For Cybersecurity Knowledge and Skills, Should You Go Long and Shallow, Or Narrow and Deep?

In Cybersecurity, you can go long and thin with your knowledge, and where you know lots about many areas, but your depth of knowledge is…
Photo by Roman Synkevych 🇺🇦 on Unsplash

For Cybersecurity Knowledge and Skills, Should You Go Long and Shallow, Or Narrow and Deep?

In Cybersecurity, you can go long and thin with your knowledge, and where you know lots about many areas, but your depth of knowledge is thin. But, your experienced adversaries (Eve and Mallory) could have a depth of knowledge which will defeat your knowledge. And, so, if you really want to be great at cybersecurity, it is often a good idea to go into depth and train your mind to understand the details of the methods that are used to implement things.

One way is to give yourself challenges to break, and as part of doing these challenges, you learn about bits and bytes, about the core methods, and in how to break them. While Eve is likely to find new ways to get around you, you should be in a good place for understanding how you can, at least, find out what she has done and, hopefully, overcome it. As — at its core — that is what cybersecurity is all about … solving new problems, and fixing them.

So, my advice is to pick a topic, and read everything that you can on it, and get into some coding. A great place to start is the good old RSA method. It has been around for over four decades and is going strong. If you want to find out how it works, try here:

https://asecuritysite.com/rsa/rsa12

It is only about 12 lines of Python code, but it is provides the foundation of security on the Internet.

Once you have investigated, then go have a look at some RSA challenges:

  • CTF Generator: Cracking RSA with Chinese Remainder Theory — Håstad’s Broadcast Attack. CRT. In this example, an RSA cipher has used the same message and with three different moduli.
  • CTF Solver: Cracking RSA with Chinese Remainder Theory — Håstad’s Broadcast Attack. CRT. In this example, an RSA cipher has used the same message and with three different moduli, and produces a solution.
  • CTF: RSA Challenge Generator. RSA. This provides values for e and N, and gives the cipher, and you must crack it by finding d.
  • CTF Generator: Low exponent in RSA (for public exponent). Low public exponent in RSA. Normally, in RSA, we select two prime numbers of equal length (p and q), and then multiply these to give a modulus (N=p.q). We then compute the cipher as C=Me(modN). But, if MeN, then the message can be determined from M=Ce. In this case, we will use a value of Me that is less than N, and thus make it easy (with just one line of Python) to crack the RSA cipher.
  • CTF Generator: Low exponent in RSA (Wiener attack). Low exponent in RSA (Wiener attack). In RSA, we select two prime numbers of equal length (p and q), and then multiply these to give a modulus (N=p.q). We then compute the cipher as C=Me(modN) and where we decrypt with M=Cd(modN). With this we have a public exponent of e, and a private exponent of d. The value of d is computed from e−1(modϕ), and where ϕ=(p−1)(q−1). While these days, we normally use e=65537, we could select a range of values of e. If we select a fairly large value, then the value of d could be discovered. In this case we will use the Wiener attack [1] to discover p, q and d.
  • CTF Solver: Low exponent in RSA (Wiener attack). Low exponent in RSA (Wiener attack).
  • CTF Generator: Fermat’s attack. CTF Generator: Fermat’s attack. Normally, in RSA, we select two prime numbers of equal length (p and q), and then multiply these to give a modulus (N=p.q). If these numbers have a small difference between them, we can use the Fermat’s attack to factorize the modulus. With this, we discover p and q, and where it is then easy to crack RSA.
  • CTF Generator: RSA with a different public exponent and the same modulus (N). CTF Generator: RSA with a different public exponent and the same modulus (N). This provides a CTF Generator for RSA with a different public exponent and the same modulus (N).
  • CTF Solver: RSA with a different public exponent and the same modulus (N). CTF Generator: RSA with a different public exponent and the same modulus (N). This provides a CTF Solver for RSA with a different public exponent and the same modulus (N).

Conclusions

And the answer to:

In Cybersecurity, Should You Go Long and Shallow, Or Narrow and Deep?

Is, of course, do both! Become an expert in some areas, but know the other areas well enough to make sure you have a wide knowledge.

If you want to go deep, why not consider coming to do our MSc:

Advanced Security & Digital Forensics
Computer security is one of the key challenges in contemporary computing. You will gain critical knowledge within the…www.napier.ac.uk