This chapter details the basic building blocks and fundamental issues you need to understand before
moving on to more complex security technologies. Cryptography is the basis for all secure
communications; it is, therefore, important that you understand three basic cryptographic functions:
symmetric encryption, asymmetric encryption, and one-way hash functions. Most current authentication,
integrity, and confidentiality technologies are derived from these three cryptographic functions. This
chapter also introduces digital signatures as a practical example of how you can combine asymmetric
encryption with one-way hash algorithms to provide data authentication and integrity.
Authentication, authorization, and key management issues are critical for you to understand because the
compromise of either identity or secret keys is the most common form of security compromise.
Authentication technologies are introduced in Chapter 2, "Security Technologies," but this chapter
explores the methods of authentication, the establishment of trust domains for defining authorization
boundaries, and the importance of the uniqueness of namespace.
A key is a digital code that can be used to encrypt, decrypt, and sign information. Some keys are kept
private while others are shared and must be distributed in a secure manner. The area of key management
has seen much progress in the past years; this is mainly because it makes key distribution secure and
scaleable in an automated fashion. Important issues with key management are creating and distributing
the keys securely. This chapter introduces some common mechanisms that are used to securely create
and distribute secret and public keys. The controversial area of key escrow is explored to raise your
awareness of what the controversy is all about and what role key escrow may play in a secure enterprise
Cryptography is the science of writing or reading coded messages; it is the basic building block that
enables the mechanisms of authentication, integrity, and confidentiality. Authentication establishes the
identity of both the sender and the receiver of information. Integrity ensures that the data has not been
altered, and confidentiality ensures that no one except the sender and receiver of the data can actually
understand the data.
Usually, cryptographic mechanisms use both an algorithm (a mathematical function) and a secret value
known as a key. Most algorithms undergo years of scrutiny by the world's best cryptographers who
validate the strength of the algorithm. The algorithms are widely known and available; it is the key that is
kept secret and provides the required security. The key is analogous to the combination to a lock.
Although the concept of a combination lock is well known, you can't open a combination lock easily
without knowing the combination. In addition, the more numbers a given combination has, the more
work must be done to guess the combination---the same is true for cryptographic keys. The more bits that
are in a key, the less susceptible a key is to being compromised by a third party.
The number of bits required in a key to ensure secure encryption in a given environment can be
controversial. The longer the keyspace---the range of possible values of the key---the more difficult it is
to break the key in a brute-force attack. In a brute-force attack, you apply all combinations of a key to the
algorithm until you succeed in deciphering the message.
Table 1-1 shows the number of keys that must be tried to exhaust all possibilities, given a specified key
length.
.
.
Click Here to Download
moving on to more complex security technologies. Cryptography is the basis for all secure
communications; it is, therefore, important that you understand three basic cryptographic functions:
symmetric encryption, asymmetric encryption, and one-way hash functions. Most current authentication,
integrity, and confidentiality technologies are derived from these three cryptographic functions. This
chapter also introduces digital signatures as a practical example of how you can combine asymmetric
encryption with one-way hash algorithms to provide data authentication and integrity.
Authentication, authorization, and key management issues are critical for you to understand because the
compromise of either identity or secret keys is the most common form of security compromise.
Authentication technologies are introduced in Chapter 2, "Security Technologies," but this chapter
explores the methods of authentication, the establishment of trust domains for defining authorization
boundaries, and the importance of the uniqueness of namespace.
A key is a digital code that can be used to encrypt, decrypt, and sign information. Some keys are kept
private while others are shared and must be distributed in a secure manner. The area of key management
has seen much progress in the past years; this is mainly because it makes key distribution secure and
scaleable in an automated fashion. Important issues with key management are creating and distributing
the keys securely. This chapter introduces some common mechanisms that are used to securely create
and distribute secret and public keys. The controversial area of key escrow is explored to raise your
awareness of what the controversy is all about and what role key escrow may play in a secure enterprise
Cryptography is the science of writing or reading coded messages; it is the basic building block that
enables the mechanisms of authentication, integrity, and confidentiality. Authentication establishes the
identity of both the sender and the receiver of information. Integrity ensures that the data has not been
altered, and confidentiality ensures that no one except the sender and receiver of the data can actually
understand the data.
Usually, cryptographic mechanisms use both an algorithm (a mathematical function) and a secret value
known as a key. Most algorithms undergo years of scrutiny by the world's best cryptographers who
validate the strength of the algorithm. The algorithms are widely known and available; it is the key that is
kept secret and provides the required security. The key is analogous to the combination to a lock.
Although the concept of a combination lock is well known, you can't open a combination lock easily
without knowing the combination. In addition, the more numbers a given combination has, the more
work must be done to guess the combination---the same is true for cryptographic keys. The more bits that
are in a key, the less susceptible a key is to being compromised by a third party.
The number of bits required in a key to ensure secure encryption in a given environment can be
controversial. The longer the keyspace---the range of possible values of the key---the more difficult it is
to break the key in a brute-force attack. In a brute-force attack, you apply all combinations of a key to the
algorithm until you succeed in deciphering the message.
Table 1-1 shows the number of keys that must be tried to exhaust all possibilities, given a specified key
length.
.
.
Click Here to Download
ไม่มีความคิดเห็น:
แสดงความคิดเห็น