A succinct, accessible introduction to the computer security mechanisms essential for today's digital business systems – the ‘crypto control toolbox’.
Reading this article and these related questions can count towards your verifiable CPD if you are following the unit route to CPD and the content is relevant to your learning and development needs. One hour of learning equates to one unit of CPD. We suggest you use this as a guide when allocating yourself CPD units.
A little while ago I presented a webinar for ACCA on cryptocurrencies that explained the technology involved in very simple but literal terms, and why leading cryptocurrencies are not efficient enough to compete with widely used payment systems such as Visa and Mastercard. But, while cryptocurrencies seem to be struggling, the computer security mechanisms they are built from remain critical for today’s digital business systems. They are particularly useful when you need secrecy and proof. This article provides a succinct, accessible introduction to those mechanisms – the ‘crypto control toolbox’.
Encryption Encryption is making a message unreadable by replacing each of its characters with something else. (A secret code replaces whole words or larger units of the message.) Encryption is what the World War II Enigma machine did.
Digital encryption today involves (1) an algorithm that does the encryption and (2) a character string known as a ‘key’ that is used in the encryption algorithm so that the same algorithm can encrypt differently depending on the key used. A key and algorithm are also needed to decrypt the message and these days the two keys are not the same (unlike a real-world key for a door).
Data can be stored in encrypted form so that, if a hacker gets access to a file, they still cannot use it. This includes stored CCTV files, for example.
Public and private keys A problem with encryption of messages to other people is that the person you send your encrypted message to needs to have a key to decrypt it. If the key for encryption is the same as the key for decryption then that person will be able to decrypt messages you send to other people as well. You end up having to send secret keys to people and how do you do that securely?
The modern approach is to use two keys, one that you keep private and the other that everyone knows. Anyone who wants to send you a message encrypts it using your public key – the one everyone knows. But nobody can decrypt it without the private key, which is the one you keep secret, and working out that private key is all but impossible for mathematical reasons, even if you know the public key.
Companies now provide services to generate pairs of public and private keys and do other useful things with them. This is the Public Key Infrastructure (PKI) that provides certificates linking public keys with the real world identities of their owners.
In addition to sending secret messages, combinations of public and private keys let you do other useful things:
Data can be encrypted more than once so that to read a file two people have to use their private keys in succession. For example, this might allow stored CCTV files to be readable only if two people give their consent (eg the householder and a judge).
In cryptocurrencies, your public key lets people pay money into your account while only your private key can be used to pay money out.
There is also a way to provide a Zero Knowledge Proof: a better way to do password control that involves proving you have the password without actually giving it. In a crude password system the user’s password has to be known to the system and the user has to divulge the password to get access. Not very secure. Asking for ‘the third, fifth and sixth characters of your password’ is only a little better.
But suppose the system creates a mathematical problem and encrypts it with your public key. You then decrypt it with your private key, solve the problem, and send back the answer. Only someone who has your private key could reasonably hope to do that, so the system knows you have the private key and that it’s you. Other forms of Zero Knowledge Proof have also been devised.
Hash functions These are an old idea in computing. The function (an algorithm) goes through a file and calculates a ‘hash’, which is a short string or number sensitive to the details of the file. Change one bit in the file and the hash changes. Although hashes are not unique to each file it is extremely difficult to make changes to the file without changing the hash. (That is one of the properties of a good hash function.)
Hashes are a good way to check that a message/file did not get changed while moving from one place to another, or check that a file has not changed from one time to another. Hashes have also been stored on computer systems instead of user passwords because it is insecure to store passwords. The password system just hashes the user’s password and checks the resulting hash against the one stored on file for that user.
But that is just the start of the uses of hashes.
Digital signatures These are, in many respects, much more secure than a manual signature on the last page of a document. They are made by combining hashes with public-private keys. An algorithm calculates a hash of the document to be signed along with the time and date, then encrypts the hash using the signer’s private key. Anyone who knows the signer’s public key can decode and check the hash against the document and so verify who signed it.
This is, in a way, the reverse of the situation with encryption. With encryption the private key is used for decryption. With digital signatures the private key is used for encryption.
Blockchains A blockchain is a sequence of ‘blocks’ (files perhaps) where each one contains a hash of the one before it. This means that all but the last hash is itself protected by being hashed. By checking that the hashes agree all the way down it is possible to check that the whole blockchain remains intact and unchanged. A blockchain is a ‘super audit trail’, as Professor Michael Mainelli likes to say.
This alone makes them useful for some important applications. For example, if you write something and want to do more than just put your name on it to secure your copyright, you can upload your document to Metrognomo and it will record a time-stamped hash of your file, with your name, so that in future you can prove to anyone who cares that you had that document on that day. (Other similar services are available.)
The complicated history of the first publications on natural selection might have been simpler if Charles Darwin had been able to submit more of his papers to a time-stamping service. Some academic journals now ask if you have done this and publish the identifier you get as part of the process. Scientific studies that have to be pre-registered can also be time-stamped in this way.
Mutual distributed ledgers A development of the blockchain technique allows multiple trading partners to work together without using a central third party (eg an electronic exchange). Each partner holds a complete copy of a blockchain that holds all the ledger entries for the whole collective. Crypto-wizardry keeps those copies of the blockchain in step, rather than relying on book-keepers to carry out reconciliations.
A so-called ‘consensus algorithm’ is used so that every partner has a complete copy of the blockchain and new blocks are copied around quickly and without prolonged confusion as to which block goes on next.
This is much like the inefficient duplication used in cryptocurrencies but, provided the number of trading partners is not too large, the computing inefficiency may be offset by the advantages of not being at the mercy of a central third party on which all trading partners find themselves increasingly dependent.
Smart contracts A mutual distributed ledger based on copies of a blockchain is a reliable record that is almost impossible to tamper with. The idea behind smart contracts is to store executable code on the blockchain so that, once it is in place, it cannot be changed and the system will execute the code when its conditions are met. For example, when two people have digitally signed something, money has been paid, and a particular date has been reached then the ledger might transfer ownership of an asset to another party.
The code is not really a legal contract but is written to execute the terms of a legal contract and more than one piece of code may be needed to represent the terms of a single legal contract. (Though perhaps we will also see people negotiating a deal in terms of source code rather than traditional legalese.)
Conclusion The crypto control toolbox is full of interesting techniques and more are being developed and defined all the time. But the most interesting thing is to find new ways to put the basic controls together in to make new applications with new and useful properties.
Matthew Leitch is an independent consultant and researcher
Webinar series - unblocking the Crypto Chain
ACCA UK’s Internal Audit Network ran a series of four webinars on crypto currencies and blockchain for internal auditors in April which are now available on demand. You can register for any or all of these on demand webinars here.