| BASICS OF SECURITY | ||
| Introduction
|
The world is an evil place. If
you have something, someone else will want it. The only way to
keep things to yourself is to keep it safe and secure. Not
only is this true of personal possessions, but it is true of digital
possessions.
For example, let us assume you want to obtain a money order from a bank. You certainly don't want someone to intercept your money order and spend it somewhere else. You don't want to become victim of digital pick pocketing! Therefore, the art of cryptography was created. Cryptography is the science of keeping messages secret and secure. Messages are sent from a sender to a receiver. The sender and the receiver may want to exchange information that only they should know what to do with. Therefore, cryptography should be used to secure the message. When cryptography is used, the sender will disguise a message. The process of hiding the message is known as encryption. The encrypted message can be sent from the sender to the receiver. The receiver can then reveal the message. The process of revealing an encrypted message is known as decryption. There are several key facets of cryptography.
The implementation of cryptography is done through algorithms. Mathematical functions have been developed for encryption and decryption. The algorithms are based on a key. A key is used to encrypt the data and a key is used to decrypt the data. The keys for encryption do not have to be the same keys that are used in decryption. The value of the keys depends on the mathematical functions involved. There are two types of keys. A public key is a key that is published and available for use. A private key is a key that is only known to certain individuals. It is a shared secret. Two popular algorithms that involve keys are public key encryption and symmetric key encryption. Cryptography is guarding against an attack. An attack is attempt to use the communications between the sender and the receiver to expose the cryptographic information. An attacker might be trying to obtain a credit card number, steal some digital cash, or find out some secret information about the sender or receiver. Attacks are often foiled by a solid protocol. A protocol is a series of steps that are followed to accomplish a certain task. In the case of cryptography, a protocol is designed so that the sender and the receiver can securely exchange information and guard against attackers. The key properties of protocols are:
Protocols must guard against two attacks. A passive attack is when the attacker monitors the communications between the sender and receiver. The goal is to observe and gain information. An active attack is when the attacker takes actions by collecting messages, redistributing them, or modifying messages. A final note is that not all information needs to be encrypted or kept secret. Sometimes, it is just a requirement to make sure that the actual information reaches its destination without being tampered with. One method of accomplishing this task is to use a signature. A signature is used to verify that the information that was sent is genuine and unchanged. For more information:
|