Willkommen in Ewons Blog

Entdecken Sie, wie Ewon-Lösungen Ihre IIoT-Ambitionen in die Realität umsetzen können!

The basics of cybersecurity.

by Jean-David Epaillard | Apr 22, 2021

1- From symmetric to asymmetric cryptography.

Cryptography is the art of coding and making a message unintelligible by non-authorised people. There is evidence of its usage since ancient times (so called Caesar's code, shifting the alphabet a certain number of steps, and substituting original letters to get the encrypted message).The purpose of this encryption was to protect the confidentiality of the roman general’s correspondence.

However, this so-called "symmetrical" (because the same key is used for encryption and decryption) method was insufficient for two reasons.

On one hand, it did not guarantee authenticity, ie how to make sure that the sender is who he claims to be ?

On the other hand, it also did not allow verification of the integrity of the message, ie how to make sure that the information is not altered in transit? Indeed, anyone who discovered the encryption method could intercept the message, decrypt it, modify it, re-encrypt it and forward it to the recipient.

In addition, symmetric cryptography requires the prior exchange of a key (here the number of offset letters) between the sender and the recipient, which is an additional risk in the event of an interception.

Over the centuries, the methods have improved, but have always been based on these two principles: the manual substitution of letters by other letters and the need to exchange keys between the sender and the recipients.

Until World War II, no process could withstand code breakers, mainly linguists. Then came the mechanization of cryptography with the development of the famous Enigma machine. Here each letter of the original message is encrypted by another letter passing through a mechanism made up of rotors and connections of cables offering several million encryption combinations.

Advantage of mechanization: it considerably increases speed and is extremely difficult to break. However, mathematicians (including the famous Turing) managed to decipher the Enigma messages by developing the first electromechanical computers.

Enigma, revolutionized cryptography, and yet it suffered from the same problems as the Caesar’s code: obligation to exchange key books (the daily arrangements of rotors and connections) and associated risks, as well as the non-possibility of verifying the authenticity and integrity of the messages.

In the 1980s, the Internet, email, and online commerce greatly increased the need for secure information exchange, but traditional cryptographic methods did not allow this. 
If you first need to exchange books of secrets, how can you successfully exchange keys between two people on the Internet who do not know each other, between 2 machines, between 1 person and 1 server?

Diffie and Helman and especially Rivest, Shamir and Adleman (better known by the acronym RSA) in 1977 will revolutionize cryptography by inventing a system, still in use, which does not require that the two stakeholders have exchanged keys before their conversation.

Each participant has to create a pair of keys beforehand (1 public key shared and accessible by everyone and a private key kept secret). This is why this technique is called asymmetric cryptography.

What is the mathematical link between these keys?
Let’s imagine 2 prime numbers: 3 and 7 (p and q)
• The public key "n = p * q" is 21
• The private key is the couple 3 and 7

Electronically speaking, the multiplication of 'p' and 'q' is very easy and fast, whereas, on the opposite, the factorization of 'n' requires testing all possible combinations and is therefore incredibly time and CPU consuming.

Obviously, the factorization of '21' is not very complicated, but in modern cryptography one deals with numbers of the order of 3.10 ^ 616 (for keys of 2048 bits). To give an order of magnitude, there would be about 10 ^ 82 atoms in the universe…

In a nutshell, the difference between symmetric & asymmetric cryptography is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses public key for encryption and a private key for decryption.

Which one would you believe is best?

Learn more here about Ewon highly professional security approach

Industrielle Router

Industrie-Router von Ewon für einfache, sichere Verbindungen

Genießen Sie die Vorteile von Remote Access bei Bedarf und erfassen bzw. aggregieren Industrieprozessdaten lokal oder zentral in der Cloud.
Ihr Maschinenportal

Web-Dashboard: M2Web

Das kostenlose White-Label-Webportal von Talk2M, das den sicheren mobilen Zugriff auf Ihre externen HMIs, Webserver, Computer, etc. ermöglicht.
VPN-Client für Fernzugriff

Intelligenter VPN-Client: EWON eCatcher

Die Fernverbindungssoftware Talk2M ermöglicht die Vernetzung aller Ihrer Router in einer hochsicheren Umgebung.
Konnektivität als Service

Industrielle Cloud: Ewon Talk2M

Talk2M ist unsere skalierbare, zuverlässige und komplett redundante industrielle Cloud.