Get started Open in app Prashanth_Reddy 6 Followers About Follow
Sign inGet started Follow 6 Followers About Get started Open in app
Real Life Applications of CRYPTOGRAPHY
Nov 8, 2019 · 7 min read
WHAT IS CRYPTOGRAPHY?
Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents. The term is derived from the Greek word kryptos, which means hidden. It is closely associated to encryption, which is the act of scrambling ordinary text into what’s known as ciphertext and then back again upon arrival. In addition, cryptography also covers the obfuscation of information in images using techniques such as microdots or merging
When transmitting elec t ronic data, the most common use of cryptography is to encrypt and decrypt email and other plain-text messages. The simplest method uses the symmetric or “secret key” system. Here, data is encrypted using a secret key, and then both the encoded message and secret key are sent to the recipient for decryption. The problem? If the message is intercepted, a third party has everything they need to decrypt and read the message. To address this issue, cryptologists devised the asymmetric or “public key” system. In this case, every user has two keys: one public and one private. Senders request the public key of their intended recipient, encrypt the message and send it along. When the message arrives, only the recipient’s private key will decode it — meaning theft is of no use without the corresponding private key.
CRYPTOGRAPHY IN EVERYDAY LIFE
Authentication is any process through which one proves and verifies certain information. Sometimes one may want to verify the origin of a document, the identity of the sender, the time and date a document was sent and/or signed, the identity of a computer or user, and so on. A digital signature is a cryptographic means through which many of these may be verified. The digital signature of a document is a piece of information based on both the document and the signer’s private key. It is typically created through the use of a hash function and a private signing function (algorithms that create encypyted characters containing specific information about a document and its private keys).
Time stamping is a technique that can certify that a certain electronic document or communication existed or was delivered at a certain time. Time stamping uses an encryption model called a blind signature scheme. Blind signature schemes allow the sender to get a message receipted by another party without revealing any information about the message to the other party.
Time stamping is very similar to sending a registered letter through the U.S. mail, but provides an additional level of proof. It can prove that a recipient received a specific document. Possible applications include patent applications, copyright archives, and contracts. Time stamping is a critical application that will help make the transition to electronic legal documents possible.
The definition of electronic money (also called electronic cash or digital cash) is a term that is still evolving. It includes transactions carried out electronically with a net transfer of funds from one party to another, which may be either debit or credit and can be either anonymous or identified. There are both hardware and software implementations.
Anonymous applications do not reveal the identity of the customer and are based on blind signature schemes. Identified spending schemes reveal the identity of the customer and are based on more general forms of signature schemes. Anonymous schemes are the electronic analog of cash, while identified schemes are the electronic analog of a debit or credit card. There are also some hybrid approaches where payments can be anonymous with respect to the merchant but not the bank ;or anonymous to everyone, but traceable (a sequence of purchases can be related, but not linked directly to the spender’s identity).
Encryption is used in electronic money schemes to protect conventional transaction data like account numbers and transaction amounts, digital signatures can replace handwritten signatures or a credit-card authorizations, and public-key encryption can provide confidentiality. There are several systems that cover this range of applications, from transactions mimicking conventional paper transactions with values of several dollars and up, to various micropayment schemes that batch extremely low cost transactions into amounts that will bear the overhead of encryption and clearing the bank.
Encryption/Decryption in email:
Email encryption is a method of securing the content of emails from anyone outside of the email conversation looking to obtain a participant’s information. In its encrypted form, an email is no longer readable by a human. Only with your private email key can your emails be unlocked and decrypted back into the original message.
Email encryption works by employing something called public key cryptography. Each person with an email address has a pair of keys associated with that email address, and these keys are required in order to encrypt or decrypt an email. One of the keys is known as a “public key”, and is stored on a keyserver where it is tied to your name and email address and can be accessed by anyone. The other key is your private key, which is not shared publicly with anyone.
When an email is sent, it is encrypted by a computer using the public key and the contents of the email are turned into a complex, indecipherable scramble that is very difficult to crack. This public key cannot be used to decrypt the sent message, only to encrypt it. Only the person with the proper corresponding private key has the ability to decrypt the email and read its contents.
There are various types of email encryption, but some of the most common encryption protocols are:OpenPGP — a type of PGP encryption that utilizes a decentralized, distributed trust model and integrates well with modern web email clients S/MIME — a type of encryption that is built into most Apple devices and utilizes a centralized authority to pick the encryption algorithm and key size
Email encryption services can be used to provide encryption in a few separate but related areas:The connection between email providers can be encrypted, preventing outside attackers from finding a way to intercept any incoming or outgoing emails as they travel between servers The content of the email can be encrypted, ensuring that even if an email is intercepted by an attacker, the contents of the email will still be entirely unreadable Old or archived emails that are already stored within your email client should also be encrypted to prevent attackers from potentially gaining access to emails that aren’t currently in transit between servers
Encryption in WhatsApp:
WhatsApp uses the ‘signal’ protocol for encryption, which uses a combination of asymmetric and symmetric key cryptographic algorithms. The symmetric key algorithms ensure confidentiality and integrity whereas the asymmetric key cryptographic algorithms help in achieving the other security goals namely authentication and non-repudiation. In symmetric key cryptography a single key is used for encryption of the data as well as decryption. In asymmetric key cryptography there would be two separate keys. The data which is encrypted using the public key of a user can only be decrypted using the private key of that user and vice versa.
Whatsapp uses the Curve25519 based algorithm. The history of Curve25519 is worth noting as it was introduced after the concerns over allegations that certain parameters of the previously prevalent P-256 NIST standards have been manipulated by NSA for easier snooping. Elliptic Curve Diffie Hellman algorithm is a mathematical algorithm which helps two communicating entities to agree up on a shared secret without actually sending the actual keys to each other.
Encryption in Instagram:
Your interaction with Instagram is likely an encrypted communication. When your phone requests data with instagram it will use SSL/TLS over port 443 to encrypt requests from Instagram servers and will send you data over the same encrypted data stream.
This prevents malicious parties from eavesdropping on the conversation between you and instagram.
Sim card Authentication:
Authentication To decide whether or not the SIM may access the network, the SIM needs to be authenticated. A random number is generated by the operator, and is sent to the mobile device. Together with the secret key Ki, this random number runs through the A3 algorithm (it is this Ki that recently has been compromised ). The output of this calculation is sent back to the operator, where the output is compared with the calculation that the operator has executed himself (the operator possesses the secret keys for all SIM cards the operator has distributed).
Encryption This part is the part that has been cracked. In short, the operator generates a random number (again), and sends it to the mobile phone. Together with the secret key Ki, this random number runs through the A8 algorithm, and generates a session key KC. This KC is used, in combination with the A5 algorithm to encrypt/decrypt the data.
More from Prashanth_ReddyFollow
More From Medium
16 Million Americans Will Vote on Hackable Paperless MachinesMIT Technology Review in MIT Technology Review
Windows (in)securitySam Berry in The Startup
Restrict AWS IAM User API Calls from Specific IPs — Hardening Your AWS Programmatic Access User…Tiexin Guo in DevOps Dudes
Wireshark in the Command LineVickie Li in The Startup
Why Do We Still Give Away Our Secrets?Prof Bill Buchanan OBE in ASecuritySite: When Bob Met Alice
Build The Next Generation of Cybersecurity Training and Academic StudyProf Bill Buchanan OBE in ASecuritySite: When Bob Met Alice
5 Important Steps You Should Take After a Data BreachEddie Segal
The missing chief security officerAndy Bochman in CXO Magazine
Get the Medium app