Design Process of a Cryptosystem

It’s extremely important from a practical security perspective to recognize that the primitives themselves must always be considered as part of a process rather than isolated mechanisms.

Selection or design of a primitive

The selection of a cryptographic primitive depends on the application requirements. For example, with respect to the selection of an encryption algorithm, this part of the process may involve asking questions such as:

• Should we use symmetric or public-key encryption?

• What requirements and restrictions on the key length exist?

• Should we adopt a publicly known encryption algorithm or develop our own proprietary encryption algorithm?

Throughout our discussion of cryptographic primitives, we’ll investigate some of the properties which influence this selection (design) process.

Note: In many cases, the financial or operational constraints may dictate the use of certain primitives. For example, an organization might be forced to use a specific primitive in order to comply with a relevant application standard.

Mode of use

Cryptographic primitives can be used in different ways in order to achieve different security goals. For example, symmetric encryption algorithms can be used as follows:

• They can be implemented in specific ways in order to achieve particular properties.

• They can be used as the basis for the design of other cryptographic primitives that block ciphers can use to design hash functions and message authentication codes.

• They can be adopted as cryptographic protocols to provide different security services.

Implementation

As anyone with practical security experience will know only too well, security technology is worthless without careful implementation. Developers don’t always understand cryptography and how to use it. There have been many instances in the past of basic errors being made at the implementation stage, which have later had disastrous consequences. Two potential problems with cryptographic implementations are the following:

• Implementation tricks: All cryptographic primitives slow down an application, and some cryptographic primitives (particularly public-key primitives) do so substantially. This has led to the development of various implementation ‘tricks’ to speed up certain cryptographic primitives. It’s important that these are done in a way that that doesn’t inadvertently affect the security of the primitive itself.

• Backwards compatibility measures: Developers sometimes make provision for backward compatibility, which allows an application to be used with legacy systems not running the latest version of the software and/or hardware. Making such provisions can sometimes result in parts of a cryptographic mechanism being bypassed.

Also of great significance to the resulting security of a cryptosystem is whether its implementation is in software or hardware. Software-based cryptography is much more vulnerable to attacks since the primitive and its keys will typically reside in memory on the computing platform. For example, malicious code on a platform might seek to locate and export cryptographic keys. Hardware-based cryptography is generally more secure, with the best protection being provided when specialized hardware security modules are deployed.

Implementation security, including the development of secure software, is a topic of more general significance and is one that should be studied as part of any wider information security education.

Key management

The management of the cryptographic keys used by a cryptographic primitive is a vital part of the cryptographic process.