Page 40 - DCAP516_COMPUTER_SECURITY
P. 40
Computer Security
Notes 4.1 What is Cryptography?
There are many aspects to security and many applications, ranging from secure commerce and
payments to private communications and protecting passwords. One essential aspect for secure
communications is that of cryptography.
When your computer sends the information out, it scrambles it by using some key. This scrambled
information would be gibberish to anyone who didn’t have the correct key to unscramble it at
the other end.
When the information reaches its destination, it gets unscrambled by using the key. This lets the
person or website read the information correctly at the other end.
Websites that use an encrypted connection use something called SSL (Secure Sockets Layer) to
secure the information going back and forth. This is how websites like Amazon or your bank
can ensure your private information like passwords and credit card numbers are safe from
prying eyes.
Cryptography can play many different roles in user authentication. Cryptographic authentication
systems provide authentication capabilities through the use of cryptographic keys known or
possessed only by authorized entities.
Cryptography also supports authentication through its widespread use in other authentication
systems. For example, password systems often employ cryptography to encrypt stored password
files, card/token system often employ cryptography to protect sensitive stored information,
and hand-held password generators often employ cryptography to generate random, dynamic
passwords.
Cryptography is frequently used in distributed applications to convey identification and
authentication information from one system to another over a network. Cryptographic
authentication systems authenticate a user based on the knowledge or possession of a
cryptographic key. Cryptographic authentication systems can be based on either private key
cryptosystems or public key cryptosystems.
Private key cryptosystems use the same key for the functions of both encryption and decryption.
Cryptographic authentication systems based upon private key cryptosystems rely upon a shared
key between the user attempting access and the authentication system.
Public key cryptosystems separate the functions of encryption and decryption, typically using a
separate key to control each function. Cryptographic authentication systems based upon public
key cryptosystems rely upon a key known only to the user attempting access.
Today’s cryptography is more than encryption and decryption. Authentication is as fundamentally
a part of our lives as privacy. We use authentication throughout our everyday lives – when we
sign our name to some document for instance – and, as we move to a world where our decisions
and agreements are communicated electronically, we need to have electronic techniques for
providing authentication.
Cryptography provides mechanisms for such procedures. A digital signature binds a document
to the possessor of a particular key, while a digital timestamp binds a document to its creation
at a particular time. These cryptographic mechanisms can be used to control access to a shared
disk drive, a high security installation, or a pay-per-view TV channel.
The field of cryptography encompasses other uses as well. With just a few basic cryptographic
tools, it is possible to build elaborate schemes and protocols that allow us to pay using electronic
money, to prove we know certain information without revealing the information itself and to
share a secret quantity in such a way that a subset of the shares can reconstruct the secret.
34 LOVELY PROFESSIONAL UNIVERSITY
