Welcome to Ewon's Blog

Discover how Ewon solutions can turn your IIoT ambitions into reality!

The basics of cybersecurity : cryptography

by Jean-David Epaillard | Apr 22, 2021

 

1- From symmetric to asymmetric cryptography.

Cryptography is the art of coding and making a message unintelligible by non-authorised people. There is evidence of its usage since ancient times (so called Caesar's code, shifting the alphabet a certain number of steps, and substituting original letters to get the encrypted message).The purpose of this encryption was to protect the confidentiality of the roman general’s correspondence.

However, this so-called "symmetrical" (because the same key is used for encryption and decryption) method was insufficient for two reasons.

On one hand, it did not guarantee authenticity, ie how to make sure that the sender is who he claims to be ?

On the other hand, it also did not allow verification of the integrity of the message, ie how to make sure that the information is not altered in transit? Indeed, anyone who discovered the encryption method could intercept the message, decrypt it, modify it, re-encrypt it and forward it to the recipient.

In addition, symmetric cryptography requires the prior exchange of a key (here the number of offset letters) between the sender and the recipient, which is an additional risk in the event of an interception.

Over the centuries, the methods have improved, but have always been based on these two principles: the manual substitution of letters by other letters and the need to exchange keys between the sender and the recipients.

Until World War II, no process could withstand code breakers, mainly linguists. Then came the mechanization of cryptography with the development of the famous Enigma machine. Here each letter of the original message is encrypted by another letter passing through a mechanism made up of rotors and connections of cables offering several million encryption combinations.

Advantage of mechanization: it considerably increases speed and is extremely difficult to break. However, mathematicians (including the famous Turing) managed to decipher the Enigma messages by developing the first electromechanical computers.

Enigma, revolutionized cryptography, and yet it suffered from the same problems as the Caesar’s code: obligation to exchange key books (the daily arrangements of rotors and connections) and associated risks, as well as the non-possibility of verifying the authenticity and integrity of the messages.

In the 1980s, the Internet, email, and online commerce greatly increased the need for secure information exchange, but traditional cryptographic methods did not allow this. 
If you first need to exchange books of secrets, how can you successfully exchange keys between two people on the Internet who do not know each other, between 2 machines, between 1 person and 1 server?

Diffie and Helman and especially Rivest, Shamir and Adleman (better known by the acronym RSA) in 1977 will revolutionize cryptography by inventing a system, still in use, which does not require that the two stakeholders have exchanged keys before their conversation.

Each participant has to create a pair of keys beforehand (1 public key shared and accessible by everyone and a private key kept secret). This is why this technique is called asymmetric cryptography.

What is the mathematical link between these keys?
Let’s imagine 2 prime numbers: 3 and 7 (p and q)
• The public key "n = p * q" is 21
• The private key is the couple 3 and 7

Electronically speaking, the multiplication of 'p' and 'q' is very easy and fast, whereas, on the opposite, the factorization of 'n' requires testing all possible combinations and is therefore incredibly time and CPU consuming.

Obviously, the factorization of '21' is not very complicated, but in modern cryptography one deals with numbers of the order of 3.10 ^ 616 (for keys of 2048 bits). To give an order of magnitude, there would be about 10 ^ 82 atoms in the universe…

In a nutshell, the difference between symmetric & asymmetric cryptography is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses public key for encryption and a private key for decryption.

Which one would you believe is best?

Learn more here about Ewon highly professional security approach

Industrial Routers

Ewon Industrial Routers for Easy and Secure Connectivity

Enjoy the benefits of on-demand remote access, collect and aggregate industrial operations data locally or centrally in the cloud.
Your machine portal

Web Dashboard: M2Web

The free white label web portal of Talk2M providing secure mobile access to your remote HMI, web server, PC and panels.
Remote Access VPN client

Smart VPN Client: Ewon eCatcher

The Talk2M Remote Connectivity software enabling you to connect within a high secure environment to all your devices.
Connectivity as a Service

Industrial Cloud: Ewon Talk2M

Discover Talk2M, a scalable, reliable, and fully redundant Industrial Cloud.