Let’s put ourselves for a moment in the shoes of Julius Caesar, the great leader of Ancient Rome, and then imagine that we have to send secret messages across enemy territory while making sure that their contents do not fall into the wrong hands.
We live in an age of plotting and betrayal, and before entrusting secrets to a messenger we are unsure about trusting, we must ensure that our messages can only be deciphered by the recipient.
Returning to the present day.
We are sending a message to a person using a typical messenger of the digital age: email. The tool allows us to reach an addressee, wherever he or she may be, crossing borderless territories, however virtual, also populated by malicious individuals interested in the content we are transmitting.
What do these two situations, separated by thousands of years of history, have in common? Cryptography.
Cryptography is the art and science of transforming information into a format that only those with a special key can understand. This process safeguards the information from prying eyes and, when required, can be reversed to make the information readable again. The underlying principle is simple: only those with the right key will be able to decipher the message.
Encryption, on the other hand, is the process of converting a readable, so-called “plain text” into an encrypted text. An algorithm, a set of mathematical rules and procedures, is used to encrypt a text. Furthermore, a key is used, ensuring that the encrypted text is inaccessible to those who do not have the correct key to decipher it.
In the digital age, however, cryptography is fundamental to keeping online communications and transactions private and secure.
However, when experts in the world of computer security discuss it, such technical language is often used to such an extent that the subject is incomprehensible to most people. To some extent, they also adopt a “key” of interpretation, accessible only to those in the industry. For those who, like us at Cyber Guru Italia, approach cybersecurity with an informative approach, it is essential to make cryptography understandable to all. Let’s begin with telling the story
The history of cryptography
- One of the earliest historical examples of the use of cryptography to ensure confidentiality in military communications, dates back to the Spartan Scythians in the 5th century BC.
These consisted of strips of leather or paper wrapped around a stick of a specific diameter. The message was written in columns and, once the strip was unrolled, the text was incomprehensible. Only those who possessed a wand of the appropriate diameter were able to decipher the message. The wand, therefore, functioned as a “key”. It was a system employed by the Ephors, the five supreme magistrates of Sparta, to communicate with generals and navarchs, particularly during military expeditions. - On to Julius Caesar and his cipher, dating back to the year 50 BC.
In the substitution cipher, each letter of the original text was shifted by a certain number of positions in the alphabet. In effect, an alphabetical rotation, in this case of three positions: the letter “A” became “D”, “B” became “E”, and so forth. The Latin alphabet of the time had 23 letters, so considering this rotation, the letter “X” was “A”, “Y” was “B” and “Z” became “C”.
Caesar’s cipher is somewhat similar to the ROT13 algorithm, used in the world of computing to disguise certain texts, where the alphabet is rotated by 13 positions.
An ingenious mechanism for the time. In the modern context, however, it would be considered weak, because it is so easily deciphered.
The application of cryptography grew during the Middle Ages and continued until the modern era, before evolving into the contemporary digital form.
Of all cryptographic devices, the Enigma machine deserves a special mention.
Invented for commercial purposes by German engineer Arthur Scherbius, the Enigma was later adopted for military purposes by Nazi Germany. This machine used a series of rotors that changed configuration each time a key was pressed, making decoding extremely complex.
With its strategic significance, the Allies went to great lengths to break its code. The first significant progress was made by the Poles. . Later, the United Kingdom took the lead in the operation, mobilising some of the brightest minds, such as the mathematician Alan Turing who, together with his team, devised the “Bomb”, an electromechanical device designed to crack the Enigma codes. This decryption provided the Allies with essential information on German strategies and movements. This intelligence advantage was pivotal in numerous operations, from the Battle of the Atlantic against U-boat submarines to the planning of D-Day.
Many historians believe that it was the decoding of Enigma that ultimately determined the course of the war. In their belief in its inviolability, the Germans had underestimated the strength of the human factor: the brilliance of people like Rejewski and Turing proved decisive in the battle against the machine, despite the highly advanced nature of the latter.
Cryptography in the digital age
Cryptography has become vital in the digital age to ensure the confidentiality of information. With digital devices, we communicate continuously with people who may also be far away from us.
On this journey through the vast digital networks, our messages could be intercepted by malicious actors, keen to seize information, in particular confidential information. An email sent to a colleague sitting next to you may also make a long detour before reaching its destination, exposing itself to potential interception. A digital threat known as “Man In The Middle“, that is, an individual who interposes himself between sender and receiver with the intention of “listening” to their communications.
To mitigate this threat, cryptography is used. For example, a message sent via WhatsApp, Telegram or Signal is encrypted. Even if intercepted by an attacker, it would appear as a string of incomprehensible characters.
Access codes for bank accounts also move through the web in encrypted form. The confirmation is given by the prefix https:// preceding the web address of the bank’s server, which indicates that communications between our device and that server are encrypted.
If, however, we see the prefix http:// (without the “s”), the browser itself will warn us of potential risks. The presence of a padlock icon on the browser is another sign that indicates encrypted communication. When we make an online purchase, our payment information is encrypted, and therefore protected from unwanted interception. And not only that: secret chats, video calls and many other online activities benefit from this invisible protection.
Digital cryptography: some keywords
Algorithms: lie at the heart of cryptography and function as precise formulas for converting a message into a seemingly incomprehensible sequence of characters. But the magic of these algorithms lies in the “keys”.
A key is a distinctive bundle of information that establishes how a message is to be encrypted and decrypted.
Symmetric cryptography: when a single key is used both to encrypt the original message and to decrypt it. An efficient method, but one that poses the question: how can the sender securely share with the recipient the key needed to decrypt the message without the risk of being intercepted?
Asymmetric cryptography is the answer. Each individual has a pair of keys: a public one, to be shared freely, and a private one, to be kept secret. If someone wished to send you a message, they would encrypt it using your public key. But to decrypt it, you’d need the private key.
Authenticity and integrity. Digital signatures provide assurance that a message actually comes from the declared sender and has not been altered during transmission. It is a system that works like a wax seal on an old letter, indicating that the message has not been tampered with.
This technology-led process takes place transparently with respect to the user. Yet the human factor remains decisive in order not to compromise the security offered by digital cryptography.
Suggestions
Here, we have summarised some practical tips for digital users:
Pay attention to the https prefix: when visiting a website, particularly if you plan to enter personal or financial data, check that the URL begins with “https://” and not simply “http://”. The “s” indicates “security” and shows that the site uses the SSL/TLS protocol to encrypt information in transmission. Browsers implement symbols and alert messages to emphasise this particular security aspect, so please do not ignore the warnings.
Use of encrypted messaging applications: Applications such as Signal, WhatsApp and Telegram offer end-to-end encryption. This ensures that only you and the recipient of your message can view the content of the exchanged messages, therefore protecting your conversations from eavesdropping.
Protect your files: if you store sensitive files on your device, consider encrypting them. Many operating systems include encryption capabilities, such as BitLocker on Windows or FileVault on macOS.
Encrypted backups: When creating backups of your data, especially on the cloud, make sure they are encrypted. Some backup and cloud storage services encrypt automatically, but always check.
Choose strong passwords: the effectiveness of encryption often depends on a strong password. It uses a combination of letters (upper and lower case), numbers and symbols. Consider using a password manager, which is useful for generating and storing complex passwords.
Encrypt your device: many mobile devices, such as smartphones and tablets, allow the entire device to be encrypted. This complicates access to data in the absence of the right password or PIN.
Upgrade devices: cryptography is a fast-evolving field. Keeping software and devices up-to-date ensures that you benefit from the latest protection available.
Be careful with emails: By default, emails may not be encrypted.
If you have to send sensitive data by email, take these precautions:
- Use tools or plugins that offer encryption.
- If the information is in a file, it encrypts the file itself and communicates the password to the recipient via an alternative channel.
- To share files containing confidential information, consider storage solutions that offer encrypted sharing, such as Dropbox, MS OneDrive or Google Drive, avoiding the use of email for this purpose.
Cryptography, the journey continues…
So far, the recommendations provided fall within the general guidelines of those working in the field of cybersecurity. But are there alternative and more effective solutions?
This will be the subject of the next article
Meanwhile, I ask you: have you ever heard of a “password notebook”?
Try searching on Amazon for this term and you will be surprised at the results.
