Hello dear friends! How are you doing? Hope everyone is fine these days. Today I am hoping to discuss another interesting topic. This is a topic which is never been discussed in the myexamnote until now. Although from today onwards I hope to write more articles about this. So let’s see what is the topic for today. So today’s topic is an introduction to cryptography concepts.
Firstly let’s see what kind of thing today we are going to talk about? We are going to talk about a concept related to information security. Security is an important topic in today’s world. People need their privacy. Therefore information systems must provide security functionality. There are many ways to protect information system security. We can identify cryptography as one. So from this article, we hope to learn about cryptography and basic cryptography theories. Which ultimately helps you to understand cryptography. Now let’s see today’s outline.
- What is security?
- What is system security?
- What security can provide?
- System Vulnerability
- System Threat
- Types of Attacks
- Passive Attacks
- Active Attacks
- Security Services
- Concepts Related to Cryptography
What is security?
First of all, let’s understand what is security? I hope all of you know already know what is security. Yet we will discuss it from another perspective. People have their belongings. Some people will try to steal it or destroy it. Therefore people have to protect them. The protection which provides to peoples’ belongings can know as security.
What is system security?
Nowadays people use information systems. Everywhere we can see information systems. People give their personal, confidential details to those systems. Actually, information is a very valuable asset if you use it correctly. For different marketing or to do strategic things, information can help. Therefore people can try to trespass or steal or destroy information. As an example to do marketing people sell email addresses. By sending emails, and newsletters and updating customers about products persuade them to buy products. Businesses can increase their sales by doing so. Therefore they purchase email addresses.
If someone is having a personal issue with someone they are trying to damage their image. So if there is an information system which is lack security it can easily do a negative thing. As an example just thinks about social media if they can steal one person’s login details and post something negative it will end up very badly. Therefore it is mandatory to provide information system security to stop such things.
What security can provide?
- Prevent stealing information.
- Prevent damaging, modifying information
- Prevent unauthorized access.
Now let’s move on to discuss today’s topic theories.
Vulnerability is a weakness in information system security. Then where are the places that can have weaknesses in a system? A system is built with design, architecture, logic so on. So those will be the places that can have vulnerabilities. As an example If the system is made with poor logic, it has a vulnerability. If the architecture is not designed properly that is also the same.
A system threat is an instance that can cause a potential loss or harm to the system. A vulnerability has the probability of being a threat. If I give you an example, If a building has a crack it is a vulnerability. Why? because it is a weakness. The building may fall down or may not. If the building falls down then the people inside it can get hurt. So getting injured, harmed, and wounded are the threats.
Types of Attacks
They are several attack types are available these days. Mainly we can group them into two categories. They are the active attacks and the passive attacks. So now we are going to learn about those two attack types.
In passive attacks, attackers try to learn or make use of the information in the system. They do not affect the system’s resources. As examples of passive attacks, we can take eavesdropping, monitoring, obtain message contents. In eavesdropping, they are secretly listening to the conversation. Let’s assume there are two friends who are Alice and Bob. So they are talking with each other. The attacker will try to get into the conversation and look at it. He or she will not edit it. Therefore these kinds of attacks are difficult to identify because they are not doing anything to system resources.
The active attacks are easy to identify. In active attacks, the attacker tries to alter the content. Therefore the end party will receive another message. Because of that in the end with the communication of both parties or because of content change we can identify there was an attack.
So far we are discussing topics related to information security. There are other important concepts about how security ensures. Security is ensured as different concepts. So now we are going to learn about them. Mainly security maintains under five concepts. They are Authentication, Access control, Confidentiality, Integrity, Availability, and Non-reputation.
Authentication – This is the primary concept every system maintains. Before a user logs into a system the first thing that will be checked is authentication. Most people confuse the concepts of authorization and authentication. Those are two different things. They are not the same things. Authentication means we check whether the accessing user is the actual user. If we create a new login for our new employee Nolle we are checking Nolle login or not. Because only Nolle has her username and password. In authorization what happens is we check whether the user is authorized to log in to the system. Example username, password.
Access Control – In the access control, we create different access methods for different roles. From this, we prevent irrelevant people from getting or accessing the details. This is acting as a privileged method also. Example NTFS permission
Confidentiality – In these mechanisms, we protect the data. If the data is available in the raw format anyone can read, and modify it. Therefore from this, we change the format of data such as unreadable to unauthorized people. It is a kind of encapsulation. We are changing the format it stores So if someone read it they can’t understand the data. We can take the example of encryption.
Integrity – From the integrity, we assure that data is not altered. Apart from that integrity also make sure the data is from the original source. On the internet, there are a lot of fake sources. Therefore we can make sure the source is the original and is not altered. Example Hash function.
Availability – In this mechanism, we assure data is available. As important as it is to protect from malicious people it is also important to available those data for usage.
Non-reputation – Protection against denial by one of the parties in a communication. Example digital certificate.
Concepts Related to Cryptography
|Encryption||The process of encoding a message in a way its meaning is not understandable or visible.|
|Decryption||Transfering the encrypted text or the cipher text into its original format which is the human-readable format.|
|Plaintext||Original message before encryption.|
|Key||The value used for encryption.|
|Algorithm||The rules are used to convert the plain text to cipher text.|
So now I am going to conclude this post. I hope you got the idea of encryption concepts. I hope this will help you to understand the encryption concepts better. From here onwards we are going to discuss encryption algorithms types, famous encryption algorithms, and how they work. I invite all of you to read these detailed articles and grab knowledge about them. Keep in touch with our newer articles. If you have any comments please comment below. Goodbye, all.