Understanding Cryptography Standards and Protocols: Numerous standards are available to establish secure service. Some of the standard that will be presented in the following section, here we will remind you of them and introduce you to a few more standards.
The movement from proprietary governmental standards toward more unified global standards is growing trend that has both positive and negative implications.
Higher interoperability between disparate systems will also mean that these standards will be widely used.
The more those standards are used, the more those attackers will focus on them to try to break them.
As a security administrator, you have to weigh the pros and cons of the various standards and evaluate them against your organization’s needs.
The following sections introduce you to the major standards, discuss their focus, and describe how they were developed.
The Origins of Encryption Standards
As mentioned in the previous articles in Techy Talk. Early cryptography standards were primarily designed to secure communications for the government and the military.
Many different standards groups exists today, and they often provide standards that are incompatible with the standards of other groups. These standards are intended to address the specific environment in which these groups exist.
The following sections describe key U.S. government agencies, a few well-known industry association, and public-domain cryptography standards.
The Role of Government Agencies
Several U.S. government agencies are involved in the creation of standard for secure systems. They either directly control specific sectors of government or provide validation, approval, and support to government agencies. We will look at each these agencies in the following sections.
National Security Agency
The National Security Agency (NSA) is responsible for creating codes, breaking codes, and coding systems for the U.S. government.
The NSA was chartered in 1952. It tries to keep a low profile; for many years, the government didn’t publicly acknowledge its existence.
The NSA is responsible for obtaining foreign intelligence and supplying it to the various U.S. government agencies that need it.
It’s said to be the world’s largest employer of mathematicians.
The NSA’a mission are extremely classified, but its finger is in everything involving cryptography and cryptography systems for the U.S. government. Government, contractor and the military.
National Security Agency/Central Security Service
The National Security Agency/Central Security Server (NSA/CSS) is an independently functioning part of the NSA.
It was created in the early 1970s to help standardize and support Department of Defense (DoD) activities.
The NSA/CSS supports all branches of the military. Each branch of the military used to have its own intelligence activities. Frequently, these branches didn’t coordinate their activities well. NSA/CSS was created to help coordinate their efforts.
National Institute of Standard and Technology
The National Institute of Standard and Technology (NIST), which was formerly known as the National Bureau of Standard (NBS), has been involved in developing and supporting standards for the U.S. government for over 100 years.
NIST has become very involved in cryptography standards, systems, and technology in a variety of areas. It’s primarily concerned with governmental systems and its exercises a great deal of influence on them.
NIST shares many of its finding with the security community because business needs are similar to government needs.
NIST publishes information about known vulnerabilities in operating systems and applications. You will find NIST very helpful in your battle to secure your systems.
NOTE: you will find NIST on the Web at www.nist.gov
If you have any question regarding Understanding Cryptography Standards and Protocols click here to ask.