Aiden A. Bruen - Cryptography, Information Theory, and Error-Correction

Artificial intelligence, AI, and machine learning are allowing cloud computing companies and even apps on phones to make predictions, such as what task should be performed next. We have progressed from having desktop and laptops to using smartphones, tablets, and smart watches, social media, cloud computing, and the IoT devices.

Cell phones have progressed from a basic cell phone (often a “flip phone”) to Research in Motion's BlackBerry 5810 in 2002 to Apple's first iPhone in 2007 to the first Android phone in 2008, to the smart phones of today. Phone apps allow users to video conference, watch movies, play video games, access important data, and make purchases.

Video and audio streaming have become so prevalent that a major portion of all Internet traffic is from streaming. We shall discuss streaming in Chapter 17.

Social media has seen exponential growth as well. For example, as of early 2019, Twitter had 126 million active daily users and Facebook had 1.2 billion daily users [Sha19]. In 2017, Facebook hit 2 billion monthly users. Yurieff notes in [Yur17] that, “It took the social network less than five years to go from 1 billion monthly users to 2 billion.”

Cloud computing is now extremely important, with companies offering impressive software, sometimes for free. Cloud computing providers have the ability to do some computations at much faster pace than we could with our personal devices. They have the advantage that they might have many computers at their disposal and so can use parallelism, artificial intelligence (AI) and other means to give results quickly. They can allow us to access our data from different devices from different locations in the world. Extremely important records, such as financial records and medical records, are accessible via browsers on computers and apps on phones. According to Gartner, “The worldwide public cloud services market is forecast to grow 17% in 2020 to total $266.4 billion, up from $227.8 billion in 2019…,” [Gar19]. Chapter 28deals with cloud computing.

The IoT is another major force today. It refers to any object or device that is connected to the Internet. A smart home can have many devices that can communicate with your phone, such as door bells to light bulbs to audio speakers. Amazon's Alexa is one example of IoT. In 2019, Amazon reported that over 100 million Alexa devices had been sold, [New19a]. Many IoT devices communicate by Bluetooth. The health‐care field is also being transformed. As always, we need to be wary of security concerns. For example, in August 2019, USA Today had an article by Jefferson Graham entitled, “Sorry, readers. Your Bluetooth device is a security risk,” [Gra19]. They quote Jovi Umawing, a research at Malwarebytes Labs:

A year ago, I was on a ferry coming back from vacation and had a weird photo (a meme style image) pop up on my phone via Airdrop from a source I didn't recognize,” he says. ”I checked my settings, and it was open to anyone. I immediately shut it off and have left it off ever since. I turn it on to receive from people only when they are standing right in front of me.”

Bluetooth has a limited range. So it is relatively safe around the home, unless there is an attacker nearby. But, in a public area, it might be best to turn it off. Graham also quotes Matt Lourens, a security engineering manager with Checkpoint software. He says,

Another concern: shopping. Many retailers have Bluetooth beacons placed in‐store to watch over you and track your location and shopping habits. Turning off Bluetooth before you enter will save your battery and keep prying eyes away from your device.

Bluetooth 5 devices have a range of up to 800 feet. (theoretically) The security of some IoT devices is of major concern. We shall discuss this further in Chapter 27on the IoT.

Privacy and security go together. Biometrics are important as they have both applications and privacy concerns. You might use a fingerprint or facial recognition software on your phone, tablet, or computer to unlock it. Some airports now use facial recognition software to identify travelers so as to improve efficiency for processing the vast number of people that pass through an airport each day. See [Oli19] or [New19b], for example.

Together, these add up to the need for security and privacy to be part of the decision‐making in the development of software and hardware of devices at every stage and level. Security and privacy breaches are reported regularly on the news. Programmers must be ever vigilant to make sure that they write code in a “safe” way so as to ensure privacy and security. Will input provided to the code always be friendly, or could it be malicious? If input could arrive from an outside source (such as via the Internet), then you should assume that there will be malicious attacks. For example, for the C programming language, we recommend two wonderful books on this topic: Secure Coding in C and C++ , second edition by Seacord, [Sea13], and C Programming: A Modern Approach , second edition, by King, [Kin08]. We discuss this more in Section 7.20.

Let us not forget cryptography. The twentieth century ended with DES, the United States Data Encryption Standard, being phased out and replaced. In 1999, Rijndael, a block cipher developed by Joan Daemen and Vincent Rijmen was selected as the AES. 5 AES is the current standard for symmetric cryptography [NIS19b]. Chapter 5looks at these topics.

Less than 20 years after the adoption of AES, the United States is preparing for a postquantum world. See [NIS19f]. We will discuss this more in Section 4.12

Blockchains are being used increasingly because of their immutability. In April 2020, during the COVID‐19 pandemic, IBM used blockchains to help the health‐care industry. In [Wei20], Weiss writes that IBM is using blockchains to connect “pop‐up medical mask and equipment makers with hospitals.” They quote Mark Treshock, the IBM blockchain solutions leader for IBM healthcare and life sciences as saying, “It's the immutability component. If I am a supplier and I create a profile and include my information for onboarding as a new supplier, there's a qualification process I have to go through… It is done to determine if they are legitimate, ethical, that they comply with required laws and, in this case, with needed FDA certifications.” [Wei20]. We will discuss this more in Chapter 26.

1 1United States National Security Agency.

2 2Britain's Communications Electronics Security Group.

3 3di meaning two, graph meaning character or symbol.

4 4A poly‐alphabetic cipher uses several substitution alphabets instead of one.

5 5Published as Federal Information Processing Standard (FIPS) standard 197.

Goals, DiscussionIn this chapter, we survey some historical ciphers which have been used since antiquity. (They are all symmetric ciphers. Public key ciphers were not invented until the 1970s and are discussed in Chapter 3.) Although the ciphers presented here are obsolete, they still provide good examples of cryptographic procedures. For example the Vigenère cipher, being a block cipher, is a forerunner of modern block ciphers such as Advanced Encryption Standard (AES). From these classical ciphers, we can also learn about various attacks in cryptography. This subject is pursued more fully in Chapter 7.