The first time I learned about cryptography, at least at its most rudimentary level, was in the 1983 movie A Christmas Story. I won’t opine on how this is likely one of the greatest Christmas movies of all time (Rotten Tomatoes has it at #19, which is practically a crime). Now, as someone in the privacy and security space, I encounter cryptography all the time — as do you, even if you don’t actively think about it. But what does a cybersecurity analyst do in cryptography? Isn’t that more for developers than analysts?
Yes and no. But we’ll get into more detail after defining a few terms.
Decoding the Basics: What Is Cryptography?
At its core, cryptography is the science (and partially the art) of securing information by transforming it into a coded format. This ensures that only those with the correct key can decode and read the information. It’s like sending secret messages that only your best friend can understand.
That’s an incredibly rudimentary overview, however. In today’s terms, cryptography is incredibly complex, with multiple types used in modern cybersecurity:
Symmetric key cryptography
Also known as secret key cryptography, this method uses the same key for encryption and decryption. A close analogy would be having a door that requires a key to lock and unlock on both sides. Slightly tedious, yes, but as long as nobody else has the key, you’re fairly well protected (assuming nobody breaks the lock, of course, which can be done).
Common algorithms include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).
- Use Cases: Encrypting data at rest, securing communications within closed systems.
- Pros: Fast and efficient for large amounts of data.
- Cons: Key distribution can be challenging since the same key must be securely shared between parties.
As Newsoftwares.net notes, if the keys fall into the wrong hands, well, you’re pretty much screwed. Hackers have easy access at that point.
Asymmetric key cryptography
This type uses a pair of keys—a public key for encryption and a private key for decryption. I like doors, so we’ll continue the door analogy. This is like having a door with a mail slot. Anyone can drop mail inside (public key), but there’s only one way to unlock that door to get the mail sitting on the floor (private key), with the assumption that your dog hasn’t already ripped it into shreds (sad face key).
RSA and ECC (Elliptic Curve Cryptography) are popular asymmetric algorithms.
- Use Cases: Secure email (PGP), digital signatures, SSL/TLS for secure web browsing.
- Pros: Solves the key distribution problem of symmetric cryptography.
- Cons: Slower than symmetric encryption, computationally intensive.
As reported by GlobalData via Verdict, Blackberry has the most patents in this area.
Hash functions
Hash functions convert data into a fixed-size string of characters, which is typically a digest that represents the original data. In an effort to stretch this analogy far beyond common sense, this would be like a door where both the key and the lock mechanism change after you insert and turn the key. Also, once you enter the door, that door disappears, and you’re stuck on the other side.
Common hash functions include SHA-256 and MD5.
- Use Cases: Password storage, data integrity verification.
- Pros: One-way functions; it’s computationally infeasible to reverse-engineer the original data.
- Cons: Vulnerable to collision attacks if not properly implemented.
One of the biggest benefits of hash functions is fact that they offer significant protection for users. I can demonstrate this easily using my own leaked password data, as indicated using Surfshark’s useful data leak checker.
You can see the difference between what happens when a site uses hashed passwords:
Versus what hackers can get from a website that doesn’t use hashed passwords:
Stolen data is common these days, but when hackers can only get hashed passwords, they can’t do anything with that data. Conversely, if they get unhashed passwords and usernames, they can waltz right into user accounts.
(And…before you start commenting on my Myspace account, this email address was old, and yes, I did use Myspace.)
Cryptographic protocols
Protocols like SSL/TLS and IPSec use a combination of the above methods to secure communications over networks. As far as my door analogies go, just imagine them all mashed together into some Frankendoor with a weird lock that traps you inside after you’ve entered.
- SSL/TLS: Secures web traffic between browsers and servers.
- IPSec: Secures internet protocol communications by authenticating and encrypting each IP packet.
What Cybersecurity Analysts Do in Cryptography
Now that we’ve brushed up on common cryptography and its uses within account and site security,m let’s dig into what a cybersecurity analyst (either you or someone on your team) would need to do personally within the real of cryptography. This isn’t always straightforward, but it’s important to understand.
1. Implementing cryptographic solutions
Cybersecurity analysts design and implement cryptographic systems to protect sensitive data. This includes setting up encryption protocols for data at rest and in transit, configuring VPNs, and managing encryption keys.
- Example Practice: Deploying SSL/TLS certificates to secure web communications, ensuring data exchanged between users and servers is encrypted.
2. Performing cryptanalysis
Some cybersecurity analysts delve into cryptanalysis—the practice of breaking cryptographic codes. They analyze existing cryptographic systems to identify vulnerabilities that could be exploited by attackers.
- Example Practice: Testing the strength of an organization’s encryption by attempting to crack hashed passwords using tools like Hashcat.
3. Managing encryption keys
Effective key management is crucial in cryptography. Analysts are responsible for the generation, distribution, rotation, and revocation of encryption keys.
- Example Practice: Using a Key Management System (KMS) or a Credential Management System (CMS) to securely store and handle cryptographic keys, ensuring they are only accessible to authorized personnel.
4. Developing security policies around cryptography
Cybersecurity analysts create policies and guidelines for the proper use of cryptographic tools within an organization. This ensures compliance with legal regulations and industry standards.
- Example Practice: Drafting a policy that mandates using AES-256 encryption for all sensitive data stored on company servers.
5. Educating and training staff
When we think of “cybersecurity training,” we usually just picture those cyber awareness courses we’re forced to take yearly at our respective companies. (As a cybersecurity advocate and writer, I’ve tended to breeze through these topics.) However, we’re talking about a different type of training that focuses specifically on the IT and Net Admin staff. These training sessions or courses often educate other team members and departments about the importance of cryptography and how to use cryptographic tools correctly.
- Example Practice: Conducting training sessions on how to use encrypted email services or secure file transfer protocols.
6. Incident response and forensics
In the event of a security breach, analysts use their knowledge of cryptography to decrypt and analyze compromised data, helping to identify the scope and source of the attack.
- Example Practice: Decrypting logs and communications that were encrypted to investigate the details of a security incident.
There are many decryption tools available on the market for analysts to use, with varying levels of success. Of course, free decryption tools abound, although, you know how it goes with free tools. Take them with a grain of salt, and don’t rely on them. Good security starts with preventing ransomware instead of responding to ransomware.
Code Breaking for Fun
Nobody wants to be in a real situation where you have to try to decrypt some type of encrypted files. But there are some ways to actually have fun doing it in simulated environments.
The NSA codebreaker challenge
The NSA Codebreaker Challenge is a prime example of how cybersecurity analysts engage in cryptography. This annual competition presents participants with realistic, NSA-level problems that require both cryptographic and analytical skills to solve.
Obviously, this one isn’t for the faint of heart. These are fairly hardcore codebreaking challenges. But, if you’re good at it, becoming an ultimate “code breaker” (not to be confused with the anime Code:Breaker, by the way, since I’ve found these two things tend to get confused in Google’s search algorithm) will help set you apart from the large and growing number of analysts around you.
Cryptography in threat intelligence
Cybersecurity analysts often analyze encrypted communications used by threat actors. By understanding cryptographic methods, they can decrypt intercepted data or at least understand the encryption patterns being used.
For example, you might find yourself monitoring network traffic for signs of steganography—a method where information is hidden within other non-secret text or data. Many modern network monitoring tools, such as Datadog’s Network Monitoring software, can detect and alert cybersecurity analysts to steganography within network traffic.
Given the rise in ransomware attacks, detecting hidden data is more important than ever. Hackers may even hide malware in image files, among other data types.
How to Add a Cryptography to Your Cyberanalyst Skillset
Whether you’re trying to add “elite codebreaker” to your resume or trying to upskill your existing IT team to be more familiar with encryption and decryption, there are multiple routes to take here.
Educational resources
Cybersecurity courses are one of the best routes to becoming an expert in this area. Enroll in specialized courses focused on cryptography, such as those offered in master’s programs in cybersecurity. The type fo certifications you may want to explore include:
Practical experience
- Internships: If you’re still learning to become a Net Admin, seek internships offering cryptography project experiences.
- Research projects: Participate in academic or open-source projects that focus on developing or analyzing cryptographic systems.
Networking
- Professional organizations: Join groups like the International Association for Cryptologic Research (IACR).
- Conferences and workshops: Attend events focused on cryptography to learn from experts and stay updated on the latest developments. The IARC hosts many of these, but you can find others, as well.
We can’t discount the power of social media connections here, particularly through LinkedIn. Join different cybersecurity groups and ask questions, or follow professionals in this space. Here are some of the personalities you may want to follow who have the largest LinkedIn followings:
There are many more outside of LinkedIn, as well, including Phil Rogaway, a UC Davis professor who’s work on block ciphers is downright inspirational.
Embrace Cryptography as a Cybersecurity Analyst
The good news is that as a cybersecurity analyst, you don’t have to be an expert at creating ciphers. You just need to be skilled at applying them as a standard operating procedure at your company, updating the tools you use to ensure you’re utilizing the best encryption standards on the market, and monitoring your network to detect potential threats that may need quick identification and decryptions.
Just like Ralphie deciphering his secret message in A Christmas Story, but on a larger and more consequential scale, cybersecurity analysts working within cryptography are effectively network security guardian angels. They don’t just use cryptography — they ensure its robustness against ever-evolving threats.
Understanding the math behind ciphers is good, but you don’t need to knock your head against a wall; that’s rather complex mathematics that not everyone wants or needs to know. But understanding why encryption is necessary and making sure your organization is following industry-standard practices is worth every penny you spend on training yourself and adopting the right software to get the job done.
Source link