Cryptography - The Science of Secrecy
To answer the question, “Who needs encryption?”, one can examine the various reasons why banks, businesses, professionals, military, everyday people, and even criminals require some sort of protection. Cryptography is used whenever someone wants to send a secret message to someone else, in a situation where anyone might be able to get hold of the message and read it. Cryptography provides a solution to the problem of information security and privacy. For electronic communications, the techniques of private and public key cryptography are becoming increasingly popular. Cryptography provides integrity i.e. assures that the information was not modified while in transit.
Identification and Authentication
Identification and authentication are
two widely used applications of cryptography.
It’s a scheme by which trusted agents such as certifying authorities vouch for unknown agents, such as users. The trusted agents issue vouchers called certificates which each have some inherent meaning. Certification technology was developed to make identification and authentication possible on a large scale.
Privacy is perhaps the most obvious application of cryptography. Privacy is the state or quality of being secluded from the view and or presence of others. Cryptography can be used to implement privacy simply by encrypting the information intended to remain private. In order for someone to read this private data, one must first decrypt it. Note that sometimes information is not supposed to be accessed by anyone, and in these cases, the information may be stored in such a way that reversing the process is virtually impossible.
Electronic money is a term that is still fairly vague and undefined. Here, cryptography protects conventional transaction data such as an account number and amount; a digital signature can replace a handwritten signature or a credit-card authorization, and public-key encryption can provide confidentiality.
S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol that adds digital signatures and encryption to Internet MIME messages. MIME defines how the body of an e-mail message is structured. However, MIME itself does not provide any security services. The purpose of S/MIME is to define such services for digital signatures and encryption.
Passwords are not typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme. In the Windows NT case, all passwords are hashed using the MD4 algorithm, resulting in a 128-bit (16-byte) hash value.
Cryptography is not confined to the world of computers. Cryptography is also used in cellular (mobile) phones as a means of authentication; that is, it can be used to verify that a particular phone has the right to bill to a particular phone number. This prevents people from stealing (“cloning”) cellular phone numbers and access codes. Another application is to protect phone calls from eavesdropping using voice encryption.
The future of encryption is as uncertain as the future of technology itself. The more powerful the technology at hand, the harder it will be to create encryption methods that can withstand the onslaught of the computational power readily available to the average PC owner. New Technologies in the Future are :
Quantum cryptography is on the leading edge of cryptographic implementations. It is currently relegated to the laboratory for reasons of technical feasibility. Signals have a certain polarization, as long as the polarization remains unchanged, the signal has not been intercepted or monitored in any way. Interception or monitoring causes a polarization shift. Quantum cryptography uses this technology to publicly distribute key information. The receiver records a polarization and asks the sender if the recorder polarization is correct. If it is, then the receiver knows it has a valid key unknown to anyone else. Here is the magic…The Heisenberg principle states that a state cannot be monitored without changing the state itself. So far, on a quantum level, this is true. This means that if the key is monitored during transmission, the polarization will change, and the sender will detect this because the polarization information returned from the receiver will be in-correct. Poof…It’s like magic!!
Biometric encryption uses an individuals own physical body characteristics as the encryption key. The systems would identify each individual for who they were, not allowing for impersonation, and respond accordingly. While biometric encryption is in use today, it is far from being mainstream. The primary reason for this is that it is very costly to implement.
· Fingerprint – This type of encryption registers either fingerprints or the imprints left by a person’s palm. These devices have an error rate of 1 in 100,000.
· Optical – This method used either the iris or retina of the human eye. These scanners have an error rate of 1 in 2,000,000.
· Facial Structure – The scanner examines the overall facial structure of the individual. The two major factors that impact the error rate are differences in the lighting conditions and the distance from the scanner to the subject.
· Voice – Voice recognition systems use the characteristics of an individual’s voice to identify the person. Voice lends itself extremely well for use in telecommunication systems; however it has an error rate of 2-5%.
· Signature – This biometric is actually more of a present technology than a future technology. Many retail stores are now using this for credit card purchases. The individual applies their signature on a digital device and the signature is then recorded by computers. The error rate can be fairly high simply due to the fact that an individual’s signature is not always exactly the same.
· Keystroke – One might accurately refer to it as the ‘Rhythm Method of Access Control’. This system does not simply use the password or PIN, it also uses information on how the key was entered. It senses the rate the key is entered and detects the rhythm of the entry as well. It is argued that this is one of the less secure biometric methods.
As long as there are secrets,
there will be cryptography
If backup is the only foolproof way to prevent accidental loss of data, then encryption provides the same level of protection against deliberate abuse of information.
The benefits of cryptography are well recognized. Encryption can protect communications and stored information from unauthorized access. Other cryptographic techniques, including methods of authentication and digital signatures, can protect against spoofing and message forgeries. Practically everyone agrees that cryptography is an essential information security tool, and that it should be readily available to users.
The drawbacks of cryptography are frequently overlooked as well. The widespread availability of unbreakable encryption coupled with anonymous services could lead to a situation where practically all communications are immune from lawful interception and documents from lawful search and seizure, and where all electronic transactions are beyond the reach of any government regulation. The consequences of this to public safety and social and economic stability could be damaged. With the government essentially locked out, computers and telecommunications systems would become safe havens for criminal activity.
The use of cryptography for data integrity and authentication, including digital signatures, is not a threat. Indeed, by strengthening the integrity of evidence and binding it to its source, cryptographic tools for authentication are a forensic aid to criminal investigations.
time whenever you are going to send secret information,
Just Encrypt it.
For Digital Signatures, Cryptanalysis and Attacks on Cryptosystems
For Time line, Basic encryption techniques and Future.
     
I have represented this paper @ a Technical Paper Presentation at National symposium organized by AITS, Rajkot, India and won second prize worth Rs 2500/- Thanks for visit.
[ Last modified: September 1st, 2004 ]
To send feedback click here : ankitjain
visit me @