Coding Streams

backBack to Posts

Core Concepts in Computer Networks Cryptography

Akshay Singh
Akshay Singh
core-concepts-network-cryptography post image

Cryptography, literally meaning "secret writing," is the backbone of secure communication in computer networks. It's the art and science of scrambling data so that only the intended recipient can understand it, protecting it from eavesdroppers and ensuring its integrity.

I. Key Goals: The CIA Triad and Beyond

Cryptography isn't just about hiding messages; it's a toolbox for achieving several critical security objectives, often summarized by the CIA Triad (plus Non-Repudiation):

Security Goal Description Primary Technique
Confidentiality Ensures only authorized parties can read the information. Encryption
Integrity Guarantees that the data has not been altered during transmission. Cryptographic Hash Functions
Authentication Confirms the identity of the sender and/or receiver. Digital Signatures / Certificates
Non-Repudiation Prevents the sender from later denying they sent the message. Digital Signatures

II. The Basics of Encryption/Decryption

The fundamental process involves transforming a readable message (plaintext) into an unreadable one (ciphertext) using a specific mathematical procedure (algorithm) and a secret value (key).

Term Role in Cryptography
Plaintext The original, readable message.
Ciphertext The scrambled, unreadable version.
Encryption The process of turning plaintext into ciphertext using a key.
Decryption The reverse process: turning ciphertext back into plaintext using a key.
Key The secret string of bits that controls the cipher's output.
Algorithm The mathematical recipe used for the transformation.

III. Three Main Types of Cryptographic Tools

A. Symmetric-Key Cryptography (The Shared Secret)

  • Concept: Uses a single, secret key for both encryption and decryption.
  • Pros: Fast and efficient, ideal for encrypting large amounts of bulk data.
  • Cons: Challenges in securely distributing the shared key (key distribution problem).
  • Common Algorithm: AES (Advanced Encryption Standard).

B. Asymmetric-Key Cryptography (The Key Pair)

  • Concept: Uses a pair of linked keys: a Public Key (shared widely) and a Private Key (kept secret).
    • Encryption: Anyone uses the recipient's Public Key to encrypt.
    • Decryption: Only the recipient uses their Private Key to decrypt.
  • Pros: Solves the key distribution problem and is essential for authentication.
  • Cons: Significantly slower than symmetric encryption.
  • Common Algorithm: RSA (Rivest-Shamir-Adleman).

C. Cryptographic Hash Functions (The Digital Fingerprint)

  • Concept: A one-way function that creates a fixed-size, unique output (hash value or message digest) from an arbitrary input. It is irreversible.
  • Purpose: Primarily used for integrity checking. Any change in the input data results in a completely different hash output.
  • Common Algorithm: SHA-256 (Secure Hash Algorithm).

IV. Advanced Cryptography Concepts: Deep Dive

A. Advanced Encryption Standard (AES)

AES is the global standard Block Cipher (operates on 128-bit blocks) known for its high security and speed.

Feature Description Key Metric
Structure Based on a Substitution-Permutation Network (SPN). Block Size: 128 bits
Security Principle Achieves confusion (hiding the key-ciphertext relationship) and diffusion (spreading the influence of one input bit across many output bits).
Key Lengths Determines the number of rounds ( N r N_r ). 128, 192, or 256 bits.

The Four Transformation Steps (per round):

  1. SubBytes: Non-linear substitution using the S-box (Confusion).
  2. ShiftRows: Cyclic shift of rows (Diffusion across rows).
  3. MixColumns: Linear transformation of columns (Diffusion down columns).
  4. AddRoundKey: XOR with the round key (Mixing the key into the data).

B. RSA and Digital Signatures

The security of RSA relies on the computational difficulty of factoring large prime numbers.

Digital Signature Process:

This process achieves Authentication, Integrity, and Non-Repudiation by reversing the key roles.

Step Sender's Action (Signing) Receiver's Action (Verification)
1. Hash Computes the message hash: h = Hash ( M ) h = \text{Hash}(M) . Computes the message hash h h' of the received message M M' .
2. Sign/Decrypt Encrypts the hash with their own Private Key ( d d ): S = h d m o d n S = h^d \bmod n . Decrypts the signature with the sender's Public Key ( e e ): h = S e m o d n h'' = S^e \bmod n .
3. Compare Sends the message and signature ( M , S ) (M, S) . Verification Success if the computed hash h h' equals the decrypted hash h h'' .

C. Public Key Infrastructure (PKI): The Trust Framework

PKI is the system used to manage and validate digital certificates, solving the trust problem in Asymmetric Cryptography.

Component Function
Certificate Authority (CA) The trusted third party that verifies identity and issues Digital Certificates.
Digital Certificate (X.509) Binds a Public Key to an Identity and is signed by the CA's private key.
Registration Authority (RA) Verifies the identity of the entity requesting a certificate before the CA issues it.
CRL / OCSP Mechanisms for checking if a certificate has been revoked (invalidated) before its expiration.

V. Essential Network Applications

  • SSL/TLS (HTTPS): Uses a hybrid approach. Asymmetric crypto is used initially to securely exchange a temporary symmetric key; then the much faster symmetric key is used for all bulk data transfer.
  • Key Management: The procedures for the secure generation, distribution, storage, and retirement of cryptographic keys. A cryptosystem is only as secure as its key management.

Related Posts