Saturday, December 22, 2018

Hybrid Cryptography

We just love to mix things up. Well, yeah and why not? When we get the best of both the worlds, we can mix anything up. Even when it is so complex in itself like cryptography. In the last article, we learned about symmetric and asymmetric cryptography. It’s time to mix them both and explain you the hybrid concept.

We need to go back and recapitulate some points before we can move forward and appreciate the hybrid concept. In the symmetric cryptography, we understood that it is quite fast, however, the challenge was sharing the key between a large number of people. Everyone is required to keep the shared key as secret, and, if this gets compromised, the distribution of the key needs to be repeated again.  What if we could find a way to quickly transfer this key amongst multiple people without the dangers of compromising it? Asymmetric key offers secure key distribution but uses a lot of resources when multiple people are involved. It’s also quite slow and mathematically intensive.

Hybrid cryptography’s recipe is very simple – Take the swiftness of symmetric key cryptography for encrypting bulk data and take the time-proven trustworthy aspect of asymmetric key cryptography for key distribution. 

How does this work then? Alice and Bob as usual wish to communicate with each other. This type, however, Alice wants to ensure that only Bob to be able to read the message and no one else. Alice encrypts her message with a secret key, so he gets an encrypted message. She has two things now – encrypted message + secret key. This secret key needs to be protected and distributed. For this distribution, Alice uses the asymmetric key cryptography. This method has two keys – public and private one. Alice will not know what is Bob’s private key, so she finds out his public key and uses that. The public key of Bob is used to encrypt the secret key so that it can be sent across. The following diagram will help you understand this in a better manner.

When the complete package is received by Bob, he uses his private key to decipher the secret key. Once he gets the secret key, he uses it to decipher the message. Here, Alice has used the asymmetric cryptography to transfer the secret key. The secret key or the symmetric key is then used to decipher the message as it is quite fast.

At this point, we need to clear some questions which may have cropped up in your mind. Why are we using 3 keys here – secret, public and private?  The secret key is the one which is used in symmetric cryptography while the public and private ones are a part of the asymmetric cryptography. The next question is – Why did Alice use Bob’s public key to encrypt the secret key? She could have used her own public key or Bob’s private key. Hold your horses, let’s analyze, both these scenarios. If she would have used her own private key, anyone with Alice’s public key would be able to get the secret key. The purpose of maintaining a secret key would have defeated. If you have been paying close attention till now, Alice can never get hold of Bob’s private as it is the private key and no one can know about it except Bob.

I know this sounds too confusing the first time, but read it, again and again, to get a hold over it. How can I let you go without answering some of the questions? Write down your answers in the comment section below:

1. If I encrypt the symmetric key with your public key, what would that help me achieve?

2. The sender’s private key is used to encrypt the symmetric key. How would that help the receiver?

3. Akshay uses his public key to encrypt a message. Is that possible?

4. Bauaa Singh uses his symmetric key to encrypt a message containing a symmetric key. Will, that work?

In the next article, we will learn about digital signatures as it is based on the concept of hybrid cryptography. 

Saturday, December 15, 2018

Symmetric and Asymmetric Cryptography

Having learned about cryptography in the previous article, it is now time to learn about the types of cryptography. You are right, nothing is complete till we understand its types and subtypes and so on. Remember, your best friends, Alice and Bob!!! They are going to help us understand the types of cryptography.

Before we go into the details, we ought to recapitulate a few terms. 

1. Plain text – Data in a readable or understandable format.
2. Ciphertext – Random and unreadable text 
3. Encryption – Process of converting plain text into cipher text.
4. Key – Sequence of random bits
5. Algorithm – Rules by which encryption and decryption will take place.

It is really important to clearly understand these terms, else, the journey ahead will be difficult. So lets us begin.

Cryptography algorithms are either symmetric algorithms, which use symmetric keys (also called secret keys), or asymmetric algorithms, which use asymmetric keys (also called public and private keys). I know, this can be confusing, if you read this the first time, however, you’ll be able to sail through if you pay close attention.

If you and I share the same password, we are using the symmetric algorithm and if we use a public and a private password, we are using the asymmetric algorithm. This is not technically correct, however, explains it in a manner that you can understand.

Symmetric Algorithm

Alice and Bob, as usual, want to communicate with each other. Alice has an old age secret recipe of pancakes which Bob has requested from Alice. Given the current scenario of data breaches happening everywhere, Alice is skeptical of sending it as such. She discusses with Bob and they both decide to use symmetric cryptography for this purpose. In a cryptosystem that uses symmetric cryptography, the sender and receiver use two instances of the same key for encryption and decryption. This means that if Alice uses the key “123@encrypt” for encrypting, Bob will also use the same key to decrypt it. Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key.

The diagram below also illustrates the same.

Clearly, in symmetric encryption, it is the secrecy of the key that plays the most important role. If 3 people wish to communicate with each other, all 3 must have the same key and most importantly, all 3 of them must keep it secret. Hence, keeping the key secret is a big task, if there are many people involved.

We had learned that cryptography helps us achieve confidentiality. Symmetric cryptography can help us achieve that, but, can it help us achieve integrity, non-repudiation or authentication? Think for a minute. What is integrity? No unauthorized modification. But if the secret key is no longer secret, you cannot be 100% sure that no modification has taken place. There is also no way to prove who sent the message if two or three people are using the same secret key.

Monday, December 3, 2018

Understanding Cryptography

“ $%^*^* Nh%&gfg  K97@#”. Well, I’m 100% sure that you did not understand what I meant to say through these words. This is what cryptography is all about. Nah, don’t think that if you are unable to read what was written, it becomes an implementation of cryptography. When you convert plain text (readable text) into something that cannot be read (deciphered) often called ciphertext, it is known as cryptography.

Why would you want to convert something which is readable into gibberish? From time immemorial, human beings have kept secrets to protect themselves and their countries. For this very reason, information must be protected and this assurance can be further provided by encrypting the data, ie. the process of converting plain text into cipher text. Remember, the three pillars of information security – CIA. Cryptography helps implement the confidentiality principle.

The formal definition is as follows:

Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is considered a science of protecting information by encoding it into an unreadable format.

Now it’s time to learn new terms :

Encryption is a method of transforming readable data, called plaintext, into a form that appears to be random and unreadable, which is called ciphertext. Plaintext is in a form that can be understood either by a person (a document) or by a computer (executable code).

Once it is transformed into ciphertext, neither human nor machine can properly process it until it is decrypted. This enables the transmission of confidential information over insecure channels without unauthorized disclosure.

The algorithm is the set of rules also known as the cipher, dictates how enciphering (encryption) and deciphering (decryption) takes place. The secret ingredient that makes this algorithm so hard to break is the KEY.

If you are confused, don’t be. We need to understand all of this through an example.

In cryptography, you need to make friends with Alice & Bob. They are the 2 most famous people in the world of cryptography. Now Alice wants to send a message to Bob. The message is “I passed my CISSP exam and Mayur helped me a lot in it”. This is what is plain text as you were able to read it. Bob, however, doesn’t want the world to know this. So Bob converts this message to “@#$% B$CG &*()&%VBNJIJJM” which is unreadable. He converts it to a ciphertext which you and I can’t read. How does he do that? He uses an algorithm and encrypts it. In order to do so, he uses a KEY, similar to a password or passcode which can change it back. It’s like using a lock and only the correct KEY combination can open the lock.

In encryption, the key (crypto variable) is a value that comprises a large sequence of random bits. Is it just any random number of bits crammed together? Not really. An algorithm contains a keyspace, which is a range of values that can be used to construct a key. When the algorithm needs to generate a new key, it uses random values from this keyspace. The larger the keyspace, the more available values can be used to represent different keys—and the more random the keys are, the harder it is for intruders to figure them out. For example, if an algorithm allows a key length of 2 bits, the keyspace for that algorithm would be 4, which indicates the total number of different keys that would be possible.

All this makes up a cryptosystem which contains all the hardware and software that is required to implement this.

In a nutshell, cryptography helps you protect your information by utilizing rules which are driven by a key.

What are your thoughts on this?