What is cryptography? Basic concepts and uses

What is cryptography?

Cryptography is a field of information technology and mathematics that transforms information into another form (encryption) so that outsiders cannot understand it without a key. This transformed information is said to be encrypted. The main goal of cryptography is to ensure communication...

• confidentiality: Information remains confidential
• integrity: Data remains unchanged
• authentication: The origin of the data can be verified

Cryptography thus protects information from unauthorized access or changes and ensures that the sender and recipient of the information are indeed the ones they claim to be.

There are several ways to protect your data and privacy online:

Two types of cryptography

In the preface of his book Applied Cryptography, Bruce Schneier states (freely translated): "There are two types of cryptography in this world: cryptography that will prevent your little sister from reading your diary, and cryptography that will prevent governments from spying."

This course (as well as Schneier's book) deals with modern cryptography. However, in the section "Historical encryption techniques" we study the Caesar cipher which could be argued to belong to the "little sister category"!

Basic concepts of cryptography

General terminology

• Encryption: The process in which the original data (plaintext) is transformed into ciphertext to prevent unauthorized access.
• Decryption: Transforming encrypted data back to its original form (plaintext).
• Key: Information used in the encryption and decryption process that determines how the transformation occurs.
• Algorithm: Method or formula used for encrypting and decrypting information.
• Plaintext: Data before encryption. Plaintext is in a format that is directly readable and understandable without the need for decryption.
• Encrypted text (Ciphertext): The form of data after it has been encrypted. Encrypted text is a modified version of plaintext obtained by using encryption and a key. Encrypted text cannot be understood without the correct key and decryption method.

Symmetric encryption

Symmetric encryption uses the same key for both encrypting and decrypting data. This method is fast and efficient, but it poses a challenge for secure key distribution between parties. Typical symmetric encryption algorithms include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).

Asymmetric encryption

Asymmetric encryption, or public key cryptography, uses two keys: a public key for encrypting data and a private key for decrypting it. This allows for secure key distribution, since the public key can be freely shared. Some of the most well-known examples of asymmetric encryption are RSA, ECC (Elliptic Curve Cryptography), and Diffie-Hellman key exchange.

Hash Functions

Hash functions, which in the context of this course are often also called cryptographic hash functions, are one-way functions that change any amount of data into a specific, fixed-length string of bits. Hashes are used to ensure data integrity, as even a small change in the input data will cause significant changes in the hash.

Digital signatures

Digital signatures enable the verification of the integrity of a document or message and the authentication of the sender's identity. They are based on asymmetric encryption and the use of digests. A signature is created by calculating a digest of the message, which is then encrypted with the sender's private key. The recipient can verify the signature by using the sender's public key to decrypt the digest and compare it to the message digest.

Forward Secrecy

Forward secrecy is a security principle in which a unique key is used for each communication session, so that even if a long-term private key is compromised, previously encrypted messages remain secure. This is often achieved by using key exchange algorithms, such as Diffie-Hellman, to create session-specific keys.

Tietoturva on tärkeä osa tietotekniikkaa. Suojaa tietosi hyökkäyksiltä ja varmista tietoturvasi ajan tasalla olevat ohjelmat ja palomuurit.

Uses of cryptography

Cryptography is the cornerstone of our digital world, protecting the confidentiality, integrity, and availability of our information. While the theoretical foundations of cryptography may seem complex, its applications are part of our everyday digital life.

The descriptions below mention, for example, many algorithms that you are not expected to recognize at this stage. However, please read the descriptions through, the purpose is to give you advance context for the theory you will soon be learning.

Internet browsing: HTTPS and SSL/TLS

When you visit websites starting with "https://", you are using the SSL/TLS protocol (Secure Sockets Layer/Transport Layer Security), which protects your data by encrypting it on its way from your browser to the server. The protocol mainly uses symmetric encryption algorithms, such as AES (Advanced Encryption Standard), for data encryption, while asymmetric encryption, such as RSA (Rivest-Shamir-Adleman), enables secure key exchange at the beginning. This ensures that your personal information, such as passwords and credit card details, remain protected.

VPN Connections: Secure Remote Access

A VPN (Virtual Private Network) creates a secure tunnel between your device and the VPN server, allowing a secure connection over the public internet. VPN commonly uses AES encryption to protect data, and often utilizes the Diffie-Hellman method for key exchange. This combination ensures that the connection remains secure, preventing outsiders from accessing the transferred information.

SSH: Secure Remote Command Execution

SSH (Secure Shell) is a protocol that allows the formation of an encrypted connection to a remote server. It uses many of the same algorithms as SSL/TLS, such as RSA and AES, to protect the execution of commands and file transfer remotely. With SSH, you can manage servers and execute commands securely, knowing that the connection is protected.

Instant messengers: End-to-end encryption

Applications like WhatsApp and Signal offer end-to-end encryption for user communication. They utilize the Signal protocol, which uses Curve25519 for key exchange, AES-256 for data encryption, and HMAC-SHA256 for ensuring message integrity. This means that only the message sender and recipient can decrypt and read the content of the message.

Disk Encryption

Disk encryption, like BitLocker (Windows) and FileVault (macOS), protects the contents of the entire hard drive by encrypting it. These systems typically use the AES algorithm to encrypt data, ensuring that without the correct key, the data is inaccessible. Disk encryption allows you to protect sensitive data, such as personal documents and company data, from physical theft or unauthorized access.

Blockchains

Blockchain technology, known especially for the background of cryptocurrencies such as Bitcoin, utilizes cryptography to ensure the integrity and security of transactions. Each block contains a digest (hash) of the previous block, creating a chain that is immutable and tamper-proof. SHA-256 is a commonly used hash function in blockchains, providing strong protection against manipulation. In key exchange and digital signatures, RSA or ECC (elliptic curves) are commonly used to ensure the security of communication between parties.

Cryptocurrency

Cryptocurrencies such as Bitcoin and Ethereum are digital or virtual currencies that use cryptography to secure transactions, create new units, and transfer assets. Cryptocurrencies utilize blockchain technology, which enables decentralized and tamper-resistant accounting. Encryption and digital signatures ensure that only the currency owner can transfer funds, while also providing an anonymous and secure way to trade.

Password management programs

Password management programs, such as 1Password and BitWarden, provide a secure way to store and manage passwords. They use end-to-end encryption, which means that passwords are encrypted on the user's device before being transferred to the cloud. This encryption is based on a strong symmetric algorithm, such as AES-256, and ensures that only the user has access to the passwords. The service provider cannot decrypt the data, as the decryption key is protected by the user's master password, which is never sent to the service provider. This implementation ensures that passwords remain protected from potential external threats and even from the service provider itself.

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices connected to the internet than ever before, and attackers are becoming more innovative.

Wi-Fi Encryption

Various encryption protocols are used in the protection of Wi-Fi networks, such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), and WPA2/WPA3, with the latter offering stronger security. WPA2 uses AES (Advanced Encryption Standard) encryption and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for data protection, while WPA3 brings improvements to key exchange and privacy protection. These encryption methods prevent unauthorized access to data and protect data during transmission between devices and the router.

Phone Network Encryption

In phone networks, such as GSM (Global System for Mobile communications) and 3G/4G/5G networks, cryptography is also used to protect phone calls and data. GSM uses A5/1 or A5/3 encryption algorithms for encrypting voice calls and text messages, but their security level has been proven insufficient over time. In newer network standards, such as 4G and 5G, stronger encryption methods and security protocols have been introduced to more effectively protect user data traffic and privacy, such as AES-GCM and ChaCha20-Poly1305.