What is cryptography?
In recent years, cyber attacks on public and private organisations have grown exponentially. These attacks come from multiple sources such as organised crime, industrial espionage... which seek to gain monetary rewards for the information they obtain or damage the trust of clients and citizens by revealing confidential information. Cryptography is a security measure to prevent the disclosure of sensitive information making it unintelligible to unauthorised persons.
What is it?
Cryptography is a method of storing and transmitting data so that only those who are authorised to do so can read and process it. It's considered an information security science, coding the information in a non-readable format. It is an effective way to protect sensitive information for its storage and transmission over public networks.
What is cryptography used for in IT?
The main objective of cryptography, and the mechanism that makes it possible, is hiding information from unauthorised individuals. However, with enough time, resources and motivation, hackers are able to attack and break many cryptosystems and decode the encrypted information. Therefore the most realistic objective of this science is to hinder the activity of the attackers, increasing the work and time needed to break the system.
- Confidentiality: the information is only intelligible to authorised persons.
- Integrity: the information can only be modified by authorised persons.
- Authentication: verifies the identity of the person or system creating the information.
- Authorisation: the authorised individual who holds the key is the one who has access to the information.
- Non-repudiation of information: the sender of the information cannot deny that they sent the message in question.
Cryptography: key concepts
- Plain text: the data in normal format.
- Encrypted text: the data transformed into an unintelligible format.
- Algorithm or encryption: set of rules for encrypting and decrypting information. The main encryption/decryption algorithms are known, what is not known are the encryption keys.
- Key: is a set or sequence of random bits with which information is encrypted.
- Cryptosystem strength: depends on the algorithm, the confidentiality of the key(s), the length of the key(s), the initialisation vectors, and various system parameters. It refers to how difficult it is for an attacker to break the algorithm or decipher the information.
- Symmetrical encryption: the information is encrypted using a key that is the same as the one used to decrypt it. It is a faster algorithm than the asymmetric one and less expensive computationally. The larger the size of the key, the more expensive it is to break, but it requires both ends of the communication to know the key, which is a weakness.
- Asymmetric or public key encryption: different keys are used, one public and one private. Both keys are mathematically related. For example, if we encrypt data with our private key and send it to a recipient, the recipient must have a copy of our public key in order to decrypt it. It is a more computationally expensive algorithm, although it does not have the weakness of both ends of the communication having the same key.
- Hybrid cryptography: is a type of encryption that uses both symmetric and asymmetric encryption. Asymmetric encryption is used to share the key required for symmetric encryption. The PGP encryption programme uses this type of cryptography.
- Quantum cryptography: is based on the principles of quantum mechanics for the encryption of information. It provides the two ends of the communication, making use of lasers to emit into the photon (which is the constituent particle of light), with the necessary information to share a random secret key that only the ends know. It is able to detect the presence of intruders during key generation.
There are therefore various elements and types of cryptography that are understood as the techniques that allows a message to be encrypted to make it unreadable to anyone who does not know the encryption system.