Introduction to Cryptography and PGP

On 08.31.09, In cryptography, By Dan Calloway

by Dan Calloway
Published August 31, 2009 at 3:20pm EST; The Chronicler’s Web

Data that can be read without any special measures is called plaintext or cleartext.  The process of hiding or disguising plaintext so that it cannot be read by humans is called encryption.  Encrypting plaintext into an illegible format is called ciphertext.  Encryption is used to hide information from those for whom the information is not intended, and that includes those who can see the encrypted data.  The process of reverting the ciphertext to plaintext so that it can be read by humans is called decryption or deciphering.  Thus the steps in the process are taking plaintext and encrypting it into ciphertext, and then decrypting the ciphertext back into plaintext.

public key cryptosystems

public key cryptosystems

Cryptography is the science of using mathematics to encrypt and decipher data.  Cryptography allows one to encrypt data that travels across the Internet (an insecure means of transmission) to the intended recipient so that it cannot be read by anyone for whom the data is not intended.  Although cryptography is the science of securing data, its companion, cryptanalysis, is the science of analyzing encrypted data and breaking the secure communication.  Cryptanalysis involves a combination of analytical reasoning, the application of mathematical tools, finding data patterns, almost infinite patience and determination, and serendipity. The study of both cryptography and cryptanalysis together is known as cryptology.

Cryptography can be either strong or weak depending on two factors:  time and resources, needed to reveal the plaintext from the ciphertext.  The result of strong cryptography is ciphertext that is extremely difficult to unravel and revert back to the plaintext from which it originated without special tools or a back door, which allows one to bypass the cryptographic security of the encryption.  But, just how strong is strong cryptography?  Strong cryptographic strength is loosely defined as the measure of cipher strength that even employing all the known computers in the world today making over a billion checks per second would not result in the deciphering of the ciphertext created by the encryption process into plaintext before the end of the known Universe.  One would think that strong cryptography would hold up to even the wittiest and smartest cryptanalyst.  However, we cannot predict the computing power of tomorrow, and, thus, we must assume that no encryption, regardless of its strength, is impenetrable.  What we can say is that the cryptographic strength employed by applications such as PGP (Pretty Good Privacy) is among the strongest known to man. (more…)

Wikio
Wikio
Tagged with:
 
4 Comments
Please Leave A Response

Paul Kochner – Cryptography Research

On 08.24.09, In Internet, Technology, By Dan Calloway
President and Chief Scientist - Cryptography Research

President and Chief Scientist - Cryptography Research

Republished by Dan Calloway
August 24, 2009 at 12:48pm EST; www.dancalloway.com

Paul Kocher has gained an international reputation for his research and innovative designs in cryptography. An active contributor to major conferences and leading security initiatives, Paul has designed numerous cryptographic applications and protocols which are successfully deployed in real world systems. His accomplishments include discovering timing attacks and Differential Power Analysis (including techniques for preventing against these vulnerabilities), helping author the widely used SSL 3.0 standard, and leading the design of the record-breaking DES Key Search machine. He has recently focused on developing anti-piracy technologies for securing digital content. Paul was elected to the National Academy of Engineering in 2009.

Paul founded Cryptography Research and leads the company as its President & Chief Scientist. He previously held positions at RSA Security and was a founding member of Valicert, Inc. (now Tumbleweed). He holds a B.S. degree from Stanford University.

Wikio
Wikio
Tagged with:
 
0 Comments
Please Leave A Response

Cryptography – A Look at the Scholarly Literature

On 08.10.09, In Internet, Technology, By Dan Calloway

by Dan Calloway, MSIT
Published August 8, 2009 at 7:15pm; www.dancalloway.com

There is much skepticism surrounding cryptography. Fagin et al. (2008) indicates that there is progress being made in this area to remove the skepticism. The National Institute of Standards and Technology (NIST) has joined forces with the National Security Agency (NSA) to form the “Common Criteria” process known as the Common Criteria for Information Technology Security Evaluation 2005 whose aim it is to increase the confidence in cryptographic and information-related security products. Additionally, the Department of Defense (DoD) has enacted policy directives requiring Information Assurance (IA) professionals to receive information security training in addition to basic IA training for all of its DoD employees (Fagin et al.). Fagin et al. further notes that security today requires some level of skepticism and critical thinking.

Bhargav-Spantzel et al. (2007) contends that there is a recent paradigm in identify management called user-centricity identity management. The study conducted by Bhargav-Spantzel et al. differentiated between two predominant notions: relationship-focused and credential-focused identity management. In the former approach, a user only maintains relationships with identity providers (IDPs) and thus every transaction providing identity information is conveyed to the appropriate IDP. In the latter approach, the user must obtain long-term credentials and store them in a local provider database.

Bhargav-Spantzel et al. indicates that the most predominant identity management model on the Internet today is the silo model where users handle their own data and provide it to organizations separately. One solution to this dilemma offered by Bhargav-Spantzel et al. is the centralized federation model, such as Microsoft’s Passport, which removes the inconsistencies and redundancies of the silo model and provides the Web users a seamless experience. Bhargav-Spantzel et al. offers a taxonomy for unifying the relationship-focused and credential-focused identity management, and investigated the idea of a universal user-centric system, which incorporates the current approaches. The open research question offered by Bhargav-Spantzel et al. in their study is the search for a credential-based user-centric system that crosses the boundaries of user-centricity. The study also supports their approach in unifying the notions in user-centricity that could be useful in the field of user-centric federated identity management systems (FIMS). (more…)

Wikio
Wikio
Tagged with:
 
2 Comments
Please Leave A Response

Introduction to Cryptography and its role in Network Security Principles and Practice

On 08.06.09, In Technology, By Dan Calloway

written by Dan Calloway
Published 7:45 pm EST; www.dancalloway.com

Early vs. Modern Cryptography:

Today’s cryptography is vastly more complex than its predecessor. Unlike the original use of cryptography in its classical roots where it was implemented to conceal both diplomatic and military secrets from the enemy, the cryptography of today, even though it still has far-reaching military implications, has expanded its domain, and has been designed to provide a cost-effective means of securing and thus protecting large amounts of electronic data that is stored and communicated across corporate networks worldwide. Cryptography offers the means for protecting this data all the while preserving the privacy of critical personal financial, medical, and ecommerce data that might end up in the hands of those who shouldn’t have access to it.

There have been many advances in the area of modern cryptography that have emerged beginning in the 1970s as the development of strong encryption-based protocols and newly developed cryptographic applications began to appear on the scene. On January, 1977, the National Bureau of Standards (NBS) adopted a data encryption standard called the Data Encryption Standard (DES), which was a milestone in launching cryptography research and development into the modern age of computing technology. Moreover, cryptography found its way into the commercial arena when, on December, 1980, the same algorithm, DES, was adopted by the American National Standards Institute (ANSI). Following this milestone was yet another when a new concept was proposed to develop Public Key Cryptography (PKC), which is still undergoing research development today (Levy, 2001).

When we speak of modern cryptography, we are generally referring to cryptosystems because the cryptography of today involves the study and practice of hiding information through the use of keys, which are associated with Web-based applications, ATMs, Ecommerce, computer passwords, and the like. (more…)

Wikio
Wikio
Tagged with:
 
6 Comments
Please Leave A Response

Go To Top »
Get Adobe Flash playerPlugin by wpburn.com wordpress themes

Polls

Should the federal government have oversight responsibilities for off-shore oil drilling in US waters?

View Results

Loading ... Loading ...

SEO Powered by Platinum SEO from Techblissonline