INVITATION TO CYBERSECURITY 158 Note that this string of 1s and 0s is not ciphertext—it is a well-known standard for encoding the English alphabet into the binary number system for use by digital computers. The standard used in this case is 7-bit ASCII. ASCII uses seven bits to represent the twenty-six letters of the English alphabet in addition to numerical digits, punctuation marks, and other symbols. In a similar way, all types of information (not just the English alphabet) can be encoded as bits. This is what makes it possible for computers to process and store photos, videos, programs, music, etc. The goal of encryption is to make the original information completely unintelligible so that confidentiality can be preserved. This means that an encrypted audio file should be indistinguishable from an encrypted video file, text file, or any other type of file. No matter what type of data is encrypted, the ciphertext is a random-looking string of 1s and 0s. If encrypted data is accessed by an unauthorized person, nothing should be learned about the underlying data. Only people with the correct key should be able to unlock (technically, decrypt) the ciphertext and recover the original data. Computer cryptography in one sense is extremely simple because it boils down to encrypting only 1s and 0s. It does not matter what the underlying data is or how it is encoded. Just like in classical cryptography, encrypting bits means creating a reversible mapping from one set of bits (the plaintext) to a new set of bits (the ciphertext). And also like classical cryptography, there are only two fundamental techniques available for doing this: substituting 1s and 0s for other 1s and 0s and transposing 1s and 0s. Computer cryptography is implemented in software (i.e., computer programs) and hardware. There are several components involved in computer cryptography, including algorithms, data encoding, and protocols. For this reason, cryptography is implemented in computers as a cryptosystem. A cryptosystem encapsulates the basic cryptographic technique along with all the supporting components needed to implement it. The attack surface of a cryptosystem is much larger than just the basic cryptographic algorithm, and the added complexity of the software and protocols creates additional vulnerabilities. Even if the fundamental cryptography is secure, the implemented cryptosystem may turn out to be unsecure. 7.2.1 Symmetric Key Cryptography “‘And what is the key for?’ the boy would ask. ‘What is it the key of? What will it open?’ ‘That nobody knows,’ his aunt would reply. ‘He has to find that out.’” - The Golden Key by George MacDonald Prior to 1976, all cryptography involved a secret key shared among the communicating parties. But that year a paper was published by Whitfield Diffie and Martin Hellman titled “New Directions in Cryptography” that forever bifurcated cryptography. The paper begins with a bold proclamation: “We stand today on the brink of a revolution in cryptography.” Indeed, the paper did revolutionize cryptography by introducing a new paradigm to the world: the concept that different keys could be used for encrypting and decrypting
RkJQdWJsaXNoZXIy MTM4ODY=