cryptology in the digital world
In the digital age that we exist in today, understanding how data is stored and how you can take measures to protect your own data is extremely important. Depending on who it is being discussed, the word security can be understood differently. For example, the government would use the word security in context of national security and protecting its citizens from things such as terrorists attacks. Businesses are likely to use the word security, relating to the digital world, in order to protect their assets from criminals and/or other companies. Lastly, individuals are likely to use this word in accordance with the word privacy to protect their personal information.
Privacy and security is basically non existent when everything that a person does can be tracked through your IP address. Despite this, there is a basic understanding on this topic that can assist an individual or companies in protecting some of their data so that not everything they do online is traceable.
Cryptology is a concept that has come about in order to protect data being transferred online. It is basically defined as secret writing and is one of the best defenses against a government, or corporation, or individual from compromising their security online. This is a concept that came about during World War II by Germany in order to be able to communicate with U-boats that were in the Atlantic Ocean during the war. They created an enigma machine in order to use this form of encrypted communication. The machine worked based on an algorithm, such as the Caesar Cipher, which is an algorithm used to encrypt messages. It works by taking a message that is being transferred and shifting each of the letters in the message by 3 units alphabetically. For example, if the message being transferred was “Hi,” after the Caesar Cipher is used it would turn into “Kl.” This is because 3 letters after H is K and 3 letters after i is l. If the enigma machine were being used based on this algorithm, any letter that a person typed into the machine, the machine would actually record a letter 3 units after the original letter.
While cryptology seems like a sufficient way to protect your data, there are some flaws to it. One flaw of it is that while the content of a message is kept private, the fact that two parties are communicating, is not (Kernighan, 2017). In addition, there are ways for people to decrypt the data, who are not supposed to be able to. Frequency Analysis and Brute Force Attack are two examples of this. Frequency Analysis counts the occurrences of each symbol in a message while Brute Force Attack tests all of the possible algorithms to decrypt a message and identify the context of it. Lastly, while cryptology is good for those encrypted their messages simply for privacy reasons, it also protects the data of those using it for illegal purposes as well. As a result of the controversy that came with this, the United States came up with the Clipper Chip which kept communication private, while still allowing the government the ability to decrypt messages through a permitted key. Citizens responded, claiming that this was an invasion of privacy on the part of the government, and therefore the Clipper Chip died off in 1996.
As mentioned previously, encrypted messages can be decrypted using a key. There are secret keys and public keys. Secret keys are messages that are encrypted and decrypted using the same secret key that should only be known to you and to those who you are communicating with. On the other hand, public keys involve a key pair, where one is private and one is public. The public key is public knowledge, and is used by others when they want to communicate with you. The private key should only be known to you and is the only key that can decrypt a message that was encrypted using your specific public key. Secret key cryptology has two main methods- Data Encryption Standard (DES) and Advanced Encryption Standard (AES). DES is a 56 bit key, which proved to be a victim of Brute Force Attack too often and that is why the switch to AES happened, which uses either a 128, 192, or 256 bit key (Kernighan, 2017). While AES has been adopted by the US government and is the most efficient method to date, there are still flaws involved. This involves the idea of key distribution and the fact that when 2 parties are communicating, the key original key needs to be shared with them before they are able to decrypt the message and reveal its context (Kernighan, 2017). The more parties involved in this process, the more likely the key is leaked publicly. This proves the fact that many of the issues with data breaching and the leaking of security comes down to human error.
When you are online shopping, doing research, or checking social media, you are performing all of these actions on a server. The server you are using a computer on, whether it is a home router or private server like Temple’s wifi network, communicates with an Internet Service Provider which retrieves the data from the page you are trying to load. How do these servers know where to send the information? A 32-bit number known as the computer’s IP address. A computer’s IP address is the most basic information they need to keep private so that others cannot track their location or activities, since it is linked to every action the user performs across the server. While knowing someone’s IP address does not automatically give you access to their personal information, this stolen information can be used to perform illegal activity using the identity of another computer.
One way to protect the anonymity of your IP address is downloading a Tor Relay software which consists of a downloadable software and the volunteer network of computers which allow the software to run. When using this software, your IP address remains hidden, as information travels in a system of relays. The first relay knows only the originators identity, the middle relay knows where the message came from and where to send it, but does not know the context. Finally, the third relay knows the identity of the destination. This is a much more secure method of internet browsing, as the only information the server sees comes from the IP address of the Tor relay. This system is useful to protect websites from tracking your digital footprint and protecting the anonymity of your computer’s unique IP address.
Another method of digital encryption that has become increasingly popular is called end-to-end encryption, which is a secure form of communication where messages are encrypted all the way from the sending user to the receiving user. Public key encryption is much stronger than private, because only half of the decryption key is transmitted over the network. The receiver is the only one that can decrypt the message using special cryptographic keys unique to their server. End-to-end encryption is a much more secure method of transmission because even if the communication server gets compromised, user data is kept secure since no other IP address possesses those decryption keys.
As social media becomes increasingly popular in the digital age, it is important that our information is kept secure across all platforms. Facebook, one of the most widely used sites, has been hacked on more than one occasion. In 2017, there was a scandal involving Cambridge Analytica which led the British consulting firm to have access to the private information of up to 87 million users. In addition to a huge invasion of privacy, there is speculation that this data breach affected the 2016 Presidential election, and even led to deaths in several countries. Facebook suffered another attack in September 2018, when a breach in their computer network exposed personal information and access to the friends list of nearly 50 million users. Software flaws also allowed hackers to gain access to apps like Spotify and Instagram that users had linked through Facebook. This data breach occurred by hackers stealing the access tokens, or digital keys that allow access to a specific account, which is extremely dangerous considering how many millions of people rely on Facebook as a secure method of communication.
Security breaches like those that have happened to Facebook pose a threat for internet users everywhere. According to a Pew Research study, only 9% of tech users feel very confident that social media sites securely protect their data. Luckily, Facebook, Snapchat, iMessage, and many more platforms have adopted end-to-end encryption strategies to keep the data of their users secure. Knowing that these platforms are taking precaution to improve security of their servers gives users peace of mind to continue posting on Facebook or sending Snapchats to their friends. Since these websites and social platforms are business-centric, it is important that consumers continue to use them, which generates revenue and allows these sites to thrive. Digital privacy and cryptology is a serious concern in the digital world, but it is relieving to know that websites are working toward a future with more security and anonymity online.