by Erik Bruanitzer, http://www.cxtec.com/
Billions of people worldwide send
trillions of messages through the World Wide Web each day. A large percentage of those people are,
on any given day, conducting sensitive transactions such as online banking,
shopping, and bill payment. And
they need those transactions to be secure. You are probably one of those
On any given day, businesses are
sending and receiving enormous volumes of sensitive information, such as
financial data, trade secrets, customer data, and marketing plans. A loss of this
information to the wrong party can destroy a business. You probably work for
one of those businesses.
Protecting personal and business
information online is where cryptography (from Latin, meaning "science of
hidden writing") comes
in. Cryptography makes it possible for a Website to
provide password protection, credit card encryption, secure log-ins, and
other security measures we rely on. It allows businesses to safely send,
receive, process, and store proprietary information.
When used with other security techniques, cryptography is a pillar of a sound security
structure. We'll look at why that is, shortly. First, a brief history of cryptography....
A brief history of cryptography
Some scholars believe that
cryptography emerged not long after writing was invented. Archeologists have
found samples of original cryptographic
writing from as far back as 1900 B.C., when a scribe in Egypt used abnormal
hieroglyphs in a document. Early uses included the protection of diplomatic memoranda and military plans.
See? We told you it was brief.
And it helps us see that cryptography
has, for a long time, protected vital information by preventing "the
bad guys" from understanding it. Cryptography played an important role thousands of years
ago for a reason that is still true today: preventing interception
isn't always possible. Someone is, sooner or later, going to get your
information. The solution is to make the information unreadable to any
unauthorized person. The "bad guys" might get their grubby little hands on
encrypted message, but they'd have no idea what it said.
You may be thinking,
"That's exactly what we need for Internet-based communications." If so,
you are quite right. And modern security experts agree with you.
Remember, we said preventing interception
isn't always possible. Actually, it's a given. The media for transmitting
information are not, in themselves, secure.
Cryptography is an essential part of protecting information. Many industries, such as banking, manufacturing, retail,
and telecommunications, rely on cryptography. So do government sectors such
as law enforcement and the military.
Four distinct security elements help protect
Authentication. Verifying an individual’s identity
(is that really you?). Verification by name or address is the primary basis of host-to-host
authentication on the present-day Internet. Unfortunately, it has proven to be weak.
Certifying that no one can view the message except the designated
Integrity. Ensuring the
recipient that no one has tampered with the message enroute to its
Non-repudiation. Guaranteeing the sender officially sent the message
(that is, it's not a spoof sent by an imposter).
Three goals, three methods
The three main goals of any good cryptographic scheme
Safeguard information from unauthorized modifications.
The three variations of cryptographic systems typically used to
achieve these objectives are:
Secret key (symmetric)
cryptography. This involves one key for both encryption and
decryption. A sender uses the key, or set of instructions, to mask the
plaintext. This creates "ciphertext," which then goes to a recipient.
The recipient uses the identical key to decrypt the message and unveil
the plaintext. Since the same key is applied to each side, secret key
cryptography is also referred to as symmetric encryption.
With this system, the sender and recipient must have the key. That
creates the tricky problem of safely distributing (and, usually,
storing) the key. The solution to this is....
Public key (asymmetric)
cryptography. This involves two keys, one for encryption and one for
decryption. This system is much more secure than the secret key system,
which means the two parties can communicate securely over an insecure line without
being forced to use a joint key. Introduced to the public in 1976, it's
generally recognized as the greatest accomplishment in cryptography
since the 17th century.
One-way functions serve as the basis for the public key.
These are mathematical functions that can be solved easily. However,
their inverse functions are very hard to solve. Take the
Exponentiation vs. logarithms. Calculating 2 to the 5th power is a
common math problem that most people can solve: 2 raised to the 5th
power = 32. But, if you consider the number 32 and attempt to compute
the two integers that make up the rest of the equation, you must insert
variables “x” and “y” into logx 32=y. It will undoubtedly take longer to
figure out the values of x and y in the logarithm than
it would to solve the exponential problem. It's much easier to
process 2x2x2x2x2 than to evaluate a logarithm.
Hash functions. These
don't use a key at all. Also known as "message digests" or "one-way
encryption," hash functions are algorithms. The encrypter calculates a permanent hash value, based on the plaintext.
This restricts access to the contents or length of the plaintext.
Hash functions are capable of displaying a “digital fingerprint” of the
contents of a file, to verify whether it has been tampered with by an
outsider or infiltrated by a Trojan, virus, worm, or other invader. In
essence, the digital fingerprint gauges a file’s authenticity. Various
operating systems utilize hash algorithms to encrypt passwords.
In each instance, the data originate as
plaintext. The plaintext is then is then encrypted to ciphertext. The
ciphertext is almost always decrypted into functional plaintext, which
usually reappears in its original form.
People who work in the field of
cryptography have names for specific parties in an encrypted communication
situation. The two parties in communication with one another are referred to
as Alice and Bob. In where there is a third or a fourth party included in
the dialog, they are known as Carol and Dave, respectively.
Outside factors must also be
accounted for. So, a malicious party is called Mallory, an eavesdropper is
Eve, and Trent is the name for a loyal third party.
Cryptography is especially
intriguing, due to all the secrecy involved. This lends the entire
discipline a certain mystique. Ironically, the mystique isn't what makes a cryptographic algorithm
successful. In fact, the most successful algorithms are well-known. The most
successful ones are successful not because of secrecy, but because experts
have devoted extensive resources to enhancing them.
If a cryptographic scheme has been in use for any length of time, that's
probably because it has a high success rate.
Erik Braunitzer is a Web Development Manager working with
http://www.cxtec.com/. Formerly a small time Web programmer,
Erik now manages a team of highly skilled content developers with masters in
communications and writing. CXtec has been helping companies meet their
networking goals since 1978, without blowing their budgets. CXtec provides
sales and service for network gear,
Voice over IP,
cables, network accessories, and legacy hardware.