4.1 Cryptography and Web Security

4.1 Cryptography and Web Security

Today, cryptography is the fundamental technology used to protect information as it travels over the Internet. Every day, encryption is used to protect the content of web transactions, email, newsgroups, chat, web conferencing, and telephone calls as they are sent over the Internet. Without encryption any crook, thief, Internet service provider, telephone company, hostile corporation, or government employee who has physical access to the wires that carry your data could eavesdrop upon its contents. With encryption, as we discussed in Chapter 3, it is possible to protect a message in such a way that all of the world's computers working in concert until the end of time would be unable to decipher its contents.

Cryptography can be used for more than scrambling messages. Increasingly, systems that employ cryptographic techniques are used to control access to computer systems and to sign digital messages. Cryptographic systems have also been devised to allow the anonymous exchange of digital money and even to facilitate fair and unforgeable online voting.

4.1.1 Roles for Cryptography

Security professionals have identified five different roles that encryption can play in modern information systems. In the interest of sharing a common terminology, each of these different roles is identified by a specific keyword. The roles are:

Authentication

Digital signatures can be used to identify a participant in a web transaction or the author of an email message; people who receive a message that is signed by a digital signature can use it to verify the identity of the signer. Digital signatures can be used in conjunction with passwords and biometrics (see Chapter 6) or as an alternative to them.

Authorization

Whereas authentication is used to determine the identity of a participant, authorization techniques are used to determine if that individual is authorized to engage in a particular transaction. Crytographic techniques can be used to disbribute a list of authorized users that is all but impossible to falsify.

Confidentiality

Encryption is used to scramble information sent over networks and stored on servers so that eavesdroppers cannot access the data's content. Some people call this quality "privacy," but most professionals reserve that word for referring to the protection of personal information (whether confidential or not) from aggregation and improper use.

Integrity

Methods that are used to verify that a message has not been modified while in transit. Often, this is done with digitally signed message digest codes.

Nonrepudiation

Cryptographic receipts are created so that an author of a message cannot realistically deny sending a message (but see the discussion later in this section).

Strictly speaking, there is some overlap among these areas. For example, when a message is encrypted to provide confidentiality, an unexpected byproduct is often integrity. That's because many encrypted messages will not decrypt if they are altered. Current practices, however, dictate that it is better to use algorithms that are specifically designed to assure integrity for this purpose, rather than relying on integrity as a byproduct of other algorithms. Using separate algorithms allows finer control of the underlying processes. Using separate algorithms for confidentiality, authentication, and integrity also minimizes the impact of any legal restrictions that apply to cryptography, because these restrictions are usually aimed at confidentiality but not other cryptographic practices.

Nonrepudiation means adding assurance mechanisms to verify the identity and intent of the user. This is needed so the user cannot claim, after the fact, that she did not actually conduct the transaction. This claim may be phrased as a denial that the activity was ever conducted, or it may be a claim that someone else was using her account. Although nonrepudiation is often listed as one of the advantages of public key technology, the "nonrepudiation" provided by this technology is not true nonrepudiation. Public key technology can prove that a certain private key was used to create a digital signature, but it cannot prove the intent of the key's user.

"Nonrepudiation," as the term is commonly used by cryptographers, analysts, and even lawmakers, is simply not possible. Even if the cryptography is perfect, the person's computer might be infected with a virus that causes it to behave in a manner other than what's intended. Smart cards and biometrics do not solve the nonrepudiation problem either you might insert your smart card into a reader, thinking you are signing an electronic check to subscribe to a magazine, only to discover that a hostile ActiveX control has noticed the insertion and used your smart card to authorize the transfer of $1000 out of your bank account. Or a crook may force your signature at gunpoint. People can always repudiate something that a computer has done on their behalf.