In the last two decades there has been a significant push towards digitization of services allowing us to do online shopping, banking, media streaming and the list goes on. In order to access these services, customers need to share their personal data and the highly sensitive data like credit cards, SSN, bank accounts details etc. with the service provider. Hence, it’s very important for the service provider to protect the data while in motion and also the data at rest. Cryptography provides a set of techniques that can be used to ensure that the data is protected on the wire and securely saved in the service provider data center without any compromise.
There are many existing applications of cryptography with some new technologies like blockchain which is gaining lot of momentum recently and is built upon the concepts of cryptography.
What is Cryptography?
Cryptography provides a set of techniques for securing the data and ensuring that the data is accessible to authorized users only. Following are 3 basic services provided by cryptography techniques.
Confidentiality helps in preventing the data to be accessed by unauthorized users. It provides the secrecy of the data such that only the entity authorized to access the data can read and decipher the data. Anyone else who gets access to the cipher-text wouldn’t be able to make sense of it as the data would be scrambled and wouldn’t know how to decipher the data.
Data Integrity ensures that the data is not modified by any unauthorized user. It helps the receiver to detect any changes in the original message sent by the sender.
Authentication helps in verifying the identity of the sender. Authentication can be either the message authentication i.e. the identification of the message sender or the server authentication i.e. the identification of the machine/server which is attempting to send the data. Authentication provides the trust when multiple system talk to each other by ensuring that receiver is getting the data from a known and validated sender.
Cryptographic functions can be broadly classified into 3 types – public key functions, secret key functions and hash functions.
Public Key Cryptography
Public key cryptography (a.k.a asymmetric cryptography) involves the use of 2 keys i.e. a public key and a private key. Both the sender and receiver can have a pair of public/private keys. Public key cryptography can be used for confidentiality by encrypting the plain-text such that only the intended receiver can decipher the message i.e the cipher-text.
The sender can encrypt the message using the public key of the receiver such that only the receiver in the possession of the corresponding private key can decrypt the message.
Another use of public key cryptography is to digitally sign the message. Digital signature is typically done on the hashed value of the message by using the private key of the sender. Once the message is signed anyone can verify the signature by using the corresponding public key of the sender. The signed message is converted back to the plan-text using the public key and verified against the hash generated from the original message. The fact that only the sender in possession of the private key can sign the document helps in ensuring that the message came from legitimate sender.
Secret Key Cryptography
Secret key cryptography (a.k.a symmetric cryptography) involves the use of one key which is shared by both the sender and receiver. Secret key cryptography is used for data confidentiality by sender encrypting the plain-text using the secret key and the receiver decrypting the cipher text using the same shared secret key.
In this scheme both the sender and receiver have to share the secret key before they can communicate securely over the channel. Public key cryptography is typically used for sharing the secret key between the communicating parties. Once the secret keys are shared between the sender and the receiver, secret key cryptography can be used for data confidentiality. This allows for better system performance as public key cryptography is slower when compared to symmetric key cryptography. By limiting the public key cryptography for just sharing the secret key and then switching to symmetric key cryptography for encrypting the stream of messages provides performance gains.
Hash functions do not require any key to transform the message to a fixed length output or message digest. Given the message digest it’s almost impossible to get back the original message.
Hash functions are commonly used for password hashing to store the hash value of the password instead of storing the actual customer password. So, instead of comparing the actual password entered by the used, the server can compute the password hash and then compare it with the hash value stored in the database.
Hash functions are also used for message integrity by generating a MAC (Message Authentication Code). If the sender generates the hash and sends the hash along with the message on the network then the eavesdropper can replace the actual message and the hash since the hash algorithm is known to everyone. The receiver wouldn’t know if the message was sent by the actual sender or by the eavesdropper. In order to provide message integrity the sender can concatenate the message along with a secret before generating the MAC such that only the receiver who knows the secret can regenerate the MAC and compare with the MAC sent by the sender.