Cryptography Part I
The core of cyber security is the CIA triad — Confidentiality, Integrity and Availability. Cryptography covers Confidentiality and Integrity, thus becoming an indispensable part of Cyber Hygiene.
Introduction to Cryptography
Cryptography (Kryptos: Hidden, Graphein: Writing) is a way of obscuring the original text in a way that an unintended individual is unable to read it.
As technical as it may seem, cryptography dates back thousands of years, deep into Kautilya’s Arthasastra where he mentions the requirement of “Secret form of writing” for spies. The first commonly known cryptography dates to Julius Caesar. This was a substitution cipher, where each letter of the alphabet was replaced by another letter. For example: A — D, B — E, and so on until it reaches X — A, Y — B, Z — C. This is called a Caesarean Cipher and is the easiest to write down as well as break down.
Terminology
Cryptology — Study of Cryptographic algorithms
Plain text — The normal message/information to be sent
Cipher Text / Cipher — The text which has been obscured by cryptography
Encryption — Converting a plain text into cipher text is called Encryption
Decryption — Converting a Cipher text back into Plain text.
Key — The primary component used to obscure the Plain text.
Crypt-analysis — Study of breaking cipher texts without the key.
How does Cryptography Work?
Suppose you, A, want to send a message to your friend in school, B. But of course, you do not want others to read it. So, you encrypt your message with a key. But then, you want your friend to be able to read it. So, you share a key with them.
Let’s begin sending. First you both meet at school and agree to a key, say “lemon”. Now you want to send messages. You begin with “hello, how are you?” This converts as such:
Thus, “Hello, how are you” has been converted into “TJYADTTJPFQDBJ”, in other words, absolute bogus. This conversion is called “Encryption”. To extract meaning out of this mess, your friend would convert it as such:
Thus, the original message is extracted back from chaotic bogus. This process of getting back the original Plain text is called “Decryption”.
Using Cryptography for Digital Communications
We might never notice, but all the above-mentioned process happens in our computers, smartphones, and all digital communication devices. Even now, as you read this article, the above process has already taken place.
When you open a website that starts with https://, our device or browser starts a TLS Handshake with the server or website. This handshake is the phase where the devices agree to a key just like you did with B. With this step, a key is installed on your browser for that website. The key is completely unique for every relationship. Whenever either the server or the client is changed, the key is changed.
You can see the key the website assigns you if you know where to look.
Open your browser, go to any website. Example: https://www.google.com. Now look for the Lock symbol on the URL.
This will open a new tab on your browser, which has numerous details regarding the certificate from the website. This certificate contains your “Public Key” as well.
Now, whenever the Website tries to send you information, it will encrypt it using the key it provided you and convert it to cipher text. The cipher text is transmitted through the network and no unintended individual can see or change the contents of the message, which is very important for us.
The information reaches us, and our computer starts decrypting the cipher text using the key shared by the website. Thus, the actual information now becomes available to us.
This is not only for browsing websites. This applies to every bit of digital communication. A monetary transaction, a text message, everything. This is also exactly what they mean when WhatsApp says, “Your messages and calls are end-to-end encrypted.”
Hey, but did you notice “Public Key” on the certificate? We’ll be talking more on that next article onwards.
