Cryptography

Moses MuchokiMoses Muchoki
3 min read

Introduction

Information is sent between servers or a client and a server on the Internet.

Therefore, anyone in between can read or modify this data through a concept of man-in-the-middle attacks.

Types of man-in-the-middle attacks

  1. Passive attacks - Where the attacker will only read the data

  2. Active Attacks - Where the attacker will not read the data, but will also modify

What is cryptography?

This is a concept where we use encryption and Decryption to ensure that man-in-the-middle attacks do not modify the data, just in case they can read it. Encryption is the process of converting a plaintext into a ciphertext. Then, Decryption will convert the ciphertext into plaintext.

Types of Cryptography

  1. Symmetric cryptography - we use a shared private key to encrypt and decrypt data. Therefore, the parties sharing the information must have the same private key. A challenge to this method is that, when you want to share a message with multiple people, you will need to have multiple private keys, as a key is private between two parties.

  2. Asymmetric cryptography - Here, we use two keys to encrypt our message that is, a private key and a public key. Let me explain, imagine we have a group of people, let’s say employees, whereby the HR wants to send a message to each employee concerning their appraisal status. Everyone will have their public key, which is known to everyone, and a private key, which they know. Therefore, the HR can encrypt each appraisal message with the specific employee’s public key, and in turn, the employee will access the message by decrypting it with their private key. Any other employee cannot decrypt this message even if they happen to see it.

What are digital signatures?

In asymmetric cryptography explained above, imagine a scenario where the HR sends a message to employee A, and another employee B (man-in-the-middle attack) sees and modifies it and encrypts the message with employee A’s public key (active attack).In this case, employee A will not be able to tell who sent them a message, even if they can decrypt it.

This is where digital signatures come into play, whereby they do double encryption with both the private key and a public key for identification purposes. Here, the HR will encrypt the message at two levels

Level 1: The HR will use a private key to encrypt so that Employee A can decrypt it with HR’s public key(known to everyone). Therefore, Employee A will know that the message is actually from HR because if it’s not from HR, the message cannot be decrypted with HR’s public key.

Level 2: The HR will use employee A’s public key to encrypt the message as well, so that employee A will decrypt it with their private key, which is only known to them

Therefore, this is how we will achieve double encryption, hence ensuring a secure transfer of information between servers or between a server and a client.

Thank you

Moses Muchoki,

Software Developer

0
Subscribe to my newsletter

Read articles from Moses Muchoki directly inside your inbox. Subscribe to the newsletter, and don't miss out.

active attackspassive attacksCryptographyman in the middle attackasymmetric key encryptionsymmetric-encryptiondigital-signature

Written by

Moses Muchoki
Moses Muchoki