Cryptography is a mechanism of transforming sensitive information from meaningful plain text to some garbled form called cipher text, usually used to securely transfer it over a network, thus preventing it from eavesdropping, tampering or forgery. Cryptography can also be used for storing sensitive information in database. In ancient times, Julius Caesar used cryptography to send messages to his military.
In cryptography, the information is encrypted before being sent by the sender and decrypted when the receiver receives it. Encryption is the process of transforming the information from plain text to cipher text with the help of additional data called as key. Decryption is the process of converting the cipher text back to the original information. Either same or different key is used for decrypting the information depending on the type of cryptography used.
There are two types of cryptography depending on the type of key used – symmetric cryptography and asymmetric cryptography.
Symmetric cryptography
Symmetric cryptography also called as the secret key cryptography uses same key for encrypting and decrypting messages. The key is kept as a secret and needs to be transferred securely between sender and receiver. Any unauthorized access to the key can lead to information theft as the messages can be decrypted or the messages can be forged before they reach the receiver or new messages can be sent under the false identify of the sender.
Since a message encrypted with a key cannot be decrypted by another key, symmetric cryptography provides authenticated access to the data as long as the keys are kept secret between sender and receiver. Secure exchange of keys is a drawback of symmetric cryptography.
Symmetric cryptography algorithms are faster than asymmetric cryptography algorithms and they work even faster when they are directly implemented on hardware.
Symmetric cryptography algorithms – DES, RC2, RC4, Triple DES, AES, IDEA, BlowFish, PGP, SAFER, SkipJack, Vernam cipher and SEAL
Block Ciphers
Block ciphers are symmetric ciphers which break plain text into fixed length blocks and encipher the blocks. The cipher text is of same length as that of the block. The entire block of cipher text needs to be received in order to decrypt it. Different techniques such as Electronic Codebook (ECB), Cipher Block Chaining (CBC) and Output Feedback (OFB) are used. ECB encrypts all blocks of plain text with the same key and hence is not recommended. In CBC, each plain text block is XORed with the previous cipher text block before encryption. Multiple rounds of encryption are performed in iterated block ciphers.
Stream Ciphers
Stream ciphers encrypt small group of plain text bits by XORing them with a same-length sequence of bits called as keystream.
Data Encryption Standard (DES)
This iterated block cipher based on Fiestel technique was invented by IBM in 1976. It uses 56-bit key with additional 8 parity bits. DES with CBC is widely used in legacy applications for securing financial data. There are 4 weak keys in DES and 12 semi-weak keys. The weak keys are excluded. DES is also used in Automated Teller Machines (ATM). However, it is vulnerable to brute force attacks, due to its short key, in which all the possible key combinations are tried for invasion.
DES should not be used anymore since it is considered as no longer secure. Instead use of a variant of DES called Triple DES or Advanced Encryption Standard (AES) should be preferred.
Triple DES
This provides more security than DES by applying DES three times using three different keys. The key length is 3 x 56 = 128 bits. The possible key combinations of 2128 make brute-force attacks virtually impossible.
Triple DES with 2 keys
This algorithm applies DES encryption three times by using two keys. The encryption is done by first, followed by second and again by first key. The key length is 2 x 56 = 112 bits.
Asymmetric crytography
Asymmetric cryptography also called as public key cryptography uses a pair of keys – public key and private key. A message encrypted by a public key can be decrypted only by using the matching private key. A message encrypted by a private key can be decrypted by using the matching public key.
Asymmetric cryptography is more secure than symmetric cryptography as only the public key is transferred but the private key is never transferred. However, it is very slow in comparison with symmetric cryptography as it requires more processing for encryption and decryption.
Digital Certificates
Public keys in asymmetric cryptography are distributed as a part of Digital Certificate. Along with the public key, it contains information about the user, user’s e-mail address, country, name of server, name of organization to which the user belongs and organization that issued the certificate.
Encrypting large files
Symmetric cryptography is suitable for encrypting large chunks of data such as large files. A hybrid approach of both symmetric and asymmetric cryptography is used for sending large encrypted files over a network where the file is encrypted using secret key (AES, 3DES etc.) and the secret key is encrypted using asymmetric cryptography (RSA). Thus both enciphered file and enciphered secret key is sent to the recipient.
Using RSA alone will not work as it can only encipher the bits same as the key length. To encrypt large files you’ll need to break them into multiple parts and encrypt each part, which is not a good idea as multiple packets enciphered with same key can be attacked.
Transport Layer Security (TLS) protocol
Transport Layer Security (TLS) protocol which is a successor of Server Socket Layer (SSL) and used for communication by client-server applications uses symmetric cryptography. This protocol is itself composed of two protocols – TLS Record protocol and TLS Handshake protocol. The TLS Record protocol is layered on top of reliable transport protocol such as TCP and provides a private and reliable connection. For each connection of TLS Record protocol a unique secret key is generated and negotiated with the receiver by TLS Handshake protocol. The TLS Record protocol can also be used without encryption.