For computer students, one
time we all will need to participate in security world. Today, modern
technologies in communication networks have been influenced in our daily activities.
So we need to cover the fundamental cryptographic techniques that allow for
encrypting communication, authenticating the party with whom one is
communicating and ensuring message integrity.
We can identify the following
desirable properties of secure communication.
- Confidentiality: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message, this necessarily requires that the message be somehow encrypted so that an intercepted message cannot be decrypted by an interceptor.
- Message integrity: Even if the sender and receiver are able to authenticate each other, they also want to ensure that the content of their communication is not altered.
- End - point authentication: Both the sender and receiver should be able to confirm the identity of the other party is indeed who or what they claim to be.
- Operational security: Almost all organizations today have networks that are attached to the public Internet. These networks can potentially be compromised by attackers who gain access to the networks via the public Internet. Attackers can attempt to deposit worms into the hosts into the host in the network, obtain corporate secrets, map the internal network configurations, and launch DoS(Denial -of-Service ) [1].
The actual
implementation of security goals needs some techniques. Today, the two
prevalent techniques are the one is very general (cryptography) and another one
is specific (steganography). [4]
What is Cryptography?
Cryptography is the science of using
mathematics to encrypt and decrypt data. Cryptography enables you to store
sensitive information or transmit it across insecure
networks (like the Internet) so that it cannot be read by anyone except the
intended recipient [2].The simple meaning of Cryptography is “secret writing”.
What is Steganography?
The word
steganography comes from the Greek Steganos, which mean covered or
secret and –graphy mean writing or drawing. Therefore, steganography
means, literally, “covered writing”. Steganography become more important as
more people join the cyberspace revolution. Steganography is the art of
concealing information in ways that prevent the detection of hidden messages.
Steganography include an array of secret communication methods that hide the
message from being seen or discovered. The goal of steganography is to avoid
drawing suspicion to the existence of a hidden message.[3]
Cryptography Vs Steganography
Steganography
is defined by Markus Kahn [5] as follows, "Steganography is the art and
science of communicating in a way which hides the existence of the
communication. In contrast to Cryptography, where the enemy is allowed to
detect, intercept and modify messages without being able to violate certain
security premises guaranteed by a cryptosystem, the goal of Steganography is to
hide messages inside other harmless messages in a way that does not allow any
enemy to even detect that there is a second message present.
Cryptographic techniques
Data
that can be read and understood without any special measures is called plaintextor
cleartext. The method of disguising plaintext in such a way as to hide its
substance is called encryption. Encrypting plaintext results in unreadable
gibberish called ciphertext. You use encryption to ensure that information is
hidden from anyone for whom it is not intended, even those who can see the
encrypted data. The process of reverting ciphertext to its original plaintext
is called decryption [2].
The
most basic cryptographic techniques for confidentiality and data integrity are symmetric encryption techniques and asymmetric encryption techniques.
Another cryptographic technique is hashing. Hash functions are a curious type
of cryptographic algorithm. In its simplest form a hash function is an
algorithm that takes an input of any size and outputs a fixed-length “hash code” that is, in some sense, difficult
to predict in advance. The odd thing about the use of hash functions in cryptography
is that they do not usually depend on any secret keys, and so they can only
provide a limited set of security services on their own [6].
We
can now split encryption schemes into two types. If the message sender knows
this secret key then the scheme is said to be symmetric (the example
symmetric key algorithm is Caesar
cipher). If the message sender does not know the secret key then the scheme is
said to be asymmetric or public-key. In other words encryption algorithms
transform data, sometimes called messages or plaintext, into ciphertext, which
can be transmitted over a public network(non secure channel) and from which no
unauthorized entity can determine any information about the message (except,
possibly, its length). When the ciphertext reaches its intended recipient, he
or she can undo the encryption operation and recover the message from the ciphertext.
It is easy to see that in order to do this, the recipient must have some kind
of extra, secret information that is not known to any unauthorized person. This
is known as a key.
Useful Acronyms for Computer Students
International Standardization Organizations
1.
ISO (International Standard Organization)
2.
IEC (International Electrotechnical
Commission)
3.
ITU (International Telecommunication Union)
National
Standardization Organizations
1.
ANSI (American National Standards Insti)
2.
BSI (British Standard Institute)
3.
NIST (National Institute of Standards and
Technology)
Industrial
Standardization Organizations
1.
3GPP (Third Generation Partnership Project)
2.
ETSI(European Telecommunications Standard
Institute)
3.
IEEE (Institute of Electrical and Electronic Engineering)
4.
IETF (Internet Engineering Task Force)
5.
SECG (Standards for Efficient Cryptography
Group)
6.
PKCSs (Public-Key Cryptography Standards)
References:
[1]. COMPUTER NETWORKING [Top Down Approach]
by JAMES F.KUROSE ,KEITH W.ROSS
[FOURTH EDITION]
[2]. An
Introduction to Cryptography
[3]. A Novel Steganographic
Method for Gray-Level Images by Ahmad T. Al-
Taani and Abdullah M. AL-Issa
[4]. Cryptography and Network Security by
Behrouz A. Forouzan (McGRAW- HILL
INTERNATIONAL EDITION)
[6].
User’s Guide to Cryptography and Standards by Alexander W. Dent
Chris J. Mitchell
No comments:
Post a Comment