Using Cryptographic Systems

Previous page
Table of content
Next page

A cryptographic system is a system, method, or process that is used to provide encryption and decryption. These systems may be hardware, software, or manually performed processes. Cryptographic systems exist for the same reasons that security exists. They exist to provide confidentiality, integrity, authentication, non-repudiation, and access control. The following sections discuss these issues within the framework of cryptographic systems.

Confidentiality

One of the major reasons to implement a cryptographic system is to ensure the confidentiality of the information being used. This confidentiality may be intended to prevent the unauthorized disclosure of information in a local network or to prevent the unauthorized disclosure of information across a network. A cryptographic system must do this effectively in order to be of value. Figure 7.6 illustrates the importance of a cryptographic system in preventing unauthorized disclosure. The need to keep records secure from internal disclosure may be just as great as the need to keep records secure from outside attacks.


Figure 7.6: Cryptographic systems protect data from internal and external disclosure.

The effectiveness of a cryptographic system in preventing unauthorized decryption is referred to as its strength. A strong cryptographic system is difficult to crack. Strength is also referred to as the algorithm's work factor. The work factor describes an estimate of what amount of time and effort would be needed to break a system.

The system may be considered weak if it allows weak keys, has defects in its design, or is easily decrypted. Many systems available today are more than adequate for business and personal use, but they are inadequate for sensitive military or governmental applications.

Integrity

The second major goal of a cryptographic system involves providing assurance that a message was not modified during transmission. This modification may render a message unintelligible or, even worse, inaccurate. Imagine the consequences if record alterations were not discovered in medical records involving drug prescriptions. If a message is tampered with, the encryption system should have a mechanism to indicate that the message has been corrupted or altered.

Integrity can be accomplished by adding information such as checksums or redundant information that can be used as part of the decryption process. Figure 7.7 gives a simple example of how integrity can be validated in a message. Notice that data about the message length and the number of vowels in the message are included in the message.


Figure 7.7: A simple integrity checking process for an encrypted message

These two simple additions to the message provide a two-way check on the integrity of the message. In this case, the message has somehow become corrupted or invalidated. The original message had 12 characters; the decrypted message has 13 characters. Of course, the processes used in a real system are much more complicated. The addition of this information could be considered a signature of a sort.

A common method of verifying integrity involves adding a message authentication code (MAC) to the message. The MAC is derived from the message and a key. In Figure 7.7, the MAC code is derived from the message, and an additional piece of information is provided by the originator. This process ensures the integrity of the message. The MAC would be encrypted with the message, adding an additional layer of integrity checking. From the MAC, you would know that the message came from the originator and that the contents haven't been altered. Figure 7.8 illustrates the MAC value being calculated from the message and included with the message. The receiver also calculates the MAC value and compares it to the value sent in the message. If they are equal, the message can be assumed to be intact and genuine.

click to expand
Figure 7.8: The MAC value is calculated by the sender and receiver using the same algorithm.

The MAC value is a key. MAC values are usually derived using a hashing algorithm. The key is normally symmetrical, in that the process is accomplished using the same function on both ends of the transmission.

One of the ways that integrity is provided is by using digital signatures. Digital signatures are used to verify that the originator is who they say they are. The next section discusses digital signatures.

Digital Signatures

A digital signature is a similar in function to a standard signature on a document. This signature validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Figure 7.9 illustrates this concept.


Figure 7.9: Digital signature processing steps

Let's say that the sender in Figure 7.9 wants to send a message to the receiver. It is important that this message not be altered. The sender uses a public key to create a hash value that is stored in the message digest. She then sends the message to the receiver. The receiver can use his private key and compare the value of the message digest. If the message value that he gets from his private key is the same as the message digest sent with the message, he will know that the method is authentic.

The digital signature is derived from a hash process known only by the originator. The receiver uses a key provided by the sender or a key that will provide the same result when performed. The receiver compares the signature area referred to as a message digest in the message with the value he calculated. If the values match, the message has not been tampered with, and the originator is verified as the person she claims to be. This process provides both message integrity and authentication.

Authentication

Authentication is the process of verifying that the sender is who they say they are. This is very critical in many applications. A valid message from an invalid source is not authentic.

One of the more common methods of verifying authenticity is the addition of a digital signature. Authenticity can be established using secret words that have been mutually agreed upon in advance. The military used a series of one-time pads that each radio or communications operator could use to verify the authenticity of the sender. Figure 7.10 illustrates this method. The operator receiving the message would challenge the sender using the prescribed pattern. The sender could also challenge the receiver using the same method. In this way, both parties knew they were talking to the right person. These pads were changed either daily or weekly depending on the circumstances. While not foolproof, the system was very effective and easy to use.


Figure 7.10: A one-time pad used for authentication

A simple process of providing authentication to an organization is the use of code words or key words. You could have a set of code words that instantly identify the person on the other end of a phone conversation.

Fraternal organizations have used secret handshakes, special symbols, and other methods to authenticate an unknown member. If you were part of a fraternal organization, once you had been initiated into the organization, you would be taught the secret handshake. This handshake would instantly identify you to other members of the organization. In this way, you would know who was a member and who was an impostor. Some fraternal organizations have extremely complicated membership handshakes that identify what level of the organization you have achieved.

Non-Repudiation

Non-repudiation means the sender cannot deny the previous actions or message. This can be achieved in a two-key system. If for example, you encrypted the message with a private key, the only way the message can decrypted properly is with the public key.

This process has one serious problem: anybody can claim to be the legitimate receiver, and if they have access to this type of system, they can send you a public key. So while the user would have in fact received the message, you still would have no way of verifying that the user is really who they say they are and that they are a valid user. This is addressed in systems like PKI. Authentication techniques are used to provide mechanisms for non-repudiation, but they are also used for non-repudiation purposes.

Third-party organizations, called certificate authorities or CAs, manage the public keys and issue certificates verifying the validity of the sender's message.

Note 

The CA process is covered in the PKI section.

The goal of any effective cryptography system must include non-repudiation. The implementation is a little more difficult than the concept.

start sidebar
eBay Is a Great Place to Go Shopping

Recently, a young man gained access to his parents' key information on eBay. He managed to successfully win several auctions on eBay, and he racked up over a million dollars in charges to his parents' account. The parents (naturally) disputed the bill. eBay invalidated the bids when the deception was discovered. The situation caused a great deal of personal embarrassment for the parents and potentially opened them up to litigation.

end sidebar

Access Control

Access control refers to the methods, processes, and mechanisms of preventing unauthorized access to the systems that do the cryptography. Keys are very vulnerable to theft, loss, and human security failings. A key component of access control involves both physical and operational security of these resources.

Note 

The term access control is used in many different settings, such as access control lists, access lists, etc. The important thing to consider is that they are collectively intended to limit access to information.

Key management presents a major challenge with large encryption systems. Keeping the keys in secured areas with limited access by unauthorized personnel is important. If the keys become compromised, as in the Walker Spy Ring, the entire system breaks down, no matter how good the encryption system is.

Make sure that the keys are kept in the highest security areas available to you. Physical keys, such as smart cards, should be immediately erased when they are retired. These keys should also be kept in a secured area for storage. One of the big problems that credit card companies are encountering is the ease with which the encoding on the magnetic strips of credit cards can be counterfeited. If you can gain access to an active credit card, the magnetic strip can be duplicated onto a blank card. Make sure that all of your security devices are kept under tight physical control when they are not in use.


Previous page
Table of content
Next page
CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Michael A. Pastore
BUY ON AMAZON
CISSP Exam Cram 2
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Mastering Delphi 7
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy