What is cryptography and how do we use it in modern day computing?
Posted on 2 August 2018 by Beaming SupportThe history of cryptography
Although we use it in modern day computing, cryptography has been around since the early existence of mankind as a means of written secrecy, which only the initiated could understand. An example would be the Egyptian hieroglyphics which could only be read and written by those involved with the divine, such as royalty and priests. The word “hieroglyphs” derives from Greek and translates to “holy writing”.
However, a true example of ciphered language dates back to the days of Julius Caesar, who invented his own cipher system to communicate with Cicero in Rome whilst he was off taking over Europe. This was a simple system which simply shifted each letter in the message 3 steps to the right in the alphabet; of course if it were to go past the last character of the alphabet it would simply loop back to the first. The following is a pre-ciphered message that I want to send to Cicero in Rome.
Gaul is a whole divided into three parts
This is written in our traditional alphabet:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
In order to translate this easily, we can use the Caesar cipher (3 steps) to change the alphabet into a translation sheet:
DEFGHIJKLMNOPQRSTUVWXYZABC
With this we can translate our message to the following before sending it on its way to the capital of our massive empire.
Jdxo lv d zkroh glylghg lqwr wkuhh sduwv
As simple as this system may be, no one was familiar with disguising their messages in this manner. Anyone that might have intercepted these messages (likely by capturing the courier) would have either thought it was garbage or another language.
This was the tinder for an age of hidden communications in which clever mathematicians helped their sovereigns or parliamentarians achieve secret communication. This was seen very often in the world wars, with the most famous example being the German Enigma, which was secretly cracked by Alan Turing, father of computer science.
Basics of cryptography
With a brief history of cryptography covered, we can move on to how cryptography works.
What is cryptography? It’s there to ensure that two peers can achieve truly secret communication, based on four primary goals. The first three can be remembered with the acronym CIA (Confidentiality, Integrity & Authentication). The fourth is Nonrepudiation: ‘Provide assurance to the recipient that the message received is truly the one originated by the sender and not one masqueraded by a malicious user’.
Confidentiality
When data is confidential, we don’t want it to be publically accessible without proof that the recipient is authorised to access it. The first step is to disguise the data in an unreadable format that only the authenticated can read. This can be achieved with encryption.
Encryption is possible by using of a set of instructions (an algorithm) that can be applied to data to encrypt and decrypt (when you run the rules in reverse) it. A key is required to make the outcome of the encryption unique, and this key should only be known by those who are allowed to ‘lock’ and ‘unlock’ the data.
Integrity
Integrity means that the data was not altered during transit by either malice or general interference, so to ensure the data is as it was, we need to have a digital signature applied to the data which can be checked by the receiver to ensure the person who sent it is who they say they are.
This is achieved by running a hash algorithm (one way encryption) on the payload (data) and encrypting it with a key that only the receiver and sender knows. The receiver then verifies the data by decrypting the signature, and running the same hash algorithm against the data – this result is compared to the decrypted signature and if it matches then the data is integral.
Authentication
When establishing a connection, there needs to be clarification that both clients connecting to one another are who they say they are, and not some malicious man in the middle! Typically, both machines will have information about their peer before connecting (such as a certificate) which will be used to validate the connection.
Non-repudiation
Similar to authentication, but this is the validation of all data in transit that is exchanged between the two peers. This can be achieved with asymmetric cryptosystems that use a public+private key pair, which we’ll explain in a little more detail later on. Additionally, by numbering each packet in a numerical order, the recipient can be sure that all data is not duplicated or re-sent by malicious users.
Modern cryptography
So, what is cryptography in its modern day form? Nowadays we use very complex algorithms formulated by brilliant mathematicians that attempt to ensure a high level of secrecy. Examples of these algorithms are two-way encryption formulas such as AES-256 or Triple-Des. These are publically available systems and with a quick search you can find out how they work. Some deem this as a vulnerability, as true secrecy is achieved when one hides the algorithm – including the keys – from the public. Others believe that making a system public helps to strengthen the algorithms. This argument gave birth to the Kerchoff Principle.
The Kerchoff principle
This principle states that stronger security is achieved when the algorithm that protects data is publically known, because it means that cryptanalysts can find vulnerabilities that need patching, which ultimately makes the system stronger. Years of public exposure leads to the greatest algorithms, which today are still un-crackable. If you were to hide the algorithm from the public, at first you have complete secrecy as no one knows how to start to crack the code, but all it takes is for a hacker to get a hold of this algorithm and study the way it works to find an enormous vulnerability that easily cracks the code. This is achieved because the hidden algorithm has not been publically tested and written from scratch. In essence, when the algorithm is publically shared, it’s more likely that a “good guy” will notice a vulnerability and fix it.
Symmetric encryption
Symmetric key cryptography (aka secret/private key cryptography) uses one key, which can be used to encrypt and decrypt data. In order to secure the data further, larger keys are used. This is a good encryption method for bulk data (e.g. hard drives or data at rest) however there are some flaws:
- Exchanging the keys between parties poses a problem, because if it isn’t sent securely an attacker could attempt to take the clear text key via a “man in the middle” attack, and then the encryption used becomes irrelevant. Keys must be exchanged securely, and if they can’t then they need to be transferred via an offline/physical method.
- As both parties can encrypt/decrypt both keys, nonrepudiation cannot be implemented as neither member can be sure where the cipher text was originated.
- Regeneration of the key occurs frequently when a large group shares symmetric encryption for communication because if one member leaves, the key must be regenerated so they cannot rejoin the conversation.
An example of symmetric encryption is AES-256, Triple-DES or Blowfish where each algorithm runs its own complex mathematical tasks based on a supplied key to both encrypt and decrypt a message.
Asymmetric encryption
Also known as a Public Key Algorithm, asymmetric encryption provides solutions to the weaknesses shown above in symmetric encryption. In this system two keys are used: a public key & a private key. As the name describes, the private key is known only by one person who does not share this to anyone. The public key however is free to be sent to anyone the originator deems fit. The wonderful way these keys work is that one key is used to encrypt the data, whilst the other is used to decrypt the data. Note that if data is encrypted by one key, it cannot be decrypted by that same key, instead the other key in the pair can decrypt it. The following are the benefits of using asymmetric cryptography.
- Users can easily be removed via a revocation mechanism built within asymmetric cryptosystems, which basically removes them from the communication.
- Key regeneration only occurs if the private key is compromised, as the public key can be publically known.
- Provides confidentiality, integrity, authentication and nonrepudiation. This is if the user does not share their private key, as a message signed by that user can be accurate and can’t be repudiated later on.
- Keys are easy to distribute, as the public key can be sent without a secure connection and is the only thing required for secured communication.
Obviously it’s not the perfect protocol as it comes with one downfall: the fact it’s a slow method of communication. For this reason, asymmetric encryption is used to establish secure connections but not actually for the transfer of secured information, which is left for the more quickly processed symmetric encryption.
One example is Diffie-Hellman (DH) which is commonly used to establish communications between VPN clients, after which a symmetric algorithm will encrypt the data in transit. Another example is RSA which is used to generate the private or public keys.
Hashing
Hashing has a different role in cryptography. Instead of being used as a way to encrypt and decrypt (two-way cryptography) it’s used as a digital signature and uses one-way encryption, so in theory it’s extremely difficult – if not impossible – to reverse the message.
A hash algorithm like MD5 could be run against the data being transmitted and attached to the end of the data. The client on the other end runs the same hash on the data and if the signature at the end matches their hash then they know that the data was not tampered with.
This is confusing, with good reason
This may seem confusing, and it is! Cryptography is no light subject, for good reason; if everyone knew how it worked, that would likely mean it’s not safe enough! At the end of the day, we want to keep our data safe and this can be achieved with the power of cryptography.
Found this useful?
Our tech team share their how-tos, trouble shooting guides and tips for getting the best from your business connectivity in a monthly email round up.