Let's face it – cryptography is intimidating. The idea that cryptography is full of complicated mathematical algorithms causes IT managers to shy away from it and delegate responsibility without truly understanding
The basic concept of cryptography is simple – you use mathematical algorithms in combination with cryptographic keys to provide users with confidentiality, integrity and/or non-repudiation. We'll take a look at each of these goals, but first we need to take a brief journey through the world of cryptographic algorithms.
Cryptographic algorithms all perform the same basic function: They take two inputs – a message and a key -- and transform them into a single output. There are two ways to perform this function. Encryption, as shown in Figure 1, uses the cryptographic key to transform the original message into an encrypted form. Decryption, as shown in Figure 2, does the reverse; it uses a cryptographic key to transform an encrypted message back into its original (a.k.a. plaintext) form.
There are two basic types of cryptographic algorithms that implement the functionality described above. They differ only in the number of cryptographic keys used in each communication. Private key algorithms (a.k.a. secret key algorithms) use a single key. Each participant in a communication must have access to this key prior to initiating the communication. Public key algorithms, on the other hand, use pairs of keys. Each participant has two keys: a public key (which is made freely available to anyone who wants it) and a private key (which is kept secret). The inner workings of these algorithms are beyond the scope of this article. Suffice it to say that a well-designed public key algorithm guarantees the security of communications as long as you keep your private key private. It doesn't matter if Osama bin Laden himself has access to your public key.
That's enough about algorithms. Let's move on to the nitty-gritty – how you can use these algorithms to achieve confidentiality, integrity and non-repudiation.
When most people think of cryptography, they think of confidentiality. Indeed, it's the most common use of cryptographic algorithms – protecting data from prying eyes while in transit over an insecure communications channel like the Internet. Confidentiality may be achieved through the use of either private or public key algorithms. When using a private key algorithm, the sender encrypts the message using the secret key (refer back to Figure 1) and then transmits the encrypted version to the recipient. When the recipient receives the encrypted message, he simply decrypts it using the same secret key (as in Figure 2) and may then read the original message. If someone intercepts the message along the way, he has no way of reading it without access to the secret key.
Public key cryptosystems may also be used to achieve confidentiality. The process works the same way it does for private key cryptosystems, but different keys are used. The sender encrypts the message using the recipient's public key. The recipient then decrypts the message with his own private key. Once the sender has encrypted the message with the recipient's public key no one (not even the sender) can decrypt it without access to the recipient's private key.
The second goal of cryptography is to ensure the integrity of messages transmitted between two parties. Integrity provides communicating parties with the assurance that a message was not modified while in transit. Even if you've already taken steps to ensure confidentiality, it's possible that a third party could interfere with your communications by altering the encrypted version of the message while in transit. Most likely, this would result in a bunch of gobbledygook when you attempt to decrypt the message, but it's not a chance that's worth taking.
To ensure integrity, the sender of a message uses a hash function, a mathematical algorithm that creates a unique summary of a message known as a message digest and transmits it along with the message. When the recipient decrypts the message, he uses the same hash function (the details of hash functions are generally not secret) to create his own version of the message digest and then compares it to the digest transmitted with the message. If the two digests match, the recipient knows that the integrity of the message is preserved. If the digests differ, something altered the message along the way. (This alteration could be the result of intentional mischief or happenstance, such as electrical interference, faulty networking equipment or similar failures.)
The final goal of cryptography is to provide the recipient of a message with guarantees of non-repudiation. That is, the recipient should be able to prove that a message actually originated with the purported sender and is not a forgery. With private key algorithms, this is not possible. Remember, all parties in a communication share the same secret key. Therefore, it's possible that any given encrypted message was generated by anyone with access to the key. There's simply no way to prove who created the original message.
Public key cryptography, on the other hand, does provide a mechanism (known as digital signatures) to enforce non-repudiation. When the sender creates a message, he also uses a hash function to generate a message digest (which provides integrity). There's one additional step required to ensure non-repudiation – the sender must encrypt the digital signature using the sender's private key. When the recipient receives the message, he decrypts the digital signature using the sender's public key and then compares it to a self-generated message digest. If the two match, the recipient has irrefutable proof that the sender (or someone with access to the sender's private key) originated the message. There's no way that anyone could have created the correct digital signature for any given message without access to that key.
And that's it! You should now have a basic understanding of how cryptography works to ensure the confidentiality, integrity and non-repudiation of messages transmitted between two parties. Stay tuned to this space for future articles on specific applications of cryptography!
About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.
This was first published in November 2003