What Is Cryptography?

Cryptography is the science of transforming readable messages into an unintelligible form and the later reversal of that process. The application is to send the transformed, unreadable message over an untrusted channel. In the data world, this untrusted channel very often is a public network, such as the Internet.

Cryptography provides four services:

All these services are based on encryption and authentication methods. However, for different applications, different kinds of encryption and authentication techniques are used. Figure 24-1 illustrates examples of the four services.

Figure 24-1. Services of Cryptography

These scenarios are possible:

It might appear that the authenticity service and the nonrepudiation service are fulfilling the same function. Although both address the question of the proven identity of the sender, there is a small difference in the two, which is sometimes quite important: When the receiver needs to be sure about the authenticity of the source, the method and the means that are used to achieve the proof of authenticity can be available to both the sender and the receiver. Because the receiver knows that he or she was not the source, it does not matter that the sender and receiver both know how to treat a message to provide authenticity of the source.

If, however, the receiver has to prove the source of the sender to others, it is not acceptable that the receiver know how the sender treated this message to prove authenticity because the receiver could then have pretended to be the sender.

An example for authenticity versus nonrepudiation is data exchange between two computers of the same company versus data exchange between a customer and a web shop. When the two computers do not have to prove to others which of them sent a message, but just need to make sure that whatever was received by one was sent by the other, the two computers can share the same way of transforming their messages. This practice is not acceptable in business applications such as a web shop. If the web shop knows how a customer transforms messages to prove authenticity of the source, the web shop could easily fake "authentic" orders. Therefore, in such a scenario, the sender must be the only party having the knowledge how to transform messages. Then, the web shop can prove to others that the order must have been sent by the customer. The customer could not argue that the order was faked by the web shop when the web shop does not know how to transform the messages from the customer to make them authentic.

Authentication and Encryption

Authentication functions are used to provide authenticity, integrity, and nonrepudiation. To achieve this, the sender adds (appends) verification data to the actual data. The authenticated data can be information about the sender (such as its identity) or the information that should be passed from the sender to the receiver itself. The receiver checks the verification data added by the sender and, if successful, can confirm authenticity.

There are various ways to create the verification data, the most common being Hash-based Message Authentication Code (HMAC) or digital signatures.

Confidentiality functions are provided by encryption. More precisely, the transformation of cleartext to ciphertext is called encryption, whereas the transformation of the ciphertext back to the original cleartext is called decryption.

Encryption utilizes an encryption algorithm and keys. If the key that is used to encrypt the data and the key that is used to decrypt the data is the same, the encryption algorithm is considered symmetric (with symmetric keys). If the encryption and decryption keys are different, the encryption algorithm is asymmetric (with asymmetric keys).

Although the encryption algorithms are usually well-known, the keys that are used for the encryption have to be secret. Symmetric keys have to be known by both endpoints that want to use a symmetric encryption algorithm for their data exchange. With asymmetric encryption, the sender needs to know only the encryption key, whereas the receiver needs to know only the decryption key.

Desirable features of an encryption algorithm are as follows:

Symmetric Encryption

Категории