Modern life revolves around digital data and a myriad of elements of society need data to flow between humans, machines, services, and increasingly also autonomous systems. In many ways, our modern lifestyle and economy is impossible without reliance on digital infrastructure and services that support this lifestyle. As connected networks and exchange of information increases, many of these digital services have become critical to sustain for whole sectors of economy and society at large.
We read quite frequently about disruptions in finance, healthcare, government, manufacturing, caused by malfunctions but more often from cyberattacks. The consequences of these disruptions can cause severe damage to society from the loss of critical services, the erosion of trust, to direct financial loss and potential dangers to national security.
Cryptography provides the foundation for IT security
At PrimeKey we are dedicated to providing products and services that protect the digital society and we are currently one of the major cybersecurity vendors. There are many areas in cybersecurity, and our focus is within PKI, digital signing and applied cryptography.
Cryptography is an area of science that looks at the techniques for secure communication in the presence of adversarial behavior. Cryptography provides us with the mathematical foundation for the three pillars of IT security that we always need to keep in mind:
- Confidentiality - assure that only intended persons or entities can read the data
- Integrity - assure the completeness and immutability of the data
- Authentication - assure the identity of parties that communicate
In the literature on Information Security, one can see that the third pillar is called Availability, not Authenticity. We do not disagree at all. Informally, from the perspective of cryptography as a science, availability is there or it is not. If not, there is nothing that science itself can do about; but if there is ability to communicate there then it almost certainly would need some form of authentication.
Cryptographers – the scientists that devote their talents to advance the field of cryptography – give us many useful tools to work with when implementing the above-mentioned pillars namely: algorithms (how a party should process the data); protocols (how parties should interchange the data) and keys (secret data that a party or parties keep protected when performing algorithms and protocols).
Cryptographers also spend lots of time in analysis of the algorithms and protocols to make sure they hold the water. Many of you may have seen the movie “The Imitation Game” about Alan Turing and his extraordinary contribution during World War II. (Before what the movie deals about, Turing had laid mathematical foundations for computer systems. We really owe this extraordinary man a lot!)
Applied cryptography is essential to the modern world
In the time since the WWII, cryptography has flourished with so many interesting and usable contributions, that its applications have become literally essential to functioning of the modern world. The subfield, cryptoanalysis has flourished as well, revealing devastating errors in some algorithms and protocols, or delivering proofs that some other are watertight beyond any doubt, and everything between. (There are so many good online resources to read, I would encourage you to visit Wikipedia and perhaps support its mission. As a teaser, let me just mention that presently hot buzzword “Zero Trust”, seems not got coined by a marketeer - instead by a cryptographer).
The bottom line here is that this branch of science has rapidly developed in the last 50 years; and much like other branches of science driven by overall advances in IT industry, delivering delightful benefits for society at large. The applied cryptography has been adopted and is used by everyone - from governmental agencies that are often the early adopters, from innovative and disruptive enterprises to traditional verticals – everyone benefits from digitalization, cost-savings, and automation – and all these ought be done in a secure manner. Most important is the effect on the economy at large – all kinds of enterprises apply these advances in widely useful manners, hence creating value to the users/stakeholders/taxpayers.
Must-have qualities of applied cryptography
There is seemingly a paradox here – when the cryptographic techniques are applied in the “right way”, be it as a fundamental part of a product or service, as a regulatory conformance, or a tool to scale up business – the applied cryptography is at its best when the users don’t see much of it – “things just work for them”, "folks can rely on this stuff".
This is the intro for the short series of blogs where we will investigate that apparent paradox and what are its qualitative ingrediencies:
- How we make sure things work even when shaken, pushed or stretched – the robustness;
- How can we replace part of an engine while still operating it – the agility; and
- How we provide “everyone” and “everything” with the right tools to keep them safe do whatever their job is – the ubiquity.
Here at PrimeKey, now being a part of Keyfactor, we have many deeply skilled people, who devote their time and talents on the nuts and bolts of cybersecurity to make sure we deliver on these three qualities when implementing our PKI and Digital signature solutions, and we always strive to improving on them.
Why? Well, if we think big – it is these qualities that our customers expect from us, as they profoundly rely on us to make sure that they can sustain and grow their business in a secure manner.
This is what I nowadays spend lot of time at PrimeKey – to get our technologies to as many as possible customers/users, to deliver the best possible value to our customers, all while keeping the required interactions with the users/administrators (or any human in general) at minimum.
Stay tuned as we in the next blog post will dig deeper in the area of cryptography and robustness. See you soon!