Cryptography
Cryptography is procedure of securing information and communication through use of codes so just those people for whom the data is intended can understand it and process it. In this manner, preventing unapproved access to data. The prefix “crypt” signifies “hidden” and addition “graphy” signifies “writing”. In Cryptography the methods which are utilized to protect data are gotten from numerical ideas and a bunch of rule-based computations known as algorithms to change over messages in manners that make it hard to decode it. These calculations are utilized for cryptographic key generation, computerized signing, check to safeguard information security, web browsing on internet and to safeguard confidential transactions for example, Credit Card and Debit Card transactions.
Features Of Cryptography are as follows:
- Confidentiality:Information can only be accessed by the person for whom it is intended and no other person except him can access it.
- Integrity:Information cannot be modified in storage or transition between sender and intended receiver without any addition to information being detected.
- Non-repudiation:The creator/sender of information cannot deny his intention to send information at later stage.
- Authentication:The identities of sender and receiver are confirmed. As well as destination/origin of information is confirmed.
Types Of Cryptography: In general, there are three types of cryptography
- Symmetric Key Cryptography: It is an encryption framework where the sender and receiver of message utilize a solitary normal key to encode and decode messages. Symmetric Key Frameworks are quicker and easier yet the issue is that sender and receiver have to somehow exchange key in a secure manner. The most famous symmetric key cryptography system is Data Encryption System (DES).
- Hash Functions: There is no use of any key in this calculation. A hash value with fixed length is determined according to the plain text which makes it unimaginable for contents in plain text to be recovered. Many working frameworks use hash capabilities to encode passwords.
- Asymmetric Key Cryptography: Under this framework a couple of keys is utilized to encrypt and decrypt data. A public key is utilized for encryption and a private key is utilized for decryption. Public key and Private Key are unique. Regardless of whether the public key is known by everybody the expected receiver can interpret it since he alone knows the private key.
What are the principles?
The main standard to remember is that you ought to never attempt to design your own cryptosystem. The world’s most brilliant cryptographers (counting Phil Zimmerman and Ron Rivest) regularly make cryptosystems with serious security blemishes in them. For a cryptosystem to be considered “secure,” it should face intense investigation from the security local area. Never depend on security through lack of clarity, or the way that attackers might not know about your framework. Remember that malignant insiders and determined attackers will attempt to attack your system.
The main things that ought to be “secret” with regards to a safe cryptosystem are the actual keys. Make sure to find appropriate ways to safeguard any keys that your frameworks use. Never store encryption keys in clear text alongside the information that they safeguard. This is much the same as locking your front door and placing the key under the mat. It is the primary spot an attacker will look. The following are three strategies for safeguarding keys (from least secure to most secure):
- Store keys in a filesystem and safeguard them with strong Access Control Lists (ACLs). Make sure to stick to the head of least honor.
- Encrypt your Data Encryption Keys (DEKs) with a subsequent Key Encrypting Key (KEK). The KEK ought to be produced utilizing Password-Based Encryption (PBE). A password known to a minimal number of admins can be utilized to create a key utilizing a calculation, for example, bcrypt, scrypt, or PBKDF2 and used to bootstrap the cryptosystem. This eliminates the need to at any point store the key unencrypted anywhere.
- A Hardware Security Module (HSM) is an alter safe equipment appliance that can be utilized to safely store keys. Code can settle on Programming interface decisions to a HSM to give keys when required or to perform decryption of data on the HSM itself.
Ensure that you just use algorithms, key qualities, and methods of activity that adjust to industry best practices. Advanced Encryption Standard (AES) (with 128, 192, or 256-bit keys) is the norm for symmetric encryption. RSA and elliptical curve cryptography (ECC) with no less than 2048-piece keys are the norm for asymmetric encryption. Make certain to stay away from insecure methods of operation like AES in Electronic Codebook (ECB) mode or RSA with no cushioning.
Blog By: Priyanka Rana