Marlon Ortiz

Origins of Cryptography and Why It’s Still Relevant Today

Cryptography comes from the Greek words “kryptos” meaning hidden and “graphein” meaning to write. This is the art and science of secret communication. Before we continue, let’s define some basic concepts:

  • Encryption: process of encoding data in a way that only the approved individual can decode it; the decoding process is called decryption.
  • Cipher: algorithm (a step-by-step process) used to encrypt and decrypt data.
  • Plaintext: unencrypted data that is ready to be encrypted.
  • Cleartext: data that is transmitted or stored unencrypted.
  • Ciphertext: the data encrypted.
  • Cryptographic key: variable value needed in the cryptographic algorithm to encrypt or decrypt the data.

Throughout human history, there has always been the need to share information and to hide that information from prying eyes. Sometime around 400 B.C. the ancient Greeks and Spartans created the Scytale, a very simple transposition tool, in which a message is written in a band that is wrapped around a rod. For the untrained, the unrolled band is just a cluster of letters, one after the other with no meaning, but the recipient using the correct rod (length and width) will be able to reveal the message.

The Roman General Julius Caesar (100-44 B.C.) developed a simple substitution cipher, Caesar cipher, which he used to send instructions to his army: each letter in the plaintext is moved a fixed number of places down the alphabet.

During the American Revolution, Thomas Jefferson designed a wheel cipher built with 36 turning wooden wheels with the letters of the alphabet carved on their edges. By moving these wheels in a pre-arranged order, the plaintext message became ciphertext. During WWII, the Germans developed an electro-mechanical rotor cipher machine, called the ENIGMA machine, to protect their military communications. The Allied forces captured key components of this machine, enabling their cryptologists to succeed in decrypting their communication and turning the tide of the war in the Allies’ favor.

More recently, three types of cipher algorithms have been developed by academia, businesses, militaries and security agencies that increase the strength, complexity and usefulness of crypto-systems. These are:

  • Symmetric algorithms (a.k.a. secret key) use the same key to encrypt and decrypt. This means the sender and receiver know the key.
  • They are very fast and therefore lend themselves very well to processing large amounts of data.
  • Asymmetric algorithms (a.k.a. public key) use different keys: a public key to encrypt and a private key to decrypt. The sender and receiver share a public key, but each has their own private key. They are not very fast and are mostly used to encrypt small amounts of data (usually symmetric keys).
  • Hash algorithms (a.k.a. message digest or one-way-encryption) are used to verify the integrity of a message.

But what are the goals of these technologies? Well, they allow us to achieve the following information security goals:

  • Confidentiality: the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes (ISO/IEC 27000).
  • Authentication: the process of how one proves that we are who we say we are.
  • Data integrity: assurance that the information or message has not been altered.
  • Nonrepudiation: assurance that it is not possible to deny the authenticity of a message transmission (a combination of authentication and integrity).

Where are these goals applied to our businesses? The short answer is in every business process that happens in our environment. Think of data residing in three states in our organizations:

  • Data at rest – this is the information sitting inside a file, document, or database.
  • Data in transit – this is information moving inside and outside our computers and networks.
  • Data in use – the information being processed at any given time.

In any of these three states, the information is vulnerable for malicious individuals to access it. Since cryptographic goals would prevent this, then it stands to reason cryptography should be applied to all information technology processes, including:

  • Communications – emails, remote connectivity, app interfaces, etc.
  • Databases – store, segmentation, access, authentication, etc.
  • User authentication and authorization – internal and external users.
  • Virtual Private Networks (VPN), wireless networks, wide-area networks, etc.
  • Web access, web security, e-business, e-commerce, e-procurement, etc.

This is but a short list to help us visualize the correlation of applying crypto technologies into our processes. Every business process and present technologies are now vulnerable to a hacking technique, therefore, the more layers we add to protect these processes, the better. Cryptography is only one of these layers, but in my opinion, probably the most important to properly understand and apply in order to appropriately secure and protect our data infrastructures.

Marlon Ortiz, Information Technology Professional. Creative professional with 20+ years of information technology knowledge in the gaming and hospitality industry. Highly skilled in information security, project management and planning with a strong background in data management, security, analytics and technical strategy. A proven leader who understands that the value of IT lies in delivering solutions to complex business problems within the Gaming and Hospitality Industry. A leadership style that emphasizes the development of people, processes and tools to achieve specific strategic business goals. Focused on connecting IT to other departments within the corporation and delivering effective solutions for business costs and operations. An executive who excels in a fast-paced organization and is ready to take on the challenges that comes with that environment. Marlon possess a Master’s in Cybersecurity and Information Assurance from The Pennsylvania State University. Previously held high level IT Management positions at American Casino and Entertainment Properties, the Morongo Casino Resort & Spa, Harrah’s Entertainment