Whilst cryptography may sound like some obscure and foreign concept, we rely on it every day to ensure that our information is secure.
Cryptography refers to the field of study of a range of concepts which are used to provide secure communication, including encryption, decryption, algorithms, computer programming and transmission technology.
The Australian Government provides Guidelines for Using Cryptography (“the Guidelines”), stating that the purpose of cryptography is to provide:
- Confidentiality: protects information by making it unreadable to all but authorised users
- Integrity: protects information from accidental or deliberate manipulation
- Authentication: ensures that a person or entity is who they claim to be
- Non-repudiation: provides proof that a user performed an action and prevents them from denying that they did so
Encryption
Encryption is the process of encoding a message with an algorithm and is one of the aspects of cryptography.
Encryption can be used in two key ways:
- For data at rest: used to reduce the physical storage and handling requirements for ICT equipment and media
- For data in transit: used to provide protection for sensitive or classified information communicated over public network infrastructure
Cryptographic systems
Cryptographic systems are comprised of cryptographic equipment and keying material (data). The Guidelines provide advice on the storage and transportation of Commercial Grade Cryptographic Equipment (CGCE).
High Assurance Cryptographic Equipment (HACE) is used by organisations to protect highly classified information. Due to the sensitive nature of HACE, and the limited information publicly available on it, organisations must contact the Australian Cyber Security Centre (ACSC) before using it.
Cryptographic algorithms
Algorithms are one important component of cryptography and are key to the functioning of encryption. The Australian Signals Directorate (ASD) provides a list of approved cryptographic algorithms which have been extensively tested for resistance to attacks.
ASD approved cryptographic algorithms (AACAs) fall into three categories: asymmetric/public key algorithms, hashing algorithms and symmetric encryption algorithms. The differences between these algorithms are highly technical.
The Guidelines also provide a number of cryptographic algorithms for the protection of highly classified information such as secret and top secret information.
Cryptographic protocols
The Guidelines provide a list of approved cryptographic protocols which can be used with cryptographic equipment and software to secure information. The ASD approved cryptographic protocols (AACPs) are:
- Transport Layer Security (TLS)
- Secure Shell (SSH)
- Secure/Multipurpose Internet Mail Extension (S/MIME)
- OpenPGP Message Format
- Internet Protocol Security (IPsec)
- Wi-Fi Protected Access 2 (WPA2)
Further information on these AACPs is provided in the Guidelines.