Cryptography and Natural Security
The art of encoding messages as a means of achieving security is essentially cryptography. While it has been in use for over 4000 years, recent advancements in technology have made cryptography a necessity, given the huge amount of data conveyed from one person to another. The proliferation of technology and technological devices has made cryptography a necessity, and is currently used for security of ATM cards, computer passwords, as well as electronic commerce (Ayushi, 2010). The two main types of cryptography are symmetric and asymmetric key, and are applicable in different technologies even with their inherent strengths and weaknesses.
Of the encryption methods, symmetric key, otherwise known as shared key, single key, secret key or private key is the fastest. According to Blumenthal (2010), symmetric-key cryptography uses identical private keys for its users, even as the users hold unique public keys. The public keys are responsible for the encryption of data, even as the private keys enable the users decrypt the data (Blumenthal, 2010). Largely, SSL communications use symmetric cryptography.
One of the strengths of the private key (symmetric key) is its resistance to brute force attacks (Blumenthal, 2010). The security of the private key stands even as it uses a one-time pad combining plaintext and random key. The algorithm used in the symmetric key is therefore more secure and hard to crack in comparison with asymmetric key. Another strength is that it requires less computing power in comparison with its public-key cryptography making it fast and simple to deploy (Blumenthal, 2010).
However, regardless of the robust nature of its security, symmetric key has inherent weaknesses. One of the greatest weaknesses is the need for a secure channel for the exchange of the secret key. The secure channel is especially necessary to ensure that the key remains a secret (Ayushi, 2010). Further, the algorithm requires the generation of key for communication with every new party. Such a requirement creates the problem of managing so many keys and ensuring their safety.
One the other hand, there is asymmetric key cryptography, as known as public key. In this type of cryptography, users employ a pair of keys: one private and the other public (Ayushi, 2010). The keys are a necessity for encrypting and decrypting the message or transmission. Many technologies and organizations deploy the public key such as OpenPGP and SSH for encryption as well as for digital signature functions.
Public keys have strengths that private keys do not possess. For instance, while it is difficult ascertain the origin of a message while using a private key, the presence of a digital signature enables a user that has deployed public key to verify the sender of the message (Ayushi, 2010). Given that security is essentially the purpose of encrypting the messages, public keys offer the security since they provide message authentication features. It is therefore possible to ascertain the authenticity of the message and discover whether the message had any alterations in transit using digital signatures.
Public keys, however, are slow in addition to using up more computer processing power. The slowness of the public key in creation and decryption makes them unsuitable for decrypting bulky messages (Ayushi, 2010; Blumenthal, 2010). Further, the decryption process uses up many computer resources in the encryption and decryption process. Perhaps most worrisome is the security compromise and the irreparable damage in case of loss of the key. Specifically, by determining the key, an attacker can read a person’s private messages, while the loss of the private key means the user cannot decrypt the messages sent.
Part of cryptography is cryptanalysis. Schneier (n.d.) defines cryptanalysis as the working (by a cryptographer) to find inherent weaknesses in cryptographic algorithms, and using the weaknesses found in deciphering the cipher text without the knowledge of the secret key. Schneier (n.d.) further informs that the weakness may not necessarily exist in the cryptographic algorithm; on the contrary, it may be in the method of application making cryptanalysis successful.
In performing cryptanalysis, there are many attack techniques available to cryptographers. Reverse engineering is one of the simplest methods that involve obtaining an encryption device and deconstructing it to learn the best way to extract plaintext. Guessing is another technique, which involves testing to check the cryptography, since sometimes some plaintext may not necessarily be encryption but rather simple substitutions or obfuscation. Brute force attack is yet another technique used by cryptographers, which involves repeatedly trying different keys in an attempt to obtain plaintext.
The purpose of cryptography is to ensure security; however, physical security is as important as internal security. CPTED (Crime Prevention through Environmental Design) is the idea that organizations can use knowledge and creativity in designing built environments in ways that lessen or prevent crime (State of Queensland, 2007). As an idea, CPTED provides guidelines, through strategies that offer aesthetics and security to buildings. One of the ways CPTED provides security is through natural surveillance, where the placement of buildings, physical features and activities maximizes visibility making it unlikely or difficult for intruders to commit crimes (State of Queensland, 2007). Using territorial control also provides the security, where features define boundaries that keep people off. Additionally, designing natural access control decreases crime opportunity by denying access to offenders and creating a risk for them.
Ayushi, S. (2010). A symmetric key cryptographic algorithm. International Journal of Computer Applications, 1(15), 1-4.
Blumenthal, M. (2010). Encryption: Strengths and Weaknesses of Public-key Cryptography. Villanova, PA: Villanova University.
Schneier, B. (n.d.). A self-study course in block-cipher cryptanalysis. Cryptologia. Retrieved from https://www.schneier.com/academic/paperfiles/paper-self-study.pdf.
State of Queensland (2007). Crime Prevention through Environmental Design: Guidelines for Queensland. Queensland: State of Queensland