CRYPTOGRAPHY CONCEPT


Cryptography is the art and science of keeping data secure. Cryptographic services help ensure data privacy, maintain data integrity, authenticate communicating parties, and prevent repudiation (when a party refutes having sent a message).
Basic encryption allows you to store information or to communicate with other parties while preventing non-involved parties from understanding the stored information or understanding the communication. Encryption transforms understandable text (plaintext) into an unintelligible piece of data (ciphertext). Decryption restores the understandable text from the unintelligible data. Both functions involve a mathematical formula (the algorithm) and secret data (the key).
Cryptographic algorithms
There are two types of cryptographic algorithms:
1.     With a secret or symmetric key algorithm, the key is a shared secret between two communicating parties. Encryption and decryption both use the same key. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric key algorithms.
There are two types of symmetric key algorithms:
Block ciphers
In a block cipher, the actual encryption code works on a fixed-size block of data. Normally, the user's interface to the encrypt/decrypt operation will handle data longer than the block size by repeatedly calling the low-level encryption function. If the length of data is not on a block size boundary, it must be padded.
Stream ciphers
Stream ciphers do not work on a block basis, but convert 1 bit (or 1 byte) of data at a time.
2.     With a public key (PKA) or asymmetric key algorithm, a pair of keys is used. One of the keys, the private key, is kept secret and not shared with anyone. The other key, the public key, is not secret and can be shared with anyone. When data is encrypted by one of the keys, it can only be decrypted and recovered by using the other key. The two keys are mathematically related, but it is virtually impossible to derive the private key from the public key. The RSA algorithm is an example of a public key algorithm.
Public key algorithms are slower than symmetric key algorithms. Applications typically use public key algorithms to encrypt symmetric keys (for key distribution) and to encrypt hashes (in digital signature generation).
Together, the key and the cryptographic algorithm transform the data. All of the supported algorithms are in the public domain. Therefore it is the key that controls access to the data. You must safeguard the keys to protect the data.
Cryptographic operations
Different cryptographic operations may use one or more algorithms. You choose the cryptographic operation and algorithm(s) depending on your purpose. For example, for the purpose of ensuring data integrity, you might want to use a MAC (message authentication code) operation with the AES algorithm.

Data privacy
Cryptographic operations for the purpose of data privacy (confidentiality) prevent an unauthorized person from reading a message. The following operations are included in data privacy:
Encrypt/Decrypt
The encrypt operation changes plaintext data into ciphertext through the use of a cipher algorithm and key. To restore the plaintext data, the decrypt operation must employ the same algorithm and key.
Encryption/decryption may be employed at any level of the operating system. Basically, there are three levels:
Field level encryption
With field level encryption, the user application explicitly requests cryptographic services. The user application completely controls key generation, selection, distribution, and what data to encrypt.
Session level encryption
With encryption at the session layer, the system requests cryptographic services instead of an application. The application may or may not be aware that encryption is happening.
Link level encryption
Link level encryption is performed at the lowest level of the protocol stack, usually by specialized hardware.
The Cryptographic Coprocessors for iSeries and 2058 Cryptographic Accelerator may be used for both field level encryption and Secure Sockets Layer (SSL) session establishment encryption. The system, however, does not use either for VPN.
Translate
The translate operation is used to decrypt data from encryption under one key to encryption under another key. This is done in one step to avoid exposing the plaintext data within the application program.
Data integrity, authenticity, and non-repudiation
Encrypted data does not mean the data can not be manipulated (e.g. repeated, deleted, or even altered). To rely on data, you need to know that it comes from an authorized source and is unchanged. Additional cryptographic operations are required for these purposes.
Hash (Message Digest)
A cryptographic hash operation produces a fixed-length output string (often called a digest) from a variable-length input string. For all practical purposes, the following statements are true of a good hash function:
·         Collision resistant: If any portion of the data is modified, a different hash will be generated.
·         One-way: The function is irreversible. That is, given a digest, it is not possible to find the data that produces it.
These properties make hash operations useful for authentication purposes. For example, you can keep a copy of a digest for the purpose of comparing it with a newly generated digest at a later date. If the digests are identical, the data has not been altered.
MAC (Message Authentication Code)
A MAC operation uses a secret key and cipher algorithm to produce a value (the MAC) which later can be used to ensure the data has not been modified. Typically, a MAC is appended to the end of a transmitted message. The receiver of the message uses the same MAC key, and algorithm as the sender to reproduce the MAC. If the receiver's MAC matches the MAC sent with the message, the data has not been altered.
The MAC operation helps authenticate messages, but does not prevent unauthorized reading because the transmitted data remains as plaintext. You must use the MAC operation and then encrypt the entire message to ensure both data privacy and integrity.
HMAC (Hash MAC)
An HMAC operation uses a cryptographic hash function and a secret shared key to produce an authentication value. It is used in the same way a MAC is used.
Sign/Verify
A sign operation produces an authentication value called a digital signature. A sign operation works as follows:
1.     The data to be signed is hashed, to produce a digest.
2.     The digest is encrypted using a PKA algorithm and a private key, to produce the signature.
The verify operation works as follows:
1.     The signature is decrypted using the sender's PKA public key, to produce digest 1.
2.     The data that was signed is hashed, to produce digest 2.
3.     If the two digests are equal, the signature is valid.
Theoretically, this also verifies the sender because only the sender should posses the private key. However, how can the receiver verify that the public key actually belongs to the sender?

Comments

Post a Comment

Popular posts from this blog

UI/UX MUSINGS

1. Who else noticed this? . Unlike Facebook/twitter/Instagram where a "follow/friend request" can be canceled if you aren't interested in connecting any longer, LinkedIn's "connect/ invite" button doesn't have an "undo/cancel" feature from its #pending state. So, once you send an invite request....gooone! . Why so? I don't quite get that part(yet). Is it some deliberate smart engineering in UI usability? or someone just forgot something really important? 2 For those with connections >500, LinkedIn only shows "500+" connections on your profile like it's some upper limit. What's the big idea behind this? . Is there any psychology behind not showing the exact number of connections one has once it exceeds 500? . You know...does it dissuade people from treating LinkedIn the same way they treat IG, Facebook, Twitter, where much focus is placed on amassing the most followers in short time? . #justWondering 3
Read more

What is 802.11ax WiFi, and do you really need a 10Gbps connection to your laptop?

Image
What is 802.11ax WiFi, and do you really need a 10Gbps connection to your laptop? If you thought that your new 802.11ac router’s max speed of 1,300Mbps was pretty crazy, think again: With 802.11ac fully certified and out the door, the Wi-Fi Alliance has started looking at its successor, 802.11ax — and boy do the early draft specs and transfer speeds look good. While you will probably be hard pushed to get more than 400Mbps to your smartphone via 802.11ac, 802.11ax should be into the 2Gbps+ range. In a lab-based trial of technology similar to 802.11ax, Huawei recently hit a max speed of 10.53Gbps, or around 1.4 gigabytes of data transfer per second. 802.11ax is going to be  fast . But what is it exactly? What is 802.11ax WiFi? The easiest way to think of 802.11ax is to  start with 802.11ac  — which allows for up to four different spatial streams (MIMO) — and then to massively increase the spectral efficiency (and thus max throughput) of each
Read more

The Young Nigerian Developer

Image
Every known developer in this world had a starting point. I was reading a blog post on  TechCrunch Onion  website about the winners of Techcrunch Disrupt NY 2017 Hackathon and I noticed that the winners were not more than 17 years of age and worked on virtual reality. In my mind, I was trying to convince myself that it is because of their location that is why it is like that.  But, Forget! That is no excuse. We can do much better too. Now, as a young Nigerian developer coming across programming at 18 years or maybe you went to a good primary or secondary school and you were introduced to programming at 13 years, I am going to be writing about how to improve yourself to become better in your field of choice. Hope you learn from this! Drill Yourself It is important as a young developer to drill yourself by getting to familiarize yourself with basic concepts in computer science, computer programming and also, the basics of your choice programming language. Many young developers
Read more