May 07, 2020
| By: Zia A. Sardar
Principal Member of Technical Staff, Maxim Integrated
When you make an online purchase, conduct a banking transaction, or enter your password into your email client, you're engaging in an activity that utilizes cryptography. Thanks to cryptography, your private information is safe from security threats posed by third-party adversaries as it is transmitted from one point to another. Without this technique, life in our internet age wouldn't be possible. Transactions wouldn't go through and our data would be exposed, leaving it open to exploitation.
Cryptography secures all transmitted information in our IoT world, authenticates people and devices, and authenticates devices to other devices. With this technology, only those intended to receive the information and communications are allowed to access and process it.
Back in the Day: A Look at Classical Cryptographic Methods
In the old days, cryptography used "security by obscurity" as a means to secure transmitted information. The technique used was kept secret from all but a few, which gave rise to the term "obscurity". While the communication was secure as a result, the method was not very easy to implement on a wide scale. This is why classical cryptographic methods are only secure when two parties can communicate in a secure ecosystem.
As the classical cryptographic system in Figure 1 conveys, the sender and the receiver first agree upon a set of pre-shared encryption/decryption keys. These keys are then used sequentially to encrypt and then de-crypt each subsequent message.
Figure 1. A classical closed-loop cryptographic system uses one-time pad as an encryption technique.
The one-time pad shown in Figure 1 is an encryption technique that requires the use of a one-time pre-shared key that is the same size or longer than the message being sent. This key must be the same one used for encryption. Each key on a page of a pad that was used is then destroyed. Once the pre-shared keys are exhausted, the sender and the receiver need to meet in a secure location to securely exchange a new set of keys and then store them in a secure location for the duration of the next set of message exchanges.
In our modern world, it's clear why such classical cryptography techniques are no longer feasible. We now have a vast system of electronic communication, commerce, and intellectual properties that need to be secured across oceans and continents.
How Modern Cryptography Works
Today, our transactions demand robust security in a massive system that can carry out billions of transactions in a short period of time. Indeed, modern cryptography has become an essential part of secure but accessible communication that is critical for our everyday life.
We now rely on publicly known algorithms to secure the enormous volumes of information that is exchanged around the clock. These standards-based algorithms are vetted in an open environment, which allows any vulnerabilities to be discovered quickly and addressed.
Figure 2 conveys a simplified modern cryptographic system.
Figure 2. Modern symmetric key cryptographic system provides a greater level of security.
In a modern cryptographic system, we rely on the secrecy of the keys rather than the secrecy of the algorithm used. Such a system has four essential goals:
- Confidentiality: Information can never be disclosed to someone who is not authorized to see it.
- Identification and Authentication: The sender and the recipient must both be identified and then authorized before any information is exchanged.
- Integrity: Information must not be modified in storage or transit. Any modification must be detectable.
- Non-repudiation: The creation/transmission of the message cannot be disclaimed, which provides "digital" legitimacy and traceability of a transaction.
Today's cryptographic systems typically meet each of these goals in some fashion for their targeted applications. In the next sections, we'll discuss each of the goals in more detail.
Confidentiality Prevents Unauthorized Access of Information
Achieving confidentiality means that information is secured from unauthorized access. This happens via encryption of a sent message using a cryptographic algorithm with a key that is only known by the sender and recipient. While an interceptor might be able to obtain an encrypted message, this adversary will not be able to decipher it.
Figure 3 shows how encryption is used. Here, the sender and recipient have developed a system to share the encryption/decryption key. Both use the key to encrypt/decrypt the messages they exchange with each other. If a malicious individual intercepts the message, no harm is done since that person will not have the key to decrypt the message.
Figure 3. Encryption ensures information is kept confidential.
Identification and Authentication Ensure Safe Communications
This goal involves identifying an object or a user and then authenticating them before initiating communication or other operations. Additional communication can start after the Sender has authenticated the Recipient.
Figure 4 conveys how authentication works in one direction. In this example, the bank (Sender) authenticates the customer's PC (Recipient) using a simple username and password combination before letting the customer use the bank's website. While the actual process is much more complex, this simple example highlights the basic concepts of cryptography. Identification and authentication can also be a bidirectional process, where the Sender and Recipient both need to identify each other before beginning message exchanges.
Figure 4. Identification and authentication, basic concepts of cryptography, work in one direction.
Integrity Indicates Validity of Messages Shared
For anyone to trust the security of messages sent and received over a communication network or data link, we must ensure that the messages haven't been changed during transit. One way to do this is to use a message digest, as shown in Figure 5. Here, the Sender and Recipient use an agreed upon Message Digesting Algorithm to create and verify the match of the message digest output. If the message is altered, the message digests will not match and the Recipient knows that there was some tampering or a transmission error. Message Digesting Algorithms used in modern cryptographic applications include SHA-2 and the newer SHA-3.
Figure 5. Using a message digest helps both a sender and recipient to preserve integrity.
Non-Repudiation Ensures Transaction Legitimacy
In a communication system where many messages are exchanged, incoming messages must be traced back to the Sender to ensure that the Sender doesn't deny sending the messages. This can be compared to a pen-and-paper legal document where a signature finalizes a contract—except in this case, it's a digital signature.Figure 6 shows a simplified view of the digital signature generation, transmission, and verification process. First, the Sender puts the outgoing message through a Message Signing Algorithm to generate a digital signature related to the message and the Sender's verified identity. The Sender then attaches the digital signature to the original message and sends it to the Recipient. The Recipient takes the incoming combined message and separates the original message and the digital signature. Both are then input into a Message Verification Algorithm. The result can then be used by the Recipient to prove that the message was signed by the Sender.
Figure 6. The non-repudiation process includes digital signature generation, transmission and verification.
As you can see, cryptography is essential in our digital world, providing reassurance that the information shared during our various online transactions and activities remains safe from malicious adversaries. For resources that provide more insight into cryptographic technologies, see Maxim Integrated's DeepCover Embedded Security Technology page. This blog post was adapted from an article that originally appeared on Electronic Design on April 2, 2020.