Transforming the information in a way that only the intended party(-ies) can understand it is called cryptography. The resulted data can then be stored and transmitted in an untrusted environment.
Why we need cryptography
- Authentication: to confirm the identity
- Authorisation: to allow permission to use specific resources (after authentication)
- Confidentiality: to protect the information. In this way we address the C in the CIA triad
- Integrity: to validate the data is genuine
- Nonrepudiation: to provide a way for the sender to commit to that statement (like a signature)
Cryptography is almost everywhere even if we don’t realise it. Whenever you use the PC you have to authenticate as a particular user of the system. Then the system authorises you to use resources according to your permission. If you engage in a payment process across the internet for example, the system encrypts your credit card details to protect the confidentiality of the information. The transmission channel also needs to protect the integrity of the transaction so that you pay no more (or less) that you should.
Protecting the information with cryptographic controls is not 100% secure. With sufficient resources almost any cryptographic algorithm can be broken.
That is why a pragmatic aim is to make the attacker not to be interested to even try. Using cryptographic control to secure information should one of multiple layers of security.
Caesar and Enigma cryptosystems
One of the first well known and very famous ciphers is known as the Caesar cipher. The principle is simple. Each letter of the alphabet is shifted 3 times. In this way A becomes D, B is E, C is F and so on. Because this kind of methods became easily to break over time more advanced methods were required. Enigma machine is a good example of using latest developments in technology to push forward cryptography.
There is an on-going debate among cryptographers on what kind of approach should we adopt towards making or not the algorithm available to the wide public. One of the views is to make it secret so if there are only few people that know how it works then the chances to break it are smaller. On the other hand, the other side believes if that everyone knows the algorithm than is possible to find faults and the developers can attempt to correct the system.