Cryptosystems and Data Protection
Cryptosystems and Data Protection
Cryptography has a variety of roles to play within the cyber security domain. At its core, this module aims to give students insight into how to select the appropriate cryptographic solution to solve the information assurance problem at hand. It is given that a small community of gifted mathematicians have already refined some really sophisticated cryptographic primitives, protocols and algorithms. Other gifted engineers have realised these protocols and made them available on a range of platforms from dedicated crypto-hardware to general purpose computers. Then these implementations are used to protect information assets.
The properties and uses of cryptographic hashes are analysed. Particular attention is given to their role in assuring data integrity and in password management. Different attacks (brute force, dictionary, rainbow tables, synthetic collisions) and mitigations (salting, stretching, large keyspace) are also analysed.
Symmetric encryption is compared and contrasted with public key encryption. Particular attention is paid to the use of hybrid systems to address the key exchange problem in a computationally efficient manner, securing confidentiality over time and in transit. This is developed to show how a public key infrastructure also offers assurance through digital signatures. The significance of “looking after the keys” is emphasised throughout. The challenge of having the relevant key available for authorised use, yet unavailable for unauthorised use is a common theme. Different trust models are exemplified through the hierarchical X509 PKI and the PGP web of trust PKI. The SSL/TLS and IPSec protocols are analysed to determine the extent to which they assure the appropriate attributes of a data asset.