In this thought leadership piece by Chia Boon Quee, Chief Cryptography Officer, Cybersecurity, Electronics, ST Engineering, we will uncover the world of cryptography.
In his course of over 20 years in information security, he has led the technical team on network security products, served as a lead security architect and technical lead for many classified projects and commercial products including encryptors, data leak protection solutions, cybersecurity systems, with a core focus in cryptography. One of his achievements is the development of the world's first OS-less, highly failsafe and extensible IP encryptor that delivers premium high assurance against cyber adversaries, which has become a core security architecture in the development of subsequent encryptors.
In recent conversations with fellow technologists, we conclude that cryptography is the least understood area in the business world and at times, even in the cybersecurity arena.
We have frequently seen in the news that most business leaders are unsure of whether their company data is encrypted. It is only when data breaches or in time of threats, that this question surfaces.
One thing for sure is many people do not realise that cryptography has been around for years, and is a cornerstone in safeguarding our day-to-day digital access, transactions and operations.
Cryptography is a technique of transforming and transmitting confidential data in an encoded way so that only authorised and intended users can obtain or work on it.
But, with the proliferation of cloud, Internet of Things (IoT) and quantum computing, how can we best leverage cryptography? Strong and resilient large-scale of cryptography is needed to manage this huge distributed network of interconnected devices, which are small and limited processing capability. This gives rise to the demand for research in lightweight cryptographic techniques that are extremely efficient in both power and memory usage.
Cryptography in Cybersecurity
Cryptography leverages mathematical theories and computer science to develop cryptographic algorithms designed around computational hardness assumptions. While it is theoretically possible to break such a system, strong algorithms ensure that this remains infeasible with today’s technology.
Cryptography addresses key issues such as confidentiality protection, data integrity, nonrepudiation services, authenticity and key exchange agreement. The common applications of cryptography include end-point security solutions (e-banking, e-government), perimeter defences of enterprise infrastructure for secure remote access, identity management services (smartcard access, OTP services, e-passport), link security for wireless access, port-based network access control, key management system, and cryptocurrency or e-ledgers.
Strengths vs Weaknesses
Assessing the strengths of cryptography, a well-designed and implemented cryptosystem proved to be resilient against access by external entities. With this guarantee, it enables connectivity over common shared public infrastructure, giving rise to the high adoption of secure cloud-based solutions and virtual private networks.
While cryptography on its own does not exhibit any weakness, is a need to understand specific encryption schemes and their various limitations clearly to prevent any vulnerabilities in designing cryptosystems. Most weaknesses hinge on either unsecure implementation that results in an exploited system, through a software vulnerability or a method that results in a weak key being generated. Given the pace of technology, cryptography protocols will face new attacks as researchers discover new ways of circumventing protocols. With advancements in computing prowess and new technologies such as quantum computing, it is important to keep abreast of the latest developments, as algorithms will become breakable over time.
Potential Evolvement of Cryptography
As we look ahead to the next technological wave, the impending realisation of practical quantum computers that can solve complex problems beyond the reach of today's best computers means that post-quantum cryptography standardisation and certification will need to address very soon.
With increased security embedded in Internet of Things (IoT) devices, leakage resilient cryptography will be an important area where such devices are subjected to vulnerability assessment through non-invasive attacks to make these devices reveal keyed in information or bypass the protection mechanism.
Homomorphic encryption is another interesting area that allows computation to be performed on encrypted data, ensuring that data remains encrypted in memory even when in use, which is useful on cloud platforms; to perform search queries and transactions without the need to access to sensitive data.
It would be interesting to see the evolvement and deployment of cryptography. As our unsung cybersecurity hero, I believe that cryptography can be further harnessed to protect our identity, digital assets and exchanges in ways that we have not imagined.