Page 302 - DCAP103_Principle of operating system
P. 302

Unit 9: System Security



            True or False:                                                                        Notes
               3.  Virus programs infected other programs by adding their own code to them.
               4.  Rootkit is a program that carry out unauthorized action on computers.


            9.4 Cryptography

            Does increased security provide comfort to paranoid people? Or does security provide
            some very basic protections that we are naive to believe that we do not need? During
            this time when the Internet provides essential communication between millions of people
            and is being increasingly used as a tool for commerce, security becomes a tremendously
            important issue to deal with.
            There are many aspects to security and many applications, ranging from secure commerce
            and payments to private communications and protecting passwords. One essential aspect for
            secure communications is that of cryptography, which is the focus of this chapter. But it is
            important to note that while cryptography is necessary for secure communications, it is not
            by itself sufficient. The reader is advised, then, that the topics covered in this chapter only
            describe the first of many steps necessary for better security in any number of situations.
            This paper has two major purposes. The first is to define some of the terms and concepts
            behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic
            schemes in use today. The second is to provide some real examples of cryptography in use
            today.

            No mention is made here about pre-computerized crypto schemes, the difference between a
            substitution and transposition cipher, cryptanalysis, or other history.

            9.4.1 The Purpose of Cryptography
            Cryptography is the science of writing in secret code and is an ancient art; the first documented
            use of cryptography  in writing dates back to circa 1900 B.C. when an Egyptian  scribe used
            non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared
            spontaneously sometime after writing was invented, with applications ranging from diplomatic
            missives  to  war-time  battle  plans.  It  is  no  surprise,  then,  that  new  forms  of  cryptography
            came soon  after  the widespread development  of  computer  communications. In  data and
            telecommunications,  cryptography  is  necessary  when  communicating  over  any  untrusted
            medium, which includes just about any network, particularly the Internet.
            Within  the  context  of  any  application-to-application  communication,  there  are  some  specific
            security requirements, including:
               •  Authentication: The process of proving one’s identity. (The primary forms of host-to-host
                 authentication on the Internet today are name-based or address-based, both of which are
                 notoriously weak.)
               •  Privacy/Confidentiality: Ensuring that no one can read the message except the intended
                 receiver.

               •  Integrity: Assuring the receiver that the received message has not been altered in any way
                 from the original.

               •  Non-repudiation: A mechanism to prove that the sender really sent this message.




                                             LOVELY PROFESSIONAL UNIVERSITY                                   295
   297   298   299   300   301   302   303   304   305   306   307