Developing Secure Technology – What is Cryptography, Encryption/Decryption?

What Are Cryptography and Encryption? Like most people, you probably have at least a loose understanding of what cryptography is. However, now that you’re reading this article, I’m going to venture a guess and say it’s already more than an elementary-level understanding. Otherwise, you wouldn’t need to know anything more about it.

Cryptography and encryption are important aspects that keep your online transactions safe and secure. When sending a message, Encryption hides it. So that no other individual apart from the receiver is able to understand it. Decryption is the process of retrieving the original message from an encrypted message. This article will help you understand several concepts regarding cryptography and encryption/decryption.

What is Cryptography?

Cryptography is the craft of constructing and breaking codes. If given enough time and computing power, we can break any code. But if you do not know the way long it’ll desire to break a code, you do not know when to allow up. And if your enemy doesn’t know either, he may keep trying until it’s too late. Someone is often reading his messages while it is getting uncoded. This can be why cryptography is a vital part of many security systems. It makes it possible to transmit information securely. In other words, only the intended recipient is aware of it.

Within the case of computer networks and telephones, cryptography also detects altered or intercepted information. It is a science of keeping secrets. If a key encrypts a message, then someone who possesses the key can read the message. The goal of cryptography is to stay messages secret from those for whom they’re not intended, even when those people can see every detail of the messages. The world is using Cryptography for thousands of years; Julius Caesar used it to stay his military plans secret.

A cipher could be a combination of two things: a technique to convert plaintext into ciphertext (Encryption) and an inverse method to convert ciphertext back to plaintext (Decryption). This transformation hides the meaning of a message so that only someone with access to a secret key can read it.

Four Fundamental Principles of Cryptography:

Let’s see what are the fundamental principles on which cryptography lies –

1. Confidentiality – Cryptography is the science of secret writing. First principle is, all information is available to only those who should know it.
2. Integrity – A second principle is to assure that the information has not been modified or tampered with since it was created or sent.
3. Authenticity – A third principle is to verify that the sender of a message was indeed who he claimed to be and never someone else pretending to be him.
4. Non-repudiation – Finally, a fourth principle is to minimize the chances of an attacker being able to repudiate having sent a message if he was caught and challenged later on.

Unfortunately, in practice, these fundamental principles are at odds with each other, as one must choose between them when designing a system. Confidentiality guarantees integrity, but not vice versa

SSL / TLS – Hypertext Transfer Protocol Secure and Transport Layer Security

When you send a credit card number online, the browser encrypts it before it leaves your computer. This ensures that only the intended recipient can read it. Here, we have two cryptographic keys – a public key, shared freely. And a private key, which never leaves the owner. It decrypts the message received. The safety and integrity of e-commerce depend on this process. If anyone could read or change a message sent between buyer and seller, no one would trust that purchases were secure and no one would buy anything online.

SSL and TLS are cryptographic protocols. They can encrypt network connections to prevent eavesdropping (for example, by malicious hackers) or decrypt data that they had intercepted. SSL or TLS sessions negotiate the Cipher suites. This is called the handshake phase, and not to be confused with the key exchange or encryption process itself, it occurs at the beginning of any SSL or TLS connection and is done in plaintext.

Use SSL

The good news is that there are some simple things you can do right now that can add security and privacy to your website’s visitors.

The first step is to use SSL (Secure Sockets Layer) encryption on all websites that require sensitive information like credit card numbers or personal information. SSL encrypts communications between the user’s web browser and the server hosting the web pages. It prevents “man in the middle” attacks.

SSL provides a padlock icon on web browsers to indicate that encrypts the communication. It uses a secure protocol. This is the best way for users to recognize if their communications are secure. It also protects against a hacker seeing what sites you have been visiting with your browser history and it protects against modification of any data transmitted between your browser and the server hosting your web page.

SSH (Secure Shell)

SSH (Secure Shell) is a way of connecting to a computer from another computer. It is a little like telnet, but with encryption. Linux and Unix computers, but also Windows use ssh. The best news is that it’s available on any platform and it’s free! To use SSH all you need is:

1. A SSH client program (ssh). This is a program on your local computer that runs commands on a remote machine. On most Linux and Unix systems, this means installing the openssh-server package with your system’s built-in package manager, or downloading it and compiling it yourself. On Windows, there are several available programs; I use PuTTY.
2. An SSH server program (sshd) running on the remote machine. This program listens for connections from clients on the network and executes commands sent by the clients.

The key difference between SSH and Telnet is that SSH encrypts all communication between client and server, thus making it impossible to snoop packets and steal passwords or other sensitive information.

What is Encryption / Decryption ?

The word encryption is derived from the Greek word “Kryptos” that means hidden. The act of transforming information using an algorithm so that it is unreadable to anyone except those possessing special knowledge usually referred to as a key, is defined as encryption. In this context, the term “encryption algorithm” refers to any method used for encryption.

Encryption helps keep information private. It’s useful for everyone from journalists to government officials, business leaders, and regular folks too. It helps protect your data from hackers and identity thieves. If someone gets access to your backups or cloud storage, or someone steals your computer, Encryption can protect your data.

The purpose of encryption is to protect information from unauthorized access, while still allowing authorized parties access to it. Encryption works by scrambling data in such a way that only someone with the correct key can decrypt and read it. You can send a message or an encrypted file over an insecure medium like the Internet or radio waves, without fear. No one can intercept and even if they do they can’t read it.

Types of Encryption

The two main types of Encryption are Symmetric encryption and Asymmetric encryption.

Symmetric Encryption:

The simplest, oldest, and most important type of encryption is symmetric encryption. Here, the sender and the receiver share a secret key that encrypts and decrypts the message. The main idea is that you will have a secret key with your friends, and no one else.
Symmetric encryption is a synonym of a secret key or private key encryption. Public-key encryption is also called asymmetric encryption.
Symmetric encryption has three advantages:

1) It is fast.

2) It is easy to implement securely.

3) It is easy to use.

It has one disadvantage: it requires both parties to have a shared secret key. For this reason, often organizations sharing secret keys use it. But for people who want privacy from the whole world, or for use in public forums (email or Usenet or the World Wide Web), it’s no good. (Of course, if you are using an electronic dead drop, you can use symmetric encryption between you and your drop.)

Below are some common Symmetric Encryption Algorithms –

• AES Encryption or Advanced Encryption System
• Blowfish and TwoFish
• 3DES or Triple Data Encryption Standard

Asymmetric Encryption:

Asymmetric encryption is a system that allows two people to communicate securely even if they’ve never met or don’t trust one another. In 1976, two mathematicians, Whitfield Diffie and Martin Hellman invented public-key cryptography, and its invention launched the modern era of cryptography. It is based on the idea of a key pair. One public key encrypts messages for the holder of the other private key. The private key decrypts messages that the public one has encrypted. And vice versa.

A typical example of an asymmetric algorithm is RSA. Its creators: Rivest, Shamir, and Adleman inspired the name. If you encrypt a message with RSA and send it to me, I can’t decrypt it — because I don’t have your secret key. But I can compare it with the original version and prove it is the same.

The most interesting thing about asymmetric encryption is that if you have an algorithm for doing it, you can use the same algorithm for public-key cryptography — for proving things without exposing secrets — without any change at all.

Below are some common Asymmetric Encryption Algorithms –

• RSA or Rivest–Shamir–Adleman
• ECC or Elliptic Curve Cryptography

SSL vs TLS vs SSH

Here we are talking about the difference between SSH, TLS, and SSL. All of these are cryptographic protocols and most of the time the beginners confuse between these protocols.

TLS or SSL are the names of the protocol which is used to secure the data that is sent over the network.

Let’s say that you’re sitting on a shopping website and you’re going to pay by credit card, the credit card information which you’re going to send over the network is going to be insecure. So anyone sitting between you and the server they can intercept and they can look at the data that you are sending.

By using SSL or TLS you encrypt the data that you’re sending over the network. so no one sitting between you or the server will be able to understand what you’re sending over the network. We use SSL or TLS with any network protocol. Such as HTTP, so we get HTTPS or FTP we get FTPS for SMTP we get SMTPS, and so on.

History of SSL / TLS

Now you might be wondering why do we have two different names for the same protocol. The names TLS and SSL are mostly used interchangeably but SSL was the first version of the secure protocol that was never released mainly because of security concerns.
The first official release was SSL 2.0 which was released in 1995. Then in 1996 we got SSL 3.0 and then in 1999 SSL was renamed and we got TLS1.0. Later in 2006, we got TLS 1.1. In 2008 we got TLS 1.2 and the most recent version is TLS 1.3 which was released in 2018.

Everything before TLS 1.2 has been deprecated mainly because of security flaws. So this is what, the SSL and TLS are the protocols that are used to secure the data sent over the network and TLS is the current version of this protocol, and SSL was the older name of the same protocol.

SSH Demo

Next, we have SSH which is a protocol to run the commands on the remote servers in a secure manner.
Let’s say that we have a remote server and from our local computer we need to check uptime on the server. To achieve that we establish a connection from our local computer to the remote server.
We use the ssh command. so for example we will run a command like this –

~$ssh devopspod@prod-sever
~$uptime
10:23:56 up 15 min,  1 user,  load average: 0.00, 0.03, 0.07

It will establish a connection to the remote server and then we will write our command on our local computer. It is going to send this command from our local computer to the remote server. The remote server will run this command and send us back the results. The local terminal then shows the results.

So this is what SSH is, a way to establish a secure connection to the remote servers and securely run the commands.

Takeaway

I hope that this guide has informed you about the fundamentals of cryptography and encryption/decryption, SSL, TLS, and SSH including how they work and how they are used. However, almost as many questions can follow from this information as there were to start with, so I would strongly encourage you to research more of the topic on your own. Cryptography is a fascinating and mysterious subject that is at once simple and complicated, but never dull. It’s worth pursuing further. 

If you have any questions or comments, feel free to leave them in the comments section below. For more posts, visit Devops Pod.