Key Based Cryptography
The term cryptography is derived from the Greek word Kryptos. Kryptos
is used to describe anything that is hidden, obscured, veiled, secret or
mysterious. In the world of data communications, cryptography can be
defined as follows:
"Cryptography, defined as "the science and study of secret
writing" concerns the ways in which communications and data can be
encoded to prevent disclosure of their contents through eavesdropping or
message interception, using codes, ciphers and other methods, so that only
certain people can see the real message" - Yamen Akdeniz
often require that data be kept safe from unauthorized access. And the
best line of defense is physical security (placing the machine to be
protected behind physical walls). However, physical security is not always
an option (due to cost and/or efficiency considerations). Instead, most
computers are interconnected with each other openly, thereby exposing them
and the communication channels that they use.
problem can be broken down into five requirements that must be addressed:
assuring that private data remains private.
assuring the identity of all parties attempting access.
assuring that a certain party attempting to perform a function has the
permissions to do so.
Integrity: assuring that an object is not altered illegally.
assuring against a party denying a data or a communication that was
initiated by them.
With regards to confidentiality, cryptography is used to encrypt data
residing on storage devices or traveling through communication channels to
ensure that any illegal access is not successful. Also, cryptography is
used to secure the process of authenticating different parties attempting
any function on the system. Since a party wishing be granted a certain
functionality on the system must present something that proves that they
indeed who they say they are. That something is sometimes known as credentials
and additional measures must be taken to ensure that these credentials are
only used by their rightful owner. The most classic and obvious credential
are passwords. Passwords are encrypted to protect against illegal usage.
Authorization is a layer built on top of authentication in the
sense that the party is authenticated by presenting the credentials
required (passwords, smart cards, ... etc.). After the credentials are
accepted the authorization process is started to ensure that the
requesting party has the permissions to perform the functions needed.
Data integrity and Non-Repudiation are achieved by means of digital
signature, a method that includes performing cryptography among other
Key Based Cryptography
Currently, most cryptography used in practice is key based, that is a
string of bits, that is used to encode the clear text into cipher text and
back again to clear text when required. Two types of key based
cryptography exist, based on the availability of the key publicly:
- In Private key Cryptography, both the sender and the
recipient share a key that must be kept private. In order to
communicate with each other, the key must be passed between the two,
this process is known as the key distribution and is quite
complicated and difficult to do properly. The most famous example of
this type of cryptography is the Data Encryption Standard (DES), other
examples include Triple DES, RC2, RC4 IDEA and Skipjack. This is also
known as symmetric cryptography.
- While in Public Key Cryptography, each party has two sets of
keys, one key is published to the public, called the Public key, while
the other is kept secret and only known by the owner, the Private
key. Anyone wishing to communicate with a certain party securely,
will encrypt the communicated data with the recipient's public key
which is available and on the other side only the party that holds the
matching private key can decrypt the cipher text. Example Public key
algorithms: Diffie-Hellman, RSA and Merkle-Hellman.
The public key system eliminates the key distribution process that
hampers all private key systems since there no need to communicate secret
keys among communicating parties. However, a problem that arises with
public key system is lack of assurance of the true identity of the party
on the other side, for example, if (A) wants to communicate with (B), it
will use (B's) public key, but how can (A) know that that the party that
sent its public key as being (B) is really (B). This problem requires a
trusted third party that authenticates both (A) and (B) to each other.
This trusted third party is known as a Certificate Authority
(CA). A CA issues certificates and guarantees their authenticity.
The emergence of public key systems has introduced the concept of
digital signature. A sample digital signature scenario goes as follows:
- (A) encrypts the data to be signed with his/her private key.
- (A) then encrypts the result from (1) with (B)'s public key and
sends it to (B).
- (B) decrypts the incoming data with his/her private key and then
decrypts the result with (A)'s public key.
- If the initial data is obtained then this will authenticate the data
and the sender.
This is a simple example and not used in practice since it can be
defeated by cutting and pasting from a captured authentic message.
Both public and private key cryptography provide message integrity
checks through checksums, but its not a reliable method since encryption
of messages is done usually in small blocks of text, its possible to
delete or duplicate a section of the message without causing any problems
with the checksum.
On the other hand, message digests, provide a reliable method to check
message integrity. A message digest function, also know as "one-way
functions" takes a plain text message and generates from it a short
fixed length string that seems random. This string is known as a hash
and the original text cannot be obtained from the hash, hence the name
These attributes of a message digest permit it to act as a digital
fingerprint of the original message. The message's hash will change
drastically with slightest change to the original message.
By combining message digests and encryption, a tamper proof digital
signature method can be used to send messages across the network. The
Digital Signature Standard (DSS) is such a method and it works as follows:
- The sender runs the message to be sent through the message digest
function and obtains its hash.
- The sender then encrypts the hash using his/her private key and
sends it along with the original message to the intended recipient.
- When the recipient gets the message, he/she decrypts the hash using
the sender's public key, and compares the result with the hash
obtained from running the message through the message digest function
- If both hashes are identical, then sender's identity and message
integrity are both verified.