On Information Security — Secrecy
Secrecy seems to be the first concept that comes mind when people talk about security. Keeping secret involves act of setting the boundary. Smaller the boundary is, the more secure the information would be. As the system grows, it defines the party of shared secret. To this end, the system assumes two types of parties: friends and enemies; those who are not defined as friends are necessarily enemies. The objective is to prevent enemies from accessing the information while securing efficient line of communication between friends. In this setting, information security revolved around confidentiality, integrity, and availability. The basic idea is to provide information only to those who are necessary. Method of protection include concealment and physical access control. This methodology makes intuitive sense especially if there is no other means of protection.
Technology was originally developed as subsidiary to concealment. Among them, cryptography is a technique that transforms information into a useless form. The technique is as old as human civilization. For instance, Caesar wrote his secret letters using cryptography. He changed the position of the alphabet and had a key that signified the number of changes in position. In this case, the one who receives encrypted message will not be able to read the message since the alphabet is all messed up. In its primitive stage, however, cryptography alone was not sufficient to ensure the secrecy. For this reason, primary mode of security was still dependent on confidentiality. Cryptography was like a cherry on top. Moreover, cryptographic technology itself was heavily controlled since exposure of methodology could jeopardize the reliability of the system.
In 1886, Kerckhoff, who was Dutch linguist and cryptogrpher, posited six principles that are later known as Kerchhoff’s principles. These principle announced the birth of modern cryptography which drastically changed the information security. To summarize them, he said that:
- Cryptographic system should be indecipherable: What this means is that the system should be so difficult break that enciphered message will be sufficient to ensure the secrecy. In other words, encrypted message will no longer need to be guarded because the enemy will not be able to retrieve anything meaningful from it. This concept becomes the basis for the security premise of cryptographic systems.
- It should not be necessary to keep the system secret: Until then, everything about secret information was supposed to be kept in secret; not only message itself but also its source, destination, and algorithm that generates the secret information. Kerckhoff, however, declared that secrecy of the system should be separate from the secrecy of information. It allowed cryptographic system to be openly exposed to the public.
- System should be convenient to use: Kerckhoff argued that the system should be portable, communicable, and applicable so that its operation can be conducted without too much stress. It seems that he obviously considered that this technology should be used more widely than for secret letters of a few lords.
Kerckhoff’s principle as a whole is not limited to secrecy of information. As a general principle for cryptography, the principle can be applied to all concepts of security. However, it is interesting to note that Kerckhoff mainly saw the utility of cryptography in the military. In the military, a piece of information can literally cost lives. Leakage of crucial information, whether it be assembly point, attack time, or location, may jeopardize the success and failure of an operation. At the same time, the time is never on one’s side. If enciphering information and passing key is too difficult, no matter how secure the system may be, it would be practical for the purpose of communication. In other words, military is one of the most typical secrecy system. For this reason, cryptographic system were initially developed for the sake of secrecy.
Many nations were attracted to the idea of a system that could transmit information in both easy and secure way. Especially during the World War I and World War II, every nation tried to develop their own system of communication while the opposing nation wanted to break the enemy’s code. For a long time, the most practical use of computational devices were designed for encryption or decryption of military secrets. In fact, Allen Turing, the father of Turing Machine, was not only a code breaker during World War II, but also he contributed to creation of Colossus, a digital computer for codebreaking. In this way, cryptography flourished to ensure military secret.
The cryptographic system based on secrecy evolves into symmetric key cryptography. Symmetric key uses the same key for encrypting and decrypting the message. For instance, if party A would like to send secret message to B, A would encrypt the message with a secret key to make it unreadable. Then, B would decrypt the message using the same key to read the message. The security of the system is based on the premise that the probability of guessing the original message from encrypted message should be equal to the probability of guessing the original message without it. Claude Shannon calls this “prefect secrecy”. For practical purposes, however, it is much more viable to achieve the perfect secrecy by constantly changing the key. In fact, it would be the best if the parties used the same key only once, which was called one-time pad. Under this system, however, there should be an authority that should authenticate the identity of the parties and distribute keys for them.
As the technology developed, there were other attempts to develop algorithm that is not based on perfect secrecy of one-time pad. There are mainly two interesting technologies: Cryptographic hash function and steganography.
- Cryptographic hash function: It is also called one way trapdoor function. The idea was frequently tossed around in as 1970s but its designing principle and practical implementation were given much later. The basic is to first pad the message to make it to a group of uniform length, and apply rounds of symmetric cryptography. The result is fixed-length data that is unique to the input data. As consequence from these characteristics, there are two primary utility of cryptographic hash function: one is standardization and the other is tamper-proof. Standardization comes from the characteristics of fixed-length. It turns every data into a fixed length which saves the space and standardizes the saved data. Tamper-proof means one cannot change the original data that is already passed around. Because it is unique for each input, if anyone change the original data, the result will come out different from the initial data. In the end, however, cryptographic hash function still requires a way to exchange the result in a secure way. For this reason, by itself, either the result or the original needs to be kept in secret.
- Steganography: Steganography is often known under the principle of “Security through obscurity”. It can be said that the objective of cryptography is to obfuscate the message. Both sender and receiver of the message knows that cryptography is applied and needs the secret key to read the message. On the other hand, the objective of steganography is to conceal that there is a secret message to begin with. In other words, when one sends a file, one may hide a secret message inside the file. In this case, sender knows that there is a secret message hidden in the file whereas the receive may not even realize that there is a secret message. In addition, it requires a technology to find out the existence of the secret message. The most common usage of steganography is digital watermarks. It could prove the ownership or digital right that cannot be erased unless you are the original sender.
Secrecy is still a very important concept of security in the modern world. However, perhaps it is important to note that system of secrecy develops centralized authority. For one, secret system requires someone to decide friend from enemy. Second, it needs to decide the level of secrecy based on the level of sensitivity. Third, it needs to distribute keys to the secret. For security purposes, however, smaller the number of people who share the secret, the more secure it is. Then, it would be more secure if the controller tend towards smaller group. For this reason, the system develops centralized authority for control.