Making Sense of Cryptography as a Part of Cybersecurity

#SimplifyTheTech

Cybersecurity is not a novel concept in Compute Science rather it has become a buzz across various fields. Cryptography is considered the backbone of the cybersecurity system. Hence, as a Computer Science student, you are entitled to know the same. Cryptography is a subject, either a compulsory or an elective for Computer Science-related streams. 

For common people, you are introduced to how messages are sent across the internet securely and the basic working of encryption and decryption. Hence this article is aimed at catering to both audiences. Undoubtedly, there are limitations on quantity and the depth of the topics. Even though I have tried my best to make it comprehensive, I advise people to use this as an introductory piece and move beyond if you want to learn them in depth. 

What is Cryptography? 

It is the art of using numbers and letters to form codes and puzzles to trick people or hide something. In the context of Computer Science, a method of securing communication from various threats. 

The basic idea of a Security System 

A Security System in Computer Science refers to a system that protects the data which is sent over a communication channel and protects it from third parties. 

Important Pillars of a Security System 

A given security system should have to include three important concepts. They are as follows. An easy way to remember them is CIA. 

Confidentiality 

A system should keep data confidential from unauthorised access. For eg., your credit card details should be known only to you and your bank. 

Integrity

The data, when sent across a medium, shouldn't be changed or modified. E.g. your text message shouldn't change from what the sender has sent.

Availability 

The service you are entitled to should always be accessible and available to you if you're a valid user. Eg. you shouldn't be denied to use your Gmail account if your credentials are correct. 

What is Cryptography? 

Cryptography is a mathematical technique used in Cyberworld to transmit secretive messages in a format that is different from the original text and is not understandable to ordinary human beings, and is hard to decode. It utilises mathematical algorithms for secure transmission. 

A basic cipher model 

Cipher here refers to a protected or secure message. This is achieved through the process of securing the message. The communication between both sender and receiver is made secure using cryptographic algorithms through the Cipher model. It is one of the simplest models and is highly effective. 

Components of a Cipher Model 

Plaintext (X)- Refers to messages or text that has to be sent across the network. 

Key(K)- Refers to the key that is used to Encrypt or decrypt the message. 

Cipher Text(Y)- An Encrypted, Safe, and Secure message. 

Algorithm E or D- The method which will be used for encryption and decryption. 

Encryption

A process in which plain text is converted to cipher text. Encryption is done using a key. Plain text can easily be understood by humans, while cipher text is harder to understand. Mathematically, 

Y= E(X,K)

Decryption 

A process in which a cipher text is converted to plain text. Decryption is done using a key. Mathematically,

X= E(Y,K)

In short

Each and every message that you generally sent over the internet (in an encrypted channel) undergoes encryption at the sender's end and gets decrypted at the receiver's end. Hence no one else can read the same. Whatsapp is end-to-end encrypted. The mail you send over the internet is also encrypted.

Types of Keys

The two broad types of Keys are Public and Private. Public Keys are those which are accessible to the public as well, while Private keys are known only to those who are authorised to do so. 

Two Types of Attacks

Cryptanalysis stands for attacks that check for the type of cryptography and tries the right combinations to obtain the correct key to decrypt the cipher text. 

Brute Force Attacks- Stands for attacks where attackers use brute force ie. check for each and every possible key combination for decryption.

Number Theory  

It is a branch of Mathematics that deals with the study of integers and integer-valued functions. This is very important as far as Cryptography and Network security is concerned. Number Theory is the foundation for various computer science applications and is notably a prime pillar of Cryptography. 

Types of Cryptography 

There are multiple types of Cryptography based on the types of Keys and Algorithms we use. 

Based on the Keys used, Cryptography can be divided as the following-

Symmetric Key 

Uses only a single key for both Encryption and Decryption. The mathematical formula will stay the same as above. It is faster than Asymmetric Key Encryption. 

Asymmetric Key

Uses two different keys for Encryption and Decryption. The two types of They are Public and Private keys. The public key would be known to both sender and receiver. The private key would be restricted. Hence, unlike the cases we discussed above, both will have two different functions. 

Encryption C = f (Kpublic, P) ; Decryption P = g (Kprivate, C)

RSA Key Sharing Algorithm

Encryption and Decryption can only work if the key is not accessible to anyone else. Hence the key has to be shared between both sender and receiver in the most secure and secretive way possible.

RSA is a very secure method used for key exchange between two parties. The public key is published, and the private key is kept by the owner. RSA stands for Rivest-Shamir-Adleman. It is widely used in DES Algorithm. 

The public key is used for decryption, while the private key is used for encryption at the sender's end. It is exactly reversed at the receiver's end. In short, anyone can encrypt a message, but only the private key holder can decrypt it. 

The Digital Signature scheme uses RSA for signing and verifying a message. 

Advantages

• It uses Public Key encryption
• No restrictions on Key Size

Disadvantages 

• Large memory space
• Longer computation time
• Complexity 

Key Generation 

Keys are generally large mathematical numbers having a large number of digits. Larger the number, it is harder to crack. Any number can be written as a product of two prime numbers. n = p × q and As per Euler's Totient Function, φ = (p − 1) ×(q − 1). This number calculated will be used in key generation.

Choose two large prime numbers, p!=q, and randomly and independent of each other. 

1. Compute n=pq
2. Compute φ(n) = (p − 1) ×(q − 1)
3. Choose an integer e such that 1<e<φ(n), which is coprime. 
4. Compute de eq 1 (mod φ(n))
5. For Encryption- C = P^e mod n 
6. For Decryption- P = C^d mod n

Advantages 

• Public Key Encryption 
• Strong algorithm 

Disadvantages 

• Requires large memory space
• High computational time
• Complex Key generation process 

Elliptical Curve Cryptography

It is a public key encryption technique which can be used for key exchange. It is based on the elliptical curve theory. ECC is used as an alternative to RSA. The elliptical curve satisfies the given mathematical formula. Any two points A and B on the elliptical curve will satisfy (A,B) = A+B+C' where C cuts the secant to the curve A and B and C is symmetric of C.

Types of Cryptographic Techniques 

Substitution Techniques

A method where plain text is substituted with another, like digits and alphabets being replaced with each other. 

Transposition Techniques

A transposition cipher does not substitute one symbol for another; instead, it changes the placement of the symbols. There is a reordering of letters happening.

Various Substitution Techniques

There are two broad Substitution techniques, Monoalphabetic and Polyalphabetic Cipher. 

In monoalphabetic cipher one letter is assigned only one substitution, while in polyalphabetic cipher- the same letter can have multiple substitutions, so it hides the frequency aspect. 

Types of Monoalphabetic Cipher 

Additive Cipher

A given number is added to the alphabet and then a new number is obtained, which is changed to the corresponding alphabet. 

C=(P+K)mod26; P=(C-K)mod26

Eg- A-0,B-1….. So, ABC will be added with 1; hence we obtain BCD. 

Multiplicative Cipher

A given number is added to the alphabet and then a new number is obtained, which is changed to the corresponding alphabet. 

C=(P*K)mod26; P=(C/K)mod26

Affine Cipher 

Uses a combination of both Multiplicative and Additive ciphers to give a much more secure cipher text but due to more number of steps, it would be slower. 

Types of Polyalphabetic Cipher

Caesar Cipher

The alphabets are directly shifted by k letters, similar to the additive cipher. 

Ck=(Pk+K)mod26;P=(Ck-K)mod26

Vigener Cipher 

It uses a table of alphabets to substitute the same letters with another set of letters. 

Playfair Cipher 

Here, a letter is chosen from a 5x5 table to accommodate 26 alphabets with one column having two alphabets. There are specific rules to choose the same. 

Hill Cipher 

Here, a Matrix used as a key to substitute letters using basic Linear algebra used. 

C=PxK mod 26

P=K^-1xC mod 26

Vernam Cipher 

Each alphabet has its own key, which will be used for encryption. The alphabets are converted to binary and performed XOR operation. 

Types of Ciphers

Stream cipher 

It is an encryption algorithm that encrypts one bit at a time or a data stream. 

Block cipher 

It is an encryption algorithm that encrypts one block of text at a time. Generally, a block is kept as 64–128 bits. 

Types of Block Cipher Encryptions

There are various types of Cryptographic algorithms which are widely used for encryption and decryption.

American Encryption Standard (AES) 

It is the strongest encryption in the world and is being used by the American Military. It has proven to be much faster than other forms of encryption. It was developed by NIST in December 2001. It is available in 128, 192, and 256-bit keys. Both input and output remain to be 128-bit blocks. 

The number of rounds varies depending on the key used. For each round different mathematical functions are used like XOR and shift. 

For encryption, each round comprises the following steps

1. Substitution bytes
2. Shift rows
3. Mix columns
4. Add round key

For decryption, each round comprises the following steps

1. Inverse shift rows
2. Inverse substitution bytes
3. Add round key
4. Inverse mix columns

In the end, you will get an SBOX table each which will be used for both encryption and decryption. For breaking AES, you need a 2^256 combination of keys to crack the algorithm, which will take billion years.

Data Encryption Standard (DES)

DES has proven to be an effective way to protect data. It is a popularly used encryption technique that takes 64-bit input and generates 64-bit output. The key used for the same is 56-bit, of which 48-bit is used for encryption while 8 bits are parity bits. 

The entire process happens in 16 rounds. So each step means one round. The process of encryption and exchange of bits happens for each round and it will continue 16 times. The operation done here is XOR. Matrices and determinants are also used for key generation. 

Triple DES is another algorithm which is a modification of DES, where it repeatedly uses it. 

IDEA (International Data Encryption Algorithm)

It is a secure block encryption technique that takes 64-bit input and generates 64-bit output but uses a 128-bit key. Like DES it happens in 8 rounds with two shifts each and one extra round of final output. Addition, multiplication and XOR are the operations used here. The 128-bit key is divided into 8 blocks of 16 bits each. Over 52 keys are used for encryption and decryption. 

IDEA is popularly used in day-to-day internet and other communication applications. The operations carried out in every round include multiplication modulo, addition modulo, and XOR. 

Hash functions

It is a function that takes in a message and produces a hash value. In short, it is a mathematical function which is secure for transmitted messages like transactions. It is designed to be non-invertible for high security.

H(M)=h

M1 and M2 are two messages and calculating M1 and M2

from h1 and h2 is computationally impossible.

SHA-1 (Secure Hash Algorithm 1)

It is an improvement on SHA-0 developed by the US National Security Agency in 1995. It produces a 160-bit output. It is similar to Feistal Block Cipher. During the process, the messages are divided into 512-bit chunks. It consists of 80 rounds that are divided into four rounds of 20 each. 

RC4

It is an internet-based encryption invented by Ron Rivest to protect the RSA algorithm. It is used in HTTP, SSL, TLS etc. It is primarily used for internet and web security as part of networking protocols. It is a stream cipher which takes a byte of plaintext and gives out 8 bytes of output. The operation used here is XOR. A table is created from where the values will be selected. 

The strength of the RC4 Algorithm 

• The table increases complexity making it hard to decrypt.
• Faster than DES.

Limitations of the RC4 Algorithm

• An outdated system, not widely used as before. 
• Vulnerable to cryptanalysis
• A key can be used only once. 

Euclid Algorithm 

It is a technique in number theory to calculate the Greatest Common Divisor of two numbers. This has widespread applications in Cryptography and beyond. 

Diffie Hellman Key Exchange Algorithm

A very important Key Exchange Algorithm was designed by Whitefield Diffie and Martin Hellman. 

Steps of the protocol 

1. Choose a random integer x by A
2. A computes R1 = g^x mod p and sends it to B
3. Choose a random integer y by B
4. B computes R2=g^y mod p and sends it to A
5. A computes K = R1^y mod p
6. B computes K=R2^x mod p
7. Now both A and B have the Key K for communicating with each other. 
8. K = (g^x mod p)^y mod p = (g^y mod p)^x mod p = g^xy mod p
9. Once K is obtained, secure communication is established. 

Authentication 

The process of verifying a user or user's identity is known as authentication. There are multiple ways to perform authentication. 

Need for Authentication 

1. Avoid disclosure of content to non-users
2. Free flow of traffic 
3. Prevent fraudulent activity
4. The integrity of the content
5. Avoid Denial of Service  

Types of Authentication

Password-based Authentication

It is a direct method of performing authentication by matching the user's password. Over time this has become weaker and outdated. It still doesn't prevent fraudulent authentication. 

Token-based Authentication

Utilises character tokens to authenticate users. Also, the random sequence enhances security. A combination of more than one type of authentication is used here.

Biometrics-based Authentication

Here any of your personal physical attributes are used for authentication. Your face, fingerprint, eyes etc. can be used for this. This is widely getting acceptance across the domain. 

Message Authentication Code 

It is a symmetric key cryptographic technique to provide message authentication. It utilises a hash function in addition to a secret key and a checksum. 

MAC=C(K,M)

Digital Signature 

It is an electronic signature that can be used to prove your identity online. The Digital signature like your normal signature is unique as is hard to be forged. 

Working of Digital Signature

Digital Signature utilises public key cryptography. The user will be provided with a message file which can only be signed by the user's Private key. The receiver uses the public key to access the same. The hash function gives a 128-bit result. 

Advantages of Digital Signature

• Prevention of Imposter 
• Message Integrity
• Legally binding

Disadvantages of Digital Signature

• Lack of Timestamp
• Non-Repudiation 

Applications

1. Emails 
2. Legal documents
3. Electronic Fund Transfer (EFT)
4. Software distribution

Certificates 

A Digital Certificate is an electronic file that is used to prove the identity of a user, website or institution. It is issued by Certification Authority (CA).

Note

Cryptography as a field is extremely dynamic. Most of the algorithms which we use today and that we claim to be secure might be broken or get outdated. Hence, keeping yourself updated and trying to adopt them is the best way forward. Also, make sure that you help others around you get updated as well.

Cryptography from an exam point of view

This is an important subject if you are giving exams. You only need basic mathematics and basic computers to understand this subject. I would rate this subject moderate to tough.

Overall this is a theoretical subject; the scope for numerical is there for number theory questions. Problems with various ciphers and encrypting them will surely be asked. Questions will be explanatory and essay-type. Drawing diagrams, block diagrams and pictorial representation is essential for this paper.

References

Origin of Cryptography(n.d.) https://www.tutorialspoint.com/cryptography/origin_of_cryptography.htm

Sullivan, N. (2022, March 9). A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography. The Cloudflare Blog. https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

What is a Digital Certificate and Why are Digital Certificates Important? | DigiCert FAQ. (n.d.). https://www.digicert.com/support/resources/faq/trust-and-pki/what-is-a-digital-certificate-and-why-are-digital-certificates-important

Techopedia. (2015, August 10). What is the Secure Hash Algorithm 1 (SHA-1)? - Definition from Techopedia. https://www.techopedia.com/definition/30570/secure-hash-algorithm-1-sha-1

Extra reading and references

Geeks for Geeks, Tutorials Point, Java Point, Technopedia, KTU Students

Also Read

----

If you enjoy my content and find it informative, do support me at Buy Me a Coffee. My membership is only $1 per month, which means a lot to me and helps me present the best of the article. If you're financially capable and willing to support me, please consider taking my membership, means a lot.

I have started a Telegram Channel which will contain the record of all my articles. Follow my blog for behind-the-scenes and informative content. Do join my medium mailing list.

----