Encryption: Everything You Need to Know About Cryptography
You know how they say: “He who has the information has the power”?
Information is one of the most valuable things in our lives. The emergence of global computer networks has made it easy for individuals and large organizations to access any information in just a few clicks. But without proper security measures, the ease and speed of access to data via computer networks have caused significant threats to data security.
Cryptography is the science of securing data. It is designed to solve four important security issues – confidentiality, authentication, integrity and control over the participants.
Encryption is the conversion of data into an unreadable form with the help of encryption-decryption keys. Encryption allows you to ensure confidentiality, keeping information secret from those not entitled to see it.
Did you know? Even during the Roman Empire, encryption was used by Julius Caesar to make letters and messages unreadable to the enemy. This played an important role and was used as a military tactic, especially during wars.
As the possibilities of the Internet continue to grow, more and more transactions are conducted online. The most important among them are Internet banking, online payments, email services, private and service message exchange, etc. All of them involve the exchange of confidential data and information. If this data falls into the wrong hands, it can harm not only the individual user but the entire online business system.
To prevent this from happening, network security measures were adopted to protect the transfer of personal data. The main one being the process of data encryption and decryption, known as cryptography. There are three main encryption methods used in systems today: hashing, symmetric and asymmetric encryption. In the following paragraphs, I’ll discuss each of these types of encryption in greater detail.
Types of encryption
With symmetric encryption, normal readable data, known as plain text, is encoded (encrypted), so that it becomes unreadable. This data is scrambled using a key. Once the data is encrypted, it can be safely transmitted to the receiver.
At the receiver, the encrypted data is decoded using the same key that was used for encoding.
Thus, the key is the most important part of symmetric encryption. It should be hidden from outsiders since anyone who has access to it can decrypt private data. That’s why this type of encryption is also known as a “secret key”.
In modern systems, a key is usually a string of data that is derived from a strong password, or from an entirely random source. It is fed into the symmetric encryption of the software, which uses it to classify the input data. Scrambling data is achieved using a symmetric encryption algorithm, such as the Data Encryption Standard (DES), the Advanced Encryption Standard (AES), or the International Data Encryption Algorithm (IDEA).
The weakest element in this type of encryption is the security of the key, both in terms of storage and in the transfer to the authenticated user. If a hacker can access this key, he can easily decrypt the encrypted data, destroying the whole encryption process. Another drawback is that the software that processes data cannot work with encrypted data.
Therefore, to be able to use this software, the data must first be decoded. If the software itself is compromised, the attacker can easily obtain data.
The asymmetric encryption key works in a similar way to the combined key by encoding the transmitted messages. However, instead of using the same key, it uses a completely different one to decrypt the message.
The key for encryption is available to all users of the network. As such, it is known as a “public” key.
On the other hand, the key, used for decryption, is kept secret and is intended to be used privately by the user. This is known as a “private” key. Asymmetric encryption is also known as public key encryption.
Because the secret key necessary to decrypt messages should not be transmitted every time and is usually known only to the user (receiver), the probability that the hacker will be able to decrypt the message is much lower. Diffie-Hellman and RSA are examples of algorithms that use public-key encryption.
Many hackers use “the person in the middle” as an attack form to bypass this type of encryption. In asymmetric encryption, you are given a public key that is used to securely exchange data with another person or service.
However, hackers use deception networks to make you communicate with them, by forcing you to believe that you are operating on a secure connection.
The hash method uses an algorithm known as a hash function to generate a special string from the data given, known as a hash. This hash has the following crucial properties: the same data always produces the same hash, it is impossible to generate raw data from the hash alone, and it is not advisable to try different combinations of input data to try to generate the same hash.
So, the main difference between hashing and two other forms of data encryption is that once data is encrypted (hashed), it cannot be retrieved in its original form (decrypted). This ensures that even if a hacker gets his hands on a hash, it will be useless since he cannot decrypt the contents of the message. Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA) are two widely used hashing algorithms.
Symmetric algorithms are used in asymmetric cryptosystems to encrypt symmetric session keys (which are used to encrypt the data itself).
Two different keys are used – one is known to everyone, and the other is kept secret. Usually, both these keys are used for encryption and decryption. But the data, encrypted with one key, can be decrypted only with the help of another key.
As mentioned earlier, it is almost impossible to decrypt data from a given hash. However, this is only true if strong hashing is implemented. In the case of a weak implementation of the hashing technique, using sufficient resources and brute force attacks, an insistent hacker can find data that matches the hash.
These mechanisms make it possible to verify the authenticity of the identity of the participant in the interaction in a safe and reliable way.
Electronic signatures and timestamps
Electronic signatures allow you to check the integrity of data but does not ensure their confidentiality. An electronic signature is added to the message and encrypted together if you need to keep the data confidential.
Adding timestamps to the electronic signature allows you to provide a limited form of control of the participants in the interaction.
Combination of encryption methods
As discussed above, each of these encryption methods suffers some drawbacks. However, when a combination of these methods is used, they form a reliable and highly efficient encryption system.
Most often, the secret and public key techniques are combined and used together. The secret key method allows fast decryption, while the public key method offers a safer and more convenient way to transfer the private key.
This combination of methods is known as the “digital envelope”. The PGP e-mail encryption program is based on the “digital envelope” technique. Hashing finds the application as a means of testing the reliability of the password. If the system stores a hash of the password, instead of the password itself, it will be more secure, since even if the hacker gets his hands on this hash, he will not be able to understand (read) it.
During the check, the system will validate the hash of the incoming password, and see if the result is the same as that stored. Thus, the actual password will only be visible briefly, when it is changed or checked, which will significantly reduce the likelihood of it falling into the wrong hands.
Hashing is also used to authenticate data using a private key. The hash is generated using the data and this key. Therefore, only the data and the hash are visible, and the key itself is not transmitted. Thus, if changes are made to either the data or the hash, they will be easily detected.
In conclusion, these methods can be used to efficiently encode data into an unreadable format that can ensure that they remain safe. Most modern systems usually use a combination of these encryption methods along with a strong implementation of algorithms to improve security.
As well as security, these systems also provide many additional benefits, such as verifying a user’s identity, and ensuring that the data received cannot be tampered with.
Encryption in the hands of intruders
To infect computers around the world, cybercriminals have leaked spyware from the arsenal of US intelligence services.
“The new WCry / WannaCry extortion is spreading like hell,” researchers from MalwareHunterTeam said on Friday morning. In less than two hours, infection was found in 11 countries: Russia, the United Kingdom, the United States, China, Spain, Italy, Vietnam, Taiwan. By the evening of Friday, there were 45,000 attacks in 74 countries. About 40 clinics in England and Scotland, and one of the largest telecommunications companies in Spain, Telefonica, were attacked.
WannaCry, as experts suggested, uses a known network vulnerability in Windows, despite it being shut down by Microsoft (in March Security Bulletin MS17-010 was released, but not all users installed it). Another interesting thing: the ETERNALBLUE exploit turned out to be from the arsenal of spy tools of the US National Security Agency (NSA), which were laid out openly by hackers Shadow Brokers.
This is not the first case created with the help of one of the NSA tools, the DOUBLEPULSAR backdoor from the Shadow Brokers leak was another. Hackers managed to infect more than 47,000 Windows OCs in the US, the UK, and Taiwan.
Extortion programs have been used for a long time: back in the late 80’s, the AIDS virus (“PC Cyborg”), written by Joseph Popp, hid directories and encrypted files, demanding payment of about $200 for “license renewal.”
Extortion using malware is the main cyber threat in 2/3 of the EU countries. One of the most common viruses – extortionists program CryptoLocker – has infected more than a quarter of a million computers in the EU countries since September 2013.
In 2016, the number of encryption attacks increased sharply. According to analysts, by more than a hundred percent compared to the previous year. This is an increasing trend, and, as we saw today, attacking completely different companies and organizations.
Criminals try to encrypt not just files, but databases, CRM and ERP systems, working documents, backup copies, etc. That is why the most frequent victims of extortionists are audit, credit and financial and accounting companies accumulating large amounts of financial information. To lose them, especially at the stage of submitting an annual report is a big threat for any company.
The encryption used by these programs is reliable, and to find an alternative method other than how to get the decryption key from the attacker, or from its server it is impossible. After the files are encrypted, a message appears that describes how much and where it is necessary to transfer money to get the decryption key. As a rule, payment is made in Bitcoin. Many agree to pay extortionists, just to restore access to precious data, and thereby finance the development of this type of cybercrime.
Ensuring that companies have unrestricted access to their data while protecting it from the wrong hands, is a crucial part of all organizations security systems. Using a combination of encryption methods, and being constantly vigilant will go a long way to preserving the security of precious data.