Glimpses from Cryptography: Foundation of Security

I would like to have some glimpses from the topic of cryptography, being my favorite one. Why cryptography matters to me is because it is the spine of information security, which is essential for our day to day life. The basic foundations of Information Security lies in CIA triad (not Central Intelligence Agency!!). CIA stands for Confidentiality Integrity and Availability. We use the services from cryptography for achieving the couple of the above foundations of Information security.

To explain the foundations, lets introduce the classic characters for the stories of security Alice, Bob and Eve. Alice is communicating to Bob and Eve is trying to intrude into the communication and try to do some malicious activity. In between the communication of Alice and Bob, Eve can

1. Read the messages communicated by Alice to Bob
2. Modify/replace the message sent by Alice before reaching Bob
3. Prevent Bob from getting any message from Alice.

Confidentiality: If Eve read the message sent by Alice, then it is a violation of Confidentiality. Hence Alice use the encryption features to secure the communication. Once encrypted, Eve can get only set of characters which doesn’t make any sense.

Integrity: If Eve modify the message, then it is a violation if Integrity. Hence Alice may use techniques such as Hash functions, MAC (Message Authentication Code) for ensuring the integrity of the message.

Availability: When Eve blocks the message entirely, Bob has no way to know that Alice want to communicate with him. Cryptography doesn’t directly address the issues of Availability.

Authentication: In the case above, Alice and Bob are only permitted to communicate over the channel, in other words, they are authorized to use the channel for communication. How it is verified that the communicating parties are Alice and Bob. It is achieving using one or more of the Authentication mechanisms. The most common authentication is using passwords, which is a secret known by the legitimate user. Authentication can be done using bio-metrics or using a physical device such as a usb key.

Non-Repudiation: Non repudiation has nothing to do with eve. If Alice send Bob a message and at a future point Alice refute the fact that she sent the message, then how one can ensure that the message is sent by Alice, not by someone else. This also deals with the matter of trust. Hence for effectively achieving non-repudiation, DSS (Digital Signature Systems) has to be used.