Cryptography appeals to secure confidential information from unauthorized access. Yet cryptography algorithms describe the instructions of how information should be changed and in what order.
And if you want to benefit from what this study of techniques for secure communication offers, then cryptography essentials are what you have to comprehend in the first place.
So, let’s get to learning right away.
Cryptography is…
Cryptography (meaning 'to write secretly') is the study of techniques used to secure communication. Cryptography prevents private information from being read by third parties.
It is cryptography we should thank for protecting and keeping our personal data encrypted on the Internet: its value has risen in times when the privacy violations gained status of mass phenomenon.
Being one of the oldest sciences, cryptography counts back several thousand years and it has already left its epoch-making trace in the history of mankind.
To understand today's impact size of cryptography, let's have a look for the reasons that led to such in the past.
First Crypto-Machines
Cryptography dates back from the encryption machines.
Polyalphabetic cipher, invented by Battista Alberti in the 1460s, and bilateral cipher, devised by Francis Bacon in 1605, both can be considered as first mechanical crypto-machines.
Samuel Morland also deserves credit as a man who first proposed mechanical encryption. In his book ‘A New Method of Cryptography’, Samuel described a design of a cyclical and cryptographic machine. The machine used geared wheels to create a cipher.
The work of Samuel’s cryptography machine resembled Alberti disks: its wheels rotated each time a letter was typed. Because this motion caused the substitution with each turn of the wheel, messages were too difficult to break.
The design of the machine was a landmark in cryptography history.
Enigma machine
The most famous representative of hard-to-break encryption machines was probably German Enigma.
The Enigma machine was an encryption device developed to protect military communication. It was invented by Arthur Scherbius in 1918. The machine indeed was a portable cipher machine with rotor scramblers. Different versions of it had many turnover notches, which caused irregular wheel stepping.
The Enigma machine produced a polyalphabetic substitution cipher. In plain language, it is a cipher replacement: when one letter is replaced by another; for instance, the letter "A" is used instead of "T", "S" instead of "B", and so on.
It could have been almost the perfect example of use of coding algorithms, if it wasn’t for one manufacturing mode that was flawed.
The main drawback of Enigma was that in the code, the encrypted letter could not stay itself — it had to be necessarily changed. This is what Turing took advantage of when he and his colleague Gordon Welshman built a Bombe decoding machine.
That's how electromechanical encryption machines gave place to the modern mathematical ones.
Cryptography Algorithms
Cryptosystem is a suite of cryptographic algorithms. These algorithms are used to implement a particular security service.
Generally, every cryptosystem consists of such components:
Plaintext. Piece of text information to be encrypted and protected during transmission.
Ciphertext. The encrypted plaintext. Ciphertext is a result of encryption algorithms’ work.
Encryption key. A random value of bits generated to encrypt information.
Decryption key. A piece of data that defines the way information should be transformed from ciphertext into plaintext.
Encryption algorithm. A mathematical procedure that turns plaintext into ciphertext.
Decryption algorithm. A mathematical procedure that turns plaintext out of ciphertext. The decryption algorithm returns information in the same manner and order it was encrypted.
Cryptography Tenets
Cryptography is based on the four main principles: data confidentiality, integrity, authentication, and non-repudiation.
- Data Confidentiality
It is a set of rules or agreements that limit access and places restrictions on certain types of information.
Confidentiality is achieved through encryption.
- Integrity
Integrity ensures that messages intended for an end recipient are not modified during the whole path between communication parties.
Integrity is achieved by using hashing functions.
- Authentication
Authentication ensures a message content originates from the originator claimed author of the message. In other words, authentication is the process of confirming that the one who sent the message is truly the sender of the message.
User authentication can be achieved by comparing a user’s hashed password with the hashed password stored in the user login database.
While emailing, a message's authenticity can be verified by validating the digital signature of the message using the public key of the sender.
- Non-Repudiation
Non-repudiation prevents the sender from denying that one actually sent a message, i.e. disavowing the authorship of the message.
Non-repudiation can be achieved through the use of digital signatures attached to the email, and which define the user is the one who sent this email.
The study of cryptography basics won’t be complete without the next couple of pillars of this science.
Cryptosystem Types and Encryption Methods
Fundamentally, cryptosystems are of two types:
- Symmetric Key Encryption, and
- Asymmetric Key Encryption
Symmetric Key Encryption
Symmetric-key algorithms use the same key to encrypt/decrypt data.
The study of symmetric cryptosystems is referred to as symmetric cryptography, or as secret key cryptosystems.
A few well-known examples of symmetric key encryption methods are Advanced Encryption Standard (AES) and TwoFish.
Asymmetric Key Encryption
Asymmetric-key algorithms use two keys: the one to encrypt data, and the other one — to decrypt it.
Asymmetric encryption is often referred to as public key encryption, where public and private encryption keys are used. The senders send an email encrypted with the public key of the recipient, so the latter can read it using their private, decryption key.
Advanced Encryption Standard
To protect government communications, in 2001 the National Institute of Standards and Technology created The Advanced Encryption Standard (AES).
The primary goal of AES is to create an encryption method that is irreversible without a key. This makes AES a safe and secure way to obscure data from unwanted third parties.
AES is an encryption algorithm with a symmetric key, the block length of which is 128 bits, and the key length varies from 128, 192 to 256 bits.
Interesting fact. It is assumed that the longer the encryption key, the more reliable the cryptosystem is: for instance, it would take about 86 250 000 million years just to crack a 128-bit AES key. For comparison, the DES (Data Encryption Standard), superseded by the AES, modern computers can crack in days.
Hash Functions
Hash functions perform message transformations to produce a value that is smaller than the whole original message. This value is unique.
Worth noticing hash functions do not use encryption keys — hashing is an irreversible process. This means that values gathered from the hash functions cannot be decrypted.
SHA Standards
The Secure Hash Standard, or SHA, is a standard algorithm for a hash function. This function does not encrypt a message but creates a hash value. The digest can be used for verification of the message’s contents: so, in fact, a sender sends both the message and its hash; consequently, if the message contents is altered, its hash will not match the original hash.
The SHA standard algorithm can also be coupled with AES encryption to provide authentication as well as encryption for sensitive messages.
SSL/TLS standards
Secure Socket Layer (SSL) and the Transport Layer Security (TLS) are designed to transmit encrypted data securely.
An example. When you send a message to a recipient using SSL/TLS, you’re establishing a connection and exchanging randomly generated data using your public and private keys. This random data is used to create new keys for data encryption, called the session keys. After that the public and private keys are not used anymore and future communication is protected via generated session keys.
However, there are some TLS weaknesses to speak about.
For example, the FREAK vulnerability opts for weaker encryption standards in the re-negotiation phase of the server-client communication. It is similar to Padding Oracle On Downgraded Legacy Encryption, or simply POODLE, a vulnerability that gives cybercriminals a possibility to downgrade the protocols to the older ones. Both attacks can lower newer TLS versions to the SSL 3.0 with its already known bugs and vulnerabilities.
A Heartbleed bug was used to send malicious payload in its response to the so-called "heartbeat" procedure (server-client communication that ensures connection is still there) allowing to read the memory and steal protected information.
More about these threats and other interesting material regarded cybersecurity aspects, you can find in our free e-book The Art of Email Security.
PGP and S/MIME Encryption
If you want to send someone a PGP or S/MIME email, you must have their public keys in place, and use it to encrypt emails. Once an email is received, the recipient decrypts it with his or her private key. Additionally, to encryption itself S/MIME also provides the ability to identify the sender with a digital signature.
On the other hand, PGP is based on the Web of Trust: it is when a sender shares his or her public key with other people. If enough people trust a key, it can be considered one that is not a fake.
Security in PGP achieves as follows: every time you want to send an encrypted email, PGP creates a one-time session key. Your message gets encrypted with this key. Once it is encrypted, the session key is then encrypted with the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.
When the recipient gets your message, he or she uses his or her private key to decrypt the session key. And only when the session key is decrypted, PGP uses the session key to decrypt the message content.
Even though PGP has mechanisms to ensure that you’re getting the real encryption key, emails encrypted with PGP have one crucial flaw — eFail.
This vulnerability allows hackers to expose plaintext of encrypted messages. The flaw was discovered in 2018: when an attacker intercepted a message, he then modified it by injecting malicious HTML code into the attachments (e.g., images) or embedded it into the style sheets of formatted text.
When the recipient opened it in an email application and decrypted the email, malicious software was delivered, allowing the attacker to view the text of the message.
Also, be aware of other drawbacks of PGP and S/MIME, that cannot guarantee full privacy and security during emailing.
Cryptography System at Its Best
StealthMail was founded with a solid intention to change the state of things by providing stealth technologies that were applied in the military telecommunication systems to provide secure communication between military forces, police, paramedics, and fire services.
Not so recently, these security-oriented communication technologies have been specifically repositioned for the commercial sector. It is now possible to provide military-grade security of sensitive data for the businesses engaged in financial, health, legal, commercial, and many other sensitive information fields.
Crypto Engines of StealthMail Encryption
StealthMail uses a combination of different cryptographic methods. Along with a strong implementation of encryption, algorithms ensure maximum protection and security.
The following algorithms and encryption methods provide reliability and data protection:
- ECC (including ECDH, ECDSA, ECIES) with a key length of 512+ bits;
- Digital signatures RSA with a key length of 8192 bits is used;
- Data encryption using AES cryptographic algorithm with a key length of 256 bits;
- AES and Twofish with a key length of 256 bits in several different streaming modes;
- SHA3-512 and HMAC hashing functions.
In addition to enhanced encryption, StealthMail provides many additional benefits:
- verification of user identity;
- digital signature to exclude unauthorized access and/or data substitution;
- additional factor for establishing a secure connection;
- Secure Dynamic Communication Network and Protocol, proprietary data transfer protocol;
- Mechanism for transferring encrypted data via Stealth link;
- Stealth-mashup mechanism (proprietary permutation algorithms);
- “Junk data” in the data stream to increase the encryption reliability.
Extending Email Security Frontiers
Knowledge is power.
Hope, now you have some idea of what cryptography is and how it can secure your business email communication.If you want to know more about the StealthMail email security solution, please download our Technical Datasheet.
Link in die Zwischenablage kopiert!