Using Cryptography: Confidentiality, Integrity, Digital Signatures
Using Cryptography: Confidentiality, Integrity, Digital Signatures
Cryptography is a word derived from the Greek kryptos (”hidden”), and the use of cryptography predates the computer age by thousands of years. In fact, the history of cryptography was documented over 4000 years ago, where it was first allegedly used in Egypt. Julius Caesar even used his own cryptography called Caesar’s Cipher. Basically, Caesar’s Cipher rotated the letters of the alphabet to the right by three (e.g., S moves to V and E moves to I-1). By today’s standards, the Caesar Cipher is extremely simplistic, but it served Julius just fine in his day. Keeping secrets has long been a concern of human beings, and the purpose of cryptography is to hide information or change it so that it is incomprehensible to people for whom it is not intended. Cryptographic techniques include:
- Encryption Involves applying a procedure called an algorithm to plaintext to turn it into something that will appear to be gibberish to anyone who doesn’t have the key to decrypt it.
- Steganography A means of hiding the existence of the data, not just its contents. This is usually done by concealing it within other, innocuous data.
Confidentiality
The first goal of cryptography is confidentiality. Through the use of cryptography, users are able to ensure that only an intended recipient can “unlock” (decrypt) an encrypted message. Most modern algorithms are secure enough that those without access to the message “key” cannot read the message. Thus, it is extremely important to keep the secret key (when using symmetric algorithms) or private key (when using asymmetric algorithms) completely secret. If a secret or private key is compromised, the message essentially loses all confidentiality.
WARNING
Do not confuse confidentiality with authentication. Whether or not a person is allowed access to something is part of the authentication and authorization processes. An analogy: You are throwing a party. Because your house got trashed the last time, you want to ensure that only people who are invited attend. That is confidentiality, because you decided up front who would be invited. When the people come, they have to present an invitation to the doorman. That is authentication, because each guest had to show proof that they are who they claim to be. In general, confidentiality is planned in advance while authentication happens as a user attempts to access a system.
Integrity
Guaranteeing message integrity is another important aspect of cryptography. With cryptography, most asymmetric algorithms have built-in ways to validate that all the outputs are equivalent to the inputs. Usually, this validation is referred to as a message digest, and, on occasion, can be vulnerable to man-inthe-middle (MTM) attacks.
Damage & Defense…
Principles of Cryptography
Cryptosystems are considered either weak or strong with the main difference being the length of the keys used by the system. In January 2000, U.S. export controls were relaxed. Now, strong (not military grade) cryptography can be exported, as long as the end user or customer does not belong to a terrorist organization or an embargoed country (e.g., Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, and Syria). DES was originally designed so that the supercomputers owned by the NSA could be used for cracking purposes, working under the premise that no other supercomputers of their sort are in the public hands or control.
Strong cryptography always produces ciphertext that appears random to standard statistical tests. Because keys are generated for uniqueness using robust random number generators, the likelihood of their discovery approaches zero. Rather than trying to guess a key’s value, it’s far easier for would-be attackers to steal the key from where it’s stored, so extra precautions must be taken to guard against such thefts.
Cryptosystems are similar to currency—people use them because they have faith in them. You can never prove that a cryptosystem is unbreakable (it’s like trying to prove a negative), but you can demonstrate that the cryptosystem is resistant to attacks. In other words, there are no perfect cryptosystems in use today, but with each failed attempt at breaking one, the strength of the faith grows. The moment a cryptosystem is broken (and knowledge of that is shared), the system collapses and no one will use it anymore. The strongest systems resist all attacks on them and have been thoroughly tested for assurances of their integrity. The strength of a cryptosystem is described in the size and the secrecy of the keys that are used, rather than keeping the algorithm itself a secret. In fact, when a new cryptosystem is released, the algorithms are also released to allow people to examine and try to create an attack strategy to break it (called cryptanalysis). Any cryptosystem that hasn’t been subjected to brutal attacks should be considered suspect. The recent announcement by the NIST of the new AES to replace the aging DES system (described earlier), underscores the lengths to which cryptographers will go to build confidence in their cryptosystems.
Digital Signatures
Digital signatures serve to enforce data integrity and non-repudiation. A digital signature ensures that the message received was the message sent, because a hash was performed on the original message using a hashing algorithm. The hash value created by this process is encrypted by the author’s private key and appended to the message. To verify that the message has not been modified, the recipient uses the author’s public key to decrypt the hash created by the author. The recipient also creates a hash of the message body. If the recipient’s hash matches the hash created by the author of the message, the recipient knows that the message is unaltered.
Possibly related posts: (automatically generated)
Using Cryptography: Confidentiality, Integrity, Digital Signatures
- Security Facilities in Java
- Java Database, J2EE Framework
- Network and Programming: the .Net framework
- Internet Survey Confidentiality; Access Control & Technical issues
- Cryptography (Public-Key) Standards and Protocols Notice
- Public key Cryptography, when can be seriously Attack
- What Is Contained in the System Catalog?
- Small Business Ecommerce: Security is not just about payment
- Cryptography MITM Attacks
- Benefits of Database Normalization
- September 24th
This could happen as the result of spyware or Trojan software contained within the application itself or as the result of downloading what you thought was a good file that was actually a piece of spyware or Trojan. … Spyware Removal Software
For International shipments, Nexternal’ s software will also generate the appropriate customs forms (both a Commercial Invoice and a U.S. … Shopping Cart Software Options
UK2 are constantly trying to develop products and services that make life easier and simpler, so for the New Year we e just launched two new hosting packages named Home and Business. … Email Hosting
HA (high availability) versions of VERITAS Storage Foundation products include VERITAS Cluster Server to automatically detect and recover from database or system failures. … System Failures
Using it, you’, ll be able to create exact hard disk images, including all operating systems, applications and configuration files, software updates, personal settings and all your data. … HOA Specialized Software Built
A puff document with all the references in the class so that you don’ Earning Multiple Profits from One Digital Product". … NET Product Team