With the widespread use of online and digital communication systems, sensitive information is transmitted around the world every day. Cryptography has become essential for protecting information online.
Cyber security professionals need a good understanding of cryptography and cryptography tools to set up and run secure computer systems and networks. An online master’s degree in cyber security can offer a solid foundation in the cryptography tools that students seeking a career in the field will need.
Cryptography in the Modern Era
In World War II, German submarines lurking below the surface of the North Atlantic preyed on Allied ships carrying supplies to England from the United States. The ships, not knowing the locations of submarines, could do little to avoid the attacks.
Enter British mathematician Alan Turing and a team of code breakers. Using the cryptography tools available at the time, they cracked codes generated by Germany’s sophisticated Enigma machine, revealing German communications with the submarines. This allowed the Allies to route their ships to avoid the submarines.
Deciphering the German codes was one of the more significant achievements in cryptography, a field almost as old as human communication.
Today, cryptography is a key tool in the battle to keep computer systems and networks secure and private.
There’s a lot to protect. Individuals entrust personal, financial, medical and other information to companies, government agencies and other organizations that store it digitally. Hardly a month goes by without news of a data breach that exposes millions of accounts.
Research firm Gartner estimates that more than 80% of companies encrypted their web traffic in 2019. That percentage is likely to grow as more companies seek to protect their data as well as meet stricter regulations governing security and privacy.
Five Cryptography Tools
Cyber security professionals can use multiple cryptography tools to build and fortify their computer system defenses. Here’s a look at five key tools that cyber security specialists can integrate into their strategies.
Security Tokens
A security token is a physical device that holds information that authenticates a person’s identity. The owner plugs the security token into a system — via a computer’s USB port, for example — to gain access to a network service. It’s like swiping a security card to get into an office. A bank might issue security tokens to customers to use as an extra layer of security when they log in to their accounts.
Key-Based Authentication
Key-based authentication is a method that employs asymmetric algorithms to confirm a client’s identity and can be an effective substitute for using passwords to verify a client. The key factors at play in key-based authentication are public and private keys that confirm identity.
In public key authentication, each user is given a pair of asymmetric keys. Users store their public keys in each system they want access to, while the private keys are safely maintained on the device with which the user connects to the secured systems.
When connecting, the server authenticates the user with the public key and asks the user to decrypt it using the corresponding private key.
Docker
The Docker software platform builds applications based on containers: small self-contained environments that share an operating system kernel but otherwise run in isolation from one another. By their nature, Docker containers are secure. More security can be added by enabling one of several applications that fortify the system.
Java Cryptography Architecture
The popular Java programming language has built-in cryptographic functions. The Java Cryptography Architecture (JCA) is integrated with the core Java application programming interface (API). The JCA contains APIs that handle security functions that include encryption, managing keys, generating random numbers securely and validating certificates. These APIs provide a way for developers to build security into application code.
SignTool
Another security tool embedded in an operating system is Microsoft SignTool (SignTool.exe). A command-line tool, SignTool can digitally sign and time-stamp files and verify signatures in files. It’s automatically installed with Microsoft Visual Studio, a software development environment. SignTool allows software developers to certify that the code they developed is theirs and that it hasn’t been tampered with since it was published.
Trends in Cryptography
Cryptography tools constantly evolve as cryptographers and hackers leapfrog each other in building defenses and overcoming them. Several trends on the horizon point to new directions in cryptography.
Quantum Computers and Cryptography
The emerging technology of quantum computing promises great leaps in power and speed. Companies such as Google and IBM are racing to develop quantum computers, which could make some kinds of computing problems easier to solve than with today’s conventional computers.
One such problem area is the encryption protocols for today’s computing systems. The computing power of a quantum computer, experts say, could shred current security defenses. Security experts are developing systems that could protect against quantum systems.
Cloud Computing
When a company stores data on someone else’s servers, such as in a public cloud, the company loses control over securing the data. To solve that problem, some companies encrypt the data before storing it on a cloud system, giving the company a measure of control over the encryption. Another approach is to use cloud services that encrypt information when it enters the cloud environment, which protects it as it is stored or transmitted.
Blockchain
Blockchain is a distributed ledger that underlies digital currencies such as bitcoin. A blockchain is a series of data or transactions (the blocks) connected by cryptographic signatures stored in shared ledgers and supported by nodes, which form a network of processes. Nodes maintain a copy of the entire chain and are continually updated and kept in sync.
Companies have deployed blockchain technologies for secure transactions with customers as well as for storing data such as medical records.
Prepare to Advance Your Career in Cyber Security
Students seeking to build their careers in cyber security would do well to consider programs that offer courses that keep current with today’s cyber security issues and concerns.
The University of North Dakota provides an online curriculum that can prepare students for careers in cyber security. Options include a Data Security track, as well as tracks in Autonomous Cyber Security, Cyber Security and Behavior, and General Cyber Security. Learn more about how the University of North Dakota’s online Master of Science in Cyber Security program can help professionals achieve their career goals.
Recommended Readings
Common Types of Cyber Attacks and Prevention Tactics
The Cyber Security Professional and Intrusion Detection Systems
The Dark Web and Cyber Security
Sources:
CSO, “What Is Quantum Cryptography? It’s No Silver Bullet, But Could Improve Security”
DZone, “Java Cryptography — Simplified (Part 1)
Digital Guardian, “Cryptography in the Cloud: Securing Cloud Data with Encryption”
InfoWorld, “What Is Docker? The Spark for the Container Revolution”
Microsoft, “SignTool.exe (Sign Tool)”
TechRadar, “Encryption: 2020’s Double-Edged Sword”
The New York Times, “Overlooked No More: Alan Turing, Condemned Code Breaker and Computer Visionary”