1.

INTRODUCTION
Does increased security provide comfort to paranoid people? Or does security
provide some very basic protections that we are naive to believe that we don't
need? During this time when the Internet provides essential communication
between tens of millions of people and is being increasingly used as a tool for
commerce, security becomes a tremendously important issue to deal with.
There are many aspects to security and many applications, ranging from secure
commerce and payments to private communications and protecting passwords.
One essential aspect for secure communications is that of cryptography, which is
the focus of this chapter. But it is important to note that while cryptography is
necessary for secure communications, it is not by itself sufficient. The reader is
advised, then, that the topics covered in this chapter only describe the first of
many steps necessary for better security in any number of situations.
This paper has two maor purposes. The first is to define some of the terms and
concepts behind basic cryptographic methods, and to offer a way to compare the
myriad cryptographic schemes in use today. The second is to provide some real
e!amples of cryptography in use today.
I would li"e to say at the outset that this paper is very focused on terms, concepts,
and schemes in current use and is not a treatise of the whole field. #o mention is
made here about pre$computeri%ed crypto schemes, the difference between a
substitution and transposition cipher, cryptanalysis, or other history. Interested
readers should chec" out some of the boo"s in the bibliography below for this
detailed & and interesting' & bac"ground information.
What is Cryptography?
Everyone has secrets( some have more than others. )hen it becomes necessary to
transmit those secrets from one point to another, it's important to protect the
information while it's in transit. *ryptography presents various methods for ta"ing
legible, readable data, and transforming it into unreadable data for the purpose of
secure transmission, and then using a "ey to transform it bac" into readable data
when it reaches its destination.
+redating computers by thousands of years, cryptography has its roots in basic
transposition ciphers, which assigns each letter of the alphabet a particular value.
, simple e!ample is to assign each letter a progressively higher number, where
,-., B-/, and so forth. 0sing this formula for e!ample, the word 1wise23341,
once encrypted, would read 1/5 6 .6 7 8 7 7 ..1. During )orld )ar Two,
machines were invented that made the ciphers more complicated and difficult to
brea", and today, computers have made cryptography even stronger still.
The 9ecure 9oc"ets :ayer ;99:< is a common encryption protocol used in e$
commerce. )hen you ma"e a purchase over the Internet, this is the technology
the merchant uses to ma"e sure you can safely transmit your credit card
information. 0sing this protocol, your computer and the online merchant's
computer agree to create a type of private 1tunnel1 through the public Internet.
This process is called the 1handsha"e.1 )hen you see a 0=: in your )eb
browser that starts with 1https1 instead of 1http1, it is a secure connection that is
using 99:.
9ome methods of cryptography used a 1secret "ey1 to allow the recipient to
decrypt the message. The most common secret "ey cryptosystem is the Data
3ncryption 9tandard ;D39<, or the more secure Triple$D39 which encrypts the
data three times.
>ore common are systems that use a public "ey cryptography system, such as the
Diffie$?ellman "ey agreement protocol. This system uses two "eys that wor"
together( a public one, which anyone can access, and a private one, which is "ept
secret by the party receiving the data. )hen you want to send a secure message to
someone, you encrypt that message using the recipient's public "ey. But once
encrypted, the recipient must use his or her private "ey to decrypt it.
The goal of cryptography e!tends beyond merely ma"ing data unreadable, it also
e!tends into user authentication that is, providing the recipient with assurance that
the encrypted message originated from a trusted source. ?ash functions are
sometimes used in conunction with private "ey or public "ey cryptography.

2. THE PURPOSE OF CRYPTOGRAPHY
*ryptography is the science of writing in secret code and is an ancient art( the first
documented use of cryptography in writing dates bac" to circa .6@@ B.*. when an
3gyptian scribe used non$standard hieroglyphs in an inscription. 9ome e!perts
argue that cryptography appeared spontaneously sometime after writing was
invented, with applications ranging from diplomatic missives to war$time battle
plans. It is no surprise, then, that new forms of cryptography came soon after the
widespread development of computer communications. In data and
telecommunications, cryptography is necessary when communicating over any
untrusted medium, which includes ust about any networ", particularly the
Internet.
)ithin the conte!t of any application$to$application communication, there are
some specific security reAuirements, includingB
Authentication : The process of proving one's identity. ;The primary forms
of host$to$host authentication on the Internet today are name$based or
address$based, both of which are notoriously wea".<
Privacy/confidentiality : 3nsuring that no one can read the message e!cept
the intended receiver.
Integrity : ,ssuring the receiver that the received message has not been
altered in any way from the original.
Non-repudiation : , mechanism to prove that the sender really sent this
message.
*ryptography, then, not only protects data from theft or alteration, but can also be
used for user authentication. There are, in general, three types of cryptographic
schemes typically used to accomplish these goalsB secret key (or symmetric)
cryptography, public-key (or asymmetric) cryptography, and hash functions,
each of which is described below. In all cases, the initial unencrypted data is
referred to as plaintext. It is encrypted into ciphertext, which will in turn ;usually<
be decrypted into usable plainte!t.
3. TYPES OF CRYPTOGRAPHIC ALGORITHMS
There are several ways of classifying cryptographic algorithms. Cor purposes of
this paper, they will be categori%ed based on the number of "eys that are
employed for encryption and decryption, and further defined by their application
and use. The three types of algorithms that will be discussed are ;Cigure .<B
Secret Key Cryptography ;94*<B 0ses a single "ey for both encryption
and decryption
Public Key Cryptography ;+4*<B 0ses one "ey for encryption and
another for decryption
Hash unctionsB 0ses a mathematical transformation to irreversibly
1encrypt1 information
!.". Secret Key Cryptography
)ith secret key cryptography, a single key is used for both encryption and
decryption. ,s shown in Cigure .,, the sender uses the "ey ;or some set of rules<
to encrypt the plainte!t and sends the cipherte!t to the receiver. The receiver
applies the same "ey ;or ruleset< to decrypt the message and recover the plainte!t.
Because a single "ey is used for both functions, secret "ey cryptography is also
called symmetric encryption.
)ith this form of cryptography, it is obvious that the "ey must be "nown to both
the sender and the receiver( that, in fact, is the secret. The biggest difficulty with
this approach, of course, is the distribution of the "ey.
!.#. Public-Key Cryptography
Public-key cryptography has been said to be the most significant new
development in cryptography in the last 5@@$D@@ years. >odern +4* was first
described publicly in 9tanford 0niversity by professor >artin ?ellman and
graduate student )hitfield Diffie in .68E. Their paper described a two$"ey crypto
system in which two parties could engage in a secure communication over a non$
secure communications channel without having to share a secret "ey.
!.!. Hash unctions
Hash functions, also called message digests and one-way encryption, are
algorithms that, in some sense, use no "ey ;Cigure .*<. Instead, a fi!ed$length
hash value is computed based upon the plainte!t that ma"es it impossible for
either the contents or length of the plainte!t to be recovered. ?ash algorithms are
typically used to provide a digital fingerprint of a file's contents.Often used to
ensure that the file has not been altered by an intruder or virus. ?ash functions are
also commonly employed by many operating systems to encrypt passwords. ?ash
functions, then, help preserve the integrity of a file.
!.$. %hy &hree 'ncryption &echni(ues)
9o, why are there so many different types of cryptographic schemes? )hy can't
we do everything we need with ust one?
The answer is that each scheme is optimi%ed ;ma"e the best< for some specific
application;s<.Cor e!ample, ?ash functions are well$suited for ensuring data
integrity because any change made to the contents of a message will result in the
receiver calculating a different hash value than the one placed in the transmission
by the sender. 9ince it is highly unli"ely ;not e!pected< that two different
messages will yield the same hash value, data integrity is ensured to a high degree
of confidence.
!.*. &he Significance of Key +ength
In a recent article in the industry literature ;circa 6F6G<, a writer made the claim
that 7E$bit "eys do not provide as sufficient protection for D39 today as they did
in .687 because computers are .@@@ times faster today than in .687. Therefore,
the writer went on, we should be using 7E,@@@$bit "eys today instead of 7E$bit
"eys to provide adeAuate protection. The conclusion was then drawn that because
7E,@@@$bit "eys are infeasible ;true<, we should accept the fact that we have to
live with wea" cryptography ;false!<. The maor error here is that the writer did
not ta"e into account that the number of possible "ey values double whenever a
single bit is added to the "ey length( thus, a 78$bit "ey has twice as many values
as a 7E$bit "ey ;because /
78
is two times /
7E
<. In fact, a EE$bit "ey would have
.@/D times the possible values as a 7E$bit "ey.
4. TRUST MODELS
9ecure use of cryptography reAuires trust. )hile secret "ey cryptography can
ensure message confidentiality and hash codes can ensure integrity ;honesty<,
none of this wor"s without trust. In 94*, ,lice and Bob had to share a secret "ey.
+4* solved the secret distribution problem, but how does ,lice really "now that
Bob is who he says he is? Hust because Bob has a public and private "ey, and
purports to be 1Bob,1 how does ,lice "now that a malicious ;given to< person
;>allory< is not pretending to be Bob?
There are a number of trust models employed by various cryptographic schemes.
This section will e!plore three of themB
The web of trust employed by Pretty ,ood Pri-acy (P,P) users, who
hold their own set of trusted public "eys.
Kerberos, a secret "ey distribution scheme using a trusted third party.
Certificates, which allow a set of trusted third parties to authenticate each
other and, by implication, each other's users.
3ach of these trust models differs in comple!ity, general applicability, scope, and
scalability.
$.". P,P %eb of &rust
+retty 2ood +rivacy ;described more below in 9ection 7.7< is a widely used
private e$mail scheme based on public "ey methods. , +2+ user maintains a local
"eyring of all their "nown and trusted public "eys. The user ma"es their own
determination about the trustworthiness of a "ey using what is called a 1web of
trust.1
$.#. Kerberos
4erberos is a commonly used authentication scheme on the Internet. Developed
by >IT's +roect ,thena, 4erberos is named for the three$headed dog who,
according to 2ree" mythology, guards the entrance of ?ades ;rather than the e!it,
for some reason'<.
4erberos employs a clientFserver architecture and provides user$to$server
authentication rather than host$to$host authentication. In this model, security and
authentication will be based on secret "ey technology where every host on the
networ" has its own secret "ey.
$.!. Public Key Certificates and Certificate .uthorities
Certificates and Certificate Authorities (CA are necessary for widespread use of
cryptography for e$commerce applications. )hile a combination of secret and
public "ey cryptography can solve the business issues discussed above, crypto
cannot alone address the trust issues that must e!ist between a customer and
vendor in the very fluid, very dynamic e$commerce relationship. ?ow, for
e!ample, does one site obtain another party's public "ey? ?ow does a recipient
determine if a public "ey really belongs to the sender? ?ow does the recipient
"now that the sender is using their public "ey for a legitimate purpose for which
they are authori%ed? )hen does a public "ey e!pire? ?ow can a "ey be revo"ed
in case of compromise or loss?
$.$. Summary
The paragraphs above describe three very different trust models. It is hard to say
that any one is better than the others( it depend upon your application. One of the
biggest and fastest growing applications of cryptography today, though, is
electronic commerce ;e$commerce<, a term that itself begs for a formal definition.
+2+'s web of trust is easy to maintain and very much based on the reality of users
as people. The model, however, is limited( ust how many public "eys can a single
user reliably store and maintain? ,nd what if you are using the 1wrong1 computer
when you want to send a message and can't access your "eyring? ?ow easy it is to
revo"e a "ey if it is compromised? +2+ may also not scale well to an e$commerce
scenario of secure communication between total strangers on short$notice.
4erberos overcomes many of the problems of +2+'s web of trust, in that it is
scalable and its scope can be very large. ?owever, it also reAuires that the
4erberos server have a priori "nowledge of all client systems prior to any
transactions, which ma"es it unfeasible for 1hit$and$run1 clientFserver
relationships as seen in e$commerce.
5. CRYPTOGRAPHIC ALGORITHMS IN ACTION
The paragraphs above have provided an overview of the different types of
cryptographic algorithms, as well as some e!amples of some available protocols
and schemes. Table 5 provides an even longer list of some of the schemes
employed today for a variety of functions, most notably electronic commerce. The
paragraphs below will show several real cryptographic applications that many of
us employ ;"nowingly or not< everyday( for password protection and private
communication.
*.". Pass/ord Protection
#early all modern multiuser computer and networ" operating systems employ
passwords at the very least to protect and authenticate users accessing computer
andFor networ" resources. But passwords are not typically "ept on a host or server
in plainte!t, but are generally encrypted using some sort of hash scheme.
0ni!F:inu!, for e!ample, uses a well$"nown hash via its crypt( function.
+asswords are stored in the !etc!passwd file ;Cigure 7,<( each record in the file
contains the username, hashed password, user's individual and group numbers,
user's name, home directory, and shell program( these fields are separated by
colons ;B<. #ote that each password is stored as a .5$byte string. The first two
characters are actually a salt, randomness added to each password so that if two
users have the same password, they will still be encrypted differently( the salt, in
fact, provides a means so that a single password might have D@6E different
encryptions. The remaining .. bytes are the password hash, calculated using
D39.
*.#. Some of the iner 0etails of 0iffie-Hellman
The first published public$"ey crypto algorithm was Diffie$?ellman. The
mathematical 1tric"1 of this scheme is that it is relatively easy to compute
e!ponents compared to computing discrete logarithms. Diffie$?ellman allows two
parties & the ubiAuitous ,lice and Bob & to generate a secret "ey( they need to
e!change some information over an unsecure communications channel to perform
the calculation but an eavesdropper cannot determine the shared "ey based upon
this information.
*.!. Some of the iner 0etails of 1S. Public-Key Cryptography
0nli"e Diffie$?ellman, =9, can be used for key e2change as well as digital
signatures and the encryption of small blocks of data. Today, =9, is primary
used to encrypt the session "ey used for secret "ey encryption ;message integrity<
or the message's hash value ;digital signature<. =9,'s mathematical hardness
comes from the ease in calculating large numbers and the difficulty in finding the
prime factors of those large numbers. ,lthough employed with numbers using
hundreds of digits, the math behind =9, is relatively straight$forward.
To create an =9, publicFprivate "ey pair, here are the basic stepsB
.. *hoose two prime numbers, p and A. Crom these numbers you can
@calculate the modulus, n - pA.
/. 9elect a third number, e, that is relatively prime to ;i.e., it does not divide
evenly into< the product ;p$.<;A$.<. The number e is the public e!ponent.
5. *alculate an integer d from the Auotient ;ed$.<FI;p$.<;A$.<J. The number d
is the private e!ponent.
*.$. Some of the iner 0etails of 0'S, 3reaking 0'S, and 0'S
4ariants
The Data 3ncryption 9tandard ;D39< has been in use since the mid$.68@s,
adopted by the #ational Bureau of 9tandards ;#B9< Inow the #ational Institute
for 9tandards and Technology ;#I9T<J as Cederal Information +rocessing
9tandard DE ;CI+9 DE$5< and by the ,merican #ational 9tandards Institute
;,#9I< as K5.6/.
0'S 5perational 5-er-ie/
D39 uses a 7E$bit "ey. In fact, the 7E$bit "ey is divided into eight 8$bit bloc"s and
an Gth odd parity bit is added to each bloc" ;i.e., a 1@1 or 1.1 is added to the bloc"
so that there are an odd number of . bits in each G$bit bloc"<. By using the G
parity bits for rudimentary error detection, a D39 "ey is actually ED bits in length
for computational purposes ;although it only has 7E bits worth of randomness, or
entropy<.
3reaking 0'S
The mainstream cryptographic community has long held that D39's 7E$bit "ey
was too short to withstand a brute$force attac" from modern computers.
=emember >oore's :awB computer power doubles every .G months. 2iven that
increase in power, a "ey that could withstand a brute$force guessing attac" in
.687 could hardly be e!pected to withstand the same attac" a Auarter century
later.
0'S 4ariants
Once D39 was 1officially1 bro"en, several variants appeared. But none of them
came overnight( wor" at hardening D39 had already been underway. In the early
.66@s, there was a proposal to increase the security of D39 by effectively
increasing the "ey length by using multiple "eys with multiple passes. But for this
scheme to wor", it had to first be shown that the D39 function is not a group, as
defined in mathematics. If D39 was a group, then we could show that for two
D39 "eys, K. and K/, applied to some plainte!t ;+<, we can find a single
eAuivalent "ey, K5, that would provide the same result( i.e.,B
3
K/
;3
K.
;+<< - 3
K5
;+<
*.*. Pretty ,ood Pri-acy (P,P)
+retty 2ood +rivacy ;+2+< is one of today's most widely used public "ey
cryptography programs. Developed by +hilip Limmermann in the early .66@s and
long the subect of controversy, +2+ is available as a plug$in for many e$mail
clients, such as *laris 3mailer, >icrosoft Outloo"FOutloo" 3!press, and
Mualcomm 3udora.
+2+ can be used to sign or encrypt e$mail messages with the mere clic" of the
mouse. Depending upon the version of +2+, the software uses 9?, or >D7 for
calculating the message hash( *,9T, Triple$D39, or ID3, for encryption( and
=9, or D99FDiffie$?ellman for "ey e!change and digital signatures.
*.6. 7P Security (7Psec) Protocol
85&'9 The information in this section assumes that the reader is familiar with
the Internet +rotocol ;I+<, at least to the e!tent of the pac"et format and header
contents. >ore information about I+ can be found in An "#er#iew of $CP!%P
Protocols and the %nternet. >ore information about I+vE can be found in I+vEB
The #e!t 2eneration Internet +rotocol.
The Internet and the T*+FI+ protocol suite were not built with security in mind.
This statement is not meant as a criticism( the baseline 0D+, T*+, I+, and I*>+
protocols were written in .6G@ and built for the relatively closed ,=+,#3T
community. T*+FI+ wasn't designed for the commercial$grade financial
transactions that they now see nor for virtual private networ"s ;N+#s< on the
Internet.
9ecurity +arameter Inde! ;9+I<, a 5/$bit identifier of the connection
I+ Destination ,ddress
security protocol ;,? or 39+< identifier
*.:. &he SS+ ;amily; of Secure &ransaction Protocols for the
%orld %ide %eb
The 9ecure 9oc"ets :ayer ;99:< protocol was developed by #etscape
*ommunications to provide application$independent secure communication over
the Internet for protocols such as the ?yperte!t Transfer +rotocol ;?TT+<. 99:
employs =9, and K.7@6 certificates during an initial handsha"e used to
authenticate the server ;client authentication is optional<. The client and server
then agree upon an encryption scheme( 99: v/ supports =*/ and =*D with D@$
bit "eys, while 99: v5 adds support for D39, =*D with a ./G$bit "ey, and 5D39
with a .EG$bit "ey, all along with either >D7 or 9?,$. message hashes. 99: v5
is the commonly supported version on servers today, although some
implementations of 99: v/ will still be found( both are supported by most
common browsers ;Cigure .D<.
6. CONCLUSION... OF SORTS
This paper has briefly described how cryptography wor"s. The reader
must beware, however, that there are a number of ways to attac" every one
of these systems( cryptanalysis and attac"s on cryptosystems, however, are
well beyond the scope of this paper. In the words of 9herloc" ?olmes ;o",
,rthur *onan Doyle, really<, 1)hat one man can invent, another can
discover1 ;1The ,dventure of the Dancing >en1<.
*ryptography is a particularly interesting field because of the amount of
wor" that is, by necessity, done in secret. The irony is that today, secrecy
is not the "ey to the goodness of a cryptographic algorithm. =egardless of
the mathematical theory behind an algorithm, the best algorithms are those
that are well$"nown and well$documented because they are also well$
tested and well$studied' In fact, time is the only true test of good
cryptography( any cryptographic scheme that stays in use year after year is
most li"ely a good one. The strength of cryptography lies in the choice
;and management< of the "eys( longer "eys will resist attac" better than
shorter "eys.
The corollary to this is that consumers should run, not wal", away from
any product that uses a proprietary cryptography scheme, ostensibly
because the algorithm's secrecy is an advantage. This observation about
not using 1secret1 crypto schemes has been a fundamental hallmar" of
cryptography for well over .@@ years( it was first stated e!plicitly by
Dutch linguist ,uguste 4erc"hoffs von #ieuwenhoff in his .GG5 ;yes,
"<G5< te!t titled &a Cryptographie militaire, and has therefore become
"nown as 14erc"hoffs' +rinciple.1