20-11-2012, 02:39 PM
Cryptology
Cryptology.doc (Size: 134.5 KB / Downloads: 39)
Introduction
Cryptology is the uniting name for a wide-ranging scientific field in which one studies the mathematical techniques of designing, analyzing and attacking information security services. Cryptology consists of two subfields, namely cryptography and cryptanalysis. An overview of cryptology is described in following Figure 1.1.
Cryptography
Cryptography is the study of techniques for providing security services. Cryptography is derived from the Greek word kryptos, meaning “hidden”. The aim of cryptography is to means and methods for converting data into unreadable form such that
• The data cannot be accessed for unauthorized use.
• The content of the data frames is hidden.
• The authenticity of the data can be established.
• The undetected modification of the data is avoided.
• The data cannot be disowned by the originator of the message.
Security Requirements
The security requirements [1, 2] of cryptography are:
• Confidentiality/Privacy: Making sure that the information is only available to authorized users. Privacy and secrecy are used synonymously used for confidential. Message encryption is one example of secrecy.
• Integrity: Integrity in terms of data and network security is the assurance that the information can only be accessed or modified by those authorized to do so. Information cannot be altered in storage or in transit between the sender and the intended receiver, without the alteration being detected.
• Authentication: The goal is to identify data origin or destination. Both parties in a communication sometimes need to ensure that the other is legitimate user. This can also be applied to the data itself; as to ensure a specific date and time that message was sent. One party challenges the other and if the other party knows the correct answer, the authentication is successful. For authentication using computers the scheme is more complex than solely exchanging phrases and the challenge is normally a computational challenge. If the responding party can correctly calculate an answer to the challenge based on the secret information, the authentication is successful.
• Non-repudiation: A mechanism to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Non-repudiation is a way to guarantee that the sender of message cannot later deny having sent the message and that the recipient cannot deny having received the message.
Private-key Cryptography
In symmetric cryptography or private-key cryptography, the same key is used for both encryption and decryption. This means that the encryption key must be shared between the two parties before any message can be decrypted. Symmetric cryptography can be used to transmit information over an insecure public channel. It has also other uses like storage in insecure media and mutual authentication.
Public-key Cryptography
In asymmetric cryptography or public-key cryptography two different keys, public key and private key are used. The private key is kept secret while the public key is distributed. Anyone can encrypt a message but only the one who knows the corresponding private key can decrypt it. Though the keys are mathematically related, it is practically not possible to retrieve the private key from the public key. The public key is used for encryption and one can decrypt the ciphertext only with the private key.