Cryptography sounds like a new word, but it is actually Greek for “secret writing.” The concept of cryptography is also even older, since the Egyptians used nonstandard hieroglyphics from 1900 B.C. In a certain sense, the concept of writing was a way to communicate in secret, since those who did not know how to read could not understand what was being communicated. Today cryptography allows us to take the existing business and social constructs of the face-to-face world and to adapt them to the world of networks. For most people, they are not aware of the role cryptography plays in their daily lives; however, if you ever shop online, use a credit card in a store and/or have a bank account, it is because of cryptography, which prevents fraud of electronic commerce and assures the validity of numerous financial transactions.
Good cryptographic systems strike a balance between what is possible and what is (humanly) acceptable. Unfortunately, bad cryptography looks exactly the same as good cryptography to the uninitiated. Cryptography by itself is not very useful, but needs to be part of a larger system, and is a small, yet critical part of that system. It is the technology that provides or prevents access to some people but not to others. Unfortunately, people concentrate too much on the cryptography of a system – which is the equivalent of strengthening the strongest link in a chain.
“Security is only as strong as the weakest link.”
Cryptography is actually a very difficult discipline. As part of a system, it is vulnerable to the weakest link, it is subject to attack, and there is very little formal testing methodology. Cryptography also has several basic functions that all play different yet critical roles in securing information:
- Authentication – Asks “Who are you?”
- Authorization – Determines “Where are you allowed to go?”
- Confidentiality – Make sure that privacy is maintained using encryption
- Integrity – Making sure that information is not changed or modified
- Non-repudiation – Making sure that one cannot refute the validity of a statement or contract
In biological and social terms, we as humans do these things unconsciously on a daily basis. When we talk to someone on the phone, we usually can tell who is on the other end of the line. When we tape a box or sign a contract, we do many of these actions automatically; however, in order to replicate these very important actions in the virtual networked world, we need to find cryptographic methods to carry out the same results.
actually goes back many centuries. From writing, to mechanical, to electronic, to programmed and, lately, to mathematical systems, such as public key as well as quantum based methods. One of the more successful early forms of cryptography
was the Caesar cipher encryption
method. People (mostly kids, but sometimes criminals) still use this method today – where one substitutes one letter for another. Other encryption
methods of note include the One-Time Pad (OTP) that was first developed in 1917 in time for World War I.
The OTP is actually one of the few unbreakable forms of encryption
, but it requires a cumbersome pad to be carried around. Encryption
made great leaps in the 1920s, again, just in time for World War II,
with the development of mechanical cipher systems, such as the Enigma (Germany), M-209 (US), TYPEX (UK) and Red/Purple (Japan). Many of these systems were very good designs, but like all forms of encryption
, they had to be used exactly like they were prescribed. Any deviation and the adversary usually found some weakness to exploit
Modern advancements in cryptography
were recently developed for use by the government and/or military who were secretive
about their mistakes. For commercial systems, I believe the biggest leap in cryptography
took place when the burden of a financial transaction
switched from the customer to the bank. Specifically, in the early days (1980s) of cash machines or ATM’s, customers who found erroneous transactions using these machines (i.e., there was money deducted when they were at home), it was the burden of the customer to prove that they “did not”
do it–obviously, very difficult from the customer’s viewpoint. This changed with a landmark case “Dorthy Judd v. Citibank.”
Essentially, Citibank lost this case, and suddenly the banking institution had to prove that it was the customer who “did it.”
From this point, businesses started to take security seriously, and everything from the Internet, cell phones, pay-TV and other networked services started to incorporate cryptography
in their design.
Update: Some banks still haven’t gotten the message that good security equals good business and find it easier to blame their customers. This piece talks about the benefits of suing your bank for a refund. http://www.lightbluetouchpaper.org/2010/03/29/how-to-get-money-back-from-a-bank/
Special Advisor at Cabinet Office (Govt. of Japan)
Named by Nikkei as one of the “100 Most Influential People for Japan,” Saito began software programming at an early age and started his own company in high school. By the time he was named Entrepreneur of the Year in 1998 (by Ernst & Young, NASDAQ and USA Today), he was recognized as one of the world’s leading authorities on encryption
, biometric authentication
and cyber security
After selling his business to Microsoft, he moved to Tokyo in 2005 and founded InTecur, a venture capital firm and consultancy that identifies innovative technologies, develops global talent and helps entrepreneurs become successful. In 2013, Saito was appointed a Special Advisor to the Cabinet Office for the Government of Japan.
Similarly, in 2012 he served as a council member on national strategy for the Cabinet-level National Policy Unit, and prior to that, was named as the Chief Technology Officer for the Fukushima Nuclear Accident Independent Investigation Commission (NAIIC). He is a Foundation Board Member at the World Economic Forum (WEF), and has been named by the WEF as both a Young Global Leader and Global Agenda Council member.
Saito also advises several national governments around the globe. In Japan, he has also served as an advisor to METI, MIC, MEXT, MLIT, AIST, IPA and the Japan Society for the Promotion of Science (JSPS), among others.
He teaches at multiple universities, serves on several corporate boards, appears as a commentator on national TV and is the author of numerous publications in addition to writing a weekly column for a prominent Japanese business newspaper. His best-selling management book, The Team: Solving the Biggest Problem in Japan, was published by Nikkei BP in 2012, his follow-on book, Is Your Thinking up to Global Standards?, was published by Daiwa Shobo in late 2013 and his autobiography, An Unprogrammed Life: Adventures of an Incurable Entrepreneur, was published in 2011 by John Wiley & Sons.