Revisiting the Basics and Importance of Cryptography
by Joe Guerra, Cybersecurity Instructor, Hallmark University
Since the onset of technology in society, it has broken the levees of data and has eroded our personal privacy. In this digital age, the procurement and access to our personal data may be utilized and manipulated in a quiet manner to control our behavior. With this in mind, let’s peruse through the concepts of Privacy, Encryption, and Cryptography.
In the field, one of the most intriguing and disheartening things about cryptography is how minute amount of cryptography we actually mess with. So, let’s quickly review what privacy technically is and what today’s technology has done to increase the vulnerabilities it has bestowed on it.
Privacy, what is it all about in Technology?
Privacy is a condition of being liberated from the public eye to the extent that you choose it to be. Today, information is gathered and organized on almost every action and transactions that you initiate, perform, or involved in. From web searching, buying, doing those online surveys, communicating through social media platforms, etc. All these actions leave a digital exhaust that you left behind. This is then aggregated by data bots and analysts. This supposedly private data has associated risks. The risks are either inconveniences, grouping or being profiled. Your data is used for marketing or sold to identity impersonators which is a theft or inconvenience. Your data is then associated with groups of similar background, interests, and tendencies. Or, your data is deeply analyzed through statistical algorithms and informationally profiled and grouped. A more in-depth way of profiling you.
However, there are measures of protection that may be administered to alleviate the risks associated with private information. Organizations should follow the law and establish policies to take responsibility. People and companies should follow best practices. And then we, have the implementation of cryptography through the process of encryption.
What exactly is Encryption and Cryptography?
Encryption is the scrambling of information so that it is not able to be read and only people with a certain key can access it. Encrypted data is what has been translated from plaintext to ciphertext. In getting it to work backward, we decrypt the message by changing the scrambled message back to the original text. The terms encryption and decryption are what sum up the process of the broader term called Cryptography. The primary purpose of Cryptography is to secure digital information confidentially as it is stored on systems at rest and as well as transported through the web or other interconnected networks. In our day and age, Cryptography is the most effective and favored information security approach administered by management. Cryptography can accommodate and administer to several basic necessities when it comes to information systems security. Through confidentiality, it ensures encrypted data can only be seen by those who have been authorized by having been given the key. Integrity is ensured as the data cannot be modified with the exception of the authorized accounts who have access to the key. Through availability, only privileged users are given the decrypting key to getting the data. Lastly, the concept of nonrepudiation is also a trait it can push through as it prevents individuals from denying they were involved.
While Cryptography may seem like a treacherous, daunting and complicated task, it is essential in computer security. However, it is a form of art with dashes of arithmetic. Let me see if I can break it down for you to comfortably digest. Now, Encryption at its core is a conglomerate of logic called a formula with a key to encode the data. It is basically an algorithm that utilizes mathematical formulas. The way it works is an encrypted key is composed of a huge number that is then applied to encrypt and decrypt the data. How long the key is dictated how secure the information will be. So, in a nutshell, the more elongated the key is the better the data will end up secure. The majority of encryption algorithms used have a length between 40-128 bit or more. This is great since most internet browsers do support this key length range.
Symmetric or Asymmetric?
There exist two main categories in data encryption symmetric encryption and asymmetric encryption also referred to as public key encryption.
Symmetric encryption also referred to as single-key encryption, is the process of using only one key to decrypt and encrypt your information. Both parties, the sender and receiver use the same exact key. The most comprehensively used standard for this encryption process is the Data Encryption Standard (DES). This is a method that is broken up into 64-bit blocks and then transferred. It is then manipulated in the process of 16 encryption steps implementing a 56-bit key. It then becomes scrambled by a substitution algorithm and finally transposed for one last time. That was then, but this is now and DES has been replaced with Advanced Encryption Standard (AES) which was officially chosen by the U.S. government as the replacement and has become the most popular symmetric key algorithm. Nonetheless, there is a major dilemma with the symmetric key process. How do you transfer the key? The correct answer is, hopefully, guessed it, public key encryption. That major issue of distributing the keys in symmetric encryption is why public key encryption is preferred. Since the mere loss or leak of the symmetric key will lead to a significant problem of giving someone else the opportunity to decrypt secure messages.
Public key encryption, which is technically asymmetric key encryption is the opposite of the single key method. You have two keys, one public used to encrypt and the other one is private and is used to decrypt. So only the individual holding the private key is able to decrypt the messages. Mathematically, asymmetric relies on large prime numbers and number theory. This is the most widely known and used public key infrastructure.
The Key Roles in Asymmetric key cryptography
Public key encryption enables you to transfer and convey through any open channel with a great degree of assurance and allows you to trust the process in various ways:
- Authentication- Messages sent to you will be from the appropriate source
- Integrity- Messages will arrive unmodified
- Privacy- Messages will only be able to be read by the intended target.
Given this, we know that the scheme of cryptography is a necessity for computer systems to implement the security and privacy that users desire. The power of this process rests in the size and means applied for the protection of the cryptographic keys.
In conclusion, Cryptography provides a range of security defenses. It can support the protection of Confidentiality, Integrity, Authentication, and Non-repudiation. It is the practice of transforming plain text data into an obfuscated text that cannot be revealed by unauthorized entities. It hides data which is why it is called Cryptography, a word that from its Greek roots means “hidden writing.”
About the Author
Joe Guerra, Cybersecurity Instructor, Hallmark University. Joe Guerra is a cybersecurity/computer programming instructor at Hallmark University. He has 12 years of teaching/training experience in software and information technology development. Joe has been involved in teaching information systems security and secure software development towards industry certifications. Initially, Joe was a software developer working in Java, PHP, and Python projects. Now, he is focused on training the new generation of cyber first responders at Hallmark University.