Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Human Resource Management

cryptology paper 10-21-2011

advertisement 
Antonella Demartini
PA 755: Information and Knowledge Management
Policy Briefing Paper #2
October 27, 2011
Cryptology in the 21st Century
“The codemakers can always stay ahead of the codebreakers.”
-David Kahn1
Whenever we use an automatic teller machine (ATM), bank online, or make purchases
online, we are using a technology called encryption. It refers to how information is concealed to
prevent interception by an unwanted party. The concept has been used throughout time: from
2000 BC when Egyptians communicated secret messages in hieroglyphics (Ambulkar, 2010) to
World War II when the Allied powers solved German military codes (Kahn, 1979). Encryption
is a fundamental technique in the field of cryptography, which is part of the larger field of
cryptology. Courted by governments, scholars, businesses, and the general public, cryptology is
increasingly posing issues of national and international concern. This paper will review
definitions of cryptology; discuss its background; analyze the critical issues; compare pros and
cons; and make several recommendations.
Definitions
Cryptology refers to “the study of methods for protecting messages by encryption”
(Beaulieu, 2008, 264). It has multiple forms: textual, arithmetical, or color visual (Wu, et al,
2006). Cryptology encompasses two parts: “signal security and signal intelligence” (Kahn,
1979, 144). “Cryptography” is connected with signal security.
It literally means “hidden
writing” (Ambulkar, 2010, 1810). It refers to converting the message into a secret form with a
cipher, or code (Ibid). The person receiving the message has knowledge of the code, or its key.
1
Kahn, D. 1979. Cryptology Goes Public. Foreign Affairs, 58(1), 145.
1
The key allows him or her to decrypt, or reveal, the original message. “Cryptanalysis” is
connected with signal intelligence. It is the “process of trying to find the original key or
message, without prior knowledge of the parameters used” (Beaulieu, 2008, 264).
A
“cryptosystem” is a method for encrypting and decrypting messages (Ibid). A “cryptogram” is
an encrypted message (Kahn, 1979, 142).
Cryptologists concern themselves with protecting the secure transmission of information
and they measure their work against four criteria: confidentiality, integrity, non-reputability, and
authentication (Ambulkar, 2010, 1810-1811; Tsaur, 201, 1046). Confidentiality means that data
is successfully hidden using encryption (Ibid). Integrity means that the data remains the same
when it is decrypted by the receiver as when it was encrypted by the sender (Ibid). Nonreputability means there is way of verifying that the message came from a particular sender
(Ibid). Authentication means there is a way to identify the system user, as well as a user who
tries to break into the system (Ibid).
Background
The National Security Agency (NSA) is the government bureau charged with monitoring
U.S. cryptology. Up until the 1970s, the agency considered cryptology sensitive and secret
information for four particular reasons (Kahn, 1979, 142). First, the government believed that
sharing information could help other nations strengthen their cryptosystems (Ibid). Second,
making any indication that a cryptogram was solved could indicate to the adversary to change
the code (Ibid). Third, revealing information about a code would stop the creator from being
able to send information clandestinely (Ibid). Fourth, conceding to have interfered with other
countries’ messages could strain the political relationship between the countries (Ibid). Although
2
the agency’s attitude is not as rigid as it once was, the NSA still prefers to guard its cryptology
knowledge.
Cryptology systems are advancing. For instance, many ATM or internet banking transactions
use the Data Encryption Standard (DES). In 1973, IBM developed this encryption system (Kahn,
1979, 151). “DES gives us a way of communicating secret information across a public channel”
(Coppersmith, 2000, 246). In 1977, the U.S. Institute of Standards and Technology implemented the
technology, and has since developed a more advanced version, Triple-DES (Phan, 2007, 528).
Scholars report that breaking the DES encryption is becoming easier. In 1997, it took computers 90
days to do so; in July 1998, it took computers 3 days; in January 1999, it took computers 22 hours
and 15 minutes (Ibid). Clearly, the need for creating new codes and cryptograms is ongoing because
hackers are increasingly able to decrypt at the same rate, if not faster, than programmers are able to
encrypt (Kahn, 1979).
Experts consider the confluence of cryptology, cryptography, and cryptanlysis to be
“COMINT,” or communications intelligence (Kahn, 1979, 145). In 1979, the White House
issued the National Telecommunications Protection Policy.
The directive assigned three
different categories to communications intelligence: military and diplomatic messages;
unclassified information sent between the government and its contractors; and nongovernmental
information.
The NSA oversees the first category. The Commerce Department’s National
Telecommunications and Information Administration oversees the second and third categories
(Kahn, 1979, 150). The directive is meaningful because it is the first time “any government has
ever dispensed advice on codes and ciphers to the public. This has helped bring cryptology out
of the closet” (Kahn, 1979, 151).
3
Critical Issues
Cryptology is an important topic today because of its links to computer and internet
technology. Cryptology supports cybersecurity because it enables confidential data transmission.
As more people depend on mobile and other wireless devices for communication and business
purposes, the need for cybersecurity increases:
“Varying types of threats from numerous sources can adversely affect computers,
software, networks, organizations, entire industries, or the internet itself. . . The
interconnectivity between information systems . . . can amplify the impact of these
threats” (Wilhusen, 2011, 1).
Naturally, the relevance of cryptology increases as internet technology advances and its number
of users grow. The critical issues surrounding this field seem to stem from who uses cryptology,
and for what purposes.
One critical issue with cryptology regards individual privacy. Cryptology can be used by
governments to solicit information about citizens and businesses. For example, cryptanalysis aids
the monitoring of e-mail and wiretapping. Citizens’ right to privacy may be transgressed if the
government “seek[s] to draw intelligence from the communications of tens of thousands of
private firms and citizens of all nationalities” (Kahn, 1979, 144). In support of the federal “war
on terror,” courts have often dismissed cases where plaintiffs have brought charges of
warrantless monitoring or wiretapping against a U.S. government agency (Paul, 2006). Further,
in March 2010, the Obama administration wanted Congress to make communications services,
including “encrypted e-mail transmitters . . . to be technically capable of complying” with
wiretap orders.2 The inference is that the Obama administration does not want communications
companies to employ advanced encryption technology that would impede government
surveillance efforts.
2
October 19, 2010. Wiretapping and other eavsdropping devices. New York Times.
4
The tension between individual privacy and national security raises concerns about the
administration of the rule of law. The notion of the rule of law means that no one is above the
law and that the law protects everyone. Taken within the context of public administration, the
rule of law gives legitemacy to public management because public managers make themselves
accountable to constitutional principles, the agencies they manage, and the general public (Hill &
Lynn, 2009). In the context of cryptology, the U.S. government monitors e-mail and wiretaps
phone conversations of private citizens and businesses where law enforcement officials have
“reasonable grounds” to suspect terrorist or criminal activity (Gonzalez, 2006, 106). However,
monitoring is by nature classified, so there is no way to determine if government employees are
actually being accountable to the U.S. constitution, their agency, or the public.
Pros & Cons
The pros and cons of cryptology are perhaps equally weighted because it can be used for
both lawful and unlawful purposes. Regarding lawful use, the technology can protect consumer
privacy by protecting the electronic transmission of consumer purchases, banking, and e-mail
correspondence. Enhanced electronic security encourages e-commerce, or business transactions
over the internet, which supports the banking industry and the economy. Cryptology also
enhances cybersecruity because it is useful in the development of security software. Further,
cryptology can enhance international intelligence gathering and law enforcement operations by
intercepting information from other countries. Moreover, as increasingly more encryption codes
are broken, the field of cryptology whets the academic appetite of scholars to research and
publish.
On the other hand, cryptology can be used for unlawful purposes. It can be used to hack
consumer information or e-mail correspondence, whether individual to individual, government to
5
individual, or government to government. Cryptology technology can also be used to override
security software and disguise computer viruses. Equally, criminals with a sophisticated
understanding of cryptology can use it to further their unlawful purposes, including the hacking of
consumer data or government files. Moreover, developed countries are more able to control and
manipulate technologies like cryptology than underdeveloped countries.
Underdeveloped
countries are battling the ‘digital divide’ (Misuraca, 2009), the reality that many people do not
have access to computers or the internet, making it nearly impossible for them to participate in
the development of technologies like cryptology.
Summary & Recommendations
Cryptology is the field of technology that studies techniques for sending encrypted
messages. It includes cryptograhy and cryptanalysis. The United States government regards the
three as communications intelligence. In 1979, the scholar David Kahn argued that cryptology
was “out of the closet” because cryptology was no longer the monopoly of governments, but had
become public information. Now with the advancement of computers and the internet,
cryptology is truly international. However, since the technology may be used for lawful and
unlawful purposes, questions arise of how to regulate the technology. Technology case law is
not well developed which makes regulating it challenging.
A discussion regarding recommendations for addressing issues raised by cryptology
technology should be sensitive to context and involve stakeholder analysis. One of the
precursory acknowledgements to having an informed discussion about recommendations must
address the digital divide. Technological infrastructure is not equally distributed around the
world, and until it is, countries cannot equally use computers, mobile devices, and the internet.
Further, cryptology is a technological issue that affects the public, private, and non-profit sectors
6
on local, state, and federal levels, as well as across national and international arenas. Despite
such complexity, proposing recommendations in the short and long run is feasible.
In the short run, or in the coming years, encouraging collaboration among researchers in the
public, non-profit, and private sectors is perhaps the most fundamental recommendation. Because of
its familiarity with cryptology technology, the National Security Agency is the appropriate U.S.
government agency to initiate partnerships across sectors. These types of alliances should engage in
dialogue to identify shared definitions, concerns, challenges, and opportunities for cryptology
research. Further, the NSA should coordinate projects with universities as well as private sector
businesses in the United States to conduct research and share information. Doing so presents the
opportunity to combine knowledge and expertise to challenge the threat that hackers pose. The NSA
might also consider initiating an international dialogue with foreign governments to discuss
issues of regulation.
In the long run, or in the coming decades, centralizing responsibility and accountability for
the field of cryptology in one international agency seems possible. National governments might
consider creating an international agency to establish international legislation governing cryptology
and to conduct research. The agency should feature a committee with legal, international jurisdiction
to regulate the technology. Also, the agency should help combat the ‘digital divide.’ It would
manage a fund that all member countries would subsidize to support the construction and
maintenance of technology infrastructures throughout the world. Whether in the short or long run, an
implicit goal in the field of cryptology is for the codebreakers to keep up with the codemakers.
7
References
Ambulkar, J. 2010. Poly Substitution Method for Encryption and Decryption. International
Journal on Computer Science & Engineering, 2(5), 1810-1812.
Beaulieu, Y. 2008. Peirce's Contribution to American Cryptography. Transactions of the Charles
S. Peirce Society, 44(2), 263-287.
Coppersmith, D. 2000. Cryptography. IBM Journal of Research & Development, 44(1/2), 246.
Gonzales, A. 2006. Is the National Security Agency's Domestic Surveillance Program Legal?
Pro. In Congressional Digest, 85(4), 106-114.
Hill, Caryolyn J. & Lynn, Laurence E. 2009. Public Management: A Three-Dimensional
Approach. CQ Press.
Kahn, D. 1979. Cryptology Goes Public. Foreign Affairs, 58(1), 141-159.
Paul, D. May 2006. National Security Agency's use of phone records -- Winning lawsuits may be
difficult. USA Today.
http://www.usatoday.com/tech/news/techpolicy/2006-05-15-nsa-lawsuit_x.htm
Misuraca, Gianluca C. April 2009. e-Government 2015: exploring m-government scenarios,
between ICT-driven experiments and citizen-centric implications. Technology Analysis &
Strategic Management. 21 (3). 407-424.
Phan, R. W. 2007. Reducing the exhaustive key search of the Data Encryption Standard (DES).
Computer Standards & Interfaces, 29(5), 528-530.
Tsaur, W. 2011. Secure communication for electronic business applications in mobile agent
networks. Expert Systems with Applications, 39(1), 1046-1054.
Wu, H. C.; Wang, H. C.; Tsai, C. S. 2006. Multiple image sharing based on colour visual
cryptography. Imaging Science Journal, 54(3), 164-177.
October 19, 2010. Wiretapping and other eavsdropping devices. New York Times.
http://topics.nytimes.com/top/reference/timestopics/subjects/w/wiretapping_and_other_ea
vesdropping_devices_and_methods/index.html?scp=3&sq=national%20security%20agen
cy&st=cse
8
Related documents
Information Ethics and Security Management MGT
Information Ethics and Security Management MGT
plaintext version
plaintext version
Secret Codes
Secret Codes
CSC 2214 Cryptology and Coding Theory
CSC 2214 Cryptology and Coding Theory
Alan Turing (Shelby Guenette)
Alan Turing (Shelby Guenette)
Crypto
Crypto
Assignment No 1 What is computer security? Describe phases of
Assignment No 1 What is computer security? Describe phases of
Download
advertisement