Cryptography is fundamental to many information security and privacy mechanisms. Today, a variety of cryptographic algorithms are used in many different applications.
This article explains cryptography: how it works, key principles or operations of cryptography, types of cryptography, use cases and more!
Cryptography can refer to any approach that hides real information, using codes, to prevent reading by unauthorized parties. Cryptography can protect:
Cryptography increasing relies on mathematical concepts — a set of encryption algorithms and hashing algorithms — to transform information in a way that is difficult to interpret or “crack”.
For example, suppose communication between two parties is secured using cryptographic principles. The sender’s message is typically known as the “Plaintext.” It is transformed into an unreadable format called Ciphertext using the encryption key. When the receiver gets the messages, the Ciphertext is transformed into plaintext using the decryption key.
Let’s now turn to the principles that underpin cryptography.
Confidentiality agreements have rules and guidelines to keep the information secure and private. Confidentiality must be protected using techniques like encryption. It ensures that only authorized people can access the information at certain places — and it restricts access to other unauthorized parties.
(Confidentiality is one component of the CIA security triad.)
The process of confirming that the person who sent a specific message is the sender of that message. This principle ensures the receiver receives the message from a sender who is permitted to do so. Two common authentication mechanisms are:
Encryption is the process of transforming information into an unreadable format using an encryption algorithm to protect the privacy of the information. Only the receiver can read them using the decryption key.
(Read our end-to-end encryption explainer.)
The data should be consistent and accurate without any alterations while in transit from the sender to the receiver. Data integrity ensures that no manipulation has been done to the data during its lifecycle using techniques like cryptographic hashing.
The non-repudiation principle ensures that the message sender cannot repudiate the authenticity of his signature using techniques like digital signatures.
Key management is the process of maintaining cryptographic keys. It includes tasks like key distribution, generation, rotation, etc. Key management is vital to ensuring the maximum security of a cryptography system as its security heavily relies on cryptographic keys.
There are three major types of cryptography. Let’s get to know them in this section.
Symmetric-key cryptography involves encrypting and decrypting using the same cryptographic keys. Here, the sender and all receivers share a common secret key. The plaintext messages are transformed into cipher text using a particular encryption key. The receiver can use the same encryption key to decrypt the message using the shared secret key.
Examples of symmetric-key encryption algorithms include:
The major drawback of this symmetric-key encryption is sharing the secret key. The shared secret must be encrypted to prevent unauthorized access. It can be an additional overhead for cryptographic applications.
This type of cryptography, known as "public-key cryptography," uses different cryptographic keys for the encryption and decryption processes. The sender and the receiver have a private key and a public key:
Though there is a mathematical connection between these private key and public key pairs, the public key cannot generate the private key.
Public key cryptography is commonly used in digital signatures for message authentication. Senders use their private keys to digitally sign their messages to prove their authenticity. Thus, the receiver knows exactly that the sender is a trusted third party.
Of the variety of asymmetric (or public key) cryptography algorithms, here are some examples:
Hash functions compute a fixed-length hash value or a “fingerprint” on the plain text message. These hashes are unique to each plaintext. Therefore, this type of cryptography does not use a cryptographic key. Hash functions help ensure data integrity between communicating parties. If the hash produces the same output, it indicates that the information has not been altered, compromised or damaged.
Hash functions are used in many cryptographic algorithms and protocols, including MAC algorithms, digital signature algorithms, and authentication protocols. Some of the most common hashing algorithms include:
In addition to the three major cryptography types, hybrid encryption is another type used to secure data and communications.
Hybrid encryption combines public-key cryptography with symmetric encryption for data encryption. This cryptographic type generates a private key and encrypts it using the public key. Then the complete message with the encrypted private key will be encrypted with the original symmetric key. The encoded message can be decrypted only if the recipient knows the original private key.
Hybrid encryption performs randomization for the encryption so that no two messages will have the same ciphertext. It makes the encryption more secure.
With the concepts explained, let’s turn to the most common use cases of cryptography — what are people actually using cryptography for?
Storing passwords like database passwords in plain text is risky — anyone who can access the password storage can read them. Instead, such passwords are encrypted or hashed using a hashing algorithm as a security best practice. Whenever the system refers to it, it will be hashed and compared to the hashed value.
Cryptocurrencies like Bitcoin and Ethereum use cryptographic algorithms such as elliptic-curve cryptography, hash functions and many more to maintain the security and privacy of transactions. Blockchain nodes are secured with cryptography to let users securely trade with other users.
(What’s the state of blockchain today?)
Digital signatures are one of the applications of public key cryptography that provide authenticity and data integrity. The sender generates a unique signature using the private key and attaches it to the document, which needs to be verified using the public key.
Organizations generate significant volumes of data (upwards of 2.5 quintillion bites per day). Storing that can be a risk. Encrypting data in storage makes it more secure and prevents data leakage. Most cloud solutions nowadays provide encryption options along with storage options, including backup drives.
Additionally, automatic encryption can be enabled when data is in transit to the storage and while at rest.
Cryptography has enabled secure communications over the internet by encrypting communication protocols. For example, using HTTPS in the URL indicates connecting to a secure website that encrypts the data. It is particularly useful for payment gateways, where a secure communication channel needs to be created to avoid the leakage of sensitive information.
Another example is the SSH protocol that most people use for tunneling and remote login.
Most organizations use file encryption to protect email communications, including sensitive conversations and attachments. For example, S/MIME encryption and Microsoft 365 message encryption are used to secure Microsoft 365 email messages. Additionally, PGP/MIME (Pretty Good Privacy/Multipurpose Internet Mail Extensions) is another popular type of email encryption supported by Yahoo, AOL and Android devices.
We’ve already named these in this article, so let’s take a brief look at how some common cryptographic algorithms work.
The Advanced Encryption Standard (AES) is a symmetric encryption algorithm used by many governments worldwide. It was established by the National Institute of Standards and Technology (NIST) in the U.S.
The key sizes of the AES block cipher can be 128, 192, and 256 bits, and encryption happens in blocks of 128 bits each. Considered a strong cryptographic algorithm, more secure than DES and Triple DES, AES is unbreakable by many attacks.
The RSA (Rivest-Shamir-Adleman) algorithm is an asymmetric encryption algorithm invented by Ron Rivest, Adi Shamir and Leonard Adleman in 1978. It is used to encrypt data and communications over the internet and for email encryption.
However, there are still several exploitable vulnerabilities in the RSA. For example, researchers were able to crack a key 768-bit RSA algorithm. It is recommended to use 2048 bits as the key length.
The Triple Data Encryption Standard (DES) provides more security than the standard DES algorithm by using three passes of the DES rather than one. The security of standard DES was found to be less secure than AES. It uses 56-bit length keys.
ECC is a public-key encryption technique that uses the algebraic architecture of elliptic curves with finite fields and uses encryption, signatures, and key exchange. ECC is used in applications like online banking, email encryption, and secure payments.
(Check out our elliptical curve cryptography explainer.)
Cryptography is the heart of security and privacy mechanisms worldwide. It transforms plain-text data into ciphertext in an unreadable format using encryption algorithms. As technology advances, we’ll see growth in more kinds of cryptography. For example, homomorphic encryption is a fledging technology. And then — consider what quantum computing might mean for encryption.
See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.