Question

What specific concepts from the ones listed below do you find the most interesting and/or impactful to Cybersecurity? Explain the concept thoroughly, explain your position (e.g. why is it impactful to the field of Cybersecurity and/or so interesting to you) and provide several examples that support your argument.

Applications of Cryptography and PKI

Trust relationships

Password guessing / cracking

Public Key Infrastructure

Certificates

Key Management (creation, exchange/distribution)

Common Cryptographic Protocols

Types of Attacks (brute force, chosen plaintext, known plaintext, differential and linear cryptanalysis, etc.)

Implementation failures

Answer 1

From the above list Key Management (creation, exchange/distribution) plays a impactfull role in cyber security.

KEY MANAGEMENT

Key management in cryptography refers to the management of cryptographic keys such as creation and exchange of keys involved in crypto. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level. Key management also involves keys at server levels and some cryptographic protocols.

There are three primary types of keys that need to be kept safe

• Symmetric keys
• Private keys
• Hash keys

In cryptography it is a very tedious task to distribute the public and private key between sender and receiver. If key is known to the third party, then the whole security mechanism becomes worthless. So, there comes the need to secure the exchange of keys and storing of keys.

Several challenges IT organizations face when trying to control and manage their encryption keys are:

1. Scalability: Managing a large number of keys.
2. Security: Vulnerability of keys from outside hackers, malicious insiders.
3. Availability: Ensuring data accessibility for authorized users.
4. Heterogeneity: Supporting multiple databases, applications and standards.
5. Governance: Defining policy-driven access control and protection for data. Governance includes compliance with data protection requirement

My Thoughts

The main pillars of cryptography are cryptographic protocols and key management. How strong the protocols may be the keys generated could be strong enough. It is of atmost importance to safe guard the key while storing and exchanging keys as these are prone to thirdparty access and can be easily modified are stole. It is as important and hard to implement perfect cryptographic protocols for creation and usage of keys. These facts makes the management of keys challenging and requires the mind of an intruder to rectify most of the possible flaws.

Eg:   

• Evesdropping - If the keys are to be stored on the client side are to be transfered for processing and it is not properly encrypted or the transmission medium is public then there is a higher chance of keys to be stolen by man-in-middle.
• Unsecure Encryption - Encryption plays a major role in storing of keys as this provides access to the keys only to corresponding entities. If the encryption algorithm is weak the chances of leakage or theft is high.
• Dynamic security - If the keys are secured using static encryption algorithms and the key gets leaked then the total sytem will be vulnarable. Hence it is of atmost importance to use dynamic encryption, So if the key is leaked or hacked and decrypted. The pattern cannot be traced back and reverse engineered.