The pitfalls of cryptography
Cryptography refers to vital program used to protect computer information or data. They refer to sort of information that is intended to provide security from outside sources who might offer interference to their computer information or mobile phone data. The cryptographies differ in length, symbols used, and the level of strength they possess in attempts to offer security. The length of the cryptography does not necessarily determine its strength. The longer cryptography may be weaker than shorter cryptography; hence, the length of this tool does not necessarily infer its effectiveness. Since its invention, the tool has faced several challenges/pitfalls in its attempts in provision of the needed security to computer information and mobile phones data. When everything is done right, strong cryptography is very effective and powerful (Bruce, pg1). Individuals through numerous inventions have tried through all means to try to unlock the cryptography put in place by individual firms, organizations or personal cryptography. This has been made possible by exploitation of error of implementation, installation, or design of the cryptography.
Pitfalls against Cryptographic Designs
The strength of a cryptographic system/tool depends on its features; encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes. If any of the features is destroyed, the whole system is broken down. There is a possibility of designing a weak cryptographic system using strong algorithms plus protocols. Another pitfall under the attacks on the design is based on improper use of the system. This includes ignoring the value sizes, going against the rule of the system for instance reusing materials that are not to be reused according to the manual. Encryption algorithms do not mean integrity of the data. Different parties do not have similar same key even though they may possess similar exchange protocols (Bruce, pg 1-7).
According to research done on different levels under unique circumstances, there is a possibility of breaking down the systems in which the cryptographic keys are related or similar. This is possible against the fact that each unique key is secure. Random-number generation increases the likeliness of the pitfall of the cryptographic systems. This is because the process involved in designing random numbers is hard due to consideration attached to the use of hardware and software. Whenever cryptographic system is designed using weak random-number keys/digits/symbols, the system will always be susceptible to destruction thus easily broken by intruders. Another pitfall is directed at the random number generation through their commercial designs. One set of random-number keys may be suitable and secure for specific purpose while unsuitable for another use. This limits the essence of generalization of securities (Bruce, pg 1-7).
Pitfalls against Implementations
Some of the downfall of the cryptographic system is based on mistakes made during the implementation of the system. It is important to destroy plaintext after the encryption of the protocol keys. This necessity is not observed by other systems hence create room for breaking into the cryptographic systems. By leaving old information on the disks of the computer, the system’s chances of protection are lowered hence becoming in effective. Some cryptographic systems are infected with inability to differentiate between the key protocols. In such cases, two keys, one weak one and the other strong one protect the system. This type of system is very susceptible to break down by counterpanes due to confusion of information fed to the system by the two different key protocols (Keith, pg 114). Cryptographic systems also experiences vulnerability whenever there is an implementation of trade-offs to increase their level of usability.
This is based on negligence of the implications attributed to trade-offs in terms of the time accorded to the attacker to influence the system keys/protocols. Systems that are known to record affected keys on their hotlist are very helpful to attackers hence are susceptible to breakdown of the protocols/systems of cryptography. Cryptographic systems that are designed in a manner that the used keys can be recovered are easy targets to the attackers of the system. These systems do not enjoy the security benefits of the protocol keys since they serve long past their useful dates. The system of cryptography should be designed in manner that they only serve for a short time within which, they are useful and then be discarded after their useful time limit. The recovery of past keys also affects the vulnerability of the key database hence making them targets to the attackers (Gutmann, pg 206).
Pitfalls against Passwords
Other pitfalls of the cryptography are password related. Various cryptographic systems are vulnerable and easy targets to attackers because of their reliance on user-generated passwords. Most individuals lack the required knowledge/capability to develop/generate strong and effective passwords. This makes it easy for the attackers to figure out the password and break into the system. In cases where individuals use strong passwords, they often forget about it completely. It is much easier to break into a system protected by a password because individuals usually restrict themselves to certain number of symbols that are often in lower case. This makes the prediction of the password much easier than the random key digits. Even the use of phrases as passwords has proven to be weak hence increasing the chances of the attackers whenever they wish to break into the system (Paar, pg 406).
Pitfalls against Hardware
Attackers also target hardware whenever they wish to break into a cryptographic system. This may be based on the nature of the hardware in place or the accessibility of the hardware. Most of the hardware security used commercially relies on the assumption of tamper resistance. These kinds of systems hope that the hardware does not get into the hands of attackers or they land into places where there is no expertise required to attack the system keys. This assumption has failed to beat the attack aimed at the hardware system since the counterpane inventions used by attackers keep getting better hence are capable of counteracting the tamper-resistance assumption (Bruce, pg 1-7). Additionally counterpane used by attackers have been developed in a manner that they have the capacity to break into the hardware system by determining the radiation emitted, power consumed by the hardware and the other related channels affecting the system.
Pitfalls against Trust Models
Pitfalls of the cryptographic systems are also based on the trust attached to the protocols/system as a whole. The attackers take into consideration what is trusted within the system. The paradox of trust models follows that simple systems have low trust degree while complex systems have higher degree of trust. In the field of cryptographic systems, some of the protocols can be broken down by collaboration of two customers or partnership between the seller and the buyer of the system. Some of the inventors in the market come up with assumptions regarding the development of a system without falsifying the laid down assumptions. Some of the assumptions do not work hence the attackers take advantage of their negligence to break into the cryptographic systems in place (Chuvakin & Ward, pg 97). Whenever a trust model is not well elaborated, the attackers find it difficult to break into the system and infect the protocol keys.
Another pitfall occurs whenever developing firms make unrealistic assumptions about the safety of the computer, which are run by their systems. This false assumption is counteracted by the attackers with counterpanes that are able to read passwords from computers, which are protected by the cryptographic system. The vulnerability of the cryptographic systems is increased by connections through the internet. Whenever the system can be circumnavigated through internet notes, the likeliness of break by the attackers is enhanced.
Pitfalls against the users
Cryptographic systems may be designed properly but its users destabilize its effectiveness by accident or unknowingly. Some of the customers who use these systems also make the mistake of sharing their passwords or protocol keys. This makes it easy for the attackers to locate the keys/password hence have access to the protected computers.
Pitfalls against Failure Recovery
Cryptographic systems that allow the infection of the whole system by accessing one feature or disk are susceptible to attacks. Other system possesses the feature of default that is capable of being used to access the system. This is done by turning off the system and the rest is easy on the part of the attacker. Some systems also lack the ability to recover from disaster. Whenever they are attacked, they become useless hence considered wastage. These systems offer room for attackers to compromise the protocol keys.
Pitfalls against the Cryptography
In some cases, the reception of cryptography is not well with other systems. This is because they depend solely on the encryption algorithms. These systems are weak when faced with an attacker since the counterpane developers have in place devices and programs that are able to read this encryption thus exposing the protocol keys.
Attack Prevention vs. Attack Detection
Most of the systems development to act as cryptographic systems performs the task of prevention rather than detection. This allows the program to be vulnerable whenever they are attacked by a problem. These systems do not have the capacity to recover whenever they encounter an attack.
Ways on improving it
In order to prevent future pitfalls, cryptographic systems should be designed in such a manner that they are able to detect the attack and contain the extent of the attack. They should also be able to recover whenever counterpanes attack them. There should be proper implementation and application of the intended use of the cryptographic system. System should not operate solely on the encryption algorithms as this offers plenty of room to the attackers. There should be great care in handling the protocol keys/passwords by the users. In case of handing out their protocol keys/passwords to other people, a lot of awareness on the capabilities of the individuals being handed the information should be considered.
The systems adopted should not have elaborated trust models so the attackers do not have the necessary leakage to compromise the products/protocol keys. Cryptographic systems should be developed on tested assumptions to ensure that the assumptions apply in the real situations. In developing passwords for the system, strong and effective passwords that are easily remembered should be considered by the users. In designing the system, the inventors should ensure that compromising of one feature does not affect the other features or disks of the system covered by the product.
Works Cited
Bruce Schneier. “Security Pitfalls in Crytography”1998
Chuvakin, Anton, Branden R. Williams, and Ward Spangenberg. Pci Compliance: Understand and Implement Effective Pci Data Security Standard Compliance. Burlington, MA: Syngress, 2010. Internet resource.
Martin, Keith M. Everyday Cryptography: Fundamental Principles and Applications. Oxford: Oxford University Press, 2012. Print.
Caloyannides, Michael A. Privacy Protection and Computer Forensics. Boston, Mass. [u.a.: Artech House, 2004. Print.
Lim, Jong I, and Dong H. Lee. Information Security and Cryptology – Icisc 2003: 6th International Conference, Seoul, Korea, November 27-28, 2003 : Revised Papers. Berlin: Springer, 2004. Print.
Paar, Christof, and Jan Pelzl. Understanding Cryptography: A Textbook for Students and Practitioners. Berlin: Springer, 2010. Print.
Gutmann, Peter. Cryptographic Security Architecture: Design and Verification. New York: Springer-Verlag, 2002. Internet resource.
Thorsteinson, Peter, and Arun Ganesh. .net Security and Cryptography. Upper Saddle River, N.J: Prentice Hall PTR, 2004. Print.
