Introduction to Crypto-terminologies
Cryptography is an important aspect when we deal with network security. ‘Crypto’ means secret or hidden. Cryptography is the science of secret writing with the intention of keeping the data secret. Cryptanalysis, on the other hand, is the science or sometimes the art of breaking cryptosystems. Both terms are a subset of what is called Cryptology.
Classification: The flowchart depicts that cryptology is only one of the factors involved in securing networks. Cryptology refers to the study of codes, which involves both writing (cryptography) and solving (cryptanalysis) them. Below is a classification of the crypto terminologies and their various types.
Cryptography is classified into symmetric cryptography and asymmetric cryptography. Below are the description of these types.
- Symmetric key cryptography – It involves the usage of one secret key along with encryption and decryption algorithms which help in securing the contents of the message. The strength of symmetric key cryptography depends upon the number of key bits. It is relatively faster than asymmetric key cryptography. There arises a key distribution problem as the key has to be transferred from the sender to the receiver through a secure channel.
- Asymmetric key cryptography: It is also known as public-key cryptography because it involves the usage of a public key along with the secret key. It solves the problem of key distribution as both parties use different keys for encryption/decryption. It is not feasible to use for decrypting bulk messages as it is very slow compared to symmetric key cryptography.
- Hashing: It involves taking the plain text and converting it to a hash value of fixed size by a hash function. This process ensures the integrity of the message as the hash value on both, the sender’s and receiver’s sides should match if the message is unaltered.
Difference between Hash functions, Symmetric, and Asymmetric algorithms:
|Feature||Hash functions||Symmetric algorithms||Asymmetric algorithms|
|Number of Keys||0||1||2|
|Length of keys recommended by NIST||256 bits||128 bits||2048 bits|
|Example||SHA-256, SHA3-256, SHA-512||AES or 3DES||RSA, DSA, ECC|
- Classical attacks: It can be divided into:
a) Mathematical analysis: It’s a type of attack that takes advantage of structural flaws in a specific algorithm.
b) Brute-force attacks: The attacker uses a Brute Force Attack (BFA) to try all potential keys in order to figure out the key. If the key is long, the attack will take a long time to execute. Brute-force attacks run the encryption algorithm for all possible cases of the keys until a match is found. The encryption algorithm is treated as a black box. Analytical attacks are those attacks that focus on breaking the cryptosystem by analyzing the internal structure of the encryption algorithm.
- Social Engineering attack: It is something that is dependent on the human factor. Tricking someone to reveal their passwords to the attacker or allowing access to the restricted area comes under this attack. People should be cautious when revealing their passwords to any third party which is not trusted.
- Implementation attacks: Implementation attacks such as side-channel analysis can be used to obtain a secret key. They are relevant in cases where the attacker can obtain physical access to the cryptosystem.