Cryptography is the practice of recording, storing and transmitting information in a designated format so as to shield its contents from unauthorized reading and understanding. The word comes from the Greek words kryptos (meaning hidden or secret) and graphein (writing).
The practice of cryptography has been around for a long time. Its earliest known use dates from 1,900 BCE in Egypt. Since that time it has been practiced by many including Julius Caesar, who used it to communicate with his generals. Perhaps the most famous example of cryptography is the Enigma device used by Nazi Germany during World War II.
In its simplest form, cryptography includes complex encryption methods by using a binary sequence called a secret key. Its purpose is to transform ordinary text (called plain text or clear text) into an unreadable format (called cipher text) — this process is called encryption. The opposite process (known as decryption) permits those who possess the secret key to decipher the cipher text into clear text.
In general, cryptography is used to ensure four security principles:
- Confidentiality: So no one can have the access to the message except the authorized receiver.
- Authentication: Proving the identity of the sender and the receiver and their information.
- Integrity: Ensuring transmitted data has not been altered by non-authorized access.
- Non-repudiation: A mechanism to prove that the sender cannot deny the shipment of messages.
Uses of cryptography
As we mentioned, cryptography is mainly divided into two types of processes (encryption and decryption). Along this line, there are three families of cryptographic algorithms that are categorized based on the number of keys employed for encryption and decryption.
- Secret Key Cryptography (also called symmetric key encryption): a single key (binary sequence) is used for both encryption and decryption.
- Public Key Cryptography (also called asymmetric key encryption): Uses two keys one for encryption and another for decryption. The keys are different and it’s impossible to calculate the decryption key from the encryption key. This allows the sending of messages that can be read only by the recipient.
- Hash Functions: One-way encryption that uses a mathematical transformation to irreversibly alter the information without any key.
Cryptography today is a crucial aspect of securing communication in various fields (electronic world, authentication, web, cellular phone, e-mail and so forth), especially when communicating over an untrusted network. This is particularly needed with the advent and spread of the internet as more private and personal information is transmitted between parties.
Encrypted codes are all around us — we just don’t pay attention to them. One example is when you use a banking ATM — the magnetic strip on your card is decrypted (decoded) by the computer and relayed to the bank, the bank reads it and permits you to make a cash withdrawal. The same principles apply to online shopping, an increasingly common practice, and even video games.
Role of a cryptographer
Most people think of cryptography as a fun game: a set of puzzles involving communicating parties and notional adversaries. This blithe image of a cryptographer is divorced from real-world concerns that have the potential to lead to disastrous results.
Cryptography is a highly interdisciplinary area that is challenging and mentally demanding as the cryptographer’s every activity is designed to ensure the safety and security of data using encryption and decryption methods and tools.
A good cryptographer is highly intelligent, focused, and tenacious and enjoys solving challenging puzzles. Individuals should also enjoy designing and developing cryptographic algorithms, protocols and systems. An extensive knowledge of mathematics and computer science is certainly a bonus. We see an example of this sort of person in the 2014 movie The Imitation Game, about pioneering computer scientist Alan Turing.
In the movie, as in real life, Nazi Germany is using the Enigma machine to send secure communications to their submarines. The British government wants to crack the code and in order to recruit potential cryptographers place codes and puzzles in newspapers and magazines, telling people that if they “can solve them, to let the government know so that they can help with the war effort.”
Cryptographers work for government agencies, militaries and private businesses, and their responsibilities vary depending on the organization. Working in law enforcement may be a matter of life and death requiring cryptographers to identify and decrypt communications between criminals and terrorists. On the other hand their duties can be as mundane as working for an entertainment company and finding ways to prevent gamers from hacking the game to get unlimited ammo.
Regardless of the enterprise, a cryptographer always has two job responsibilities — protect information and data; and decode encrypted messages. Their daily job duties typically fall into, but are not limited to, four general categories:
- Identification and analyses — Constantly analyzing a system in order to identify threats and vulnerabilities.
- Development — Developing and deploying cryptographic systems and algorithms by using mathematical models to encrypt and secure data.
- Encryption and decryption — The coding and decoding of files, messages, and electronic transmissions for secure transmission.
- Maintenance — Monitoring technology and advances in tools and methods.
Becoming a cryptographer
Cryptographers come from a variety of backgrounds and are able to understand and converse over a wide range of topics. They must have solid skills in communication, critical-thinking, problem-solving and the ability to use computers, optical drives, and scientific, analytic and programming software.
At a minimum, candidates should possess a bachelor’s degree in mathematics, computer science or computer engineering or a related discipline. (Writing secure code is something that they should enjoy doing.)
Advanced degrees in mathematics or computer science are very beneficial to a cryptography career and seen a plus by potential employers. Serious cryptographers do usually have advanced degree in cryptography. This degree is a great way for a student to gain valuable hands-on experience.
In the event that you don’t have a technical degree, you may still be able to develop your own expertise with extensive training and work experience. One venue that is important for would be practitioners is gaining experience in the field. A favorable option is to volunteer with reputable organizations. This shows potential employers that you enjoy the work, and are willing to do what it takes to gain expertise.
Salaries for cryptographers in India currently range from ₹20,000 – ₹26,000 a month depending on experience and credentials.
Cryptography is a newcomer to the world of information security accreditation. Some certifications, like CISSP, do include sections on cryptography, but thus far the EC-Council is the only institution to offer a certification dealing specifically with encryption — the Certified Encryption Specialist (ECES). ECES gives professionals and students a foundation in modern symmetric and key cryptography. The course covers the following areas:
- Encryption Standards and selecting the best standard for your organization
- Pen-testing knowledge in encryption
- Deployment of encryption technologies
- Best practices when implementing encryption technologies
Examinees must complete a 3-day course prior to sitting for the exam, or prove two years of information security experience. The exam itself consists of 50 multiple-choice questions to be completed within a two-hour time period. A score of 70 percent is required to clear the exam. For complete requirements and information on the ECES exam, click here.
If you like puzzles, are highly-intelligent and enjoy the challenge of protecting the electronic assets of individuals and entities, then the field of cryptology may be calling your name.
Hasna Elkhannoubi also contributed to this article.