- Cryptography Tutorial
- Cryptography - Home
- Cryptography - Origin
- Cryptography - History
- Cryptography - Principles
- Cryptography - Applications
- Cryptography - Benefits & Drawbacks
- Cryptography - Modern Age
- Cryptography - Traditional Ciphers
- Cryptography - Need for Encryption
- Cryptography - Double Strength Encryption
- Cryptosystems
- Cryptosystems
- Attacks On Cryptosystem
- Types of Cryptography
- Public Key Encryption
- Modern Symmetric Key Encryption
- Cryptography Hash functions
- Block Ciphers
- Block Cipher
- Feistel Block Cipher
- Block Cipher Modes of Operation
- Symmetric Algorithms
- Data Encryption Standard
- Triple DES
- Advanced Encryption Standard
- Data Integrity in Cryptography
- Data Integrity in Cryptography
- Message Authentication
- Cryptography Digital signatures
- Public Key Infrastructure
- Cryptography Useful Resources
- Cryptography - Quick Guide
- Cryptography - Discussion
Cryptography - Principles
In the field of cryptography, there are some important concepts and principles that we should use when working with cryptographic systems. These fundamental principles play a crucial role in ensuring secure communication and securing data. The key principles include confidentiality, integrity, authenticity, non-repudiation, and key management.
So there are some fundamental principles that are very crucial in the area of cryptography −
Confidentiality
The main idea of Confidentiality is to keep data safe so that information stays private and secure. Cryptography techniques like encryption, help us with this by making data unreadable to people who are not authorized to see it.
Example
Here is an example with WhatsApp −
Let us imagine an example of two people, Person A and Person B. They are chatting on WhatsApp. When Person A sends a message to Person B over WhatsApp chat. WhatsApp encodes it in some unreadable format. So that some third person cannot understand it.
So the chat will remain private between those two people who are communicating with each other. Other people like hackers and WhatsApp developers cannot read the messages because they are encrypted.
We can trust WhatsApp to keep our personal information or data like our phone number, chat history, safe and private. WhatsApp has some strict rules and security measures to stop this kind of unauthorized access of your data.
Messaging apps like WhatsApp use one to end encryption which means that only Person A and Person B can only read and understand the messages they have sent to each other. Not even the creators of that particular app have rights to see or read the messages.
So, confidentiality means keeping our data safe, like our private messages and ensuring only the right people can see them.
Integrity
Integrity means ensuring that our data in transit or after receiving is intact or not. Or we can say that, it is the ability to make sure that data or information has not been changed or modified with. So for this purpose we use Cryptographic techniques like hash functions. Has Functions are basically used to check the integrity of the data by finding out the changes to the data.
Example
Let us say two people are collaborating on a project and Person A needs to share important documents and files with each other. So they have to ensure the integrity of these files to maintain the accuracy and reliability of the information exchanged.
So they need to use checksums to create digital fingerprints of those files before sending it to each other. If in between the changes have been made then the checksum will get altered.
And use encrypted methods like password protected platforms or they can use email attachments to prevent unauthorised access at the time of file transmission.
After receiving the file at the recipient the integrity will be verified by calculating checksums. If both the checksums are matching then it is confirmed that the file is not modified or altered. And if both the checksums are not the same then we can say that file has been modified.
They can also use version control systems or platforms with revision history to track file changes and save previous versions. This thing can prevent accidental data loss.
Authentication
Authentication is the process of validating the identity of a user or device. Cryptographic methods, like digital signatures, can be used to securely verify the identification of a person or device.
Example
Let us take an example of online banking account for understanding the concept of authentication −
So if an account holder is logging into his online banking account which needs his username and password.
Some banks use two factor authentication for security like sending a one time password to the phone number of the user to confirm his identity.
And also some banks use advanced security methods like fingerprint or facial recognition which can also be used to authenticate the particular user.
These steps add one extra layer of security to keep authenticity intact.
These methods make sure that only the right person who is authorised, can access their accounts, protecting sensitive financial information from unauthorized access.
In the above example, authentication ensures that the only correct person has access rights to access their online banking accounts. By providing multiple security layers of verification, like passwords, OTPs, biometric data, or security questions, the bank confirms the identity of the user and protects sensitive financial information from unauthorized access.
Non-repudiation
Non repudiation is a method of stopping a person from denying that he or she has committed a particular act or crime. So if somebody denies that this data is not sent by him we can identify this kind of activity by using non-repudiation. Cryptographic techniques like digital signatures can be used that allow the sender to verify that the message was sent and the sender to verify the receiver.
Example
Let us imagine that one employee is sending an email with an important document to his colleague. Not rejecting it ensures that once you send an email, you cannot later say you did not send it. This is because the email system records and timestamps your actions which provides proof of your activity. Just like this, when your colleague receives an email, he or she refuses to receive it because their email system also records the transaction and displays the timeout. A disclaimer helps parties establish responsibility and trust in digital communication and communication without denying involvement.
Key management
Key management is the process of creating, distributing, and managing cryptographic keys. By managing cryptographic keys we can secure our cryptographic system, as the keys are a very important part of the cryptography system. So the security of the system depends on the secrecy of the key.
Cryptographic keys are used in the encryption and decryption process.
Example
Let us say you have encrypted the data that you want to share with the friend. And you need a key to decode that data. And your friend needs the same key to open the data. So key management ensures that −
You securely create a key or password for the data.
You securely share the key with the friend without telling anyone else.
Your friend uses that particular key to decode the data and access the encrypted content.
So in the above example key management plays an important role to securely create, share and use cryptographic keys. This will help to protect private information.