Part 1: Cryptographic Algorithms

This week reading focused on three types of cryptographic algorithms: (1) Secret key, (2) Public key, (3) Hash functions. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied in network security. (For example SSL uses 3DES or DES for message encryption.) Use your own words. When you pick an algorithm, try not to repeat.

Part 2: Information Protection at Large

Cryptographic algorithms protect data at rest and during transit to some degree. By encrypting data, you are assuring that only authorized individuals or systems can read the data. Similarly by using integrity techniques such as hashing and message authentication code you are assuring no unauthorized person had made changes. In other words, you can think of cryptography as a means of access control. Cryptography alone is not sufficient for complete data protection.  For example, a person can walk into your computer room and physically destroy your data in your disk and other storage medium. Your computer room can be destroyed by fire or flood. Cryptography certainly does not address availability concerns. An insider can log into your computer systems and delete files or a row of data in your database. So, you need physical security; you need authentication and authorization controls in both hard and soft forms.   The questions for this second part of the conference then:  What methods/facilities are available to secure data in today’s systems? Have these methods proved to be adequate? So, this second part of this conference is to go beyond cryptographic techniques and think of other forms of protection information security needs.

Cryptographic Algorithms & Information Protection At Large