We use cryptography for many different purposes. In this video, you’ll learn about some of the most common cryptography use cases.
<< Previous Video: Perfect Forward Secrecy Next: Symmetric Algorithms >>
One of the challenges we have with today’s mobile devices is we’re limited by the amount of battery that we currently have available. There is a balance between providing security and being able to have a mobile device that will stay available to us throughout the entire day. That means on most mobile devices, we tend to use cryptography that is going to use less power. For example, we might use smaller symmetric key sizes, or we may use elliptic curve cryptography, which uses a lot less resources than traditional asymmetric encryption.
If we have an application that requires low latency, then we’re going to need a type of encryption that doesn’t use as much resources on the CPU. We need to be able to encrypt and decrypt this information very quickly. In those cases, we’re probably going to use symmetric encryption and use some smaller key sizes to keep the process as efficient as possible. If we’re concerned about the integrity of the data that we’re sending back and forth, then we’ll want to use an encryption method that is strong, that probably is using relatively large keys, and will probably include some type of hashing to make sure that we can check for data integrity once this information is transmitted.
One of the biggest reasons we use encryption is to make sure our data remains confidential. It is a secret and private method of communicating that no one else other than our recipient would be able to see. It’s common to use file-level encryption, drive-level encryption, or even encryption over our email to maintain this confidentiality.
There may be times when we’re sending information to someone else, and we want to be sure that the information they received is exactly the information we originally sent. This is called integrity, and it prevents somebody from modifying data as you’re sending it between two points. It’s common to use hashes to provide this integrity. You would take a hash of the data as you’re sending it, and then have the person on the other end perform the same hashing function and compare the two hashes to verify that nothing has changed during transmit.
We see this commonly used with file transfers to verify that a file transfer was successful. We also use this to store passwords. So we can store the password in a form that doesn’t show what the original password is, but we’re still able to perform a check to make sure that everyone is authenticating properly.
We can also use cryptography to hide data. We do this using obfuscation. Modern malware takes advantage of obfuscation by encrypting data and transferring it onto your system. Since the data is encrypted, it will hide itself from any anti-virus scanners that might be on your system. Once that malware executes on your system, it decrypts itself and then begins infecting your computer.
Cryptography is commonly used with authentication. We spoke earlier about taking passwords and hashing them so that we can store them on a system for comparison later. We will often combine our passwords with a random salt and create a hash of both the salt and the password. That way, if someone does gain access to our hashed password list, they’ll see that all of the passwords look completely unique, even if somebody was sharing the same password.
Another useful feature of cryptography is non-repudiation. That allows us to confirm that any information we would have received from a third party really did come from that third party. By using digital signatures, we can provide both integrity and non-repudiation of data that we might send to someone else.
As a security professional, you’ll find there will be many different kinds of cryptography in use in the enterprise. This is an ongoing balancing act of providing the right security but using the right type of resources. You’ll see this happen if you’re choosing a browser. You have to make sure the browser will support the type of encryptions you’re using on your web server. And the same thing applies for VPN-type connections that have a certain set of supported algorithms, and you have to make sure that your VPN concentrator is able to support the clients that you’re installing on your workstations.