The art of converting information by converting it (encrypting it) into an unreadable format, called cipher text is called cryptography. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable.
As
the Internet and other forms of electronic communication become more prevalent,
electronic security is becoming increasingly important. Cryptography is used to
protect e-mail messages, credit card information, and corporate data. One of
the most popular cryptography systems used on the Internet is Pretty Good Privacy
because it's effective and free.
Cryptography
systems can be broadly classified into symmetric-key systems that use a single
key that both the sender and recipient have, and public-key systems that use
two keys, a public key known to everyone and a private key that only the
recipient of messages uses.
What
types of cryptography are there?
This
list will be very far from comprehensive. Everybody has their own opinions on
how cryptography should work, and therefore it seems that there are as many
types of cryptography as there are people who can write a program.
However,
there are a few basic types of cryptography which we will discuss in this
document. Before we get into any of these types, there are a few terms which we
need to define for you.
Encryption
The process of locking up information using
cryptography. Information that has been locked up this way is said to be
encrypted.
Decryption
The process of unlocking encrypted information
using cryptography.
Key
A secret, like a password, which is used to
encrypt and decrypt information. There are a few different types of keys used
in cryptography, which we will see below.
Secure Line
A transmission channel which can be used to
send information secretly (in other words, nobody can intercept and read that
data).
Public Line
A transmission channel which cannot be used
to send information secretly - the information can be ''overheard'' easily. A
public pay phone is an excellent example of this; so is the Internet.
Now,
we get to the basic types of cryptography. While reading about these types of
cryptography, it may be helpful to think of a key as a key to a door.
Symmetric Cipher
In the simpler types of cryptography, the
same key is used to encrypt and decrypt information. This key is sometimes
called a symmetric key.
Everybody
who is supposed to be able to read the information must have the key. The
problem with this sort of code is that the key has to be given to them over a
secure line. If you're able to give a key securely, why not send the whole
message securely?
Thinking of the key as the key to a room may
help explain this better. Everybody who should have access to the room is given
a copy of the key. Anybody who has that key can go in, put new information in,
take old information out, and lock the room again when they leave. Without the
key, you can't enter the room. Furthermore, if you send somebody a copy of the
key by way of the Post Office, somebody working at the Post Office could
intercept this key, make a copy of it, and then send it along. This would allow
them to access this same locked room, and do the same things with it. Now,
think of sending the key over the Internet. That key could be intercepted by
anybody between you and the other machine, letting them read everything you
locked up with that key, even letting them modify it.
Public Key Cryptography
In this type of cryptography, one key is used
to encrypt, and a matching key is used to decrypt. These two keys together are
called a key pair. One of these keys is called the secret key or private key,
and should be kept secure. The other is called the public key and should be
given out to everybody on the planet (if possible). The reasons for this will
become apparent in later discussion.
This
type of code is a bit more complex, but it is the most commonly used type of
code for exchanging email today.
The
best way to explain this is by using an analogy. In this case, let's think of
the public key as a key to a public drop box, and the private key as a key
which lets you take things out of the drop box. When people want to send
information to the owner of the drop box, they get the public key, which lets
them into the room with the drop box. They put their information directly into
the drop box. After that, not even they can get it back out. Only the holder of
the private key can get it back out.
One Time Pad
A
one time pad is considered the only perfect encryption in the world. The sender
and receiver must each have a copy of the same pad (a bunch of completely
random numbers), which must be transmitted over a secure line. The pad is used
as a symmetric key; however, once the pad is used, it is destroyed. This makes
it perfect for extremely high security situations (for example, national
secrets), but virtually unusable for everyday use (such as email).
Steganography
Steganography
is actually the science of hiding information from people who would snoop on
you. The difference between this and encryption is that the would-be snoopers
may not be able to tell there's any hidden information in the first place. As
an example, picture files typically have a lot of unused space in them. This
space could be used to send hidden messages. If you do research on encryption,
you may see the term Steganography used on occasion. It is not, however, true
encryption (though it can still be quite effective), and as such, we only mention
it here for completeness.
Algorithms
A
cryptographic algorithm (also known as a cipher) is a step by step sequence of
mathematical calculations used to encrypt and decrypt information. There are
currently three different types of cryptographic algorithms; hashing
algorithms, symmetric-key algorithms and asymmetric key algorithms.
Hashing Algorithms
A
hash is a mathematical algorithm designed to perform one-way encryption. When
we say one-way we mean that once the information has been encrypted there is no
way to retrieve the original information from the hashed form. Hashing is
commonly used in password files and for ensuring the integrity of data. As an
example, a hash may be created for an email message in the form of a Message
Authentication Code (MAC). When the message is received the receiver would also
generate a hash from the message. If the recipient's hash matches the code
which accompanied the message the receiver knows the message is authentic and
has not been tampered with during transmission.
The
two most common hash methods are as follows:
Message Digest Service
Algorithm - The message
digest family of encryption algorithms provides encryption of 128-bits in
strength and is designed to be fast and simple. Current standards are MD2, MD4
and MD5.
Secure Hash Algorithm - SHA is used extensively by the US
government and was developed by the National Security Agency (NSA). Two version
of SHA have so far been developed - SHA and SHA1. SHA1 provides 160-bit
hashing. SHA-1 is more secure than MD5 but involves a slower encryption process.
Asymmetric Algorithms
The
concept Asymmetric Encryption (also known as Public Key Encryption) was devised
in 1975 by Whitfield Diffie and Martin Hellman and is based on the concept of
using a pair of keys, one private and one public. The private key is held by
the host or application which is to receive the encrypted data. The
corresponding public key is made available to anyone who wishes to encrypt data
such that it can be decrypted by the holder of the private key. The cornerstone
of public key encryption is the level of difficulty involved in inferring the
private key from the public key.
The
advantage of asymmetric over symmetric encryption is that the public key can be
safely transmitted over public networks without the risk that its interception
will compromise encrypted data. The same cannot, however, be said about
symmetric encryption.
A
vast number of asymmetric encryption mechanisms have been developed since the
Diffie and Hellman invented the concept over 30 years ago. In this chapter we
will look at the most commonly used algorithms.
Confidentiality
When
we refer to confidentiality we are talking about the use of encryption
techniques on data to avoid it being accessed by unauthorized parties.
Encryption for the purposes of ensuring confidentiality can be applied both to
transmitted data (such as data sent over a public network) and stored data
(such as information stored on a hard drive or portable storage device).
Integrity
Also
referred to as message integrity this use of cryptography provides a mechanism
to verify that a message has not been modify on its journey between the sender
and the recipient. This is commonly achieved through the use of digital
signatures and one-way hash functions.
Non repudiation
Non
repudiation is the name given to a technique by which the sender is unable to
subsequently deny having sent a message. This is particularly important in the
sending of financial instructions. A trader may, for example, send broker
instructions to buy shares shortly before a market crash. In a panic at having
bought shares at significantly more than their new value the trader may try to
deny having sent the buy order to the broker. Non repudiation works on the
basis that only the sender is in possession of his or her private key. When the
sender uses a private key to sign the message and the recipient uses the
sender's public key to successfully verify the signature it essentially proves
the message was sent by the owner of the private key.
Authentication
Authentication
is the concept of proving user identity, typically in or to establish
communication order to gain access to a system or network.
The
most basic form of authentication involves the use of a login name and
password. Another form of authentication involves the use of digital
certificates (for example when accessing secure web sites).
Digital Signatures
Digital
signatures are based on a combination of asymmetric cryptography and hash
functions and are commonly used for signing digital documents and ensuring that
downloaded applications are provided by a trusted source.
Once
a document has been signed with a digital signature it is essential that a
message digest be created using a hash function. This ensures that if the
document is modified the change will be detected because the hash will fail verification
by the recipient. Asymmetric encryption is also used to verify that the
signature was indeed signed by the apparent document sender. To achieve this
hash is typically encrypted using the sender’s private key. If the recipient is
able to decrypt the hash using the sender’s public key then the message is
deemed to be authentic. It will not go unnoticed to those who have read the
previous sections that this involves authentication, integrity and non repudiation.
.png)
.png)
.png)
0 Comments
I'd love to hear your thoughts!