Information Security Services, Threat Assessment, Vulnerability Assessment and Penetration Testing

Cryptography - Part 1

Cryptography Part 1 - Fundamentals

Cyber hacking is on the rise. Interception of messages, important e-mails and snooping is increasingly common nowadays. Companies that are aware of cyber risk are turning to cryptography to protect their valuable data. Indeed, not only in Canada, but in other countries too, more and more companies are turning to information security providers to provide data encryption services.

What is Cryptography?
The word cryptography is a combination of two Greek words – krptyos, which means ‘hidden secrets’ and graphene which means ‘writing’. Cryptography (or cryptology) therefore means the study of secret / hidden writing. Cryptology has been practiced since ancient times for transmitting messages securely. The earliest reference to cryptography has been found in ancient Egyptian and Roman civilizations. It was an important tool to communicate messages securely then, it is an important tool today as well. In the modern era, cryptography is the science of converting data into an encrypted form so that it can be transmitted relatively safely over secure or insecure networks.

Cryptography is a fundamental information security tool and has several uses. Some of the most important uses include providing confidentiality and integrity to vital information / data. Cryptography as a science developed rapidly during World War II. Cryptanalysis and cryptology became an integral part of the war, and became increasingly mathematical. 

It is very important to differentiate between the dictionary definition of cryptography and modern cryptography. In the yesteryears, cryptography was more of an art than science. This invariably led to cracking of the encrypted message, given enough time and resources. Modern cryptography is completely based on mathematical principles, and nothing to do with art. In fact, the foundation of modern cryptography is based on principles of Algebra and even Physics (Quantum Cryptography).

A second important change is in the application of the principles of cryptography.  Till the early 1980's, cryptography was restricted to military use and secret services. However, as cyber crime is of the rise, and the threat of security breach has percolated down to the common people, cryptography has been used for the online protection of the masses. In fact, in Canada and across the globe, there is an increase in the number of companies that provide services like information security, risk management, application development and business intelligence.

 What is Cryptanalysis?

Cryptanalysis is the methods used to break cipher systems. It is used by hackers to decipher a message without having authentication key.

Cryptography Fundamentals
There are four founding stones on which cryptography is based:

Confidentiality: The whole purpose of cryptology is ensuring that the data can be deciphered only by the intended recipient. All the information security service providers worth their salt devise means and methods to ensure data confidentiality. The concept of encryption and decryption requires some extra information for encrypting and decrypting the data by means of a key. You can read more about keys here.

Data Integrity: While protecting the confidentiality of the data, it is equally important that the original communication / message has not been altered in any way when it reaches the intended recipient. The only way data integrity can be assured is when the information being transmitted is encrypted in some way or other.

Authentication: While sending encrypted messages, it is important to establish the credentials of the sender. There are two aspects to authentication - entity authentication and message authentication. Entity authentication ensures that the communication is indeed from whom it is intended to be (say - a website), and message authentication ensures that it has arrived as intended.

Non-repudiation: A mechanism to prove that the sender really sent the message. The main use of non-repudiation is in cases of disputes, where the involved entities cannot refuse or deny that the message was indeed sent.

Threat Models in Cryptography

While developing a solution for cyber security, it is important to keep the following principles in mind. Cryptography and security of information is based on these key paradigms:

1. A Precise definition of Security: Before finding a solution to security, it is important to precisely define what 'security' means. A formal definition of 'security' is therefore needed before devising a solution for securing data. One of the most accepted definition of 'security' is:

'If no one can compute any function of the plaintext from the ciphertext, it is safe to assume that the encryption scheme is secure.'

2. Precise assumptions: It is unfortunately not practical to prove the invulnerability of all the accepted cryptographic algorithms. Therefore, it is necessary to first elucidate the assumptions on which they are based.

3. Precise proof of Security: If we accept the two principles above, it is certainly possible to give proof that an algorithm will work successfully. In the past, it is seen that many cyber security schemes based on intuition have failed miserably. 

As cyber threats increase and common people too are beginning to get affected, the importance of cyber security and information security is growing. This is the main reason why there is a rise in demand for more and more information security service providers

Cryptography is an interesting topic, and one that involves lot of mathematics. We will talk more about cryptology and how it works in subsequent articles.

You may also like to read: