Importance of Cryptography in IT Security
Most of us communicate and exchange data on the internet without giving much thought to security. We leave behind digital footprints across the internet space even when we communicate private information with one another.
This paves the need for cryptography for protecting such confidential information so that no intruder can get hold of them. So what is cryptography?
In simple terms, cryptography provides keys and digital codes to help ensure that the data is sent from a legitimate sender and the receiver receives the exact same without being tampered with.
Most of you would have come across the terms encryption and decryption in the past. These are very important parts of cryptography.
In this post, we will understand everything to know about cryptography, right from its working to practical applications.
Table of Contents
- What is cryptography?
- What problem does cryptography solve?
- Types of cryptography
What is Cryptography?
Cryptography is the process of hiding sensitive data through the use of keys and codes. This practice takes the aid of complex mathematical calculations and multiple rules called algorithms to make the data hard to decipher.
These algorithms have several purposes, including common ones like cryptographic key generation during web browsing on the internet or while storing confidential information like credit card details. When people engage in transactions on the internet, the role of cryptography kicks in automatically.
Cryptography involves two processes - encryption and decryption. Encryption is the conversion of data sent by the sender to an unreadable format. The encrypted data is usually composed of codes so that a third person cannot access or understand it. Decryption is the conversion of the encrypted text to the original text sent by the sender to make it readable to the receiver.
Also, when encrypting and decrypting data, it is important to know which algorithm to use. For instance, SHA, MD5, and RC4 are weak ciphers that can be used for encrypting and decrypting less sensitive information. But for sensitive details such as credit card numbers, using algorithms like AES 256 is recommended.
What problem does cryptography solve?
Web applications have several endpoints, clients, dependencies, networks, and servers. To make these applications work, the physical systems need to make multiple requests across multiple networks that are often unprotected and open. Communications that take place in open and public networks are often the targets of attackers. There are two types of attacks that are orchestrated in open networks -
- Active attacks - The attacker impersonates a client or server, intercepts the message in transit, modifies the information, and then redirects it to the server/receiver.
- Passive attacks - The attacker listens to a network connection and reads information as it is transmitted.
Cryptography prevents such attacks through its 4 basic pillars of security -
Cryptographic protocols such as SSL/TLS offer confidentiality and integrity by safeguarding communications from malicious eavesdropping and tampering. Authentication protection is provided by encryption, wherein the message is encrypted along with a secret key and sent to the intended receiver. While non-repudiation is also assured as nobody in the ecosystem can deny the validity of the information.
Types of cryptography
- Symmetric key encryption - This type of cryptographic encryption uses the same key for encryption and decryption on the sender and receiver sides. Symmetric encryption algorithms such as AES and DES are used in payment applications and random number and pin generation tools. It is predominantly used for the information at rest.
- Asymmetric key encryption - As the name suggests, asymmetric key encryption is the opposite of symmetric encryption. It uses a pair of keys for encryption and decryption. A public key is used for encryption, whereas a private key is used for decryption. A real-time scenario would be when you want to receive a message from a sender, say your friend; you would send the public key to your friend. Your friend then uses the public key to encrypt the message to be sent to you. Then finally, you will be able to decrypt the original text using the private key you possess.
- Hash functions - This is the most common type of cryptography where no key is involved. Hash functions algorithm basically converts an input value into a compressed numerical value, making it impossible to recover the original content of the plain text. Since the plain text will hash to the same output, it is used in instances like comparing passwords without storing them. The main purpose of hash functions is not to let the data get tampered. It is one-way encryption and is used by IT administrators for encrypting their passwords.
Today most of us communicate via the internet, leaving valuable data everywhere unprotected. Information security should be the top priority for all application owners and users all around the world. Encryption and decryption algorithms of the highest security order should be implemented across all communication scenarios so that the sender and receiver can enjoy worry-free transactions.