Generally cryptography is the technique to transform readable data to unreadable data. We deal with it every single day of our life. Many important areas of science use cryptography, but everyone of us has been using it for years, yet didn’t realize what he/she was doing. One can write and research endlessly when it comes to cryptography, therefor this is just a little peak in the areas where it is applied. Now let’s see where cryptography is used!
I don’t get it, what does this really mean?
Think of the ordinary people. We all have secrets, we have a lot of them, and some of them are so precious that we would rather die then tell something about it. Isn’t it? Another very simple example arises from family lives. A family can be considered like a small community consisting of 2-10 members, differing from country to country and depending on what you call “family”. You go somewhere with your family. You need to ask your father when you are going to your cabana which stands in a very beautiful place, and you don’t want others to find out you’re going there. You just ask your old man: “When do we go there?” And that’s it. You just used cryptography! Why? Only because others who heard what you’ve just said don’t know what you’re talking about.
The role of cryptography in our lives
This technique is so important, that we couldn’t do a lot of things without it. Why so? Well let me explain to you. I will now take some of the most important areas of cryptography usage.
Emails
We live in a modern world. We must deliver emails, either for business, to friends, companies, famous people whose address we have. It doesn’t matter. We send emails all the time. People deliver around 210 billion emails daily !
When you deliver an email, it has to get trough the internet - a giant network consisting of a lot of computers most of which are unprotected and attackable. A lot of people like to steal data from others, sometimes only for fun, but danger comes when it’s about something else. Just think a minute of how big the Internet is. The first three countries in the highest number of internet users list are:
1.China (253.000.000 users)
2.USA (220.141.969 users)
3.Japan (94.000.000 users)
That’s a lot! There are around 6,720 billion people on earth. And only the first three countries have 0,567 billion Internet users. That is around 8,43%. Now imagine what is out there.
How do emails get protected while they are being sent? All connections between routers and routers themselves need to be secured. That is done by using data encryption. Generally there would be two methods for this security.
The first one is to use PGP (Pretty Good Privacy). This is both the name of a computer program and the protocol itself. But what is pgp protocol in fact? It is a method to secure emails, a standard in cryptographically secure emails. Basically it is used with MIME Security. Before encrypting with pgp, message body and headers should be in MIME (Multipurpose Internet Mail Extensions) canonical format. “multipart/encrypted” denotes encrypted pgp data and must contain the following parameter:
protocol=”application/pgp-encrypted”
The multipart/encrypted consists of two parts. The first part is a MIME body with “application/pgp-encrypted” content type and contains the control information. Also the message body must contain the following line:
Version: 1
Complete information for decrypting is contained by the pgp packed format. The second part is also a MIME body, with a more simple structure. It contains the encrypted data itself and it is labeled with an “application/octet–stream” content type.
The second method is a tricky one. Sender owns a secure website, recipient has a username and password, and recipient can read the message after logging into the website.
However ISPs can encrypt communication between servers using TLS (Transport Layer Security) and SASL (Simple Authentication and Security Layer). E-mail servers use this kind of protection between each other for example, these servers need their communication protected so no unintended server can get a copy of any e-mail going through these e-mail servers.
TLS is also used in many different setups. TLS is also used with POP3, IMAP, and ACAP. If HTTP is protected by TLS, it provides more security then simple HTTP. A lot of existing client and server products support TLS, but many of them provide no support. Let’s check on more details about TLS/SSL.
TLS and SSL
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are almost the same, actually TLS is the successor of SSL; there are only slight differences between them. They are used for: instant messages, emails, browsing, internet faxing. Well, two of the above mentioned are used by everyone. Emails and browsing the Internet: things you do almost everyday. TLS plays an important role on the internet, especially in communications privacy and endpoint authentication. HTTP, FTP, SMTP, NNTP, XMPP are all protocols with TLS protection. TLS can add security to any protocol which uses a reliable connection (like TCP - Transmission Control Protocol). TLS is most commonly used with HTTP to create HTTPS. We also need to mention that TLS is growing in SMTP lately. In the case of VPN, TLS is used to tunnel an entire network stack. VPN will be discussed in its details later. Let’s just think about HTTP (Hypertext Transfer Protocol) and FTP (File Transfer Protocol).
There are around 63 billion websites all over the world, and around 1 trillion unique URLs!
Most of them have a lot of visitors every day. Imagine how important servers are, how important their security is. What would happen if an ordinary hacker could break into any server? Disaster! He would then break another and another and another… Data would be stolen every single minute; Internet wouldn’t have any safe zone. You would be afraid to send emails, to post anything to a blog/forum. It’s hard to understand what would happen without security, most of which is done by cryptography.
A lot of us also use FTP (File Transfer Protocol) to transfer data between two computers. It works like you would open Windows Explorer to view files and folders. The only difference is that on an FTP connection you can also download files, not just view or browse them. There are a lot of FTP servers and clients available on the Internet. These tools can ease your work, you can organize your downloads if you use the client side, or you can organize what others can download if you use the server side. Seems like an easy way to transfer files from your friends, from your family members, to your family members, isn’t it? FTP even lets you to use usernames and passwords for your protection. All of the above mentioned is clear and nice said, but even this way FTP is vulnerable! How so? Regarding its architecture, FTP is built in a way which provides ability for users on the same network as the transfer is being processed to sniff data including: files, usernames, and passwords. There is no built-in security or data encryption. A well known solution for this security problem is to use either SFTP or FTPS. Be careful! It’s confusing. SFTP and FTPS are two very differently working file transfer protocols, they are not the same. SFPT is SSH (Secure Shell) File Transfer Protocol. SSH also uses public-key cryptography, which works like this: you have a text to encrypt, and you have a public key and a private key. Text gets encrypted with the public key, but only who knows the private key can decrypt it. With its architecture - the usage of public-key cryptography - SSH is basically used to log in to a machine and execute commands, but can also transfer files (trough SFTP or SCP), and also supports tunneling and port forwarding. FTPS is commonly known as FTP/SSL. FTPS uses SSL/TLS below standard FTP to encrypt the control and/or data channels.
VPN
VPN (Virtual Private Network) is like a virtual computer network. Why so? Think about the Internet. How does it work? It consists of a lot of computers and servers linked to each other. And how do connections exist and work? They exist physically, they are linked with wires. Basically the user has an ISP (Internet Service Provider) trough which it gains access to the Internet. Now, what’s the difference between Internet network linking and Virtual Private Network linking? VPN uses virtual circuits or open connections to have the network together.
All nice, but VPN needs security to be efficient and used. Well, it has a special security system. I’ll reflect on VPN security issues. Authentication is required before VPN connection. If you are a known and trusted user, you may have access to resources inaccessible to other users. More interesting is that servers may also need to authenticate themselves to join the Virtual Private Network. Strange mechanism, users are familiar with being required to authenticate themselves on a website or server…but a server also needs authentication? Yes, it does! There are various authentication mechanisms used in VPNs. Some of these mechanisms are included in firewalls, access gateways and other devices. A VPN authentication mechanism uses: passwords, biometrics or cryptographic methods which may be combined with other authentication mechanisms.
Secure VPNs are designed to provide necessary privacy for its users. The essence of this consists in cryptographic tunneling protocols. Secure Virtual Private Network ensures message integrity, confidentiality and sender authentication.
We can see how important cryptography is in our lives. These were rather technical details of cryptography usage. But let’s take some other examples too, not so technical!
Abbreviations. You may be smart, intelligent, but you’re lost if someone uses an abbreviation and you don’t know where it comes from and what it means. Assume you are on a holiday and hear someone saying: “I got that cool stuff from a good FTP server”. You don’t know what this is about if you aren’t familiar with File Transfer Protocol, and don’t know what it means and where it is used.
Think of the old days, the 19th century and the beginning of the 20th century. People had no mobile phones, no internet, and no e-mail sending opportunity. If they needed to say something to someone who was far away from them, and they didn’t want to use telephones…what could they do other then visiting that person or those persons? They used the Morse code. This is familiar to us, but many of us only know what it means, not how to understand or produce Morse code itself. There were two common solutions to produce Morse code. One of it worked only for short distances generally. It was something like you pick up an object and hit another object to produce noise; that noise was the Morse code. The other solution worked for big distances too. Assume it was night time, and a ship was sailing on the sea or on the ocean, fighting a huge storm. Back then, people had a lot of wooden ships, which couldn’t resist in front of a big storm’s power. So if there were people on the ground, 1-2 kilometers away from the ship location, they could have used a flashlight to guide the ship safely to the shore. The strong point of the flashlight Morse coding was that it worked even during daytime. Most commonly it was used to ask for help, if someone was in trouble during daytime. A lot of times there were people who had small boats, got themselves far away from the seashore, and didn’t know how to get back to the shore. It was terrifying, and people couldn’t afford themselves to “guess” where to go. So they waited until a ship came close enough to be on sight, and after that they used the flashlight, and were observed if lucky.
We use telephones and mobile phones to communicate. Telephones transmit electric signals over a complex telephone network. This technology allows almost anyone to communicate with almost anyone. The only problem is given by the fact that telephones can easily be eavesdropped. Eavesdroppers only need three things to perform the operation: a pickup device, a transmission link and a listening post. If someone has the above mentioned elements, it can become an eavesdropper. The pickup device is most commonly a microphone or a video camera. These devices can record sound or and video images later to be converted to electric signals. Also some listening devices can store information digitally and then send it to a listening post. The transmission link can be a wire or a radio transmission. A listening post allows monitoring, recording or retransmitting signals. It can be as close as the next room, or several blocks away. An eavesdropper just has to put a bug into your telephone, and it’s ready. Don’t get confused, it’s only a matter of seconds to install a bug. The above mentioned method is based on installing devices. Landlines can also be tapped anywhere between your telephone and the telephone company’s office. Anyway, the installer of the telephone tap needs physical access to the telephone cables. There are several methods to gain access. This second method is called tapping, which involves no device installing and needs no access to the victim’s telephone. You can protect yourself against eavesdropping by using telephone encrypting devices. Mobile phones are used by almost every second man on earth. It has all the functionality of a simple telephone, but it adds more services like: SMS, MMS, Email, Internet, Gaming and Bluetooth. Mobile phones automatically connect to GSM towers or satellites, regarding to which of them is more efficient in time and also available. Mobile phone signals can be picked up just as a backyard satellite dish pulls television signals in. To protect yourself against eavesdropping, you can acquire cell phone encrypting devices. Fortunately there are encrypting devices for both telephones and mobile phones.
Many kids like to invent new things and explore everything around them! Probably you know about some kids encrypting their messages or diaries like choosing a custom ABC. That is easy to do. You get an extreme character for each letter of the ABC, and only you and the ones who need to be able to read your messages know which symbol corresponds to which character.
Conclusion
We’ve seen a lot of different areas of where cryptography is used in our days or in the past. As a common man, you can easily observe cryptography everywhere around yourself! It’s so amazing how far science got, and it keeps going and going, getting a lot of new knowledge every day. Emails and Internet are used by more and more people every day. We just can’t imagine our lives without it. And all of these work and get secured based on cryptography.
No comments:
Post a Comment