Open in app

Sign in

Write

Sign in

Breaking the Code: The Impact of Cryptography on Cybersecurity`

Tyler Mills
16 min readApr 7, 2023

--

Tyler Mills

04.07.2023

INTRODUCTION

In today’s digital age, we rely on technology for almost every aspect of our lives. We use our phones, computers, and other digital devices to communicate, shop, bank, and share information. With so much sensitive data being transmitted online, it’s essential to ensure that our personal information is kept safe from prying eyes. That’s where cryptography comes in.

Cryptography is the science of secure communication, using mathematical algorithms to encode and decode data. It’s used to protect everything from passwords and credit card numbers to medical records and government secrets. Without cryptography, our digital world would be a much more dangerous place, as cybercriminals could easily intercept and steal our sensitive information.

The importance of cryptography has become even more critical in recent years as cyber threats continue to evolve and become more sophisticated. Hackers and cybercriminals use a variety of methods to steal sensitive information, such as phishing attacks, malware, and social engineering tactics. As a result, encryption has become a critical defense against these threats, and the demand for skilled cryptographers has never been higher.

In this article, we’ll explore the basics of cryptography, how it works, and why it’s so important in today’s digital age. We’ll also look at some of the common encryption techniques used to protect our data and how they’re being used to secure our online lives. By understanding the power of cryptography and the role it plays in our daily lives, you’ll be better equipped to protect yourself and your sensitive information from ever-present cyber threats.

Break-Down Of Tools (Bitlocker, VeraCrypt, CrypTool )

  • BitLocker: BitLocker is a built-in encryption tool in Microsoft Windows that can be used to encrypt entire hard drives, including the operating system drive. It uses symmetric-key encryption to encrypt the drive, and the encryption key is tied to the user’s login credentials, making it more secure. BitLocker can be especially useful for those who travel with their laptops or store sensitive information on their hard drives. It ensures that the data is protected even if the laptop is lost or stolen. BitLocker is relatively easy to set up and use, making it a popular choice for Windows users.
  • VeraCrypt: VeraCrypt is a free, open-source encryption tool that can be used to encrypt entire drives or individual files and folders. It supports a wide range of encryption algorithms, including AES, Serpent, and Twofish. It also offers features such as hidden volumes and plausible deniability, which make it harder for attackers to detect and access encrypted data. VeraCrypt can be useful for individuals who require strong encryption for their data and want a tool that is flexible and customizable.
  • CrypTool: CrypTool is a free, open-source software that provides various tools and algorithms for cryptography education and experimentation. It offers a user-friendly interface that allows users to experiment with different encryption techniques and gain a deeper understanding of how cryptography works. CrypTool can be a useful tool for students and researchers who are interested in cryptography and want to learn more about its various techniques and algorithms.

All three tools are important to know for encryption as they provide a range of encryption options that can be tailored to specific needs. Encryption can impact your life for the best by providing protection to sensitive information, such as financial and personal data, from unauthorized access or theft. Encryption can also help safeguard your online communication, such as emails and instant messages, from interception by hackers or government surveillance. By using encryption tools like BitLocker, VeraCrypt, and CrypTool, you can ensure the confidentiality and privacy of your data and communication, which can ultimately lead to a safer and more secure digital experience.

Scenario:

Image Meeting John, a data analyst at a top-secret government agency. John’s job is to analyze and interpret data from various sources to provide valuable insights to his boss, Mr. Johnson. The data John handles are highly sensitive, and any breach in security could lead to catastrophic consequences.

One day, John discovers some information that could potentially lead to a breakthrough in one of the agency’s ongoing projects. Excited about the prospect of making a significant contribution to the agency, John decides to compile his findings into a report and send it to his boss.

However, John is well aware of the potential risks of sending sensitive information via email, as the agency has been the target of several hacking attempts in the past. So, he decides to use encryption to ensure the safety and confidentiality of the report.

John uses a combination of symmetric-key and asymmetric-key cryptography to encrypt his report. He generates a unique key for the report and encrypts it using symmetric-key cryptography. He then uses Mr. Johnson’s public key to encrypt the symmetric key, ensuring that only Mr. Johnson, with his private key, can decrypt the report.

Despite John’s best efforts to ensure the safety of the report, a group of hackers manages to intercept it before it reaches Mr. Johnson’s inbox. The hackers, who are working for a rival government agency, are thrilled to have gotten their hands on the report.

However, to their dismay, they find the report encrypted and impossible to decrypt without Mr. Johnson’s private key. They try various methods to crack the encryption but to no avail. Finally, they give up and decide to move on to easier targets, not realizing that their failure to decrypt the report may have saved the agency from a potentially disastrous breach of security.

John’s use of encryption not only protects sensitive information but also prevented a potentially catastrophic breach in security. It is a testament to the importance of cryptography in ensuring the safety and confidentiality of sensitive information.

MATERIALS

  1. Host Machine (Macbook (2022)
  2. Host Machine (Windows 11 VM)
  3. Target Machine (Windows 11 Tester VM)
  4. Target Machine (Windows Server 2022 Tester VM)
  5. Bitlocker Tool
  6. VeraCrypt Tool
  7. CrypTool

Definitions To Know:

1). Public Key Infrastructure (PKI) — A system that uses public and private keys to authenticate users and secure communications over a network.

2). Symmetric Encryption — A type of encryption where the same key is used for both encryption and decryption of data.

3). RC2 — A symmetric key block cipher algorithm used for encryption and decryption of sensitive data.

4). Asymmetric Encryption — A type of encryption where two separate keys, public and private, are used for encryption and decryption of data.

5). Advanced Encryption Standard (AES) — A widely used symmetric key encryption algorithm that is highly secure and efficient.

6). Diffie-Hellman — A key exchange algorithm used to securely exchange cryptographic keys over a public network.

7). RSA — A widely used asymmetric encryption algorithm used for secure communication and digital signatures.

8). Blowfish — A symmetric key block cipher algorithm used for encryption and decryption of data.

9). Hashing — A process of converting plain text into a fixed-length code, used for ensuring the integrity of data.

10). Transport Layer Security (TLS) — A cryptographic protocol that provides secure communication over a network, commonly used in web applications to protect sensitive data.

PROCEDURE: Step 1 — Open CrypTool (Let’s Start Encrptying That Secret Data)

  • Upon opening the CrypTool we are presented with this lovely interface where we can encrypt and decrypt our data. At first glance, I know this may not look like the world’s state-of-the-art flashy tool, but trust me it more than gets the job done for us and the purpose of this demonstration. For this procedure, we will focus on this tool’s bread and butter. That being the “Encrypt/Decrypt” option, as well as the “Digital Signature/PKI” option. These two are all you need to send your top-level classification information from one device to another (Person to Person). This will be a bit of a head sketcher, but I will example as I advance through each step. By the end, you’ll love encrypting your data and see how easy it actually is!

PROCEDURE: Step 2 — Create a File Your Like To Encrypt

  • The above screenshot displays the text document that I will be using to demonstrate the greatness of cryptography. You can make the plan text document anything you want it to say. Make it creative so you can see just what you can encode. The longer the better it is by default. Hackers spend hundreds of hours trying to decode the encryption. That’s if they can even crack it.

PROCEDURE: Step 3 — Time To Open Our File In CrypTool

  • This is a screenshot to show that I’m opening up the freshly created “Super secret file”. Now it’s about time to truly have some fun.
  • Now that we have our test file pulled up we’re going to click on our menu up top where you can see the options. Click on “Encrypt/Decrypt”, then we’ll see what we have for options. “Symmetric(Classic), Symmetric(modern), Asymmetric, and Hybrid. Each option then gives us some choices in order to select what kind of encryption we’d like to use. In this demonstration, I’ll be using the RC2 option. If your following along you can choose any encryption you’d like, the result will be similar.

PROCEDURE: Step 4 — Let’s Encrypt The File

  • Once clicking encrypt we are bought to this menu. It has the key length which I will be leaving at the default of 8. Below that is a number range you can select based on your type of encryption. This primarily plays a part when we create our PKI key, so we gotta slow down for now. I’m setting mines to 5. If you discover you’d like to use a different setting you can always change it once you play with it a little more.

PROCEDURE: Step 5 — Encryption In Action

  • Above we have a comparison of how the text file looks once it’s encrypted with the RC2; Key 05 setting. The first line of what actually the text file being encrypted reads as ( 3B A9 CE FA BF 54 00 52 56 9F… Etc). This shows that we have successfully encrypted the file and can save it as this and delete the original if you’d like. We’ll be using the encrypted file to show what else we can do with encrypted files.

PROCEDURE: Step 6 — Putting In The Wrong Setting

  • The thing about using encryption in general is that it is hard to crack and see what is underneath the surface. In the above screenshot, I purposely try to decrypt the encrypted file with the wrong settings. (I put in RC2; Key 08. It’s originally Key 05) Since I didn’t put exactly how it was originally encoded I was presented with the error message because I used the wrong symmetric settings. This is just to show that an attacker would need to know the exact combination of the encryption in order to even the message. This in theory could be thousands of different combos used. See how this could be a pain right? Well, this is how you start securing your data and important information.

PROCEDURE: Step 7 — Let’s Create a PKI Key

  • Now we can decrypt and encrypt text files, let’s take it the next step further. Let’s create our PKI key in order to be able to send it off to a receiver that can also read our file with the right decryption setting. It basically keeps everything encrypted under the sender unlocks it with the key they’ll have access to.
  • In this menu, I’m going to have my settings together to create the PKI key. In the example, I’m using RSA 1024 and adding my first and last name as well as a pin number to keep these a bit more extra secure (Which can be as long as you want) Fill free to put whatever you’d like, and what you’ll remember. After the setting is to your liking were going to press “Generate new Key pair”.
  • As you can see our PKI is saved as a file and we can send it as a file along the side of the encrypted file and no wandering eyes can just intercept it across a network without going through hoops and firing along the way. This is just a demo to show how you can easily incorporate encryption into everyday use. It might seem like a bit f a hassle but there are huge security benefits in doing it!

DATA

The chart shows the number of data breaches that occurred between 2009 and 2023, and it’s clear that the number of breaches has significantly increased over the years. In 2009, there were just over 1500 data breaches reported, while in 2023, the number of data breaches is expected to exceed 10,000. This represents a nearly three-fold increase in the number of data breaches over the course of 15 years.

The reasons for this increase are many, but one significant factor is the growing reliance on technology in our daily lives. As we store more and more of our personal information online, hackers and cybercriminals have become more adept at exploiting vulnerabilities in software and systems to gain unauthorized access to our data. Additionally, the rise of cloud computing and the Internet of Things has expanded the attack surface for cybercriminals, making it easier for them to target individuals and organizations.

The consequences of data breaches can be severe, ranging from financial loss to reputational damage to legal liabilities. As the number of data breaches continues to rise, it’s essential that individuals and organizations take proactive steps to protect their data. This includes implementing encryption technologies, using strong passwords, and regularly updating software and systems to address vulnerabilities.

The chart also reveals the staggering number of records that have been exposed due to a lack of encryption. In 2009, just over 4 million records were exposed in data breaches, while in 2023, the number of records exposed is expected to exceed 6 billion. This represents an almost incomprehensible increase in the number of records exposed, with the potential for devastating consequences.

One reason for the increase in the number of records exposed is the lack of encryption used to protect sensitive data. When data is not encrypted, it is much easier for hackers to steal, access, and manipulate. Encryption is a crucial security measure that ensures that sensitive data remains unreadable and unusable to unauthorized parties. Without encryption, data breaches can result in the theft of personal information, financial data, and confidential communications.

Moreover, the lack of encryption can lead to severe consequences for both individuals and organizations. Individuals may experience identity theft, financial loss, and other forms of cybercrime, while organizations may face legal and reputational damages. In some cases, the fallout from a data breach can be so severe that it can result in the closure of the business.

The chart provides valuable insights into the different types of industries that are targeted by hackers and the specific reasons behind these attacks. The chart shows that certain industries are more susceptible to cyber attacks than others, with healthcare, finance, and retail being the most commonly targeted sectors. The reasons for these attacks vary depending on the industry. For example, in the healthcare industry, hackers are often motivated by the desire to steal sensitive patient information, such as medical records and social security numbers. This information can be sold on the black market or used for identity theft and other fraudulent activities. In the finance sector, hackers may target banks and financial institutions to gain access to account information and steal money. Retailers, on the other hand, are often targeted for credit card information and other personal data. The chart also reveals that certain industries have become more vulnerable to cyber attacks in recent years. For example, with the rise of remote work and e-commerce, more companies are moving their operations online, making them more susceptible to cyber-attacks. Additionally, industries that handle large amounts of sensitive data are more likely to be targeted, as this data is highly valuable to hackers.

Solution (Personal)

Here are some steps you can take to start using encryption in your personal life to better protect your data:

  • 1). Assess your encryption needs: Take stock of the types of data you want to encrypt and why you need encryption. Determine the level of protection you need for your data based on its sensitivity and the potential risks of exposure.
  • 2). Use encryption software: Install and use encryption software, such as BitLocker or VeraCrypt, to encrypt your hard drive, files, or folders. These tools will help ensure that your sensitive data is protected, even if your computer or device is lost, stolen, or hacked.
  • 3). Secure your communication channels: Use end-to-end encryption tools, such as Signal or WhatsApp, to protect your instant messages and phone calls from interception. Also, consider using a Virtual Private Network (VPN) to encrypt your internet traffic and protect your online activities from prying eyes.
  • 4). Create strong passwords: Use strong passwords that are difficult to guess or crack, and consider using a password manager to help you create and manage complex passwords.
  • 5). Keep your software and operating system up-to-date: Make sure that your software and operating system are updated regularly to patch security vulnerabilities and protect against known threats.
  • 6). Enable two-factor authentication: Enable two-factor authentication (2FA) for your online accounts to add an extra layer of protection to your logins. 2FA requires an additional verification step, such as a code sent to your phone, to access your account, which makes it harder for hackers to gain access to your accounts.

By taking these steps, you can significantly improve the security of your personal data and better protect yourself from data breaches and cyber-attacks.

Implementing In Corporation:

Implementing encryption on a corporation scale requires a comprehensive strategy and a team effort. Here are some steps that organizations can take to implement encryption:

  • 1). Identify sensitive data: Identify and classify all sensitive data within the organization, including intellectual property, financial information, personal information, and sensitive communications.
  • 2). Develop an encryption policy: Develop an encryption policy that outlines the encryption standards and protocols to be used across the organization, including which data needs to be encrypted, the types of encryption to be used, and how encryption keys will be managed.
  • 3). Deploy encryption solutions: Deploy encryption solutions to protect data at rest, data in transit, and data in use. This may include full disk encryption, file-level encryption, email encryption, and database encryption.
  • 4). Train employees: Provide training to employees on the importance of encryption, how to use encryption solutions, and best practices for data protection.
  • 5). Enforce encryption policies: Enforce the encryption policies across the organization and ensure that all employees are using encryption solutions correctly.
  • 6). Conduct regular security assessments: Conduct regular security assessments to ensure that encryption solutions are working effectively and that all sensitive data is adequately protected.
  • 7). Monitor and respond to security incidents: Monitor for security incidents and have an incident response plan in place in case of a breach.

Implementing encryption on a corporate scale can help protect sensitive data and reduce the risk of data breaches and cyber-attacks. However, it requires a comprehensive approach and a commitment from all employees to follow best practices for data protection.

Additional Encryption Tools:

  • 1). BitLocker — A full disk encryption tool built into Windows that encrypts the entire hard drive to protect data at rest.
  • 2). VeraCrypt — A free and open-source disk encryption software that provides strong encryption for individual files, folders, and entire disks.
  • 3). AES Crypt — A free and open-source encryption tool that uses the AES encryption algorithm to encrypt files and folders.
  • 4). GnuPG — A free and open-source encryption tool that provides strong encryption for email, files, and entire disk volumes.
  • 5). OpenSSL — A free and open-source toolkit that implements the SSL and TLS protocols for secure communication over the internet.
  • 6). OpenVPN — A free and open-source VPN software that provides secure communication between remote users and the corporate network.
  • 7). Signal — A free and open-source messaging app that provides end-to-end encryption for messages and calls.
  • 8). ProtonMail — A secure email service that provides end-to-end encryption for emails and attachments.
  • 9). Tor — A free and open-source software that enables anonymous communication over the internet by routing traffic through a network of volunteer-run servers.
  • 10). CipherShed — A free and open-source encryption tool that provides strong encryption for individual files, folders, and entire disks.

These encryption tools can provide various levels of security for different types of data and use cases. It’s important to choose the right tool based on your specific needs and the level of protection required.

CONCLUSION

In conclusion, cryptography is an essential component of digital security, providing a means to secure our sensitive data and protect our privacy. From the early days of cryptography to the modern era of encryption technologies, it has been an integral part of human history. As the world becomes increasingly reliant on technology, it’s critical that we understand the importance of cryptography and encryption, and how it impacts our daily lives.

In today’s world, cybercrime is on the rise, and data breaches have become a common occurrence. Encryption is an effective defense mechanism against these threats. It ensures that our data remains secure even if it falls into the wrong hands. By using encryption tools and techniques, we can safeguard our personal information, financial data, and confidential communications from potential threats.

Encryption tools are widely available today, and it’s essential to choose the right one based on your specific needs. For example, BitLocker is a full-disk encryption tool that provides robust protection for data at rest, while OpenVPN is an open-source VPN software that provides secure communication between remote users and the corporate network. By selecting the appropriate tool, we can better secure our data and protect our privacy.

Encryption isn’t just a tool for individuals. Businesses and corporations must also use encryption to protect sensitive information. Data breaches can have severe consequences, such as loss of revenue, damage to reputation, and legal liabilities. By implementing encryption solutions, businesses can prevent data breaches and protect their customers’ data.

Finally, it’s crucial to recognize that encryption is not foolproof. It’s just one layer of defense, and it’s not immune to attacks. However, encryption is still an essential component of digital security, and it’s essential to stay up-to-date with the latest encryption techniques and tools. By doing so, we can better protect ourselves and our data from the ever-evolving threat landscape.

Cybersecurity
Cryptography
Ethical Hacking
Information Technology
Information Security

--

--

Tyler Mills

Written by Tyler Mills

10 Followers

I am a cybersecurity student who is Actively chasing any knowledge InfoSec Related. Follow me on Linkedin-www.linkedin.com/in/tyler-mills-213bb2210

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams