What Is Cryptography?

Cryptography is the science of transforming readable messages into an unintelligible form and the later reversal of that process. The application is to send the transformed, unreadable message over an untrusted channel. In the data world, this untrusted channel very often is a public network, such as the Internet.

Cryptography provides four services:

• Data authenticity This service should guarantee that the message comes from the source that it claims to come from. When an application such as e-mail or protocols such as IP do not have any built-in mechanisms that prevent spoofing of the source, cryptographic methods can be used for proof of sources.
• Data confidentiality This service provides privacy by ensuring that messages can be read only by the receiver.
• Data integrity This service ensures that the messages are not altered in transit. With data integrity, the receiver can verify that the received message is identical to the sent message and that no manipulation was done.
• Data nonrepudiation This service allows the sender of a message to be uniquely identified. With nonrepudiation services in place, a sender cannot deny having been the source of that message.

All these services are based on encryption and authentication methods. However, for different applications, different kinds of encryption and authentication techniques are used. Figure 24-1 illustrates examples of the four services.

Figure 24-1. Services of Cryptography

These scenarios are possible:

• Authenticity If B receives a love letter that says it is coming from A, how can B be sure that it was really sent by A and not someone else? Without any reliable service that ensures authenticity of the source, user B will never know.
• Confidentiality On the other hand, if there are means of guaranteeing the authenticity of the source, B might be afraid that somebody else read the love letter while it was in transit, resulting in a loss of privacy. This problem could be solved by a service providing confidentiality.
• Integrity If B were to receive a hate letter, formed in a way that it proved the authenticity of the source, how can B know that the content has not been modified in transit? A service that ensures integrity of the message is needed to eliminate this kind of threat.
• Nonrepudiation However, if B receives a hate letter from A that seems to be authentic, can B prove to others that it must have been sent by A? A nonrepudiation service is needed in this case.

It might appear that the authenticity service and the nonrepudiation service are fulfilling the same function. Although both address the question of the proven identity of the sender, there is a small difference in the two, which is sometimes quite important: When the receiver needs to be sure about the authenticity of the source, the method and the means that are used to achieve the proof of authenticity can be available to both the sender and the receiver. Because the receiver knows that he or she was not the source, it does not matter that the sender and receiver both know how to treat a message to provide authenticity of the source.

If, however, the receiver has to prove the source of the sender to others, it is not acceptable that the receiver know how the sender treated this message to prove authenticity because the receiver could then have pretended to be the sender.

An example for authenticity versus nonrepudiation is data exchange between two computers of the same company versus data exchange between a customer and a web shop. When the two computers do not have to prove to others which of them sent a message, but just need to make sure that whatever was received by one was sent by the other, the two computers can share the same way of transforming their messages. This practice is not acceptable in business applications such as a web shop. If the web shop knows how a customer transforms messages to prove authenticity of the source, the web shop could easily fake "authentic" orders. Therefore, in such a scenario, the sender must be the only party having the knowledge how to transform messages. Then, the web shop can prove to others that the order must have been sent by the customer. The customer could not argue that the order was faked by the web shop when the web shop does not know how to transform the messages from the customer to make them authentic.

Authentication and Encryption

Authentication functions are used to provide authenticity, integrity, and nonrepudiation. To achieve this, the sender adds (appends) verification data to the actual data. The authenticated data can be information about the sender (such as its identity) or the information that should be passed from the sender to the receiver itself. The receiver checks the verification data added by the sender and, if successful, can confirm authenticity.

There are various ways to create the verification data, the most common being Hash-based Message Authentication Code (HMAC) or digital signatures.

Confidentiality functions are provided by encryption. More precisely, the transformation of cleartext to ciphertext is called encryption, whereas the transformation of the ciphertext back to the original cleartext is called decryption.

Encryption utilizes an encryption algorithm and keys. If the key that is used to encrypt the data and the key that is used to decrypt the data is the same, the encryption algorithm is considered symmetric (with symmetric keys). If the encryption and decryption keys are different, the encryption algorithm is asymmetric (with asymmetric keys).

Although the encryption algorithms are usually well-known, the keys that are used for the encryption have to be secret. Symmetric keys have to be known by both endpoints that want to use a symmetric encryption algorithm for their data exchange. With asymmetric encryption, the sender needs to know only the encryption key, whereas the receiver needs to know only the decryption key.

Desirable features of an encryption algorithm are as follows:

• Resistance to cryptographic attacks The algorithm itself must be trusted by the cryptographic community and there must be no shortcut to decipher data other than knowing or guessing the decryption key.
• Variable key lengths and scalability The longer the encryption key, the longer it will take attackers to break it if they try all the possible keys (for example, a 16-bit key = 216 = 65,536 possible keys, whereas a 56-bit key = 256 = 71,892,000,000,000,000 possible keys). Scalability provides flexible key length, and the strength or speed of encryption can be selected as needed.
• Avalanche effect When only a small part of the plaintext message is changed (a few bits), and that small change causes its ciphertext to change completely, the algorithm has an avalanche effect. The avalanche effect is a desired feature because it allows very similar messages to be sent over an untrusted medium, with their encrypted (ciphertext) messages being completely different.