In the current age, both individuals and organisations find themselves depending so much on digital information. Most of this information is critical in the day to day operations of the parties involved. Such sensitive information can be abused if it lands in the wrong hands. That is the reason cryptography or the science of encryption is designed to help protect vital information.
Best Practice in Applying Cryptography
Policy and Technology
The primary goal of policy and technology is to enable a framework in which to provide the much required information. To achieve this, the application of good policies in combination with the best technology will be the driving force to ensure the ultimate goal is achieved. In accomplishing these two, security must not be compromised.
Removal Media Encryption
The encryption strategy adopted is only as good as the technology that underlies it. Easily cracked encryption algorithms are not worth the space on which they are written. Ensure that the cryptography adopted meets the industry’s gold standard of encryption techniques.
Users will often forget their passwords and thus be locked out, and being unable to access vital information. To ensure security is maintained, a quality encryption solution should provide administrators with the necessary tools for straightforward data recovery. Whenever a password is forgotten, authentication will be done through asking the end user to provide the correct answer to a number of alternative questions (Peterson, 1996).Ensure that, cryptography is kept simple and centralize.
Non expert users of cryptography
The typical users of a wide range of internet applications such as emails, web browsers, document management systems and asset management systems are not experts in cryptography. However, they must use cryptography to safeguard their work. Generally, these users will be confronted by issues related to: Risk and value, Deployment problems, Endpoint security and Trust problems
Risk and Value
Risks can be classified into three groups:
• Risks best mitigated by user-visible applications of cryptography;
• Low risks; and
• Risks which are mitigated by legal, societal or other technological measures.
Risks which are mitigated by Legal, Societal or other Technological Measures
The remaining medium or high risks can be mitigated by other means. The mitigation in all these cases is that, the parties have recourse to the legal systems, where courts would be asked to decide if a contract existed (Peterson, 1996).
Mitigations are sometimes undermined in practice. This happens in two different ways:
• Absence of personal and organizational information for the need for cryptography; and
• Abuse and misuse of that cryptography.
The first point applies to both the selection and implementation of suitable systems by the organisations, as well as actual use by different end users. There have been campaigns about the knowledge, as well as technological and regulatory issues. Mitigation of risk using cryptography is also undermined by intentional or accidental misuse (Boneh, Franklin, 2003)
The various applications of cryptography must make sense in a particular context in which they are applied. The legal framework often does not demand any cryptographic mechanism. A significant exception is the use of encryption to ensure data confidentiality, particularly for removable media. In general, the potential security issues are essentially peripheral to the user’s concerns.
Peterson. (1996). Boosting Cryptography’s Role in Security Science News vol.149, No.23
Blanchette, J.F. (2012). Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents. MIT Press
Bohme, R. and Gross L., J. (2011). The security cost of cheap user interaction. New Security Paradigms Workshop
Boneh, D. and Franklin, M. (2003). Identity-based encryption from the well pairing. SIAM J. of Computing 32, 3, 586–615
Dent, A.(2006). Fundamental Problems in Provable Security and Cryptography Philosophical Transactions vol.364,No.1849.