Where Cryptography technique can used?

Cryptography Techniques for Secure Communications Posted on June16,2005by CertMag StaffElectronic communication is the lifeblood of many organizations. Much of the information communicated on a daily basis must be kept confidential. Information such as financial reports, employee data and medical records needs to be communicated in a way that ensures confidentiality and integrity. This makes good business sense and may even be regulated by legislation like the Health Insurance Portability and Accountability Act (HIPAA). The problem of unsecure communication is compounded by the fact that much of this information is sent over the public Internet and may be processed by third parties, as in e-mail or instant messaging (IM).

Cryptography BasicsCryptography can be used to provide message confidentiality and integrity and sender verification. The basic functions of cryptography are encryption, decryption and cryptographic hashing. In order to encrypt and decrypt messages, the sender and recipient need to share a secret. Typically this is a key, like a password, that is used by the cryptographic algorithm. The key is used by the sender to encrypt the message (transform it into cipher text) and by the recipient to decrypt the message (reverse the cipher text back to clear text). This process can be done on a fixed message, such as an e-mail, or a communications stream, such as a TCP/IP connection.

Cryptographic hashing is the process of generating a fixed-length string from a message of arbitrary length. If the sender provides a cryptographic hash with the message, the recipient can verify its integrity. Modern cryptographic systems are based on complex mathematical relationships and processes. Let’s focus on the common cryptography standards used to secure computer communications and how they are used.

The three basic types of cryptography in common use are symmetric key, asymmetric (public) key systems and cryptographic hash functions. Typically, the strength of a crypto system is directly related to the length of the key. This assumes that there is no inherent weakness in the algorithm and that the keys are chosen in a way that fully utilizes the key space (the number of possible keys). There are many kinds of attacks that can be used against crypto systems, but these are beyond our scope here. That said, if you use public algorithms with no known vulnerabilities, use reasonable key lengths (most defaults are fine) and choose good keys (which are normally chosen for you), your communications will be very secure.

Symmetric key cryptography uses the same key to encrypt and decrypt data. Some common symmetric key algorithms are the Data Encryption Standard (DES), Triple DES, Blowfish and the Advanced Encryption Standard (AES). DES is ineffective because it uses a64-bit key and has been broken. Be careful, because some crypto security, like Microsoft’s Windows XP Encrypted File System (EFS), defaults to DES and must be changed to provide good security.

The main advantage of symmetric key cryptography is speed. The principle problems with this system are key distribution and scalability. Keys need to be distributed securely, and each secure channel needs a separate key. Symmetric key systems provide confidentiality but do not provide authenticity of the message, and the sender can deny having sent the message.

Asymmetric (public) key cryptography uses a pair of mathematically related keys. Each key can be used to encrypt or decrypt. However, a key can only decrypt a message that has been encrypted by the related key. The key pair is called the public/private key pair. Some common public key systems are Rivest-Shamir-Adelman (RSA), Diffe-Hellman and Digital Signature Standard (DSS).

Asymmetric key systems solve the key distribution and scalability problems associated with symmetric systems, although it’s not trivial to manage and implement a public key infrastructure (PKI). However, you can take advantage of companies like Thawte, Verisign and PGP Corp. that provide key distribution and trust services. Asymmetric key systems provide a greater range of security services than symmetric systems. They provide for confidentiality, authenticity and nonrepudiation. The principle problem with these systems is speed. It takes significantly more computer resources to encrypt and decrypt with asymmetric systems than symmetric ones.

Cryptographic hash functions take a message of arbitrary length and compute a fixed signature, often called a message digest, for the message. This can be done for a file, e-mail message or your entire hard-drive image. The main properties of these functions are that it is difficult to find different files that produce the same digest and that the function is one-way. Therefore, it is not computationally feasible to recover a message given its digest.

Two common examples of hash functions are the Secure Hash Algorithm (SHA), commonly SHA-1, and Message-Digest algorithm5 (MD5). SHA-1 is used in many common security applications including SSL, TLS, S/MIME and IPSec. MD5 is generally used to create a digital fingerprint for verifying file integrity.

So symmetric is fast, but exchanging keys is a problem; and asymmetric has more security services, but it’s slow. The solution: Combine them in a hybrid system. This is what is done in the digital-certificate-based crypto systems that are in common use for e-mail, IM and SSL Web traffic. The basic idea is to use an asymmetric system, as is done with Diffie-Hellman key exchange, to exchange a symmetric key to do the bulk of the data encryption.