0

A Deeper Dive into Cryptography and Steganography

Cryptography is the technique of securing information and its communication through the use of algorithms
security
BugBase
May 19th 2022.

What is Cryptography? Cryptography is the technique of securing information and its communication through the use of algorithms and protocols so as to ensure that only the intended end receivers are able to understand and process it. The prefix “crypt” means hidden and the suffix “graphy” means writing.

Cryptography is most commonly associated with scrambling plaintext (ordinary text, like email text) into ciphertext using encryption, then using decryption, conversion of the ciphertext back into its original form. It also includes the obfuscation of information in images using techniques such as microdots or merging words with images to hide information from prying eyes.

Cryptography in Cyber Security Cryptography offers confidentiality, ensuring information will only be accessed by the person for whom it is intended for. Moreover, it provides data integrity, meaning that the data cannot be modified in storage or while travelling in communication between sender and receiver. Non-repudiation is yet another feature, wherein the sender cannot deny their intention to send information at a later stage. Authentication is also offered, the identities of the sender and receiver while participating in communication is confirmed, along with the origin and destination of the data.

In simpler words, the OSI provides a standard for different computer systems to be able to communicate with each other.

The OSI Model can be seen as a universal language for computer networking. It’s based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last. All these 7 layers work collaboratively to transmit the data from one person to another across the globe. DDoS attacks target specific layers of a network connection; application layer attacks target layer 7 and protocol layer attacks target layers 3 and 4.

In an increasingly software-transformed world, it is necessary for business organisations and governments, even for personal networks/communications or LAN networks indulging in sensitive information communication, to create a secure system for intercommunication. A cryptosystem that helps such networks define cryptography protocols and algorithms (or ciphers), along with the management of cryptographic keys, can be used to create a secure system by working at the data level, securing the data in transit and at rest, protecting sensitive information leaks from malicious hackers. It can also help authenticate senders and recipients.

Types of Cryptography Broadly, there are three types of cryptography:

  1. Symmetric-key Cryptography: A single key is shared between the sending and receiving party. Sender uses the key to create cipher text using the shared key and transmits it over the network, and at destination, it is converted back by receiver using the same key.

  2. Asymmetric-key (Public-key) Cryptography: Here, for each receiver two keys are defined, public and private. When information needs to be sent to the receiver, the sender makes use of the public key (that can be freely distributed) to encrypt the data, and this encrypted data can only be decrypted by the private key that is kept secret at all times by the receiver.

  3. Hash Functions: No keys are used in this type of cryptography. A fixed-length hash value is computed as per the plain text that makes it impossible for the contents of the plain text to be recovered.

Cryptography and its importance Cryptography ensures cyber security at the data level; hence it is an essential component to be included in IT systems. Cyber security enthusiasts must look deeper into cryptography and its algorithms, and can even choose to pursue being cryptographers, specialised individuals in cryptography. With large-scale breaches happening all around the world, it is important to research newer standards and algorithms for better security.

What is Steganography? Having discussed cryptography, another technique relating to data security is also quite prominent, called Steganography. Steganography is a technique to conceal or hide secret data within a normal, ordinary file or message to avoid its detection. This secret data is then extracted from the file at the destination. This type of a technique can be used to hide any form of digital content, like text, audio, image, etc. into another digital content. The lowest layer of the OSI reference model is the physical layer. It is responsible for the actual physical connection between the devices. The physical layer contains information in the form of bits. It is responsible for transmitting individual bits from one node to the next.

How does Steganography work? The basic steganography model is pretty simple. A cover file is selected for the secret message to be sent. A steganographic encoder merges these two files, creating a stego object, which is used to transmit over the communication channel (no one other than the sender and intended recipient suspects that a message has been hidden in the cover file). This stego object, along with the key (that is possessed both by encoder and decoder) are passed in the steganographic decoder, to retrieve the secret message. There are several algorithms to make the encoding-decoding happen, each classified by which type of cover file is used.

Use of Steganography Steganography is used whenever a need arises to convey a secret message. In cyber security, this is an especially useful technique to transmit sensitive information. While this technique is used for legitimate uses, malware developers also make use of this technique to transmit potentially harmful malicious code masquerading as unharmful code or software, which can result in a serious breach. Therefore, it is essential for cyber security professionals to be aware of stenography, so that the correct measures can be taken to prevent a potential attack from such techniques.

Steganography along with cryptography can equip a communication network with the utmost data security possible. If the stego object is further encrypted, the data will be safe from detection as well. When using only encryption, the data is clearly marked to have pertinent information, but complementing this with steganography can really make the difference.

Want to know more?

BugBase is India’s largest cybersecurity marketplace! We provide bug bounty programs that can be reached out to by ethical hackers and develop a security enthusiasts community all over the country. We are expanding our services to provide security audits and VAPT.

Let's take your security
to the next level

security