Page 563 - StudyBook.pdf
P. 563

Basis of Cryptography • Chapter 9  547

                 cryptography can authenticate a sender by their private key, assuming that the key
                 is kept private. Because each person is responsible for their own private key, only
                 that person is able to decrypt messages encrypted with their public key. Similarly,
                 only those persons can sign messages with their private key that are validated with
                 their public key.

                 Non-Repudiation

                 Asymmetric cryptography ensures that an author cannot refute that they signed or
                 encrypted a particular message once it has been sent, assuming the private key is
                 secured.Again, this goes back to the fact that an individual should be the only
                 person with access to their private key. If this is true, only that person could sign
                 messages with their private key and therefore, by extension, all messages signed
                 with their private key originated with that specific individual.

                 Access Control

                 Additionally, in limited ways, cryptography can provide users with some access con-
                 trol mechanisms. Some systems can provide access control based on key signatures.
                 Similar systems use X.509 certificates in the same manner.The idea is that, based
                 on a certificate presented by a user that has been signed by that user, a particular
                 user can be identified and authenticated. Once the authentication has occurred,
                 software access controls can be applied to the user.

                 One-time Pad

                 There is a type of cryptography that has been mathematically proven to be
                 unbreakable.The concept is called the one-time pad (OTP). It requires you to use a
                 series of random numbers equal in length to the message you want to send.The
                 problem with using this type of cryptography is that both sides need access to the
                 random number generator, and the random number listings can never be reused.A
                 suitable source of randomness that is truly random and unpredictable to put the
                 concept to use has not been found. Considering that OTP’s were created almost
                 100 years ago, far before most modern cryptography techniques, and have been
                 used in the military and intelligence communities for many years, it is a very inter-
                 esting concept.
                    The OTP algorithm is actually a Vernam cipher, which was developed by
                 AT&T in 1917.The Vernam cipher belongs to a family of ciphers called stream
                 ciphers, since they encrypt data in continuous stream format instead of the chunk-
                 by-chunk method of block ciphers.There are two problems with using the OTP,



                                                                              www.syngress.com
   558   559   560   561   562   563   564   565   566   567   568