7. The Bedrock of Cybersecurity: Cryptography “For our scenarios we suppose that A and B (also known as Alice and Bob) are two users of a public-key cryptosystem.” - Alice and Bob’s introduction to the world in “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems” by Rivest, Shamir, and Adleman In the real world, valuables like cash, gems, precious metals, and important papers are kept behind lock and key to create a barrier for would-be thieves. Even if the bad guys are able to get physically close to the bounty, they still have to breach the final barrier in order to get their hands on it. Banks purchase huge and expensive steel vaults to protect their cash reserves and safety deposit boxes. Businesses invest in secure rooms with sophisticated access controls. Homeowners buy safes and conceal them in the walls of their houses. In physical space, steel, safes, locks, and keys are synonymous with security. The analog to locks and keys in cyberspace is cryptography. Unlike physical space valuables, data cannot be discreetly stored and tucked away out of sight. In order for its value to be realized, it must be readily accessible. Physically securing a computer in a locked room is a good idea, but if the computer is online, the data on that computer is still vulnerable. Because of the connectedness of cyberspace, valuable data is tantalizingly close to being compromised constantly. Data of incalculable value swirls around the Internet all the time, passing through untrusted “hands” on the way from one endpoint to another. Cyberspace data cannot be secured by locking it up. Instead it is kept secure by temporarily transforming it into something inscrutable and useless. This is what cryptography does. The word cryptography comes from two Greek words meaning “hidden writing.” It is the art and science of scrambling and unscrambling information using a secret to keep it private. The goal is that only people possessing some secret knowledge would be able Chapter 7
RkJQdWJsaXNoZXIy MTM4ODY=