What is Cryptography?
As the world becomes increasingly digital, the need for security has become ever more imperative. That’s where cryptography and its applications to cybersecurity come in.
Essentially, the word refers to the study of secure communications techniques, but cryptography is closely associated with encryption, or the act of scrambling ordinary text into what’s known as ciphertext—and then back again into ordinary text (called plaintext) when it arrives at its destination. Several historical figures have been credited with creating and using cryptography through the centuries, from Greek historian Polybios and French diplomat Blaise de Vigenère to Roman Emperor Julius Caesar—who is credited with using one of the first modern ciphers—and Arthur Scherbius, who created the Enigma code-breaking machine during World War Two. Likely, none of them would recognize the ciphers of the 21st century. But exactly what is cryptography? And, how does it work?
Cryptography is the technique of obfuscating or coding data, ensuring that only the person who is meant to see the information–and has the key to break the code–can read it. The word is a hybrid of two Greek words: “kryptós”, which means hidden, and “graphein”, which means to write. Literally, the word cryptography translates to hidden writing, but in reality, the practice involves the secure transmission of information.
The use of cryptography can be traced to the ancient Egyptians and their creative use of hieroglyphics. But, the art of coding has seen great strides over the millennia, and modern cryptography combines advanced computer technology, engineering, and maths—among other disciplines—to create highly sophisticated and secure algorithms and ciphers to protect sensitive data in the digital era.
For example, cryptography is used to create various types of encryption protocols that are regularly used to protect data. These include 128-bit or 256-bit encryption, Secure Sockets Layer (SSL), and Transport Layer Security (TLS). These encryption protocols protect all manner of digital information and data, from passwords and emails to ecommerce and banking transactions.
There are different cryptographic types, which are useful for different purposes. For example, the simplest is symmetric key cryptography. Here, data is encrypted using a secret key, and then both the encoded message and the secret key are sent to the recipient for decryption. Of course, the problem here is that if the message is intercepted, the third party can easily decode the message and steal the information.
To create a more secure system of encoding, cryptologists devised asymmetric cryptography, which is sometimes known as the “public key” system. In this instance, all users have two keys: one public and one private. When creating a coded message, the sender will request the recipient’s public key to encode the message. This way, only the intended recipient’s private key will decode it. This way, even if the message is intercepted, a third party cannot decode it.
Why is cryptography important?
Cryptography is an essential cybersecurity tool. Its use means that data and users have an additional layer of security that ensures privacy and confidentiality and helps keep data from being stolen by cybercriminals. In practice, cryptography has many applications:
- Confidentiality: Only the intended recipient can access and read the information, so conversations and data remain private.
- Integrity of data: Cryptography ensures that the encoded data cannot be modified or tampered with enroute from the sender to the receiver without leaving traceable marks— an example of this is digital signatures.
- Authentication: Identities and destinations (or origins) are verified.
- Non-repudiation: Senders become accountable for their messages since they cannot later deny that the message was transmitted—digital signatures and email tracking are examples of this.
What is cryptography in cybersecurity?
Interest in the use of cryptography grew with the development of computers and their connections over an open network. Over time, it became obvious that there was a need to protect information from being intercepted or manipulated while being transmitted over this network. IBM was an early pioneer in this field, releasing its “Lucifer” encryption in the 1960s—this eventually became the first Data Encryption Standard (DES).
As our lives become increasingly digital, the need for cryptography to secure massive amounts of sensitive information has become even more imperative. Now, there are many ways in which cryptography is crucial in the online space. Encryption is an essential part of being online, since so much sensitive data is transmitted everyday. Here are a few real-life applications:
- Using virtual private networks (VPNs) or protocols such as SSL to browse the internet safely and securely.
- Creating limited access controls so that only individuals with the correct permissions can carry out certain actions or functions, or access particular things.
- Securing different types of online communication, including emails, login credentials, and even text messages—such as with WhatsApp or Signal—through end-to-end encryption.
- Protecting users from various types of cyberattacks, such as man-in-the-middle attacks.
- Allowing companies to meet legal requirements, such as the data protections set out in the General Data Protection Regulation (GDPR).
- Creating and verifying login credentials, especially passwords.
- Allowing the secure management and transaction of cryptocurrencies.
- Enabling digital signatures to securely sign online documents and contracts.
- Verifying identities when logging into online accounts.
What are the types of cryptography?
Cryptography definitions are, understandably, quite broad. This is because the term covers a wide range of different processes. As such, there are many different types of cryptographic algorithms, each one offering varying levels of security, depending on the type of information being transmitted. Below are the three main cryptographic types:
- Symmetric Key Cryptography: This simpler form of cryptography takes its name from the fact that both the sender and receiver share one key to encrypt and decrypt information. Some examples of this are the Data Encryption Standard (DES) and Advanced Encryption Standard (AES). The main difficulty here is finding a way to securely share the key between the sender and receiver.
- Asymmetric Key Cryptography: A more secure type of cryptography, this involves both the sender and receiver having two keys: one public and one private. During the process, the sender will use the receiver’s public key to encrypt the message, while the receiver will use their private key to decrypt it. The two keys are different, and since only the receiver will have the private key, they will be the only ones able to read the information. The RSA algorithm is the most popular form of asymmetric cryptography.
- Hash Functions: These are types of cryptographic algorithms that do not involve the use of keys. Instead, a hash value—a number of fixed lengths that acts as a unique data identifier—is created based on the length of the plain text information and used to encrypt the data. This is commonly used by various operating systems to protect passwords, for example.
From the above, it is clear that the main difference in symmetric and asymmetric encryption in cryptography is that the first only involves one key while the second requires two.
Types of symmetric cryptography
Symmetric encryption is sometimes called secret key cryptography because one single—purportedly—secret key is used to encrypt and decrypt information. There are several forms of this type of cryptography, including:
- Stream ciphers: These work on a single byte of data at a time and regularly change the encryption key. In this process, the keystream can be in tandem with—or independent of the message stream. This is called self-synchronizing or synchronous, respectively.
- Block ciphers: This type of cryptography—which includes the Feistel cipher—codes and decodes one block of data at a time.
Forms of asymmetric key cryptography
Asymmetric cryptography—sometimes referred to as public-key encryption—hinges on the fact that the receiver has two keys in play: a public one and a private one. The first is used by the sender to encode the information, while the receiver uses the latter—which only they have—to securely decrypt the message.
Asymmetric key cryptography encrypts and decrypts messages using algorithms. These are based on various mathematical principles, such as multiplication or factorization—multiplying two big prime numbers to generate one massive, random number which is incredibly tricky to crack—or exponentiation and logarithms, which create exceptionally complex numbers that are nearly impossible to decrypt, such as in 256-bit encryption. There are different types of asymmetric key algorithms, such as:
- RSA: The first type of asymmetric cryptography to be created, RSA is the basis of digital signatures and key exchanges, among other things. The algorithm is based on the principle of factorization.
- Elliptic Curve Cryptography (ECC): Often found in smartphones and on cryptocurrency exchanges, ECC employs the algebraic structure of elliptic curves to build complex algorithms. Significantly, it does not require much storage memory or usage bandwidth, making it especially useful for electronic devices with limited computing power.
- Digital Signature Algorithm (DSA): Built on the principles of modular exponentiations, DSA is the gold standard for verifying electronic signatures and was created by the National Institute of Standards and Technologies.
- Identity-based Encryption (IBE): This unique algorithm negates the need for a message recipient to provide their public key to the sender. Instead, a known unique identifier—such as an email address—is used by the sender to generate a public key to encode the message. A trusted third-party server then generates a corresponding private key that the receiver can access to decrypt the information.
As with most technologies, cryptography has become increasingly sophisticated. But that does not mean that these encryptions cannot be broken. If the keys are compromised, it is possible for an external party to crack the coding and read the protected data. Here are a few potential issues to watch for:
- Weak keys: Keys are a collection of random numbers used with an encryption algorithm to alter and disguise data so that it is incomprehensible to others. Longer keys involve more numbers, making them much trickier to crack—and therefore, better for protecting data.
- Using keys incorrectly: Keys need to be used correctly—if they are not, hackers can easily crack them to access the data they are supposed to protect.
- Reusing keys for different purposes: Like passwords, each key should be unique—using the same key across different systems weakens the ability of cryptography to protect data.
- Not changing keys: Cryptographic keys can quickly become out of date, which is why it is important to regularly update them to keep data secure.
- Not storing keys carefully: Ensure that keys are kept in a secure place where they cannot easily be found, otherwise they can be stolen to compromise the data they protect.
- Insider attacks: Keys can be compromised by individuals who legitimately have access to them—such as an employee— and who them sells them on for nefarious purposes.
- Forgetting the backup: Keys should have a backup because if they suddenly become faulty, the data they protect could become inaccessible.
- Recording keys incorrectly: Manually entering keys into a spreadsheet or writing them down on paper may appear to be a logical choice, but it is also one that is prone to error and theft.
There are also specific cryptography attacks designed to break through encryptions by finding the right key. Here are some of the common:
- Brute force attacks: Broad attacks that try to randomly guess private keys using the known algorithm.
- Ciphertext-only attacks: These attacks involve a third party intercepting the encrypted message—not the plaintext—and trying to work out the key to decrypt the information, and later, the plaintext.
- Chosen ciphertext attack: The opposite of a chosen plaintext attack, here, the attacker analyses a section of ciphertext against its corresponding plaintext to discover the key.
- Chosen plaintext attack: Here, the third party chooses the plaintext for a corresponding ciphertext to begin working out the encryption key.
- Known plaintext attack: In this case, the attacker randomly accesses part of the plaintext and part of the ciphertext and begins to figure out the encryption key. This is less useful for modern cryptography as it works best with simple ciphers.
- Algorithm attack: In these attacks, the cybercriminal analyses the algorithm to try and work out the encryption key.
Is it possible to mitigate the threat of cryptography attacks?
There are a few ways in which individuals and organizations can try and lower the possibility of a cryptographic attack. Essentially, this involves ensuring the proper management of keys so that they are less likely to be intercepted by a third party, or useable even if they do. Here are a few suggestions:
- Use one key for each specific purpose—for example, use unique keys for authentication and digital signatures .
- Protect cryptographic keys with stronger Key-encryption-keys (KEKs).
- Use hardware security modules to manage and protect keys—these function like regular password managers.
- Ensure that keys and algorithms are regularly updated.
- Encrypt all sensitive data.
- Create strong, unique keys for each encryption purpose.
- Store keys securely so they cannot be easily accessed by third parties.
- Ensure the correct implementation of the cryptographic system.
- Include cryptography in security awareness training for employees.
The need for cryptography
Most people will not need to have more than a basic understanding of what cryptography is. But learning the cryptography definition, how the process works, and its applications to cybersecurity, can be useful in being more mindful about managing day-to-day digital interactions. This can help most people keep their emails, passwords, online purchases, and online banking transactions—all of which use cryptography in their security features—more secure.
Get Kaspersky Premium + 1 YEAR FREE Kaspersky Safe Kids. Kaspersky Premium received five AV-TEST awards for best protection, best performance, fastest VPN, approved parental control for Windows and best rating for parental control Android.
Related Articles and Links:
Related Products and Services: