A-Warded LogoA-WardedSign Up Free

8. Topic 8(COLON) Cyber Security and the Software-Development Process

Lesson 8.5: Cryptography And Secure Communication

#### Lesson focus #### Learning outcomes Students should be able to:.

Lesson 8.5: Cryptography and Secure Communication

Introduction

Welcome to Lesson 8.5! In this lesson, we will explore the fascinating world of cryptography and secure communication. 🌐🔒

Learning Objectives

By the end of this lesson, students will be able to:

  • Understand the purpose of cryptography, including confidentiality, integrity, and authentication of data.
  • Differentiate between symmetric and asymmetric (public-key) encryption, including the concept of a key pair.
  • Explain the importance of hashing for data integrity and password storage, as well as the role of digital certificates.
  • Explain how HTTPS uses these cryptographic principles to secure internet communication.
  • Identify when to use symmetric vs. asymmetric encryption.

What is Cryptography?

Cryptography is the art of writing and solving codes. It helps keep information secure by ensuring that only authorized parties can access it. Think of it as a way to send secret messages that only your intended recipient can read.

Key Concepts

Before we delve into different types of cryptography, let’s define a few core concepts:

  • Confidentiality: Ensuring that only authorized people can read the information.
  • Integrity: Ensuring that the information hasn’t been altered during transmission.
  • Authentication: Verifying the identities of the parties involved in communication.

Symmetric Encryption 🔑

Symmetric encryption is when the same key is used to both encrypt and decrypt information. This means both the sender and the receiver need to have this secret key.

Example of Symmetric Encryption

Imagine you and your friend decide to send secret messages to each other using a simple key. If you both agree on the key "apple", each of you can use this key to encrypt your messages. For example, the message "HELLO" might be transformed into "XYZAB" using your secret key.

The steps to encrypt and decrypt can be represented using the following formula:

  • Encryption: $C = E(K, P)$, where $C$ is the ciphertext, $K$ is the key, and $P$ is the plaintext.
  • Decryption: $P = D(K, C)$, where $D$ is the decryption function.

When to Use Symmetric Encryption

Symmetric encryption is fast and efficient. It’s commonly used when:

  • You need to encrypt large amounts of data.
  • Both parties can securely share the key in advance.
  • Sessions are short-lived.

Asymmetric Encryption 🔒

Asymmetric encryption, on the other hand, uses a pair of keys: a public key and a private key. The public key can be shared openly, while the private key is kept secret.

Example of Asymmetric Encryption

Let’s say you want to send a secure message to your friend. You use their public key to encrypt your message, and they use their private key to decrypt it. Let’s consider the key pair is:

  • Public Key: PK
  • Private Key: SK

The formulas are similar, but now you have:

  • Encryption: $C = E(PK, P)$
  • Decryption: $P = D(SK, C)$

When to Use Asymmetric Encryption

Asymmetric encryption is ideal when:

  • You need to securely exchange keys over an unsecured channel.
  • Authenticity of the message needs to be verified.

Hashing for Integrity 🛡️

Hashing isn’t encryption, but it plays a crucial role in keeping data secure. Hashing takes input data and produces a fixed-length string called a hash value. If the input changes even slightly, the hash value changes significantly.

Example of Hashing

Let's say you hash the word "HELLO" using a simple hash function:

  • Input: "HELLO"
  • Hash: "5d41402abc4b2a76b9719d911017c592"

This hash helps ensure that the data hasn't been tampered with. If a hacker modifies the message, the hash value will change, alerting you to potential integrity issues.

Digital Certificates 🌐

Digital certificates act like digital IDs. They verify the ownership of a public key by associating it with an organization or person. When you visit a secure website ending in “.com” or “.org”, your browser checks its digital certificate to ensure that you are indeed connecting to the right server.

HTTPS: Secure Communication 💻

HTTPS stands for Hypertext Transfer Protocol Secure. It combines HTTP with SSL/TLS (Secure Sockets Layer / Transport Layer Security) to provide secure web communication.

How HTTPS Works

  1. Connection Initiation: When you visit an HTTPS site, your browser requests a secure connection.
  2. Server Response: The server sends its digital certificate containing its public key.
  3. Key Exchange: Using asymmetric encryption, your browser and the server establish a shared secret key for the session.
  4. Secure Data Transmission: All data sent between your browser and the server is encrypted using symmetric encryption.

This secure method combines the strengths of both types of encryption and ensures your data’s confidentiality and integrity.

Conclusion

In conclusion, cryptography is essential for securing data and communications in today's digital world. Understanding symmetric and asymmetric encryption, hashing, and the use of digital certificates helps you appreciate how secure communication works.

Study Notes

  • Cryptography ensures confidentiality, integrity, and authentication.
  • Symmetric encryption uses a single key for encryption and decryption.
  • Asymmetric encryption uses a public-private key pair.
  • Hashing verifies data integrity by producing a fixed-length output.
  • Digital certificates validate the ownership of public keys.
  • HTTPS protects online communication using both symmetric and asymmetric encryption.

Practice Quiz

5 questions to test your understanding

Lesson 8.5: Cryptography And Secure Communication — Computing | A-Warded