really enjoyed 3.6 The Keying Stage and it was my favorite section, I especially enjoyed the analogy they presented in 3.6.2 with Bob giving Alice his padlocks and keeping his key that unlocks them too introduce public key encryption. It really helps explain it to someone for the first time. The costs associated with public key encryption on the other hand lead it to be reserved for much more niche situations as it ends up taking way too much time and resources to widely use this method for everyday communications although it is usually more secure.
Kenneth Saltisky says
Hi Alex,
You bring up an excellent point on the cost of public key encryption compared to other encryption methods like symmetric-key encryption. Public key encryption relies on the public posting of an encryption key that must not reveal anything about the decryption key, which already requires more computational power to accomplish. Additionally, when you utilize a public key for encryption, that means anyone can use the key for encrypting any data. This could allow a malicious threat actor to have access to a very large sample size of encrypted data which could lead to them discovering the decryption key given enough time. As such, the encryption method utilizing the key should include some randomness to prevent an attacker from eventually discovering the decryption/private key.
Andrew Young says
I agree, the Boyle and Panko book has done a great job so far with relaying not only case studies, but also general visualizations and real world examples to contextualize more complex or high level concepts. Being able to view things from a real/practical sense provides a clearer understanding of how these systems work at a technical level and can provide better conceptualization for students like us to understand them
Akintunde Akinmusire says
Cryptography was discussed in the chapter. Cryptography is a way messages/ communication can be safeguarded during their transmission. As we have learned so far in the course, confidentiality, integrity, and Availability (CIA) are also supported by Cryptography. With confidentiality, intercepted transmissions are useless because only the intended recipient can understand them. Integrity ensures that communication can’t be altered without detection.
Mariam Hazali says
I agree with you Akintunde, I think cryptography is a very important topic in cybersecurity. I like that some of the cryptography algorithms include authentication and non-repudiation.
Hashem Alsharif says
Cryptography as a whole is a subject I was always intrigued by. Whether I saw it in a video online or in a movie, I was interested in it. So I was glad to see it being the topic of this week’s chapter reading. My favorite section of this was 3.3, since it helped me understand where cryptography plays a role into todays society. I thought it was interesting how there is a negotiation process, where there is something called the handshaking stage 1, where there is initial negotiation of security parameters, then initial authentication, and keying. Keying stuck out to me because it seems like it’s a more elaborate version of initial authentication, where keys or secrets are sent securely. This chapter showed me that computers in a way, speak their own language, and this language has it’s own set of rules and it’s own way of verifying itself amongst other devices.
Kenneth Saltisky says
Hi Hashem,
I also agree with how interesting the usage of a handshake protocol is and this protocol is how computers communicate with each other. Computers utilize a three-way handshake for network connections in the TCP protocol through the initial SYN packet -> the responding SYN-ACK to the user -> and the last ACK packet from the user acknowledging the successful connection from the server. Even outside of TCP, the idea of handshakes is often used in describing the connection between a client and server in TLS as well as in general data not being fully sent until both connections acknowledge their own connection as successful.
Mariam Hazali says
I agree with you, Hasheem. Whenever I think of a handshake, I usually associate it with the TCP protocol. I never realized that cryptography also utilizes handshaking. That was very informative! It’s good to know all the complexities that go on in the background.