Hello Ninjas! In this article, we will learn about Security in Cryptography. Let us start with some basic definitions to understand the concepts of security in cryptography.
Cryptography
It is a technique through which we convert plain text to cipher text and cipher text to plain text. Plain text is a message that can be understood and read by any human, whereas Cipher text is an encrypted message that can only be read but can not be understood. The plain text is converted to cipher text using a key and vice versa. With this key, we can decode the cipher text into plain text.
Cryptography is a way to achieve confidentiality between two mutually trusted people or organizations. The messages between a sender and a receiver are exchanged through an unsecured network. If we do not encrypt the plain text, it may breach the confidentiality of the message.
Cryptography is an essential part of Network Security. With time and advancement in technology, the applications of cryptographic techniques have increased. These techniques encrypt passwords, important bank details, and so much more.
Cryptosystems
A key is an essential element of information necessary to decrypt the text. Cryptosystems tell us about the key and how we can use a key to encrypt or decrypt data. Let us take a look at the types of cryptosystems -
Secret-key Cryptosystems: One secret key is mutually decided between the parties in this system. This private key is used to encrypt and decrypt data.
Public-key Cryptosystems: It is a system that uses public and private keys to encrypt and decrypt the cipher text respectfully. This concept was first introduced in the 1970s.
Block ciphers: The plain text in a block cipher is divided into blocks of fixed sizes. These blocks are encrypted by the block cipher one by one. For example: public-key cryptosystems.
Stream Ciphers: In a stream cipher, a key stream is constructed, a bit string of the same length as the plain text. For example - secret-key cryptosystems.
Hybrid Cryptography: It is a technique that combines the benefits of both secret and public-key cryptosystems.
The development of cryptographic techniques can sometimes threaten the security of the encrypted data. There are many ways this can be achieved, for example - by guessing the key or exhaustive key search call for the security issue.
Here, an unauthorized party has access to the data. They do not alter the data, but their objective might be to read for pleasure or eavesdrop.
Active attack
An unauthorized party here has access to the data. An active attacker can breach the authenticity of the data by altering the data exchanged or by diverting the data to a third party.
Encryption can not protect the data from attackers. This is where cryptographic tools come into play. These tools shield the data from attackers. One example is The Message Authentication Code in secret-key settings or signature schemes in public-key settings.
Let us take a look at these tools:
Message Authentication Code (MAC): It is a tool to detect accidental and intentional data fabrications. This tool requires the original message and key as the two inputs, which are known only to the sender and the receiver.
Signature Scheme: It is a technique in which the user generates a signature. This signature is dependent on the signed messages and their keys.
Nonrepudiation: It is a situation where the data's sender or author can not challenge the authorship of any associated contract.
Certificates: A certificate helps to verify the authenticity of the public keys before they are used.
Hash functions: It is a public function without a key that compresses the message.
Cryptographic Protocols
A cryptographic protocol is a sequence of exchanged messages between parties. A protocol session consists of one or more flows, consisting of the data sent from one party to another and vice versa. When the session ends, the two parties might have exchanged some information or confirmed possessing some previously exchanged facts. There are four different types of protocols -
Identification scheme: In this scheme, one party must prove their identity to the other party. They can do so by possessing identification proof, for example - a password.
Key distribution scheme: This allows a trusted authority to choose the key to communicate it between the network members.
Key Agreement: This scheme is similar to the key distribution scheme. However, an active and trusted authority is not required here.
Secret Sharing Scheme: As the name suggests, this scheme is a way in which parts of a secret are distributed within a network. This is achieved so that no one can individually hold any intelligible information, but when the shared information is combined, we can find the original message.
Security
How is the goal of making the data secure achieved? How can we ensure the security of the data? How do we protect our data from attackers? Let us find out the aspects of security in Cryptography!
The three aspects of Security in Cryptography are as follows:
Attack model,
Adversarial goal,
Security level.
Attack Model
The first aspect of security in cryptography is Attack Model. It tells us about the information that the attacker can access. Here the attacker is assumed to know the public key, the protocol used, and any other information specified in the attack model. However, we believe the attacker cannot access the private key.
Types of Attack Model -
Known Cipher text Attack: Here, the attacker can access some cipher text encrypted with the same unknown key.
Known Plaintext Attack: The attacker has access to some plain text and its corresponding cipher text, encrypted with the same key.
Chosen Cipher text Attack: The attacker is provided with the corresponding cipher text when they have chosen the plain text.
Chosen Plaintext Attack: The attacker is provided with the corresponding plain text when they have chosen the cipher text.
Adversarial Goal
The second aspect of security in cryptography is the adversarial goal. It defines the exact meaning of "breaking the system" and describes a "successful attack". It tells us what the attacker is attempting to do and the motive behind the attacks. There are two types of adversarial goals -
Weaker goals: Even if the attacker is unsuccessful in completely breaking the system, they may successfully get access to a previously unseen cipher text. The attacker can decrypt the cipher text, get access to some partial information about the plain text, or they might be able to distinguish between encryptions of two different given plain texts. The attacker here has access to the previously unseen cipher text. This kind of adversarial goal is called a weaker goal.
Stronger goals: A goal where the attacker successfully breaks the system and gets access to the private key is called a stronger adversarial goal.
Security Level
The third aspect of security in cryptography is the Security level. It quantifies the effort that is required to break the system. The three levels of security are defined as follows -
Computational Security: It is any specified algorithm that intends to break the system but can not work in a possible range of time.
Provable Security: It refers to the type or level of computer security we can prove. Mathematical proofs are standard in the field of Cryptography. This level of security is also known as reductionist security.
Unconditional Security: Breaking the system is impossible in this type of security. This is because there is not enough information available to the attacker, irrespective of the number of computational resources available.
Frequently Asked Questions
What is Cryptography?
Cryptography is a technique used to convert plain text to cipher text and vice versa.
What is Confidentiality?
Confidentiality determines the secrecy of the data, wherein only the sender and receiver can access the information exchanged between them.
What is Plain Text?
Plain text is a message that can be understood and read by any human.
What is Cipher Text?
Cipher text is an encrypted message that can only be read but can not be understood.
What is a Cipher?
A cipher is an algorithm that changes the plain text to cipher texts by substitution or transposition methods.
Conclusion
This article explored all the concepts related to cryptology, message integrity, basic cryptographic tools, cryptographic protocols, and security in cryptology. If you want to dig deeper, here are some related articles -