The Basic Foundation of Security: Introduction of Cryptography

Authors : Ng Jun Xiu (AI210307), Lew Kar Yee (AI210310), Wong Xian Hui (AI210382), Sofea Aquila Binti Suzairi (AI210262), Cik Feresa Binti Mohd Foozy

Cryptography is a combination of art and science used to secure data transmission (Getting Started with Cryptography: Unveiling the Art of Secure Communication | LinkedIn, 2023). It acts as an invisible guardian by transforming data into unintelligible forms. Modern cryptography uses software, cryptographic algorithms, and mathematical concepts to encrypt and decrypt data. It is to provide robustness through techniques like password hashing and digital signatures.

In this article, we will delve into the concept of cryptography and its role in web security. Let’s revealing its mysteries and secrets.

Understanding Encryption

Encryption involves securing data by transforming it into ciphertext, which can only be deciphered and accessed by authorized individuals possessing the appropriate key. Digital keys and complex mathematical formulas are used to encrypt data. Data is encoded into ciphertext using an encryption method (cipher) and an encryption key. The same or a different key (cipher) is used to decode the ciphertext back into the original value once it has been sent to the receiver.

Types of Data Encryption

Data encryption algorithms can be separated into 2 types such as symmetric and asymmetric encryption algorithm. Data encryption technology is primarily categorized into encryption during data transmission and encryption for data storage purposes.

Symmetric encryption, also known as private-key cryptography, uses the same key for encrypting and decrypting plaintext and ciphertext. It is securely shared between sender and recipient using a secure key exchange method. Asymmetric encryption, also known as public-key cryptography, uses a pair of keys for encryption and decryption. It provides higher security but lower efficiency. (Cryptography Use Cases: From Secure Communication to Data Security  - IBM Blog, 2024).

Web Security Applications

Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It helps to encrypt the data transmitted between the client (web browser) and the server. HTTPS works with the encryption protocol called Transport Layer Security (TLS). Transport Layer Security (TLS) is a security protocol that has succeeded the Secure Sockets Layer (SSL) in providing secure communication (Cryptography Use Cases: From Secure Communication to Data Security  - IBM Blog, 2024). It implements cryptography to secure the messages transmitted between web browsers and servers from malicious actors. It plays a crucial role in enhance data transfer security, particularly when users log into bank account. This is because HTTPS uses TLS/SSL certificates to verify the identity of service providers, ensuring their authenticity.

End-to-end encryption (E2EE) is another application of cryptography that secures communications between messaging applications such as email and WhatsApp, password management, and data storage (What Is End-to-End Encryption? | IBM, 2024). It maintains the users’ privacy as only users with decryption keys can view the encrypted data, preventing data from being exposed to third parties such as service providers and unintended users.

Public Key Infrastructure (PKI) is a common form of encryption. PKI aims to create a secure and trusted framework for network communication, authentication, and encryption. PKI relies on the asymmetry encryption approach to secure the data transmitted and authenticate the user or device in this transmission (What Is Public Key Infrastructure (PKI) & How Does It Work? | Okta, 2024). A pair of public and private keys are involved in the PKI. A trusted entity called Certificate Authority (CA) is responsible for issuing digital certificates that will bind with the public key and be signed by the CA using its private key. Then, the certificates will be distributed to the recipients (web browser, users, servers). The recipient uses the corresponding private key to decrypt the encrypted messages.  

Challenges and Solutions in Cryptography

Key Management Issues

Organizations face key management issues when using cryptography to protect sensitive information (Cryptographic Key Management Issues | CQR, 2023). Key management involves securely creating, distributing, storing, rotating, and revoking cryptography keys (Key Management: Effective Key Management: Safeguarding Encryption Keys - FasterCapital, 2024). Key security, managing key lifecycles, and meeting regulatory requirements are critical aspects. Leveraging Hardware Security Modules (HSMs) can solve these challenges by generating and protecting keys and supporting system security (What Is a General Purpose Hardware Security Module (HSM)? | Thales, 2024). It can improve data security posture and lifecycle management.  

Quantum Computing

Quantum computing poses a threat to encryption and cybersecurity systems, potentially increasing the power of traditional computers and reducing brute force attacks to crack today's cryptographic algorithms. To address this, quantum-resistant cryptography techniques, including quantum-resistant and post-quantum cryptography, are expected to become crucial in the next 10-50 years. (Cryptography Use Cases: From Secure Communication to Data Security  - IBM Blog, 2024).

Conclusion: Enhancing Web Security through Cryptography

Cryptography is a crucial aspect of web security to ensure secure communication, data protection, and user authentication. It mitigates threats by encrypting sensitive information and providing robust mechanisms. As technology advances, cryptography remains a key tool for enhancing web security and maintaining user privacy. Research and innovation in cryptography will continue to enhance its importance.

References

Cryptographic Key Management Issues | CQR. (2023). Retrieved April 17, 2024, from https://cqr.company/web-vulnerabilities/cryptographic-key-management-issues/

Cryptography use cases: From secure communication to data security  - IBM Blog. (2024). Retrieved April 17, 2024, from https://www.ibm.com/blog/cryptography-use-cases/

Getting Started with Cryptography: Unveiling the Art of Secure Communication | LinkedIn. (2023). Retrieved April 17, 2024, from https://www.garudax.id/pulse/getting-started-cryptography-unveiling-art-secure-nagarajan-kumar/

Key management: Effective Key Management: Safeguarding Encryption Keys - FasterCapital. (2024). Retrieved April 17, 2024, from https://fastercapital.com/content/Key-management--Effective-Key-Management--Safeguarding-Encryption-Keys.html

What is a General Purpose Hardware Security Module (HSM)? | Thales. (2024). Retrieved April 17, 2024, from https://cpl.thalesgroup.com/faq/hardware-security-modules/what-general-purpose-hardware-security-module-hsm

What Is End-to-End Encryption? | IBM. (2021).

What Is Public Key Infrastructure (PKI) & How Does It Work? | Okta. (2024). Retrieved April 26, 2024, from https://www.okta.com/identity-101/public-key-infrastructure/