What exactly is cryptography?
In the actual, original sense of the word, cryptography means “secret writing”. In general one would speak of “encryption”. Today, however, the discipline of cryptography is much more than that, since data security cannot be ensured by encryption alone. Research in cryptography is mainly concerned with the following so-called protection goals: Confidentiality, integrity, authenticity, commitment.
These are, of course, abstract terms. Briefly explained:
Encryption: Making data unreadable for unauthorized persons;
Integrity: Ensuring that data cannot be altered unnoticed;
Authenticity: Securing the sender or owner of data;
Commitment: Non-deniability of a communication process;
Often the securing of a chronological sequence is also a further security feature.
A simple example of why confidentiality alone is not sufficient to guarantee data security: Let’s think of a functioning encryption method, which offers confidentiality but no integrity. This would mean that even if the data is illegible for a hacker, he could still successfully modify it so that during decryption, e.g. by the recipient of an e-mail, falsified data would come to light.
Can cryptography and data security be used as synonyms?
No, to ensure data security you need many security measures, cryptography is an important component. But topics such as system design, data protection and secure implementation strategies also play an important role in practice.
Data security only works in a holistic approach. This may sound aloof, but it is actually quite easy to understand: An IT system is only as secure as its weakest link. Sooner or later, hackers will always find the open gap in the system.
What are the myths about cryptography, which have been around for a long time?
Unfortunately, there are a lot of them, but this is in the nature of things. Cryptography is a complex topic, even the general computer scientist often has wrong ideas. Cryptographic methods can only be developed and implemented by experienced experts. Even these two procedures are usually filled out by different roles.
In politics, for example, backdoors in cryptographic products and their feasibility are often discussed. Especially in the USA, the well-known security expert and cryptographer Bruce Schneier fights again and again against demands for these backdoors, which in most cases are simply unrealistic or destroy the cryptography itself.
Why does cryptography play such a role in everyday life? If I send mails every day, does that already belong to cryptography?
Mails are exactly the negative example, since they are encrypted in less than 10% of cases. This is where the postcard analogy comes into play. Anyone who gets their hands on the postcard can read it. This also applies to e-mails. Although e-mails are generally transmitted in encrypted form today – German mail providers in particular joined forces a few years ago – in the end the e-mail still lies unencrypted on my provider’s mail server or on my computer, smartphone or tablet.
Fortunately, it’s easier in other areas. If, for example, you use online banking, you automatically use very good cryptographic procedures under most circumstances.
Think about it, that wouldn’t be the case: An Internet connection from your computer to the bank’s server runs on almost ten computers in Germany, so-called “hops”. And these are only the visible devices between you and the bank. Cables that are tapped or similar are not taken into account. This would allow many interventions in or accesses to your communication: from the mere inspection of your data to the modification (such as an online transfer).
Nowadays, cryptography is a large part of the defence against possible attacks.
Since passwords still play an important role in access security, cryptography is also of great importance here. There are procedures and standards for storing passwords securely. Unfortunately, these are still not used continuously today, as can be seen from the current IT news about system break-ins.
What trends do you see in cryptography for the coming years?
A very current trend is certainly the blockchain with Bitcoins as the most prominent representative.
The topic of quantum computers has been high on the research agenda for a long time. This is about a completely new approach of processors that would have such a much higher performance standard, at least for special tasks, that all currently used crypto methods and encryption algorithms would become insecure. Mathematicians, however, have already developed encryption methods that are so complex that they would also be secure on quantum computers. On today’s computers, these methods would take years.
Otherwise, more and more people and institutions are turning to encryption and data security in general, which ultimately benefits all of our data security. For example, due to legal standards, but also completely different things like Google rankings, today many more websites are accessible encrypted via HTTPS than three years ago.
Other areas where cryptography plays an important role are mobile payment methods, autonomous cars, smart home solutions and much more.
What are frequently used methods of cryptography? Garden fence method, Scytale, Ceasar encryption: are these methods used daily?
The mentioned examples are historical and had a meaning before the time of computers.
Modern cryptography works differently. An explanation would go beyond the scope here. Cryptographic methods are mainly developed in the discipline of mathematics and then implemented by computer scientists, physicists and others. This is done iteratively, since one often discovers weaknesses in the practical implementation, which in turn require a revision of the theory. As I said before, cryptography is a very complex topic.
Well-known methods that we all use on a daily basis, for example in Internet traffic, e-mail encryption (if you use PGP or S/MIME) or hard disk encryption are AES or RSA. Most Internet servers have an SSL certificate based on RSA. These are features that you can easily look up in any browser.
To give you an idea of what these methods can do: Unlike a simple letter exchange from Roman times, the aim of modern encryption methods is to make encrypted data look like random numbers. Without the appropriate cryptographic key, it is impossible to distinguish between a collection of random numbers and encrypted data.
Thank you for your time and interview.
Short biography Frank Hissen:
Computer scientist Frank Hissen studied at the Technical University of Darmstadt with a focus on IT security. He has been self-employed since 2009 and advises large and medium-sized companies as a security expert in software development and consulting projects. In the special field of cryptography, he creates specialist concepts and also develops independent, individual security solutions.
More information about Frank Hissen can be found on the website: