A Caesar cipher may be sufficient for obscuring notes passed in class, but modern technology makes circumventing such simple algorithms quite easy. After all, there are 25 possible offsets to attempt in a simple Caesar cipher based on the English alphabet. More sophisticated algorithms were developed centuries ago, such as the Vigenère cipher—which effectively rotates the Caesar cipher offset used to encrypt each new letter in a text.
However, encryption is just a small piece of the puzzle to secure communication. Cybersecurity—“measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack"—encompasses a much broader scope of techniques.
Traditionally, the CIA Triad defines the target areas when developing a secure system. CIA is an initialism representing the following concepts:
- Confidentiality is the ability to limit access to information to a certain set of users.
- Integrity is the certainty that information is accurate.
- Availability is the reliability of access to information.
Although the field of information security has grown to include other areas of focus, such as authentication, these three core concepts remain central.
Confidentiality is the ability to limit access to information to a certain set of users.
Confidentiality is what most people equate with cybersecurity, and at the heart of confidentiality protocols lies encryption. We examined encryption—through the Caesar cipher—as an example application of an algorithm. Although the basic algorithm of the Caesar cipher—using mathematics to convert one character to another—remains relevant today, the protocols and mathematics used to apply the algorithm have gotten much more sophisticated.
The first departure from the Caesar cipher algorithm is the use of more sophisticated keys in generating an encrypted text. The Vigenère cipher took the basic idea of a Caesar cipher and added an extra piece of information to make it more secure—a keyphrase.
In this simple example comparing the two methods, imagine that a plaintext message,
IT IS BURIED IN THE BACKYARD is encrypted first with a Caesar cipher with an offset of 3:
Plaintext: IT IS BURIED IN THE BACKYARD Cyphertext: LW LV EXULHG LQ WKH EDFNBDUG
and second with the Vigenère cipher using the keyphrase
Plaintext: IT IS BURIED IN THE BACKYARD Cyphertext: LB OV JAUQKG QT WPK EIINGGUL
In reality, this Vigenère cipher is just using three different Caesar ciphers in succession, each with an offset corresponding to the letters of the keyphrase,
'D' is 3 letters after the beginning of the alphabet, 'A', so offset by 3 'I' is 8 letters after the beginning of the alphabet, 'A', so offset by 8 'G' is 6 letters after the beginning of the alphabet, 'A', so offset by 6
Then, the cycle repeats:
Plaintext: IT IS BURIED IN THE BACKYARD Keyphrase: DI GD IGDIGD IG DIG DIGDIGDI Offset: 38 63 863863 86 386 38638638 Cyphertext: LB OV JAUQKG QT WPK EIINGGUL
It is worth noting that the Vigenère cipher with the keyphrase of simply the letter
D is the same as our original Caesar cipher in this example—each time offsetting by 3.
Notice that each of these encryption methods relies on restricted knowledge.
With the Caesar cipher, anyone who knows the algorithm and the offset can decrypt the message. However, we have seen that even if you know just the algorithm, it is not hard to decrypt without also knowing the offset—there are only 25 possibilities. With the Vigenère cipher, anyone who knows the algorithm and the key can decrypt the message. It is much more difficult to decrypt the message without the key than before because patterns in the text are less obvious, and there are many more possibilities than 25.
However, what if someone obtains the key?
Let’s consider some possible scenarios:
Alice sends Bob a locked box with her message inside. Although it gets passed through many hands before reaching Bob (e.g., the courier system), it is locked and so Bob receives it securely. However, to unlock it, he needs the key. How does Alice send Bob the key in a secure way?
Alice sends Bob a locked box with her message inside. When it reaches Bob, he put his own lock on it and sends it back. Then Alice removes her lock, and sends the box back to Bob. When Bob receives the box, it is locked only with the lock that he put on it. He unlocks it and retrieves Alice’s message—or does he?
Bob has invented a special lock. It is special because it costs nothing to duplicate and send, and it is virtually impossible to analyze the lock and create a key. The key and the original lock must be created at the same time. He sends out his locks to anyone who wants to send him a message. Alice locks her box with one of Bob’s special locks and sends it to him. When he receives it, he unlocks it with his special unique key and reads the message.
The third scenario is actually how modern secure message passing happens. For example, when a website asks a consumer to send his/her credit card information through a webform, the website first sends the user a lock to encrypt his/her information. Now, any traffic sent over the Internet may only be read by the website that created the original key-lock pair. This is called Secure Sockets Layer (SSL) and is typically indicated by a padlock icon in the browser’s address bar.