What is Cryptography in Cybersecurity?
The study of cryptology is the science behind sending messages securely. The term “cryptography” comes from the Greek word “Kryptos”, meaning “hidden”, and encryption is closely associated with scrambling plaintext into ciphertext and back again upon arrival.
In addition to encoding, cryptography can also be used to obscure information in images in various ways. Ancient Egyptians used cryptic symbols and languages such as hieroglyphics, and Julius Caesar is credited with being one of the first modern ciphers.
The most common use of cryptography for electronic data is to encrypt and decrypt email and other plaintext messages. The simplest method uses the symmetric or “secret key” system.
In this system, data is encrypted with a secret key. A copy of the encoded message and the secret key is then sent to the recipient for decryption.
The only problem with encrypted messages is that if the message is intercepted, someone might read it. Cryptologists essayed with their asymmetric or “public key” encryption system to relieve this issue.
In this case, every user has two keys: a public and a private key. Senders who want to encrypt their message request the public key of their intended recipient and encrypt the message with it before sending it along.
The message will only be accessible to the person’s private key, so theft alone is useless.
How does Cryptography in Cybersecurity work?
Cryptography refers to any practice or study involving codes and ciphers.
But how do these systems work?
Let’s look at some of the oldest forms of encryption first.
Caesar Cipher is an encryption technique used initially by the Roman ruler Julius Caesar. It’s a simple substitution cipher, which replaces each letter with another one three positions down the alphabet (or up to five positions).
This is useful for encrypting short messages that might give sensitive information like troop movements or military tactics. For example, take this sentence:
“The Roman Empire is the best empire in the world!”
We would encode it using a Caesar Cipher like this:
“Rqm bwv gur fgbar rirel qrnq. . .”
This might seem obvious now that you know what’s going on, but it isn’t easy to make sense of the message if we don’t. Imagine if we didn’t already have a translation key.
Created by a monk and mathematician Blaise de Vigenère in the 1500s, the Vigenere Cipher is similar to the Caesar cipher except that multiple shifted alphabets are used instead of just one.
The Vigenere Cipher uses a series of different alphabets (usually between three and five) to create the encryption key. The ciphertext length determines which alphabet is used, so longer messages require more alphabet.
To encode a message with this cipher, we need first to write out the message in plaintext and then determine the alphabets (and their order) that we will use.
The text of the message must be broken into blocks of a certain length, usually 5, 7, or 9 characters each. Each block is assigned an alphabet letter based on its position in the plaintext. Then it is encrypted using the formula below:
ciphertext = (key letter x + plaintext letter) mod 26
To decrypt the message, we can first write out the ciphertext in blocks to understand how many alphabets were used. Then we can use this formula:
plaintext = (ciphertext / key length) x 26 + key length
In other words, we divide the ciphertext by the key length and then add on the key length. For example, if a plaintext message is encrypted using 5 alphabets with an alphabet size of 7, then we would use this formula:
plaintext = (ciphertext / 7) x 26 + 7
Cryptographic Hash Functions
Hash functions create a short string (known as the hash value or simply the hash) from an input string of any length (the plaintext message).
Hashing is a one-way process, which means that it’s impossible to reverse the hashing function to retrieve the original plaintext from its hash. If two different plaintext messages were hashed using the same hashing function, they would generate the same hash value.
As a result, cryptographic hashes are commonly used to verify that some information hasn’t been modified. To do this, we first apply the hashing function to the plaintext and then compare it with an already-generated hash of the original plaintext message. If they match, then there’s a very high probability that the message hasn’t been tampered.
But in practice, it’s not feasible to store the hash values of every possible plaintext message, so instead, we store a reference to them in a cryptographic hash table. If someone tampers with the plaintext and re-calculates its hash value, then the new hash value won’t match any of the hash values in the table.
So if we store a reference to our original plaintext message and its corresponding hash value and then check that they’re equal whenever someone tries to modify or send us that message, then we’d know if it’s been or not been altered.
Where can we use Cryptography in Cybersecurity?
Cryptography is the encryption and decryption of data or information. Encryption is to convert data into a form that unauthorised people cannot understand, while decryption is the reverse that makes that encrypted message meaningful.
This also works in reverse; decryption is just the opposite of encryption, i.e., to convert encrypted messages back into their original form.
Nowadays, we can see cryptography everywhere as it has evolved with time.
For example, Credit/debit cards and ATMs use cryptography to encrypt PINs, while online banking also uses it. Some other examples of cryptography are:
- Secured email messages
- Encrypted search queries
- Secure websites such as Google
- Data encryption in the Cloud (like cloud storage)
- Encryption for wireless connections and USB drives
Where can we use Cryptography in Cybersecurity?
Computer World is the world where everything is digital. Every day more and more devices are being connected to the internet, which means that there is a greater risk of online attacks from hackers. To provide better security for our personal information and prevent these attacks, we need to understand how hackers break into computers/devices and how to prevent them.
Cryptography is used to protect our digital information from being accessed by unauthorised people. Cryptography has two main purposes:
Confidentiality in which only authorised users can read the message Integrity in which sender and receiver know that the message they are sending or receiving is not altered in any way.
For example, a message that I am sending contains sensitive information. The people receiving this message are strangers, and there is no trust between them and you.
Therefore, to let the receiver know that the message has not been altered when it reached them, we use cryptography for confidentiality.
Other examples of how cryptography is used in cyber security are:
Data encryption Decryption of files on a USB or hard drive When we log into many online services like Gmail, Facebook, and Twitter.
Cryptography versus Encryption
Cryptography is a process to secure information from unauthorised people, while encryption is one of its implementations in which only authorised people can read the message.
The first step for cryptography is to encrypt or scramble information using an algorithm and keys. Then we send that scrambled information along with the key to the receivers so they can decrypt the message and read the original information.
When is cryptography used?
Whenever sensitive data are exchanged or transmitted between two entities, they need to be secured from eavesdropping or tampering, e.g., financial transactions, emails, military operations, etc.
Can anyone use cryptography?
No. Cryptography is not something that you start using without knowledge. Cryptography is a science, and we need to know that this science has some weak points that an attacker could exploit to gain unauthorised access to our information or data. That’s why cryptography should only be used by people who really understand its working.
When one chooses a cryptographic algorithm, they should know how secure it is and how much time/resources an attacker would need to crack it.
For example, if you use a 128-bit key, it will take a considerable amount of time for an attacker to decrypt the message. Similarly, when we create a password or PIN, we should ensure that our information is not compromised by choosing character combinations that are easy to remember (e.g., our birthday or house address).
How is cryptography implemented?
Here are ways in which cryptography can be implemented.
Textbook encryption means taking a plain text message and encrypting it using an algorithm.
Key exchange and encryption: This method aims to provide a mechanism in which the sender and receiver generate a key that is used for the encryption of their messages. Here, the message should reach the destination safely without being intercepted by anyone else.
Confidentiality: It means that only the authorised receiver should read the message and others shouldn’t.
Integrity: It means that only a sender can send a message, and no one else can alter it in any way while it is being transmitted to the destination or when it reaches there.
Non-repudiation: In cryptography, non-repudiation is used to verify that the sender is who they claim to be and no one else.
Public key infrastructure (PKI): In this method, a public key and private key are generated for each entity. Using the receiver’s public key, the message is encrypted so that only he can decrypt it by using his private key.
Digital signatures: In this method, a message digest is produced using an algorithm, and then the signature is generated by encrypting it with the sender’s private key.
Message authentication code (MAC): A message integrity code or checksum is created for the information to be transmitted so that at the receiving end, it can be verified whether the information was not tampered with while it was transported. Here, the algorithm is used to generate a random number that will act as an integrity code for the message, and this is encrypted with the sender’s private key.
Digital certificates: To encrypt information or data, we need some source from which we can get anyone else’s public key over a network without his awareness. Digital certificates fulfil this purpose by providing a solution to this problem, and the sender’s public key is used for encryption. In some scenarios, digital certificates are also used in non-repudiation, which means that if someone denies signing a message, then it can be traced back to see whether he signed or not.
How do algorithms keep information secret and safe?
First of all, an algorithm is defined as a systematic procedure or formula for solving some problem.
In cryptography, algorithms are used to encrypt and decrypt information to become unreadable to people with unauthorised access.
For example, suppose you want to send sensitive data (such as your credit card number) from one computer to another computer. In that case, we will use an encryption algorithm to scramble the information before sending it over the network. When it reaches Target’s computer, a decryption algorithm is used to unscramble that data string.
This process should be done in a way that only authorised receivers can access this unreadable information, and others shouldn’t be able to figure it out.
Do share your insights into cryptography and its use in cybersecurity.