Inpresent day scenario security of the system is the sole priority of any organisation. The main aim of any organisation is to protect their data from attackers. In cryptography, attacks are of two types such as Passive attacks and Active attacks.
Passive attacks are those that retrieve information from the system without affecting the system resources while active attacks are those that retrieve system information and make changes to the system resources and their operations.
For example, let us consider sender A wants to share some confidential information with receiver B and the information gets intercepted by the attacker C. Now the confidential information is in the hands of an intruder C.
Authentication:
Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the person trying to access the information. The authentication is mostly secured by using username and password. The authorized person whose identity is preregistered can prove his/her identity and can access the sensitive information. Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the content of the message is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity of the message is lost. System Integrity: System Integrity assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.Data Integrity: Data Integrity assures that information (both stored and in transmitted packets) and programs are changed only in a specified and authorized manner. 4. Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content sent through a network. In some cases the sender sends the message and later denies it. But the non-repudiation does not allow the sender to refuse the receiver.
5. Access control:
The principle of access control is determined by role management and rule management. Role management determines who should access the data while rule management determines up to what extent one can access the data. The information displayed is dependent on the person who is accessing it.
6. Availability:
The principle of availability states that the resources will be available to authorize party at all times. Information will not be useful if it is not available to be accessed. Systems should have sufficient availability of information to satisfy the user request.
Cryptography is the process of hiding or coding information so that only the person a message was intended for can read it. The art of cryptography has been used to code messages for thousands of years and continues to be used in bank cards, computer passwords, and ecommerce.
Modern cryptography techniques include algorithms and ciphers that enable the encryption and decryption of information, such as 128-bit and 256-bit encryption keys. Modern ciphers, such as the Advanced Encryption Standard (AES), are considered virtually unbreakable.
A common cryptography definition is the practice of coding information to ensure only the person that a message was written for can read and process the information. This cybersecurity practice, also known as cryptology, combines various disciplines like computer science, engineering, and mathematics to create complex codes that hide the true meaning of a message.
Cryptography can be traced all the way back to ancient Egyptian hieroglyphics but remains vital to securing communication and information in transit and preventing it from being read by untrusted parties. It uses algorithms and mathematical concepts to transform messages into difficult-to-decipher codes through techniques like cryptographic keys and digital signing to protect data privacy, credit card transactions, email, and web browsing.
Cryptography remains important to protecting data and users, ensuring confidentiality, and preventing cyber criminals from intercepting sensitive corporate information. Common uses and examples of cryptography include the following:
Individuals and organizations use cryptography on a daily basis to protect their privacy and keep their conversations and data confidential. Cryptography ensures confidentiality by encrypting sent messages using an algorithm with a key only known to the sender and recipient. A common example of this is the messaging tool WhatsApp, which encrypts conversations between people to ensure they cannot be hacked or intercepted.
Stream ciphers work on a single bit or byte at any time and constantly change the key using feedback mechanisms. A self-synchronizing stream cipher ensures the decryption process stays in sync with the encryption process by recognizing where it sits in the bit keystream. A synchronous stream cipher generates the keystream independently of the message stream and generates the same keystream function at both the sender and the receiver.
Block ciphers encrypt one block of fixed-size data at a time. It will always encrypt a plaintext data block to the same ciphertext when the same key is used. A good example of this is the Feistel cipher, which uses elements of key expansion, permutation, and substitution to create vast confusion and diffusion in the cipher.
The stages of encryption and decryption are similar if not identical, which means reversing the key reduces the code size and circuitry required for implementing the cipher in a piece of software or hardware.
RSA was the first and remains the most common PKC implementation. The algorithm is named after its MIT mathematician developers, Ronald Rivest, Adi Shamir, and Leonard Adleman, and is used in data encryption, digital signatures, and key exchanges. It uses a large number that is the result of factoring two selected prime numbers. It is impossible for an attacker to work out the prime factors, which makes RSA especially secure.
ECC is a PKC algorithm based on the use of elliptic curves in cryptography. It is designed for devices with limited computing power or memory to encrypt internet traffic. A common use of ECC is in embedded computers, smartphones, and cryptocurrency networks like bitcoin, which consumes around 10% of the storage space and bandwidth that RSA requires.
DSA is a standard that enables digital signatures to be used in message authentication. It was introduced by the National Institute of Standards and Technology (NIST) in 1991 to ensure a better method for creating digital signatures.
The Diffie-Hellman algorithm was devised in 1976 by Stanford University professor Martin Hellman and his graduate student Whitfield Diffie, who are considered to be responsible for introducing PKC as a concept. It is used for secret key exchanges and requires two people to agree on a large prime number.
Hashing is the process of taking a key and mapping it to a specific value, which is the hash or hash value. A hash function transforms a key or digital signature, then the hash value and signature are sent to the receiver, who uses the hash function to generate the hash value and compare it with the one they received in the message.
A common hash function is folding, which takes a value and divides it into several parts, adds parts, and uses the last four remaining digits as the key or hashed value. Another is digit rearrangement, which takes specific digits in the original value, reverses them, and uses the remaining number as the hash value. Examples of hash function types include Secure Hash Algorithm 1 (SHA-1), SHA-2, and SHA-3.
Keys that are overused, such as encrypting too much data on a key, become vulnerable to attacks. This is particularly the case with older ciphers and could result in data being exposed. Keys need to be rotated, renewed, and updated when appropriate.
Storing keys alongside the information they have been created to protect increases their chances of being compromised. For example, keys stored on a database or server that gets breached could also be compromised when the data is exfiltrated.
Huge cyberattacks like Meltdown/Spectre and Heartbleed have been capable of exposing cryptographic keys stored in server memory. Therefore, stored keys must be encrypted and only made available unencrypted when placed within secure, tamper-protected environments, or even kept offline.
Moving keys between systems should only occur when the key is encrypted or wrapped under an asymmetric or symmetric pre-shared transport key. If this is not possible, then the key must be split up into multiple parts that are kept separate, re-entered into the target system, then destroyed.
Insider threats are one of the most serious threats posed to any key. This is most likely to occur through a rogue employee having access to a key, then using it for malicious purposes or giving or selling it to a hacker or third party.
Resilience is vital to protecting the availability, confidentiality, and integrity of keys. Any key that suffers a fault with no backup results in the data the key protects being lost or inaccessible.
It needs to include features like full key management life cycle, strong key generation, strict policy-based controls, swift compromise detection, secure key destruction, strong user authentication, secure workflow management, and a secure audit and usage log. This will protect the organization's keys, enhance efficiency, and ensure compliance with data and privacy regulations.
Cryptography is a term used in data communication that refers to protecting the private information shared between two parties. Network Security refers to securing and protecting the network and data to ensure the confidentiality of data.
Let us understand cryptography with the help of an example. As we see in the above figure sender wants to send a "hello" message and encryption is done on the sender to convert the sender's message into an unreadable format (cipher text) using the encryption key.
3a8082e126