More than 5.3 exabytes of information are transferred via the internet every day. This is an enormous amount: all of the words ever uttered in human history could fit into the same space.
The first internet message in history was transmitted over the ARPANET network in 1969. The message was meant to go from University of California UCLA to Stanford University, just over 600 kilometres away. But the phone booth-sized computer switched off before it completed the transmission.
The first-ever message was a stump – LO.
Programming student Charley Kline didn’t give up, however, and turned the machine back on. UCLA messaged LOG, Stanford replied IN – and the researchers even confirmed over the telephone that these letters had in fact been delivered.
Today, more than 300 billion e-mails and 60 billion WhatsApp messages are sent around the world each day. The number of internet users is approaching 5 billion and the average time spent online is some 7 hours a day, most of which happens on mobiles.
Our everyday life became digital in just half a century. What or who makes sure that our online lives are secure?
Concealed images and key pairs
One such person is Aalto University Assistant Professor Chris Brzuska. He specialises in cryptography or encryption methods.
The word krypto is of Greek origin and refers to the hidden or the secret. The Greeks of antiquity would tattoo secret information in image form on the shaved scalps of their slaves and send them out. Once the slave arrived at the destination months later, their head would be shaved again, making the message readable.
Modern cryptography is based on maths and computer science.
‘It researches and develops methods that protect systems and their users from adversarial interference. Whenever data is transferred over the internet, it needs to be encrypted to prevent outsiders from hearing or reading it,’ Brzuska says.
The work is done by employing mathematical algorithms and encryption keys that scramble the message into a format, which can be decoded only with the right key.
There are two principal approaches to encryption: the symmetric-key method and the asymmetric or public-key method. In the first approach, the same key is used to encrypt and decrypt messages, requiring both sender and recipient to either know the key or find a way to transfer it via a secure channel.
Often this cannot be done.
This is when the public-key method is used. It is based on a key pair of a public-key and a secret-key such that the secret-key is hard to compute, given only the public-key. The pair’s public key encrypts the message, while the private key decrypts it. The parties only need to convey their public keys to each other to enable encryption.
‘It’s a really cool concept, without which the entire net’s encryption would collapse in an instant. When Whitfield Diffie and Martin Hellman came up with the idea, few people could have thought that it would have a practical application. Back in the 70s, it was inconceivable that someone would want to secret information with complete strangers,’ Chris Brzuska says.
Users typically don’t need to think about keys and algorithms, as these are handled by software applications and communications systems. Encryption protects instant messages, payment traffic and webpages alike – the letter s at the end of the https component of a web address specifically indicates that the resource is accessed via a secure, encrypted connection.
A trade-off is often necessary between security and functionality, making it necessary to choose how much of one you desire at the expense of the other. Brzuska notes that contactless payments provide an apt example of this: the downside of the convenience of this method is that, should a card fall into the wrong hands, it is easy to use it to make unauthorised purchases.
People are also affected unequally when protection fails.
‘Striving for equality is a major source of inspiration for me personally. Should a couple of hundred euro vanish from my account, I know what steps to take to get it back – and I won’t starve while waiting for the money. Not everyone is as privileged,’ Brzuska says.
Brzuska and his students have been involved in the effort to improve many widely used encryption protocols. A lot can be done but no matter how refined a mathematical model may be, it cannot cover every possible eventuality in the real world, he says.
Even the most sophisticated model can contain a hole or two.