This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The research paper provides a better concept and analysis through the topic on cryptography. The purpose of this paper is to create a picture so the readers have a better conception and understanding through cryptography and how it related to information security. However, learn about the concept of cryptography and how it's applied in the real world is the main concern of this research paper. As we know, nowadays technologies are rapidly growth, back in decade ago internet are invented for sharing information, and thus no security system is designed for it at that time. Since, many people now has been used internet for sharing sensitive information, cryptography is used to protect. Therefore, there aren't unauthorized people could read the sensitive information. Even though, cryptography originally used even further in the past, but it's still applicable to current main area which is internet. Many kind of information are transferred using internet today, and usually a big organization or big company using internet to transfer their sensitive information also. This sensitive information frequently contains valuable information and being sniffed by outlaws, with knowing how the internet originally work which is only transferring plain text through network. With this situation, unauthorized or third party can interfere between transference and gain access to the information. Furthermore, it is important to keep this sensitive or confidential information to authorized personnel only. Not only for confidential purpose, Cryptography also can be used for provide integrity to information by using it to create hash value of information. As we know how internet is likely unreliable sometimes, information can be lost while transferring through the network and sometimes the information can be changed due to packet loss.
Furthermore, this report will cover the history of cryptography, definition of cryptography, how it works, advantages of cryptography, types and categories of encryption system, the future of cryptography, and conclusions
The art of hiding secret messages already applied since a long time ago, the simplest cryptography is caesar cipher which used by known historical person Julius Caesar. At that time, Caesar used cryptography to hide his confidential message. Therefore, if there any chance Caesar enemies get their hand into the messages; they won't retrieve any message and think it's written with foreign language instead. However, Cryptography more advanced today since caesar cipher can easily cracked; more algorithms are used to do make a harder encryption. At the end of World War I, the first encryption machine developed by German engineer and it called "Enigma Machine". Not so far from the World War II outbreak the enigma machine are cracked by Polish. This proved Cryptography is really important at that time to transmit confidential message. Since then, Cryptography is more advanced and not only for writing hidden message but Cryptography also can be used for proves the sender identity. However, Cryptography is part of information security method to secure information while in transmitting process. Huge amount of people used internet today and not all of them do legal stuff, sometimes people do sniff information in the network and by knowing how internet really works which is transferring plain text, it's easier to gain that kind of information. People do a lot of stuff such submitting their personal information, using e-banking to do online transaction, or exchange confidential information. Therefore, Cryptography which changes that plain text information into unreadable or incomprehensible text usually called encrypted text is used.
Many algorithms that are being used with Cryptography result in many type of encryption method. However, most known Cryptography today is encryptions that using symmetric key and asymmetric key or combined both of the key to create session's key. Therefore, the best thing to understanding Cryptography to get familiar with different method used for encryption and decryption, algorithmic function being used for encryption, and advantages or disadvantages by using encryption system.
Definition of Cryptography
Cryptography is from Greek term which parts of the study area that studying technique for writing hidden message or writing secure message. Unlike Steganography which also a study for hiding information into a picture or media that no one would expect it contain hidden message, Cryptography is using key to do encryption and decryption. The process of changing plain text to unreadable, incomprehensible text or cipher text usually called encrypt and the process to revert it back called decrypt, while the process of encryption and decryption need a key to reform the message to unreadable. Originally encryption used to protect message while in deliver state, therefore if the information by any chance taken to the wrong people, it shouldn't be unreadable by them. It also can be used to prove the sender integrity and the receiver integrity by using private key and public key, which is already widely used for digital signature today. Cryptography heavily based on mathematical algorithm, thus it even harder to break it without using any tools such as super computer. The known cryptography that used for Digital Certificate is using 2048-bit keys which will take more than 6.4 quadrillion years to break it by using decent desktop PC (Check our Numbers, 2007).
Cryptography also used to make a private network by using encryption to encapsulate every package, this method called VPN or Virtual Private Network. VPN used to establish a secure network using internet as its media, while the network will as though it's a local area network, for example a communication between the organization's branches are usually used VPN because VPN is less expensive rather than create a physical connection between branches. SSL or Secure Socket Layer also used encryption system that usually used for digital certificate to prove the integrity of the website and also to make a secure connection which is HTTPS. Digital certificate usually issued by third party Company such as VeriSign. Therefore, Cryptography mainly used to protect information in information security.
The way it works
Cryptography used to create incomprehensible text so no one that haven't key to do a decryption can't read the plain text. But, there are several ways to do encryption process and the known method or the one that already applied since long time ago is to do a word shifting.
Figure 2.1 Word Shifting
The easiest encryption is word shifting shown in figure 2.1. From the picture above, that is described those alphabet are shifted and started with H and ending with G that mean we used key equal to 8 which is the 8th letter become the first one. For example, if we want encrypt text "This is secret message" we applied the word shifting method and it will become "Aopz pz zljyl tlzzhnl" which is a sentences without meaning. But this kind of encryption method is easily guessed by using dictionary and a little bit analysis on the most frequently appears letter. Therefore, once an encryption can be cracked it will become outdated and new encryption methods are needed. Some of the easier may use a sentence from book or use a table of words.
There are still more encryption method that used from ancient age and new kind encryption method like DES, 3DES, RSA, AES, etc. The modern encryption method use more mathematical function and symbols. Some encryption like DES work, "Encryption of a block of the message takes place in 16 stages or rounds. From the input key, sixteen 48 bit keys are generated, one for each round. In each round, eight so-called S-boxes are used. These S-boxes are fixed in the specification of the standard. Using the S-boxes, groups of six bits are mapped to groups of four bits. The contents of these S-boxes have been determined by the U.S. National Security Agency (NSA)."(The DES encryption algorithm, 2005)
What to consider first before implement encryption
Encryption convert the plaintext into unintelligible text so only people who have the key can decrypt it back to the plaintext. As we know, encryption mainly used mathematical function thus took resources in every encrypting and decrypting process, therefore something has to take considered first before implementing encryption to the system.
Encryption used to protect sensitive or confidential data such as credit card number, personal information, password, and private information. In most online site, they encrypt their customer password information and credit card number upon stored into database, even their admin or database administrator shouldn't know this information stored. If database get cracked, so the hacker only obtain invaluable information because it's encrypted. Therefore, first thing to consider is if the information is valuable or sensitive and you are in the business where keeping information about where confidential information are required. Without knowing kind of information you want to protect, encryption only wasting pc resources and isn't effective at all.
Symmetric Key and Asymmetric Key
Cryptography by the algorithm that used by, can be divided into 2 categories. First, Cryptography that used symmetric key algorithm and the second one is asymmetric key algorithm
Figure-1 Symmetric Key
Figure-1 show how encryption process with symmetric key, which only uses a key for encryption and decryption process. The first step is the sender convert the plaintext using the key as shared information between sender and receiver, thus the output after applying encryption algorithm is chipertext. Chipertext is unreadable or incomprehensible texts that impossible to read unless to decrypt it first. This kind of text are used in transfer, therefore no one know its meaning without knowing its key. After pass the transfer phase, the receiver can decrypt the encrypted message using the key resulting the original message that sender sent.
Figure-2 Asymmetric Key
Figure-2 show how asymmetric key are used for encrypting and decrypting information between sender and receiver. As pictured above, asymmetric key using 2 different key this is private key and public key. Private Key is a key hold by the person who issued the key, while their public keys are distributed to the people on their contact. The process of encryption and decryption using asymmetric key is like symmetric key, but the difference lay on the key are being used. On asymmetric encryption, the sender uses the receiver public key to encrypt the message. After get the chipertext, it transfers the encrypted information to the receiver. Receiver can decrypt the encrypted message using his/her private key. In advanced technique, it uses combined of those two methods which asymmetric and symmetric. First both of them distribute their public key to their contact, and then one of them generates a key called session key. The session key encrypted with the public key and sent to the people who have the private key. After the receiver receive the session key, both of them uses the session key to sharing information. Session key only used for a limited time, thus if it's expired they should generate another session key and do the key exchange again.
Symmetric key or also known as secret key, because the distribution of this key quite troublesome. Therefore, symmetric key often used for one time communication and only valid for some period of time. As mentioned before, symmetric key is use for encrypting plain text into unintelligible text and with the same key the unintelligible key can be decrypted back into plaintext. Because the same key is used for decrypting and encrypting, symmetric key need special rule. Therefore, a single key can't be used for many communication processes, instead symmetric key used as session key. Symmetric key often use a stream ciphers or block chippers. Stream ciphers is sort of mechanism where the plaintext combined with a random mechanism to create different key each time it's generated (A Symmetric Key Cryptographic Algorithm, 2010). The advantages by using symmetric key cryptography are symmetric cryptography faster than asymmetric key cryptography because in symmetric key cryptography only use one key to do an encryption and decryption, while asymmetric key used different key. The other general advantages is, it is require less resources to perform communication with symmetric key algorithm and it much easier to implement it. Disadvantage of symmetric key is it needs a requirement that both party agree to use a same key to encrypt and decrypt their information, while distribution of the key quite difficult because the key may be gathered by someone else.
Asymmetric key or known as public key cryptography which using different key to encrypt and decrypt a message. This kind of cryptography use public key and private key, which public key usually distributed and can be found in public key server. Because of the message cannot be decrypted with public key, public key can freely give to every people, while the key used to decrypt called private key cannot be distributed. Thus, if B wants to send information to A, B will decrypt his or her information by A's public key and A can decrypt the key with his or her private key. Private Key also can use for sign information, and the public key used for verify the sign which this process usually called digital signature. Digital signature can prove the sender integrity because only the sender holds the private key. The disadvantages of asymmetric key is this process much slower than using symmetric key to transfer large amount of information, but it's more easier to distribute keys due the public key can freely distributed to anyone. Therefore, usually asymmetric key used for transfer a symmetric key or usually to create a session key, this process usually known as key exchange key pair.
Hybrid key algorithm is the advanced to cover the weakness of symmetric and asymmetric key algorithm. Symmetric key weakness is the problem to do the key distribution with unsecure connection and asymmetric key which cannot be applied to communication with a high amount of information.
Figure-3 Diffie-Hellman Key Exchance
The scheme of hybrid key is using Diffie-Hellman key exchange scheme by creating a shared secret key over unsecure channel. According to Diffie-Hellman public key algorithm that if a private key of the sender and public key of the receiver combined, the result will be the same with receiver private key and sender public key combined. This shared secret key is used to perform communication by encrypting the message with shared secret key as described in figure 3. Shared secret key commonly called sessions key which is can be used to perform one time communication. After communication process, this session's key cannot be used to perform another communication therefore it can't be attacked.
Like stated before, cryptography is a process of converting plaintext into intelligible text to store or to send it to other people for creating a secure way of communication. While, this process using sort of mathematic algorithm combined with computer science. Therefore, there are many kind of algorithm could be used to perform encryption and decryption process and some of commonly used algorithm is DES, 3DES, RSA, MD5, SHA-1.
DES or Data Encryption Standard developed by IBM, the algorithm use symmetric block cipher and use 56-bit key to encrypt or decrypt 64-bit block of data. This algorithm usually best suited in hardware, where encryption and decryption process isn't separated. While, DES is the most use algorithm in the world. Many attack in DES algorithm has been proved successful, the attack using the brute force method which is common attack method that already known. By using a million machine that each capable to test a million of possible key per second, the key will likely to guessed perfectly within 12 hours. Therefore, more advanced algorithm is developed based on DES algorithm which is named Triple DES (3DES).
The ordinary DES with 56-bit of key size is sufficient to provide a secure encryption, therefore Triple DES or 3DES was designed to replace DES algorithm. 3DES was designed by improving the key size more than the original DES algorithm had; therefore there is no need to inventing new kind of algorithm. Because of 3DES used the same algorithm with DES, there is easier to implement this algorithm to existing machine with DES implemented. However, 3DES is the implementation of DES with using longer key size, which means 3DES will perform slower than DES but it is more secure than DES.
RSA algorithm is developed by Ron Rivest, Adi Shammir, and Leonar Adleman back in 1977. RSA algorithm used for asymmetric key system which involves a private key and a public key, while the messages encrypted with the public key and only the private key can decrypt it back to plain text. Therefore, the public key can be distributed to everyone. RSA algorithm is also used for Digital Signature, which to verify the sender integrity. RSA algorithm known for how secure it is, therefore it also used in banking area such as transaction or fund transfers.
MD5 algorithm or also known as hash algorithm, which used to check the integrity of the message. MD5 will process the messages into 128-bit hash value of message digest or fingerprint and if the messages change even only a tiny part, the hash value will also changes. MD5 originally designed to replace their previous predecessor which is MD4. MD5 has been compromised since it can suffer or breached from collision attack which can provide a same has value with different messages. Even though MD5 proved it's vulnerable to collision attack, it still used to perform data integrity. The other attack that can performed to MD5 is using rainbow tables, this table can be used to reverse MD5 hashes to provide the original input and usually used for crack a password.
SHA or secure hash algorithm is another hash function algorithm like MD5, which to check integrity of information data. Originally SHA algorithm created to four different kind algorithms which are SHA-0, SHA-1, SHA-2, and SHA-3, while SHA-1 is the most and widely used in many kind of applications. SHA-1 is similar with SHA-0 and hardly different from SHA-2, SHA-1 corrected the error that can be found in SHA-0. SHA-1 often found on sharing file websites along with MD5, which to let user to check the integrity of the file that has been downloaded. Like MD5, SHA-1 cannot be used to encryption; these algorithms are only used for checking the integrity of the data information.
Real World Application of Cryptography
As stated before, cryptography has been used in several technologies. Below is the real world implementation of cryptography:
The original used of cryptography is for protecting confidentiality of the information from eavesdropper or unauthorized users. The idea of encryption is to make a plaintext or readable text to unintelligible text or the text with no meaning. Therefore, if the confidential information leaked or stolen to outside of the system, it is a small chance that the information theft know the contents of information. Decrypting the chipertext make it to the original plaintext which is readable information, while encrypting and decrypting process use a key or keys.
Digital signature is a method using cryptography to authenticate the message or data information.
The process of creating digital signature is using public key and private key which is asymmetric key algorithm. Digital signature implemented in mail communication to prove the authenticity of the sender using the sender's public key to verify message digest in the email that encrypted with private key of the sender. Because, only the sender has secret key which mean only the sender can create message digest that can be proved with his or her public key.
Digital certificate is a complete information that include serial number which an unique identity of the certificate, subject which the organization or people that certificate belong to, signature algorithm which the algorithm used to create the digital signature, signature which the digital signature to verify the subject, issuer which the third trusted company who issued the certificate, valid-from which the date of the certificate first valid from, valid-to which the date of expiration, public key which public key of the organization or people, thumbprint algorithm which the algorithm used to fingerprinting the public key, thumbprint which the result of fingerprinting the public key. Digital certificate usually used to verify the user sending message to be who he or she claims to be. Digital certificate issued by certificate authority such as VeriSign, DigiCert, and AusCert.
VPN stand for Virtual Private Network which extended private network of organization using internet. VPN usually used in wide area network (WAN) scale to create a Local Area Network (LAN) through the internet. By using VPN people who work from home can perform as if him or her using the office local area network. The technology that used in VPN is based on cryptographic method. The VPN work by having pair of computer those encrypt and decrypt at each tunnel. There are 2 methods that can be used in VPN which transport mode and tunnel mode. In transport mode, all the packet are encrypted first before transporting it through internet, while in tunnel mode VPN create a virtual tunnel by using IPSec to transport all the packet.
PGP or Pretty Good Privacy is an application that used in data encryption and decryption that also privide authentication. PGP is a collection of function that cryptography provided such as encryption, decryption and digital signature that can be used in e-mail, text, picure, files, and storage. PGP using symmetric key and combined with asymmetric key encryption to used in e-mail communication.
Secure shell or usually called SSH is another system that implement cryptography to produce a secure system. Secure shell used to give a remote services or execution between two networked computer. Secure shell developed to replace another insecure remote login such as telnet or rexec protocol which usually send a plaintext if done directly via terminal or command prompt. But by using SSH, all the communication proccess is encrypted to chipertext.
Cryptography is the most used technology for security today; this system can be applied for many other things. The system itself already applied for various security such as email, file transfer, file storage, and to make secure communication system. The cryptography work by converting all the information into unintelligible text which will make it hard to read. While, the disadvantage of cryptography it has high consumption of resources to make it work perfectly. Various algorithms always developed to create an unbreakable cryptography, while today algorithm still sufficient for the need of information security needs. Even though cryptography alone didn't suffice to protect the information security, cryptography should combine with another security system such as firewall or antivirus software, because cryptography only cover the security of digital information.
Cryptography can't secure all the aspect of the information, some threat may still possible to happen. But, by using cryptography, at least we could to make sure that no one will gain any information if the information has been stolen.