“Cryptography” comes from the Greek words kryptos, meaning “concealed, hidden, veiled, secret, or mysterious”, and graphia, “writing”; thus, cryptography is “the art of secret writing.”
Information plays a vital role in the running of businesses, organizations, military operations, etc. Information in the wrong hands can lead to loss of business or catastrophic results. To secure communication, a business can use cryptology to cipher information. Cryptology involves transforming information into a Non-human readable format and vice versa.
Cryptography is the practice of using mathematical algorithms to encode and decode information in order to secure its transmission and storage. The goal of cryptography is to make it difficult for an unauthorized party to access or modify the information, while still allowing an authorized party to do so.
Cryptography can be divided into two main categories:
- symmetric-key cryptography, where the same key is used for encryption and decryption, and
- asymmetric-key cryptography, also known as public-key cryptography, where different keys are used for encryption and decryption.
Cryptographic techniques are used in various applications, including secure communication, digital signatures, and e-commerce.
Symmetric Encryption
Symmetric Encryption is also known as conventional encryption which has been introduced in the late 1970s. This technique is used to provide confidentiality for the data transmission or to store data using the symmetric encryption method. There are two well-known symmetric encryption algorithms used they are: Data Encryption Standard(DES) and Advanced Encryption Standard (AES), both algorithms are block cipher encryption algorithms.
Let us understand each component that is shown in the above symmetric encryption model.
- Plaintext: Original message or data provided as input into the algorithm.
- Encryption Algorithm: The encryption algorithm used performs operations on the plaintext.
- Secret Key: Secret Key is also an input provided to the encryption algorithm. The exact number of substitutions or transformations performed by an algorithm depends on the key.
- Cipher text: Encrypted message which is produced as output which depends on the plaintext and key used. For the same message, if there are different keys used, cipher text will be different for both keys used.
- Decryption Algorithm: It is the same encryption algorithm that runs in the reverse manner which takes the cipher text and secret key as the input and generates the original plaintext.
There are two requirements for the symmetric encryption algorithms to work, the first one is
strong encryption algorithms are known to both the party sender and receiver and the second one
is the secret key should be known only to the sender and receiver only.
Ceaser cipher is a very form of symmetric key encryption. Symmetric cryptography doesn't address the following issue: The attacker can eavesdrop on the shared key between sender and receiver and can steal the key and decrypt the data. This is where the concept of the Public Key Encryption OR Asymmetric key cryptography comes into the picture.
Example of Symmetric Encryption
An example of symmetric encryption is the Caesar cipher. It is a simple symmetric encryption algorithm that replaces each letter in the plaintext with a letter shifted a certain number of positions down the alphabet. The key in this case is the number of positions each letter is shifted.
For example, suppose Bob wants to send the message "HELLO" to Alice, and they have agreed to use a key of 3 for the Caesar cipher. Alice replaces each letter in the plaintext with the letter that is 3 positions down the alphabet. The resulting ciphertext is "KHOOR". Alice then sends the ciphertext to Bob, who uses the same key of 3 to decrypt the ciphertext. Bob replaces each letter in the ciphertext with the letter that is 3 positions up the alphabet, obtaining the original plaintext "HELLO".
|
Note |
| The security of the Caesar cipher is very weak and can be easily broken by an attacker. In practice, modern symmetric encryption algorithms are much more secure and have been designed to withstand attacks by attackers who have access to the encryption algorithm. |
Asymmetric Encryption
Anyone with the public key can encrypt the data but cannot decrypt the same. Only the appropriate receiver with the private key can decrypt the data. Even if the attacker knows that the sender is transmitting data to the receiver, also data passes through multiple channels, there is nothing he or she can do. As the data can only be decrypted by the private key All communication that takes part between the sender and receiver includes the public key.
Example of Asymmetric encryption
An example of asymmetric encryption is the RSA algorithm. It is one of the most widely used public-key encryption algorithms and is based on the mathematical properties of large prime numbers.
In RSA, each user has a pair of keys: a public key and a private key. The public key can be freely shared, while the private key must be kept secret. To send an encrypted message, the sender uses the receiver's public key to encrypt the message. The receiver then uses their private key to decrypt the message.
Here's an example of how RSA encryption works:
Suppose Bob wants to send a secret message to Alice. Alice provides Bob with his public key, which can be freely shared. Bob then uses Alice's public key to encrypt the message. The encrypted message is then sent over an insecure channel, such as the Internet. Alice receives the encrypted message and uses his private key to decrypt it, obtaining the original message from Bob.
Note that in RSA, it is computationally infeasible to compute the private key from the public key, making RSA an effective method for secure communication over an insecure channel. The security of RSA is based on the mathematical difficulty of factoring large prime numbers, and RSA keys used in practice are typically 1024 bits or longer to provide an adequate level of security.
Strengths and Weaknesses of Cryptography
|
|
Symmetric
Encryption |
Asymmetric
Encryption |
|
Strengths |
Faster and easier to
implement as the same key is used to encrypt and decrypt data and also requires
less processing power. Could be implemented in Application Specific Integrated
Chip (ASIC). |
Convenient to use as the distribution of keys to encrypt the messages is not required |
|
Prevents widespread
message security compromise as the different secret key is used to communicate
with different party |
Enhanced security as
one need not share or transmit private keys to anyone |
|
|
The key is not bound to
the data being transferred on the link; therefore, even if data is
intercepted it is not possible to decrypt it |
Provides digital
signatures that can’t be repudiated |
|
|
Weaknesses |
Lack of a secure
channel to exchange the secret key |
Slow in processing
and requires high processing power |
|
Difficult to manage
and secure too many shared keys that are generated to communicate with
different parties. |
Widespread message
security compromise is possible (i.e., the attacker can read his/her complete
messages if the private key is compromised) |
|
|
Provides no
assurance about the origin and authenticity of a message as the same key is used by
both sender and receiver |
Messages received
cannot be decrypted if the private key is lost |
|
|
Vulnerable to
dictionary attacks and brute-force attacks |
Vulnerable to
Man-in-the-Middle and brute-force attacks |
Hash Function
Cryptographic Hash Functions are mathematical algorithm that takes the input of the arbitrary size of data and generates the fixed length hash value or message digest or simply digest and they are also designed to be one-way functions. This means they are not reversible in nature.
There are a few properties of the HASH Function which are mentioned below due to which they are still widely used in different information security applications.
- It is deterministic which means it will always give the same hash value for the same input message.
- Computing the hash value of the message is faster.
- It is infeasible to generate the same message from the hash value.
- Even a very small change in the message will change the hash value completely.
- It is infeasible to find two different messages with the same hash value.
Due to such properties, they are widely used for digital signatures, Message Authentication codes, Indexing data in the hash table, fingerprinting, finding duplicate data, and Checksums to identify any modification in data.
Hash Algorithms that are commonly used today:
- Message Digest(MD) Algorithm: A byte-oriented algorithm that produces a 128-bit hash value from an arbitrary-length message. There are various versions of these algorithms present such as MD2(RFC 1319), MD4(RFC 1320), and MD5(RFC 1321).
- MD5 is the third message digest algorithm after MD3 and MD4, which process data in 512-bit blocks which is broken down into 16 words composed of 32 bit each. The output from MD5 is a 128-bit message digest value.
- Secure Hash Algorithm: It is a cryptographic hash function published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard which takes an input and produces a 160-bit hash value known as a message digest – typically rendered as a hexadecimal number which is 40 digits long. It works by transforming the data using a hash function: an algorithm that consists of bitwise operations, modular additions, and compression functions. There are a series of algorithms exist such as SHA-1, SHA-2, and SHA-3.
Apart from this, there other well-known HASH Functions exist which are used such as RIPEMD, and WhirlPool.
Digital Certificate
There are several issues that exist with the public key cryptosystems; one of them is the man-in-the-middle attack which is one of the potential threats. In this attack someone tries to fake the key with a user ID and name and tried to pretend the same person, which is not, and resulting in this, the data is encrypted with the attacker's key.
It is vital to know that the public key to which you are encrypting the data is the actual key of the intended recipient and not a forged one.
To overcome this, Digital Certificates have been introduced, which will ensure whether a public key truly belongs to the actual owner or not. It acts much like a physical certificate.
Digital certificates consist of three things:
- A Public Key.
- Certificate Information(Identity information about the user).
- One or more digital signatures.
Public Key Infrastructure
A Public Key Infrastructure(PKI) is a combination of policies, roles, and procedures, which are needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. It includes components such as Certificate Authority(CA) and the Registration Authority(RA).
Certificate Authority creates a certificate and digitally signs them using its own private key. As it is the central component of the PKI system. Using the public key of the CA one can verify the authenticity of the digital certificate and can check the integrity of the content of the certificate.
Registration Authority refers to the people which can include groups, companies, processes, and tools that will help users to enroll in the PKI system. It also checks whether the public key belongs to its owner or not. On the other hand, CA is the software that issues the actual certificates.
