Recently, there was a ransomware attack that affected thousands of computer networks across the globe (Chappell, 2017). This attack interrupted operations, thereby costing firms huge amounts in lost business. The attack renewed the discussion on the need to revamp computer security. Encouraging progress has been made in the development of technologies that shied computer systems from various forms of attacks. Today, businesses can rest assured that their information and resources are secure thanks to the advances that have been made in information security (Peltier, 2013). There are a number of issues that define information security. Cryptology is among these. Essentially, cryptology is a system of coding for the purpose of ensuring information security (Maliky & Sattar, 2014). Security experts routinely develop programs and processes that seek to seal any loopholes and vulnerabilities in information systems that can be exploited by such unscrupulous individuals as hackers. Cryptology has a very long history that has been defined by key developments and milestones. This paper sheds light on the history of cryptology. Focus is also given to the role that cryptology plays in enhancing information security.
Background
As noted above, cryptology is the field concerned with codes. Cryptologists create codes and study them. They also examine codes for insights into how to solve them. Cryptology is applied in a number of different areas. However, information security has benefited mostly from cryptology. Experts in this field develop solutions to the information security challenges faced today (Maliky &Sattar, 2014). They create security programs that make it difficult for hackers to penetrate networks and gain access to sensitive information. Cryptology is particularly relevant in the modern computer age when adversaries are more committed to launching attacks on computer systems. Messaging platforms and social media networks are particularly targeted by these individuals. In an effort to combat the threat posed by these adversaries, technology companies and the creators of messaging and social media services have developed technologies for encrypting messages and other interactions among users. For example, Whatsapp recently introduced a security feature that encrypts messages exchanged by users (Ganguly, 2017). The encryption technology makes it impossible for any third party to intercept the exchanges between users. The encryption technology has been hailed as a development in securing user privacy and the confidentiality of user information. As further progress is made in communicating computing, the world is likely to see more efforts being committed to enhancing information security.
Delegate your assignment to our experts and they will do the rest.
To fully understand cryptology, it is necessary to examine some of the fundamental principles that serve as the foundation of this field. Data integrity and confidentiality are among these principles (Savu, n.d). Experts in the field of cryptology are primarily driven by the desire to ensure that data is secure at all times. They seek to protect data integrity. This means that they create security programs that shield data from corruption. They endeavor to ensure that as data is transmitted from one person or system to another, it maintains its primary form and shape. Cryptology also aims to guarantee confidentiality (Savu, n.d). It does this by shielding information from prying eyes. It ensures that no individual without authorization is able to gain access to information. The example of the encryption feature that Whatsapp introduced makes this point clear.
Data integrity and confidentiality are among the primary principles that govern cryptology. However, they are not the only ones. In addition to these, non-repudiation and authentication are the other principles that govern cryptology (Savu, n.d). Non-repudiation is concerned with ensuring that individuals take responsibility for their actions in the cyberspace. Thanks to this principle, it is possible to link individuals to certain actions, thereby ensuring accountability. Authentication primarily involves authorization. It seeks to ensure that only individuals with the right clearance can access certain information and resources (Savu, n.d). For example, it is common for information systems to require individuals to produce a password so that they are allowed to access certain information. Essentially, authentication protects information systems from being breached by individuals who lack authorization and are intent on stealing or corrupting data.
History of cryptology
In the discussion above, the foundation has been laid for an examination of the history of cryptology. It has already been stated that cryptology has a long history. Milestones have been achieved as it is now possible to secure information systems from unauthorized access (Bauer, 2013). Today, cryptology is rather complex. It is possible to generate long sophisticated algorithms that secure information systems. This has not always been the case. Before the development of computer systems, mankind relied on rather archaic and basic systems to secure information. A system of ciphers was used to ensure that third parties could not understand information that is intended for another party. The transposition ciphers were among the security procedures that were relied on to keep information safe (Stamp & Low, 2007). Essentially, these ciphers worked through the rearrangement of letters in words. For example, the phrase ‘I will meet you at noon’ can be rearranged to read ‘I llwi etme oyu ta onon’. Clearly, this phrase would not make sense to an individual who does not understand how the ciphering process works. The rearrangement of words ensures that only the individuals directly involved in a conversation are able to derive meaning from ciphered messages. The transposition ciphers were not entirely secure as it was possible for third parties to intercept and to decipher the messages. This weakness necessitated a refinement of this system. The substitution cipher was born. This system is discussed in much detail in the section below.
It has been noted above that the substitution cipher was developed in response to the weakness found in the transposition cipher system. Instead of merely arranging the letters in words, the substitution cipher system replaced the letters entirely with other letters (Kahate, 2013). The letters that were used to replace the original ones were related in some way to the original letters. For instance, the replacement letters could be the letters that followed the original letters in the alphabet. The following example makes this clear. The phrase “I will meet you at noon” can be considered. Using the substitution cipher method, this phrase can be rewritten as “J xjmm nffu zpv bu oppo”. The substitution cipher process is clearly an improvement over the weaker transposition cipher method. However, the substitution method is not without its flaws. One of the flaws was that it was still possible for adversaries and other third parties to intercept messages and make sense of them. The other weakness is that deciphering the messages secured through this method could take a long time since the computer systems that allow for automatic deciphering had yet to be developed.
The transposition and the substitution cipher methods were the main techniques that were used during the pre-computer age. Various other derivations of these systems were developed. For example, the Caesar cipher was developed by Julius Caesar (Holden, 2017). This method worked like the conventional substitution cipher method. However, it was set apart by the replacing of letters with other letters that were found a number of steps down the alphabet (Holden, 2017). The Caesar cipher was more secure since for one to decipher a message, they would need to know the exact position on the alphabet of the letters that are used to replace the original letters.
The computer age ushered in new systems of cryptology. It was during the Second World War that significant progress was made in the development of modern computer-based cryptology. Soldiers from opposite sides are reported to have developed systems for encrypting their messages. In addition to encrypting messages, the systems also allowed the soldiers to decrypt messages sent within the enemy camp. For example, during World War II, soldiers in the United Kingdom sought to make sense of the messages exchanged among German soldiers (Gannon, 2007). The process of deciphering the German messages was rather laborious and repetitive. The British soldiers developed the Colossus (Gannon, 2007). Essentially, this was a programmable computer system that allowed the soldiers to decrypt the German messages with much ease.
Most of the advances that were made in cryptology occurred during the second half of the last century. More complex computer systems were developed during this time. As opposed to the simple and text-based cipher methods that were used in past years, the computer era was characterized by the development of new cipher methods that exploited the binary system (Bauer b, 2013). Through this system, it became possible to develop a wider range of encryption methods. Proper encryption standards were also developed during this period. These new standards facilitated the development of uniform procedures and policies. For example, the Data Encryption Standard was developed by IBM to aid the American government in encryption (Leech & Chinworth, 2001). In addition to the new standards, new algorithms and processes for encrypting and decrypting messages were also developed during the initial years of the computer era. These algorithms included integer factorization and discrete algorithm. These algorithms saw mathematical principles and methods become part of cryptology. Previously, basic mathematical principles were relied on. However, during the infancy years of the computer age, more complex mathematical principles were used. These principles were combined with the massive computational power of computers to create complex encryption systems.
The discussion this far has focused on basic cryptology. Today, very complex methods of encrypting messages have been developed. These methods rely on computer systems to cipher and decipher messages. There are a number of significant developments that have been witnessed in the modern computer age. The development of symmetric-key cryptography is among these developments. Essentially, this system allows for messages to be ciphered and deciphered by the use of a unique key (Das & Madhavan, 2009). The sender and receiver of a message possess a key that they use to encrypt a message and decrypt it. This system is secure because the key is unique and the message can only be decrypted by the individual with the key. One of the demerits of the symmetric-key system is that a complex system for managing keys is required. This system must function properly lest the security of messages be compromised.
The weakness of the symmetric-key system led to the development of public-key cryptography. This system works in a fashion similar to the symmetric key system. The sender of a message uses a public key to cipher a message (Das & Madhavan, 2009). The receiver then uses a private key to decrypt the message. Today, the encryption methods that are used are complex and it is nearly impossible for unauthorized parties to gain access and make sense of encrypted messages. End-to-end encryption is among the methods that are in use today. This method ensures that a message is ciphered on both ends. Even if a third party intercepts the message, they would be unable to make sense of it. This is the method that such messaging services as Whatsapp rely on to keep user messages and data secure. Digital watermarks and microdots are the other systems that have been developed in the modern age to secure messages.
Importance to information security
The importance of cryptology to information security is not in question. Information security has been enhanced significantly by the various encryption methods. One of the roles that cryptology plays in information security is safeguarding data integrity. Thanks to cryptology, it is possible to maintain the shape and form of data (Savu, n.d). Today, it is possible for data to be transmitted across networks and over long distances without the data losing its original form. The various encryption methods ensure that third parties are unable to intercept data and corrupt it. This is indeed important as for many online systems to function properly, data integrity must be guaranteed.
Apart from ensuring date integrity, cryptology also ensures that systems are secure and completely shielded from attacks by adversaries (Savu, n.d). In an earlier discussion, it was noted that authentication is one of the primary principles on which cryptology is based. Thanks to the principle of authentication, it is possible to see to it that only individuals who are authorized can access computer and information systems. For example, unless an individual can produce the required password or biometric identity, an information system denies them access. Modern information systems are more secure thanks to cryptology. This is not to say that these systems are completely invulnerable to attacks. In the recent past, firms in the United States and across the globe have suffered cyber attacks that have seen these firms lose crucial data. These attacks highlight the fact that more needs to be done to completely shield information systems from attacks.
Most organizations use data for external purposes. However, there are certain instances where organizations have to share data with external parties and rely on the data provided by other entities. In such situations where there is movement of data, it is necessary to adopt encryption. Sensitive data is most vulnerable when it is being transmitted from one system to another (Raglione, 2015). Adversaries can exploit any flaws in the transmission mechanism. Cryptology has facilitated the transmission of data and information. While it is true that no information system is completely insulated, cryptology has led to the development of mechanisms and procedures for securing data in transit. The stability and the uninterrupted operation of computer networks can be attributed to cryptology (Raglione, 2015). Overall, cryptology is responsible for the peace of mind that individuals and organizations enjoy today. Thanks to cryptology, one can securely share information and other data with others without being concerned that their data could be stolen.
Challenges
There are a number of issues that are posing a challenge to the development of cryptology. Backdoors are among these issues. Basically, a backdoor is a loophole that is created deliberately to allow third parties to gain access into an information system (Northcutt, n.d). The issue of creating backdoors came into the limelight recently as Apple was embroiled in a conflict with the FBI. The FBI appealed to Apple to create backdoors in its system to allow law enforcement agencies to combat crime. The conflict between Apple and FBI was occasioned by a terrorist attack in which the FBI sought to gain access into the phone used by the perpetrator of this act (Kharpal, 2016). The matter found its way to the court. The issue of creating backdoors is rather controversial. It has forced the United States to reexamine its priorities. The nation has to select between national security and privacy. It appears that it is impossible to guarantee the safety of Americans without taking away their right to privacy. While it is true that the creation of backdoors would enhance public safety, it has to be remembered that there are unscrupulous crooks who would also exploit the same backdoors to steal user data. The nation must therefore reflect carefully on whether the need to ensure public safety is sufficient justification for the creation of backdoors.
Mass surveillance is another challenge that cryptology faces. Recently, it was revealed that the National Security Agency (NSA) had developed a program through which it snooped on Americans (“NSA Surveillance”, n.d). The activities of NSA raised questions regarding how secure public communication and information systems are. It was revealed that NSA is able to monitor the online activities of American citizens. It was able to do this despite the strong encryption systems that Americans rely on to secure their data. The fact that NASA was able to monitor Americans underscores the need for stronger encryption systems. More companies need to emulate Whatsapp by developing very secure systems that ensure that such government agencies as NSA are unable to snoop on Americans.
Another challenge that cryptology faces is the authority of government agencies to compel individuals and organizations to reveal encryption keys. The case of Apple and the FBI has already been mentioned. In this case, the FBI sought the intervention of the courts to force Apple to reveal the encryption keys that it uses to keep user information secure (Kharpal, 2016). Apple refused to comply arguing that it had an obligation to protect the privacy of its users. The debate over whether privacy should be prioritized over national security is far from settled.
Recommendations
The challenges discussed above threaten the field of cryptology. There is need for measures to be instituted to address these challenges. To answer the question of whether backdoors should be created, it is recommended that technology companies should stand their ground and refuse to create these backdoors. The government needs to identify other measures for enhancing public safety. Backdoors do not guarantee that terrorists will not be able to launch attacks. Besides, these backdoors represent a flagrant violation of the right to privacy. Furthermore, the backdoors can be exploited by thieves and crooks. The United States simply has to explore other options that do not violate the right to privacy.
Mass surveillance and compelling individuals and companies to reveal encryption keys are the other challenges that have been discussed above. The mass surveillance program conducted by the NSA is unacceptable and unjustifiable. Americans have the right to privacy and this right must be protected at all costs. There is need for technology companies to continue to develop new and improved encryption technologies to protect Americans from the intruding eyes of the NSA. There is also need for the American people to embrace encryption technologies. Such technologies as virtual private networks (VPNs) are readily available. VPNs make it difficult for the online activity of an individual to be monitored. It does this by bouncing data across different networks.
Cryptology has enhanced the security of information networks. In the initial phases of the development of cryptology, simple methods were used. These methods included the transposition and the substitution cipher. Over time, the methods were improved. Computer-based techniques were developed. Thanks to these techniques, keeping information secure became easier. These techniques have also made it possible for information to be shared in a simple and secure fashion. Even as it has enhanced information security, cryptology continues to face challenges. Most of these challenges are brought about by government agencies which intrude and demand that companies create loopholes for accessing private data. This is unacceptable. Should these agencies be granted their wish, the security of information will be compromised. Technology companies should continue to protect user data. There is also need for individual users to adopt cryptology for the purposes of securing their information and online activities.
References
Bauer, C. P. (2013). Secret History: The Story of Cryptology. Boca Raton, FL: CRC Press.
Bauer b, F. L. (2013). Decrypted Secrets: Methods and Maxims of Cryptology. New York: Springer.
Chappell, B. (2017). WannaCry Ransomware: What we know Monday. Retrieved 24th May 2017 from http://www.npr.org/sections/thetwo-way/2017/05/15/528451534/wannacry-ransomware-what-we-know-monday
Das, A. & Madhavan, E. V. (2009). Public-Key Cryptography: Theory and Practice. Delhi: Pearson Education India.
Ganguly, M. (2017). WhatsApp Vulnerability Allows Snooping on Encrypted Messages. Retrieved 24th May 2017 from https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
Gannon, P. (2007). Colossus: Bletchley Park’s Greatest Secret. London: Atlantic Books.
Kharpal, A. (2016). Apple vs. FBI: All you need to know. Retrieved 24th May 2017 from http://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html
Holden, J. (2017). The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption. Princeton, NJ: Princeton University Press.
Kahate, A. (2013). Cryptography and Network Security. Delhi: Tata Mc-Graw Hill Education.
Maliky, S. A. & Sattar, B. (2014). Multidisciplinary Perspectives in Cryptology and Information Security. Hershey, PA: IGI Global.
Northcutt, S. (n.d). Logic Bombs, Trojan Horses and Trap Doors. Retrieved 24th May 2017 From https://www.sans.edu/cyber-research/security-laboratory/article/log-bmb-trp-door
NSA Surveillance. (n.d). Retrieved 24th May 2017 from https://www.aclu.org/issues/national-security/privacy-and-surveillance/nsa-surveillance
Peltier, T. R. (2013). Information Security Fundamentals. Second Edition. Boca Raton, FL: CRC Press.
Leech, P. D. & Chinworth, M. W. (2001). The Economic Impact of NIST’s Data
Encryption Standard (DES) Program. Retrieved 24th May 2017 from https://www.nist.gov/sites/default/files/documents/2017/05/09/report01-2.pdf
Raglione, A. (2015). Best Practices: Securing Data at Rest, in Use and In Motion. Retrieved 24th May 2017 from https://www.datamotion.com/2015/12/best-practices-securing-data-at-rest-in-use-and-in-motion/
Savu, L. (n.d). Cryptography Role in Information Security. Retrieved 24th May 2017 from http://www.wseas.us/e-library/conferences/2011/Corfu/CITCOM/CITCOM-04.pdf
Stamp, M. & Low, R. M. (2007). Applied Cryptoanalysis: Breaking Ciphers in the Real World. Hoboken, NJ: John Wiley & Sons.
