The digital user of today’s world holds certain values higher than ever before: security, privacy, transparency, confidence, and trust.

When it comes to protecting sensitive information that might breach a client’s trust or even put people or assets at risk, companies are dedicating more effort and resources to making cyber security a priority.

Unfortunately, as technology evolves, so do threats to cyber security; cybercriminals have more tools and money at their disposable, and cyberattacks and data breaches happen to individuals and organizations every day, with real damage and consequences.

Pretty early on in the advent of the computer, the need for encryption and security was detected. Since computers can communicate over open networks, it’s fairly easy to spy on data traveling across the network. And if that data is financial data, military data, or even sensitive personal information, those details in the wrong hands can spell disaster. That’s why a large portion of today’s data is encrypted.

Cryptology is one of the areas that works towards achieving greater digital security and protection. In this post, you’ll discover everything you need to know about cryptography in cyber security.

Cryptography definition, history, and objectives

According to CSO, “Cryptography is the art of keeping information secure by transforming it into form that unintended recipients cannot understand…Cryptographic systems require some method for the intended recipient to be able to make use of the encrypted message”.

Cryptography dates back to Egyptian times, when hieroglyphics were used by an elite few. It can also be referred to as the Caesar cipher because Julius Caesar used it for his confidential correspondence. Even in the earliest cryptographic works, there were essential components including an algorithm and a key, which are still used today. With the development of computers, cryptography inevitably got more sophisticated and advanced.

In the modern era, the objectives of cryptography include:

1. Confidentiality: Maintain data confidential, so that it can’t be understood by anyone unintended.
2. Authentication: Confirm the origin and destination of the information being sent, as well as the identity of the message’s sender and receiver.
3. Integrity: Ensure that data can’t be altered when stored or in movement, and detect if any alteration has occurred.
4. Non-repudiation: Demonstrate the involvement of the creator/sender in the transmission of data.

Relevant uses cases and trends for cryptography in cyber security

Cryptography is made up of the core elements of algorithms, keys, libraries, and certificates. In terms of algorithms, there are 3 categories of cryptographical algorithms: symmetric cryptography, asymmetric cryptography, and hash functions. With this as its basis, cryptography is undergoing these use cases and trends:

• Digital signatures: Digital signatures are electronically-encrypted signatures, they are a key component of blockchain, and public key encryption uses digital signatures to sign documents. Some types of digital signatures in cryptography include ECDSA (used by Bitcoin), the Schnorr signature, and BLS signature.
• Digital certificates: A digital certificate proves the authenticity of a device, server, or user, and organisations are managing shorter digital certificate schedules. With expiration and automation in play, encryption and key management will play key roles.
• Blockchain: Banks, governments, hospitals, and other organisations that manage high-volume, sensitive data are experimenting with Blockchain for cyber security. Challenges include high cost, tough implementation, challenges in encryption key management.
• Cloud-based security: There is broader acceptance of cloud-based encryption and key management, especially in finance. Financial services and payment processing are being performed in the cloud, providing advances in data access, retention, key management, and vendor choice.
• DevOps security: DevOps need tools to secure infrastructure without slowing it down (key management, HSMs, crypto, third-party monitoring tools). The goals are to integrate security, identify problems, do troubleshooting, and expand the use of encryption.
• Bring your own encryption: BYOE is an encryption model where the data owner generates and uses its own keys and has sole access to them. It was designed to increase data protection in the cloud and reduce third-party key management, but its weaknesses include lost/master keys and cloud security issues.
• Homomorphic encryption: A technique that enables data owners or a third party to apply functions on encrypted data without needing to reveal the values of the data. However, homomorphic encryption requires significant computing power and is costly.
• Quantum computing: Large-scale quantum computing poses a threat to current cryptography encryption methods (public-key encryption and PKI, the core of secure data exchange and transactions). Not protecting against advances in quantum computing will affect every sector.
• Future-proofing: Organisations are reviewing their critical infrastructure (PKI, digital certificates, HSMs, roots of trust, etc), taking inventory, and putting security processes in place to reduce risks. The more we learn about the weaknesses of classical cryptography, the better we can build new cryptographic systems strong enough to resist future attacks.

Interview of a TechTeamz cryptography leader

For greater insight into the world of cryptography in cyber security, we spoke with someone with knowledge and experience in the field, one of our TechTeamz engineers, Rubén Navarro, the Team Leader of our embedded QA testing team. He is currently working on a cryptography project that uses cutting-edge technology to make usage and communications safer for everyone.

What is your favourite thing about working in the field?

Cryptography is a very exciting field to work in. It’s always a race of whatever new findings are out there and how they can be broken and exploited. This makes it challenging too, you must be up to date with the new technologies as well as new vulnerabilities found. In the current world we live in, surrounded by technology, we are bound to be vulnerable to attacks, and cybersecurity and cryptography are key to try to prevent those.

What are the most exciting new trends in cryptography and why?

The ability to secure communications in smaller and simpler devices. As we keep fabricating new gadgets and IoT devices that are connected to the cloud and to the Internet, the need for secure protocols comes with them. The development of lightweight SOCs and OSs that implement cybersecurity protocols as well as cryptography algorithms will make the usage of those little gadgets more secure in time.

What other roles do you work closely with or perform?

Cryptography and cybersecurity will always be related to testing and pentesting. A well tested product is less likely to suffer from attacks and to have exposed vulnerabilities that could allow possible attackers to use it in malicious ways.

I work as a tester and in our team, we try to be creative with the testing and pentesting of our product since we know how crucial it is for its reliability. You need to think outside of the box, outside of requirements and outside of norms. Most vulnerabilities out there are things that have been overlooked because there hasn’t been proper testing.

Do you typically use or recommend any specific applications or software to enhance data protection and security, such as in the cloud?

There is not a definite answer for being more protected or secured when using technology. The best ally is generally common sense, either if you are an advanced user or simply a casual one. Technology comes with that caveat and by using it everyone should know that they agree to a certain degree of being vulnerable.

With that in mind, it’s enough to be careful with sensitive data: passwords, personal information, bank information… Whatever you don’t want stolen or seen, only use in secure ways.

Cryptography is essential in every industry, but especially the government, military, financial services, manufacturing, and automotive. Without keeping key trends in sight and being proactive to protect and secure data, critical infrastructure can be exposed to vulnerabilities, leak data, and erode customer confidence. Of particular importance are post-quantum cryptography and new cryptographic regulations. If you’re looking for experts in cryptography and cyber security, reach out to TechTeamz and we will find you the right engineer for your project.