WHAT IS ENCRYPTION?
Encryption is the process of using an algorithm called a cipher to make information incomprehensible to those who are not supposed to see it. Encryption is one of the best ways to improve the confidentiality of data. For example: Imagine there are two people named Bob and Marsha. Bob and Marsha need to exchange an important message, but they must keep it secret from a third person named Alex.
To keep the contents of the message hidden from Alex, Bob converts the plaintext “The documents are hidden at 1406 Downing St.” into the ciphertext “Aol kvjbtluaz hyl opkklu ha 1406 Kvdupun Za.”
To read an encrypted message, a key is needed to decrypt the ciphertext back into plaintext. In this case, the key is a shift of each letter by 7 positions in the alphabet (go from T seven paces to A; go from H seven paces to O; go from E seven paces to L, etc). Bob and Marsha’s secret message stays secret as long as Alex is unable to figure out the key, but since this example uses a Caesar Cipher, it is easy for Alex to solve the secret meaning of the message.
CLASSIC CRYPTOGRAPHY: THE CAESAR CIPHER
The Caesar Cipher is one of the most well-known ciphers used in cryptography (the art of secure communication). The Caesar Cipher supposedly evolved in ancient Rome, where Julius Caesar himself used encryption to conceal important military messages from his enemies. The traditional Caesar Cipher uses a shift of each letter of the alphabet by 3 paces. Any number of position-shifts could be chosen from a shift of 1 letter in the alphabet to 25, but the cipher is easy to break because any adversary can try all 25 possible shift values to decrypt information.
THE ONE-TIME PAD
Advancements in modern encryption have made it much more difficult to decrypt data. An example of a secure cipher in modern use (dating from WW2) is the one-time pad. The one-time pad uses a random key that is the same length as the plaintext. The two inputs of the plaintext (P) and the randomly generated key (K) are XOR’d (exclusive OR’d) to get a cipher output. This process is represented in the equation below, where XOR is represented by a circle with a plus sign in the middle.
C = P ⊕ K
A one-time pad is more difficult to break because the key used to encrypt and decrypt a message is only used once (hence the name, “one-time pad”). However, the one-time pad is impractical, not only because each key for all messages is different, but also because how the key may be ridiculously long to match a plaintext. Imagine if you had to encrypt a message that was 1,000 characters. You would then need a 1,000 character-long key!
SEMANTIC SECURITY & RANDOMIZATION
Semantic security and randomization are two main principles that have improved the use and practice of easier encryption. Semantic security is the principle that a ciphertext should never reveal any information about a plaintext message as long as the key to decrypt and encrypt is kept secret. Randomization helps to achieve semantic security by randomizing the entire encryption process. When all features are randomized, or when the concept of entropy is present, it is much more difficult for an attacker to compromise data.
When randomizing a plaintext message, different ciphertexts are generated to ensure higher security. If an attacker were to get a hold of the plaintext, he would still be unable to figure out the key because different ciphertexts were used to encrypt the message. Therefore, semantic security and randomization go hand in hand. In order to protect the key, randomization is used at all points.
ASYMMETRIC ENCRYPTION
So far, only symmetric encryption has been reviewed, where only one key is used to encrypt and decrypt data. However, asymmetric encryption is an even more secure form of encryption. Instead of using one key, there are two keys used; one key to encrypt and one key to decrypt data. A public key is used to encrypt data and a private key unknown to the public (that must be kept secret at all costs) is used to decrypt data. Asymmetric encryption is more secure because it is harder for attackers to back-track through the cipher-process. An attacker may be able to encrypt their own ciphertexts since they have the public key (K1) but they are unable to decrypt a ciphertext because there is no access to the private key (K2).
PROBABILITY & BRUTE-FORCE ATTACKS
All foundations of cryptography depend on probability. In a basic sense, probability is the measure of certainty and uncertainty that an event will occur. In cryptography, the probability that a cipher can be broken is always trying to be decreased. It is impossible to create a cipher that is impregnable, for any cipher can be broken with a brute-force attack. A brute-force attack consists of an attacker using every single combination of a key or password to try and break a cipher. A brute-force attack is time-consuming and impractical to attempt, but eventually, by the rules of probability, any cipher can be broken using this attack.
CONCLUSION
Cryptography is often thought of as being too difficult to learn by infosec professionals and students alike. However, cryptography is a very in-demand and rewarding field of cybersecurity. The skills of critical thinking and solving challenges -essential to cryptographic talent- can be learned by any individual. As technology advances and the need to protect data becomes more apparent, cryptography is being applied to everything in modern use. Almost everything now is encrypted (or should be). The most well known applications of encryption are found in financial payment systems such as Bitcoin, ATMs, and mobile banking transactions.
There is also encryption in email and messaging apps, data storage, social media, etc. In any sense, if you enjoy solving puzzles or critical thinking, it is highly suggested that you give cryptography a try! It can be fun even when the problems are difficult! Below are a few links to cryptographic challenges that are great for training code-breaking brains. Enjoy!
SOURCES
“Serious Cryptography ‘A Practical Introduction to Modern Encryption’” by Jean-Philippe Aumasson. Buy at nostarch.com
CRYPTOGRAPHY LINKS
Cryptograms at razzlepuzzles.com
Caesar Ciphers at braingle.com
XOR Ciphers at www.dcode.fr
Comments