Cryptography in simple terms
Cryptography is like a secret code language for information. It takes plain text (normal words or data) and transforms it into a scrambled format that can only be understood by someone who knows the special key to unscramble it. It helps keep sensitive information safe from unauthorized people who might try to read or steal it.
Data Confidentiality, Data Integrity, Authentication and Non-repudiation are core principles of modern-day cryptography.
l Confidentiality refers to certain rules and guidelines usually executed under confidentiality agreements which ensure that the information is restricted to certain people or places.
l Data integrity refers to maintaining and making sure that the data stays accurate and consistent over its entire life cycle.
l Authentication is the process of making sure that the piece of data being claimed by the user belongs to it.
l Non-repudiation refers to the ability to make sure that a person or a party associated with a contract or a communication cannot deny the authenticity of their signature over their document or the sending of a message.
For example:
Consider two parties Alice and Bob. Now, Alice wants to send a message m to Bob over a secure channel. So, what happens is as follows. The sender’s message or sometimes called the Plaintext, is converted into an unreadable form using a Key k. The resultant text obtained is called the Ciphertext. This process is known as Encryption. At the time of received, the Ciphertext is converted back into the plaintext using the same Key k, so that it can be read by the receiver. This process is known as Decryption.
Types of Cryptography:
There are several types of cryptography, each with its own unique features and applications. Some of the most common types of cryptography include:
1. Symmetric-key cryptography: This type of cryptography involves the use of a single key to encrypt and decrypt data. Both the sender and receiver use the same key, which must be kept secret to maintain the security of the communication.
2. Asymmetric-key cryptography: Asymmetric-key cryptography, also known as public-key cryptography, uses a pair of keys – a public key and a private key – to encrypt and decrypt data. The public key is available to anyone, while the private key is kept secret by the owner.
Hash functions: A hash function is a mathematical algorithm that converts data of any size into a fixed-size output. Hash functions are often used to verify the integrity of data and ensure that it has not been tampered with.
Applications of Cryptography:
Cryptography has a wide range of applications in modern-day communication, including:
l Secure online transactions: Cryptography is used to secure online transactions, such as online banking and e-commerce, by encrypting sensitive data and protecting it from unauthorized access.
l Digital signatures: Digital signatures are used to verify the authenticity and integrity of digital documents and ensure that they have not been tampered with.
l Password protection: Passwords are often encrypted using cryptographic algorithms to protect them from being stolen or intercepted.
Challenges of Cryptography:
While cryptography is a powerful tool for securing information, it also presents several challenges, including:
l Key management: Cryptography relies on the use of keys, which must be managed carefully to maintain the security of the communication.
l Quantum computing: The development of quantum computing poses a potential threat to current cryptographic algorithms, which may become vulnerable to attacks.
l Human error: Cryptography is only as strong as its weakest link, and human error can easily compromise the security of communication.
Security Threats
Cryptography is a powerful tool for securing information, but it’s not immune to various security threats and vulnerabilities. Here are some common security threats in cryptography:
l Brute Force Attacks: In a brute force attack, an attacker tries every possible key until the correct one is found. Strong encryption algorithms use keys with a very large number of possible combinations to make brute-force attacks infeasible.
l Key Management: Poorly managed keys can lead to security breaches. If encryption keys are not protected, compromised, or improperly generated and stored, attackers may gain access to encrypted data.
l Cryptanalysis: Cryptanalysis is the study of analyzing and breaking encryption systems. Advanced mathematical and computational techniques can sometimes reveal weaknesses in encryption algorithms, making it possible to decrypt data without the key.
l Side-Channel Attacks: Side-channel attacks exploit information leaked by the cryptographic system during its operation. This could include monitoring power consumption, timing, or electromagnetic radiation to infer encryption keys.
l Quantum Computing: As quantum computers become more powerful, they could potentially break existing encryption schemes, particularly those relying on integer factorization or discrete logarithm problems. This threatens the security of data encrypted with traditional algorithms.
l Weak Cryptographic Algorithms: Using outdated or weak encryption algorithms can expose data to vulnerabilities. It’s essential to use strong, well-vetted encryption methods.
l Insufficient Key Length: Cryptographic keys must be long enough to resist brute force attacks. If keys are too short, they become easier to crack. Key length should be chosen with consideration of the encryption algorithm’s security level.
l Man-in-the-Middle (MITM) Attacks: In MITM attacks, an attacker intercepts communication between two parties and can potentially alter the data being transmitted or eavesdrop on the conversation. Strong encryption and authentication mechanisms help mitigate this threat.
l Phishing and Social Engineering: Attackers often use social engineering to trick individuals into revealing encryption keys or other sensitive information. Awareness and training are crucial to defend against these tactics.
l Key Exchange Vulnerabilities: During the exchange of encryption keys between parties, if the key exchange process is compromised, an attacker may obtain the key and gain access to encrypted data. Secure key exchange protocols like Diffie-Hellman are used to mitigate this risk.
Image Rights: Elprocus.com
Active and Passive Attacks
In the context of cryptography and information security, there are two main categories of attacks: active attacks and passive attacks. These attacks are distinguished by the actions taken by the attacker and the impact on the security of the communication or data.
1. Active Attacks:
Active attacks involve actions by an unauthorized entity that directly disrupt or manipulate the data or communication. These attacks are often malicious in nature and can have a significant impact on security.
Eavesdropping (Interception): In this active attack, an attacker intercepts and listens to the communication between two parties. The goal is to capture sensitive information, such as passwords or confidential data, as it is transmitted.
Data Modification: Active attackers can alter the data being transmitted between two parties. This can involve changing the content of a message or injecting malicious code or malware into the data stream.
Denial of Service (DoS): In a DoS attack, the attacker floods a system or network with excessive traffic, making it unavailable to users. The objective is to disrupt the normal operation of the target system.
Replay Attacks: In a replay attack, the attacker intercepts data and later retransmits it to the intended recipient. This can result in unauthorized actions or data duplication.
Man-in-the-Middle (MitM) Attacks: MitM attackers intercept communication between two parties and can modify or eavesdrop on the data. The attacker often impersonates one or both parties to gain access to the data.
Spoofing: Attackers can impersonate legitimate entities or systems to gain unauthorized access. This includes IP address spoofing, DNS spoofing, and email spoofing.
2. Passive Attacks:
Passive attacks, in contrast, do not directly disrupt or manipulate data or communication. Instead, they focus on unauthorized information gathering without altering the original data.
Eavesdropping (Monitoring): Similar to the active eavesdropping attack, passive eavesdropping involves listening to communication. However, in this case, the attacker does not modify or interact with the data.
Traffic Analysis: Passive attackers may analyze patterns and characteristics of data traffic to gain insights into the communication patterns, such as the frequency and timing of messages.
Cryptanalysis: Passive attackers may attempt to analyze encrypted data to discover weaknesses or vulnerabilities in the encryption algorithm or key management.
Brute Force: Although often considered an active attack, brute force attacks can also be passive if the attacker attempts to crack encryption by trying all possible keys without directly interacting with the data or communication.
It’s important for organizations and individuals to implement security measures to protect against both active and passive attacks. This includes using strong encryption, secure key management, authentication mechanisms, and monitoring systems for unusual or suspicious activity to maintain the confidentiality, integrity, and availability of sensitive data and communication.
Conventional Encryption Model
l Conventional encryption is a cryptographic system that uses the same key used by the sender to encrypt the message and by the receiver to decrypt the message.
l It was the only type of encryption in use prior to the development of public-key encryption.
l It is still much preferred of the two types of encryption systems due to its simplicity.
Conventional encryption has five main ingredients :
Plain text –
It is the original data that is given to the algorithm as an input.
Encryption algorithm –
This encryption algorithm performs various transformations on plain text to convert it into ciphertext.
Secret key –
The secret key is also an input to the algorithm. The encryption algorithm will produce different outputs based on the keys used at that time.
Ciphertext –
It contains encrypted information because it contains a form of original plaintext that is unreadable by a human or computer without proper cipher to decrypt it. It is output from the algorithms.
Decryption algorithm –
This is used to run encryption algorithms in reverse. Ciphertext and Secret key is input here and it produces plain text as output.
Requirements for secure use of conventional encryption :
We need a strong encryption algorithm.
The sender and Receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure.
Advantages of Conventional Encryption :
Simple –
This type of encryption is easy to carry out.
Uses fewer computer resources –
Conventional encryption does not require a lot of computer resources when compared to public-key encryption.
Fast –
Conventional encryption is much faster than asymmetric key encryption.
Disadvantages of the Conventional Encryption Model:
l Origin and authenticity of the message cannot be guaranteed, since both sender and receiver use the same key, messages cannot be verified to have come from a particular user.
l It isn’t much secured when compared to public-key encryption.
l If the receiver lost the key, he/she can’t decrypt the message and thus making the whole process useless.
l This scheme does not scale well to a large number of users because both the sender and the receiver have to agree on a secret key before transmission.
Explain CIA Triad:
When talking about network security, the CIA triad is one of the most important models which is designed to guide policies for information security within an organization.
CIA stands for :
l Confidentiality
l Integrity
l Availability
Confidentiality:
Confidentiality means that only authorized individuals/systems can view sensitive or classified information. The data being sent over the network should not be accessed by unauthorized individuals.
The attacker may try to capture the data using different tools available on the Internet and gain access to your information. A primary way to avoid this is to use encryption techniques to safeguard your data so that even if the attacker gains access to your data, he/she will not be able to decrypt it.
Encryption standards include AES(Advanced Encryption Standard) and DES (Data Encryption Standard). Another way to protect your data is through a VPN tunnel. VPN stands for Virtual Private Network and helps the data to move securely over the network.
Integrity:
The next thing to talk about is integrity. Well, the idea here is to make sure that data has not been modified. Corruption of data is a failure to maintain data integrity.
To check if our data has been modified or not, we make use of a hash function.
We have two common types: SHA (Secure Hash Algorithm) and MD5(Message Direct 5). Now MD5 is a 128-bit hash and SHA is a 160-bit hash if we’re using SHA-1. There are also other SHA methods that we could use like SHA-0, SHA-2, and SHA-3.
Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A hash function will run over the data and produce an arbitrary hash value H1 which is then attached to the data. When Host ‘B’ receives the packet, it runs the same hash function over the data which gives a hash value of H2. Now, if H1 = H2, this means that the data’s integrity has been maintained and the contents were not modified.
Availability:
This means that the network should be readily available to its users. This applies to systems and to data.
To ensure availability, the network administrator should maintain hardware, make regular upgrades, have a plan for fail-over, and prevent bottlenecks in a network.
Attacks such as DoS or DDoS may render a network unavailable as the resources of the network get exhausted. The impact may be significant to the companies and users who rely on the network as a business tool. Thus, proper measures should be taken to prevent such attacks.
