Primary cryptography areas

At its simplest, a cryptographic system applies complex mathematical processes to transform a human-readable input into a human-non readable output.

What is cryptography?

Cryptography is concerned with the creation of cryptograms which represent encrypted information that’s unintelligible until it’s decrypted. Cryptanalysis, on the other hand, is concerned with revealing the hidden data within cryptograms.

Now, just for the sake of history, the word cryptography is derived from the Greek word ‘kruptos’, meaning hidden. In order to make information hidden, you use a cipher – an algorithm that converts plain text into ciphertext. Ciphers have been used for thousands of years; Julius Caesar used what is now called a Caesar cipher to encrypt private messages.

Substitution ciphers like this replace every letter in a message with something else, according to a translation. However, they were relatively easy to crack, so more sophisticated cryptographic systems were introduced thereafter.

With the advent of computers, cryptography moved from hardware to software. In this step, you’ll focus on computer performance of these algorithms that operate on plain text, or cipher text, input to produce the corresponding reverse output.

Definitions

In this Learning Path, you’re going to look at four primary areas:

• Symmetric ciphers
• Hash functions and message authentication codes
• Asymmetric key ciphers
• Digital signatures

Before we jump into some examples of each, let’s have a look at some quick definitions.

Symmetric ciphers are algorithms that use keys with the same value both to encrypt data into ciphertext and decrypt the message from ciphertext back into its original form. Symmetric algorithms can be used to protect both communications traffic and files. Both the sender and the recipient have identical copies of the key, which they keep secret and don’t share with anyone.

This differs from asymmetric key ciphers, which use two keys, a public key (that anyone can access) to encrypt information, and a private key to decrypt information. Asymmetric key ciphers are used in a lot of places where security is important. For example, Bitcoin uses asymmetric encryption to make sure only the owner of a money wallet can withdraw or transfer money from it.

For a basic demo in how to send and receive secret messages using two kinds of encryption: Symmetric-Key Encryption and Public-Key Encryption, click here.

Hashing is the process of converting a given key into another value. A hash function is used to generate the new value according to a mathematic algorithm. The result of a hash function is known a hash value or simply, a hash or a ‘message digest’. Another important feature is that a hash function is one-way. This means it’s impossible to determine the original message from a hash. Hashing is commonly used in data encryption. For example, passwords can be stored in the form of their hashes so that even if a database is breached, plaintext passwords are not accessible.

Digital signatures are based on asymmetric cryptography and in a similar way are used to validate that a message is coming from an authentic source and has not changed during transit. As both processes use public and private keys, it is easy to get them confused. When encrypting, the public key is used to write the message and the private key is used to read it. With digital signatures, it’s the opposite: you use your private key to write the message (signature) and use your public key to check if it’s a message for you. Many industries use digital signatures as a security measure. For example, companies working in healthcare are legally required to protect consumer data, and, therefore, use digital signatures.

Examples of digital signatures are:

• Digital certificates issued by a certificate authority.
• Username and password authentication (in either one or two steps).
• A digitised handwritten signature.

Certificate Authority (CA)

The primary role of the Certification Authority (CA) is to digitally sign and publish the public key bound to a given user. The user submits their public key to the CA, for signing. They will also need to submit some further proof of identity, so that the CA can verify that the public key they are going to sign does in fact belong to the person that has submitted it. This is done using the CA's own private key, so that trust in the user key relies on one's trust in the validity of the CA's key. The key-to-user binding is established, depending on the level of assurance the binding has, by software or under human supervision.

The term ‘trusted third party’ or TTP, may also be used for a CA. The CA creates, signs, and publishes certificates, but just as importantly maintains a list of invalid or revoked certificates. To do this, it publishes Certificate Revocation Lists (CRL) to the world. The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. People can download these lists and verify whether any certificates they wish to use for secure communications are still valid.

What’s next?

Throughout this Learning Path, you’ll learn more about each of these areas and hear from our expert, Mark, on specific aspects of cryptography. One of the top priorities for data security is hashing. Hash functions are used for many different things. It’s time to understand how to use these functions and how your adversaries attack them.