Why the big six - Cyber MiSC - Obsidian Publish

## The Big Six applications (Wi-Fi, mobile calls, TLS, secure email, vehicular entry, Bitcoin) were each selected for use in this module for various different reasons. For what cryptographic reasons do you think these particular applications were chosen as the Big Six? This is fundamentally a pedagogical question. Why were they chosen? For teaching purposes. Why these? Why not these. It is clear that each of these case studies represents an interesting application of cryptography. Wi-Fi, a secure network that will physically extend beyond your home. Mobile calls, that incorporate national infrastructure and private companies. TLS, which brings asymmetric encryption to the fore. Vehicular entry, which asks interesting questions about the data that’s exchanged, and the authenticity of the requestor. And Bitcoin, which like nuclear warfare is interesting in theory and a tragedy in practice. Wi-Fi represents a secure communication channel, where a symmetric key can easily be shared. It is essentially the same as all encipherment since the first days of encryption, whereby a key can be reasonably easily exchanged with another party and by this means secret communication can be established. However, given that Wi-Fi is generally in the hands of the regular public, it also represents an interesting look into key management and generation. Early versions of Wi-Fi that used WEP and ‘push access’ were very user friendly, and very quickly broken. Balancing cryptographic needs with user access in a way that’s transparent is never clearer that with Wi-Fi. By contrast, most people outside of our industry don’t realise that mobile phone calls are encrypted. The popular applications Signal and Whatsapp make ‘end-to-end encrypted calls’ part of their USP. The realisation that encryption is used to protect calling is an interesting insight into areas where encryption is not used. It also introduces the concept of data integrity and stream ciphers, as opposed to block ciphers. Finally, for stretch, students might consider the wider cryptosytem. Who holds the keys? Might they be coerced into handing over those keys to an attacker? What implications does this have for the cryptosystems we might build in the future? TLS starts with confronting the elephant in the room. Symmetric encryptions means sharing a key, and sharing a key is a risk. Additionally, since we ought not re-use keys, sharing a different key for every potential communication you want to exchange with another party be infeasible. From here, we can talk about public-key cryptography, and its discovery at GCHQ and then separately by the RSA trio. We can lean on concepts we've already discovered in our work on symmetric encryption, and ask how they apply to asymmetric encryption - key generation, establishment, storage, archive, and destruction. Vehicular entry, for me, is the weakest entry in this list. It doesn't use any security service that hasn't been widely covered in other areas. I'm really looking forward to reading my classmates' reviews of this. Finally, Bitcoin. Bitcoin actually requires no anonymity in its communications, because every node must be able to see every transaction. However, wallets use asymmetric encryption to provide addresses for users to send and receive tokens. Symmetric encryption is also used to secure wallets: sometimes so well that funds can never be recovered!