Cryptography - The Science of Secrecy

Main Page

Ankit Jain

Applying Cryptography

To answer the question, “Who needs encryption?”, one can examine the various reasons why banks, businesses, professionals, military, everyday people, and even criminals require some sort of protection. Cryptography is used whenever someone wants to send a secret message to someone else, in a situation where anyone might be able to get hold of the message and read it. Cryptography provides a solution to the problem of information security and privacy. For electronic communications, the techniques of private and public key cryptography are becoming increasingly popular. Cryptography provides integrity i.e. assures that the information was not modified while in transit.

Identification and Authentication

Identification and authentication are two widely used applications of cryptography.
Identification is the process of verifying someone’s or something’s identity. Authentication
merely determines whether that person or entity is authorized for whatever is in question. For this purpose Digital signatures are used.

Certification

It’s a scheme by which trusted agents such as certifying authorities vouch for unknown agents, such as users. The trusted agents issue vouchers called certificates which each have some inherent meaning. Certification technology was developed to make identification and authentication possible on a large scale.

Personal Use

Privacy is perhaps the most obvious application of cryptography. Privacy is the state or quality of being secluded from the view and or presence of others. Cryptography can be used to implement privacy simply by encrypting the information intended to remain private. In order for someone to read this private data, one must first decrypt it. Note that sometimes information is not supposed to be accessed by anyone, and in these cases, the information may be stored in such a way that reversing the process is virtually impossible.

Electronic Commerce

Electronic money is a term that is still fairly vague and undefined. Here, cryptography protects conventional transaction data such as an account number and amount; a digital signature can replace a handwritten signature or a credit-card authorization, and public-key encryption can provide confidentiality.

Secure Communication

S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol that adds digital signatures and encryption to Internet MIME messages. MIME defines how the body of an e-mail message is structured. However, MIME itself does not provide any security services. The purpose of S/MIME is to define such services for digital signatures and encryption.

Passwords

Passwords are not typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme. In the Windows NT case, all passwords are hashed using the MD4 algorithm, resulting in a 128-bit (16-byte) hash value.

Other Applications

Cryptography is not confined to the world of computers. Cryptography is also used in cellular (mobile) phones as a means of authentication; that is, it can be used to verify that a particular phone has the right to bill to a particular phone number. This prevents people from stealing (“cloning”) cellular phone numbers and access codes. Another application is to protect phone calls from eavesdropping using voice encryption.

Encryption in the Future

The future of encryption is as uncertain as the future of technology itself.  The more powerful the technology at hand, the harder it will be to create encryption methods that can withstand the onslaught of the computational power readily available to the average PC owner. New Technologies in the Future are :

Quantum Cryptography

            Quantum cryptography is on the leading edge of cryptographic implementations.  It is currently relegated to the laboratory for reasons of technical feasibility. Signals have a certain polarization, as long as the polarization remains unchanged, the signal has not been intercepted or monitored in any way. Interception or monitoring causes a polarization shift. Quantum cryptography uses this technology to publicly distribute key information. The receiver records a polarization and asks the sender if the recorder polarization is correct. If it is, then the receiver knows it has a valid key unknown to anyone else. Here is the magic…The Heisenberg principle states that a state cannot be monitored without changing the state itself. So far, on a quantum level, this is true. This means that if the key is monitored during transmission, the polarization will change, and the sender will detect this because the polarization information returned from the receiver will be in-correct. Poof…It’s like magic!!

Biometrics

            Biometric encryption uses an individuals own physical body characteristics as the encryption key. The systems would identify each individual for who they were, not allowing for impersonation, and respond accordingly. While biometric encryption is in use today, it is far from being mainstream. The primary reason for this is that it is very costly to implement.

·        Fingerprint – This type of encryption registers either fingerprints or the imprints left by a person’s palm. These devices have an error rate of 1 in 100,000.

·        Optical – This method used either the iris or retina of the human eye. These scanners have an error rate of 1 in 2,000,000.

·        Facial Structure – The scanner examines the overall facial structure of the individual. The two major factors that impact the error rate are differences in the lighting conditions and the distance from the scanner to the subject.

·        Voice – Voice recognition systems use the characteristics of an individual’s voice to identify the person. Voice lends itself extremely well for use in telecommunication systems; however it has an error rate of 2-5%.

·        Signature – This biometric is actually more of a present technology than a future technology. Many retail stores are now using this for credit card purchases. The individual applies their signature on a digital device and the signature is then recorded by computers. The error rate can be fairly high simply due to the fact that an individual’s signature is not always exactly the same.

·        Keystroke – One might accurately refer to it as the ‘Rhythm Method of Access Control’.  This system does not simply use the password or PIN, it also uses information on how the key was entered.  It senses the rate the key is entered and detects the rhythm of the entry as well.  It is argued that this is one of the less secure biometric methods.