By Gen Cralev, on 3 March 2017
Cryptography is a highly important concept within Information Security. You may not be aware of it, but we depend on cryptography on a daily basis to secure our data. Whenever you do online shopping, log in to Facebook or check your bank account balance, your information is automatically encrypted. We use encryption to ensure that if someone is able to obtain our data, they aren’t able to read it.
How does it work?
Encryption is the act of transforming information from a readable form (plaintext) into an encrypted form (ciphertext). For example, the text you are currently reading is in plaintext and is therefore unencrypted. To encrypt the text, we need to apply an algorithm or a mathematical formula that will change its content. The most well-known and simplest form of encryption is called the ‘Caesar cipher’. It is said to have been used by Julius Caesar to send secret military orders to his generals. The Caesar cipher works by shifting each letter of the plaintext by a certain number of letters. The number of letters we shift by acts as a key.
For example, if we shift each letter of the word “secret” by 3 we get a ciphertext output of “vhfuhw”. In order for the recipient to then transform the ciphertext back into plaintext, they simply apply the reverse action (shift 3 to the left). Check out this online tool that demonstrates the Caesar cipher in action: http://www.xarg.org/tools/caesar-cipher/. The Caesar cipher was sufficient to encrypt messages 20 centuries ago but it is no longer considered to be secure. Modern day encryption algorithms employ a highly complex formula to ensure that even the most powerful computer systems aren’t able to decrypt the data without the correct key.
The Caesar cipher falls under the category of symmetric cryptography. This means that the same key is used to decrypt the data as the one used to encrypt it. This poses the problem of key exchange. How do we ensure that only our intended recipient has the correct key? If we do not take sufficient precautions when providing our key to the recipient, it can easily be apprehended by a malicious third party rendering the whole process useless.
Asymmetric cryptography solves the problem of key exchange by employing two mathematically related keys – a public key and a private key. The public key is shared with everyone and is used to encrypt the data we are sending. The private key, on the other hand, is used to decrypt the data and is only known to its owner. If I want to send an encrypted email to you, I would use your public key to encrypt the message. This ensures that only you are able to decrypt the message as your private key should only be known to you.
Asymmetric cryptography also allows us to sign messages in order to prove that we are the ones that sent them and they haven’t been altered in transit. This is done by encrypting the message using our private key. If others then use our public key to decrypt the message, this proves that the message came from us and is legitimate.
These are just some of the basic concepts within cryptography but they provide all sorts of possibilities to improve security in the digital world.