08 Jun Data security through cryptography – Thrive Global
What exactly is cryptography?
In the actual, original sense of
the word, cryptography means “secret writing”. In general one would
speak of “encryption”. Today, however, the discipline of cryptography
is much more than that, since data security cannot be ensured by encryption
alone. Research in cryptography is mainly concerned with the following
so-called protection goals: Confidentiality, integrity, authenticity,
These are, of course, abstract
terms. Briefly explained:
Encryption: Making data unreadable for unauthorized persons;
Integrity: Ensuring that data cannot be altered unnoticed;
Authenticity: Securing the sender or owner of data;
Commitment: Non-deniability of a communication process;
Often the securing of a chronological
sequence is also a further security feature.
A simple example of why
confidentiality alone is not sufficient to guarantee data security: Let’s think
of a functioning encryption method, which offers confidentiality but no
integrity. This would mean that even if the data is illegible for a hacker, he
could still successfully modify it so that during decryption, e.g. by the
recipient of an e-mail, falsified data would come to light.
Can cryptography and data security be used as synonyms?
No, to ensure data security you
need many security measures, cryptography is an important component. But topics
such as system design, data protection and secure implementation strategies
also play an important role in practice.
Data security only works in a
holistic approach. This may sound aloof, but it is actually quite easy to
understand: An IT system is only as secure as its weakest link. Sooner or
later, hackers will always find the open gap in the system.
What are the myths about cryptography, which have been around for a
Unfortunately, there are a lot of
them, but this is in the nature of things. Cryptography is a complex topic,
even the general computer scientist often has wrong ideas. Cryptographic
methods can only be developed and implemented by experienced experts. Even
these two procedures are usually filled out by different roles.
In politics, for example,
backdoors in cryptographic products and their feasibility are often discussed.
Especially in the USA, the well-known security expert and cryptographer Bruce
Schneier fights again and again against demands for these backdoors, which in
most cases are simply unrealistic or destroy the cryptography itself.
Why does cryptography play such a role in everyday life? If I send
mails every day, does that already belong to cryptography?
Mails are exactly the negative
example, since they are encrypted in less than 10% of cases. This is where the
postcard analogy comes into play. Anyone who gets their hands on the postcard
can read it. This also applies to e-mails. Although e-mails are generally
transmitted in encrypted form today – German mail providers in particular
joined forces a few years ago – in the end the e-mail still lies unencrypted on
my provider’s mail server or on my computer, smartphone or tablet.
Fortunately, it’s easier in other
areas. If, for example, you use online banking, you automatically use very good
cryptographic procedures under most circumstances.
Think about it, that wouldn’t be
the case: An Internet connection from your computer to the bank’s server runs
on almost ten computers in Germany, so-called “hops”. And these are
only the visible devices between you and the bank. Cables that are tapped or
similar are not taken into account. This would allow many interventions in or
accesses to your communication: from the mere inspection of your data to the
modification (such as an online transfer).
Nowadays, cryptography is a large
part of the defence against possible attacks.
Since passwords still play an important role in access security, cryptography is also of great importance here. There are procedures and standards for storing passwords securely. Unfortunately, these are still not used continuously today, as can be seen from the current IT news about system break-ins.
What trends do you see in cryptography for the coming years?
A very current trend is certainly
the blockchain with Bitcoins as the most prominent representative.
The topic of quantum computers has
been high on the research agenda for a long time. This is about a completely
new approach of processors that would have such a much higher performance
standard, at least for special tasks, that all currently used crypto methods
and encryption algorithms would become insecure. Mathematicians, however, have
already developed encryption methods that are so complex that they would also
be secure on quantum computers. On today’s computers, these methods would take
Otherwise, more and more people
and institutions are turning to encryption and data security in general, which
ultimately benefits all of our data security. For example, due to legal
standards, but also completely different things like Google rankings, today
many more websites are accessible encrypted via HTTPS than three years ago.
Other areas where cryptography
plays an important role are mobile payment methods, autonomous cars, smart home
solutions and much more.
What are frequently used methods of cryptography? Garden fence method,
Scytale, Ceasar encryption: are these methods used daily?
The mentioned examples are
historical and had a meaning before the time of computers.
Modern cryptography works
differently. An explanation would go beyond the scope here. Cryptographic
methods are mainly developed in the discipline of mathematics and then
implemented by computer scientists, physicists and others. This is done
iteratively, since one often discovers weaknesses in the practical
implementation, which in turn require a revision of the theory. As I said
before, cryptography is a very complex topic.
Well-known methods that we all use
on a daily basis, for example in Internet traffic, e-mail encryption (if you
use PGP or S/MIME) or hard disk encryption are AES or RSA. Most Internet
servers have an SSL certificate based on RSA. These are features that you can
easily look up in any browser.
To give you an idea of what these
methods can do: Unlike a simple letter exchange from Roman times, the aim of
modern encryption methods is to make encrypted data look like…