Cryptography is the science of encrypting (encoding) and decrypting (decoding) communications to protect them from being read by anyone other than the intended recipient during transmission or storage. Encryption means to put a message or other data into a coded form that can’t be read without the proper decryption device, such as the code, key, or password.
Cryptography is the backbone of many security controls. It is the foundation for identity and access management, the tools which govern ensuring the right people have the right access to the right information. Cryptography also is the basis of ensuring confidentiality so that critical company data is not exposed through the shared nature of the cloud. Lastly, cryptography also provides a means of assuring the integrity and authenticity of certain shared resources, such as applications, servers, and data.
Terms and Concepts of Cryptography
In modern cryptography, encryption is generally done using mathematical formulas and algorithms to scramble what is known as plaintext (the ordinary unscrambled and readable text, sometimes referred to as cleartext) into an unreadable or scrambled format called ciphertext. Any method of encrypting text or other data to make it unreadable or meaningless to all but the holder of the decryption method is called a cipher. Only those who possess a cipher can decrypt (or decipher) the message back into readable plaintext.
Ciphers use a key, more formally known as a crypto variable, that is combined in some way with the plaintext and a mathematical formula for combining the key with the text, called an algorithm. Click on the following tabs to learn more about the methods used to strengthen the algorithms used in cryptography:
Initialization vectors (IVs)
These provide randomness by introducing random values in an algorithm to prevent patterns from emerging that an attacker can exploit.
Small changes to the input in the algorithm result in major changes in the output, strengthening the algorithm.
Subkeys are used rather than whole keys to lessen the possibility of the master key being exposed.
Diffusion uses transposition to scramble values and is similar to the avalanche effect in that small input changes lead to major output/ciphertext changes.
Substitution is used to prevent a message from being recovered by an attacker.
This involves the addition of extra values or information to the plaintext message before it is to be encrypted.
Redundancies are eliminated that could reveal patterns in the plaintext before the message is encrypted.
This duplicates plaintext values.
There are two main categories of ciphers: block ciphers and stream ciphers. A block cipher breaks messages up into segments (typically 64 bits long) and encrypts each chunk using an algorithm and key or series of algorithms and keys. A stream cipher encrypts the plaintext continuously, applying a key to each bit, one at a time. Most modern ciphers are block ciphers.
Cryptography systems generally work in one of two ways: symmetric or asymmetric systems. A symmetric cryptography system relies on a single secret key in possession of both the sender and recipient to encrypt and decrypt the message. Asymmetric cryptography systems use two keys. Typically one is referred to as the private key and the other the public key. One encrypts data while only the other can decrypt it. We’ll take a closer look at symmetric and asymmetric cryptography systems and public keys later in this module.
Objectives of Cryptography
Modern cryptography has as its main goals two of the objectives of the CIA triad—confidentiality and integrity (although not availability)—as well as the additional objectives of authentication and non-repudiation:
- Confidentiality: Information and data is meaningless to all except for its intended recipients.
- Integrity: Information cannot be changed in transmission between sender and intended receiver without being detected.
- Authentication: The sender and receiver can each confirm the other’s identities as well as the origin and destination of the information or data.
- Non-repudiation: A record is created so that a sender or creator of the information cannot later deny his or her role in creating or sending the information or data.
The term cryptosystem refers to the suite of cryptographic algorithms used to implement a particular security service. Typically, a cryptosystem consists of an algorithm for key generation, for encryption, and for decryption.
The strength of a cryptosystem can be determined by an algorithm’s key space, or the set of all possible key combinations using that formula that can be used to generate a specific key. Cryptographers will generally try to ensure that the cryptosystem is strong enough to withstand known attacks. For example, a common attack on encryption is a brute force attack, where hackers try to find the key used to encrypt a message by running a program that attempts every possible combination until the key is broken or “cracked.” To defeat such an attack, cryptographers will create an algorithm with a key space long enough to make such an attack nearly impossible.
Furthermore, the randomness of a key plays a critical role in the overall security of a cryptographic system. If an attacker can discern a pattern or component to how a key is generated, it can greatly reduce the key space, which in turn reduces the time to brute-force a key.
To test your understanding of the content presented in this assignment, please click on the Question icon below. Choose your selected response
1. A cryptography method that encrypts information or data in chunks (usually 64-bit segments) is known as a ________.Choose only one answer below.
a. packet cipher
b. block cipher
Correct. A block cipher encrypts and decrypts data in 64-bit chunks, usually using a different key for each block.
c. stream cipher
d. frame cryptography
2. Encrypted text that is unreadable without first decrypting it is known as ________.Choose only one answer below.
Correct. Ciphertext is the scrambled unreadable text that can’t be read without first deciphering it.