In this digital era where we see everything going on so smoothly, there is something which keeps us assured of security and privacy. Passwords are stored when a user signs up, but what if a hacker gets access to this password database? Terms like \u2018end-to-end encryption\u2019 used by apps like WhatsApp are fascinating the world, but ever wondered how they actually work? How does \u2018Secure Web Browsing\u2019 take place?<\/p>\n\n\n\n
The term that answers all these questions is cryptography. When we send a message, cryptography uses special math tricks to turn our words into a secret code, a process called encryption. Only the person we are sending the message to has the key to unlock and read it, which is called decryption. So, the \u2018plain text\u2019 is converted to \u2018cipher text\u2019. There are mainly three types of cryptography which are used differently in various domains:<\/p>\n\n\n\n
Symmetric Key Cryptography<\/strong><\/strong> <\/p>\n\n\n\n Symmetric key cryptography utilizes a single key for both encrypting and decrypting messages, and is also known as private-key cryptography. This approach requires the key to be mutually known by both the sender and the receiver, posing a challenge in secure key distribution. Hence, the symmetric encryption key should also be encrypted!! Symmetric-key encryption algorithms are usually better for bulk encryption. When you enter a password to connect to a Wi-Fi network, or when you protect a file on your computer with a password, it\u2019s usually done using symmetric key authentication. Some other use cases of symmetric keys include Remote Server Access (SSH), VPN, Secure Websites (SSL\/TLS). Examples of symmetric encryption algorithms include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).<\/p>\n\n\n\n Asymmetric Key Cryptography <\/strong><\/p>\n\n\n\n The security of symmetric key is one of the major issues of symmetric key cryptography. Asymmetric key cryptography, also known as public key cryptography, overcomes this by using a pair of keys (private key and public key). The public key can be shared with anyone, whereas the private key is kept a secret. Messages can be encrypted with the public key, but the private key is required for decryption. Asymmetric key cryptography is mainly used for two purposes: secure communication(end-to-end encryption), and verification(digital signatures):<\/p>\n\n\n\n End-to-end encryption:<\/strong><\/strong><\/p>\n\n\n\n This is used to ensure confidentiality of a message. As public keys can be known to all, the sender encrypts the message with the receiver’s public key. As the message can be decrypted with the matching private key, only the intended receiver will be able to decrypt it. This is used in messengers, and by organizations to collect articles by others which prevents the middle-man intervention.<\/p>\n\n\n\n Digital Signatures:<\/strong> <\/p>\n\n\n\n The sender sends the message along with a digital signature using his private key. The receivers can verify the genuinity of the message by using the sender\u2019s public key. Verification will fail if it was not signed using the matching private key. This can be used for installing software updates, to verify whether it is from the right publisher.<\/p>\n\n\n\n Let\u2019s try to understand the RSA algorithm, which is widely used for asymmetric key cryptography:The message should be converted to the one having only digits(using hash, ASCII, etc.) The steps involved in RSA are: key generation, followed by encryption and decryption. The RSA algorithm prioritizes choosing two long prime numbers(say p and q), such that, given their product, it should be difficult to factorize it. <\/p>\n\n\n\n The functions and variables used are: n=p*q \u0278(n)=(p-1)(q-1) <\/em><\/strong> Choose an integer e, such that 2<e<\u0278(n)<\/em><\/strong>, where e and \u0278(n)<\/em><\/strong> are co-prime M is the message to be encrypted c is the message after encryption <\/p>\n\n\n\n n and e will be the part of the public key. Encryption using public key: Let c be the cipher text after encryption c = (Me) mod n<\/em><\/strong> This cipher text can be decrypted using the private key. Private key will contain d and n. Let\u2019s understand how the parameter d is calculated: d is called the modular multiplicative inverse of e mod \u0278(n), and it reverses the encryption process. (d*e) mod \u0278(n) = 1 mod \u0278(n).<\/em><\/strong> (the product of d and e should give the remainder 1 when divided by \u0278(n)) RSA algorithm works on the fact that ((Me)d) mod n = M mod n Decryption using private key: M=(cd) mod n<\/em><\/strong> <\/p>\n\n\n\n Let\u2019s check the working of this with an example: Let M= 9. For our convenience, let\u2019s choose small prime numbers, p=11 and q=13 n= p*q = 11*13 =143 \u0278(n)= (p-1)(q-1) = 10*12 = 120 Let e=7 c = (Me) mod n = 97 mod 143 = 48 Now, (d*7) mod 120= 1, this gives d= 103 (find multiples of 120, add 1, that should be divisible by 7. So 120*6=720, 721\/7=103). Now the message is encrypted as c=48, and has to be decrypted using private keyDecryption: (cd) mod n = 48103 mod 143 = 9 (which is our initial message!!)<\/p>\n\n\n\n Hash Functions:<\/strong><\/p>\n\n\n\n Hash function is a mathematical operation that transforms an input of varying length into a condensed numerical value of fixed length, commonly referred to as a hash value or message digest. The efficiency of hash functions is notably higher than that of symmetric key encryption. A key attribute of hash functions is Pre-Image Resistance, signifying the challenge of reversing the hash function. Given a hash value h(x), it should be highly difficult to determine the original input x. Another important property is the Second Pre-Image Resistance, which means that, given an input and its hash value, it should be hard to find another input y, which gives the same hash value. Thus, avoids the collision. Some of the popular hash functions are: Message Digest (MD), Secure Hash Function (SHA) and Whirlpool. The main application of hash functions is:<\/p>\n\n\n\n Password Storage:<\/strong><\/strong><\/p>\n\n\n\n Instead of storing the actual passwords, the hash values of them are stored in the file. There is a mapping of user id and the hash value. So even if any intruder gets the access to storage, he only has the access to hash values, with which he can neither login, nor can he guess the original value!<\/p>\n\n\n\n The realm of cryptography is overwhelming, isn\u2019t it? We also found answers to the initial questions! The field of cryptography is indeed expansive and covers a multitude of concepts, from the basics to cutting-edge studies like Quantum cryptography. No doubt, it has made our lives easy and secure!<\/p>\n\n\n\n ~Tanushree R Ranjanagi, Third year Department of Computer Science Engineering <\/em><\/p>\n","protected":false},"excerpt":{"rendered":" In this digital era where we see everything going on so smoothly, there is something which keeps us assured of security and privacy. Passwords are stored when a user signs up, but what if a hacker gets access to this password database? Terms like \u2018end-to-end encryption\u2019 used by apps like WhatsApp are fascinating the world,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[25],"tags":[],"class_list":["post-1288","post","type-post","status-publish","format-standard","hentry","category-sanganitra"],"_links":{"self":[{"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/posts\/1288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/comments?post=1288"}],"version-history":[{"count":1,"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/posts\/1288\/revisions"}],"predecessor-version":[{"id":1289,"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/posts\/1288\/revisions\/1289"}],"wp:attachment":[{"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/media?parent=1288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/categories?post=1288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nitk.acm.org\/blog\/wp-json\/wp\/v2\/tags?post=1288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}