What is Cryptography?
Cryptography is the study of encryption and decryption in which information is converted from its normal and comprehensible form into an obscured message, known as cipher-text, that is incomprehensible. That information is then reformed into the original message through the use of a cipher; a pair of algorithms that create and also decrypt messages with the help of a ‘key’. This allows messages to be encrypted before being sent out and then to be decrypted by the intended recipient with knowledge of the cipher and the key. Anybody who intercepted and read the message would not be able to understand what was written. In the past, cryptography was used to help ensure the secrecy of important private communications, such as those of spies and military leaders, but in recent decades, the field of cryptography has expanded to include digital security, particularly for the Internet. This includes digital signatures, electronic cash, rights management for intellectual property protection, and securing electronic commerce through programmes such as Paypal and for use in on-line banking. Cryptography is now often built into the infrastructure for computing and telecommunications to the extent that it is taken for granted and many users merely assume their information is secure, or do not even realise the existence of the encryption at all.
Divisions of cryptography
The modern field of cryptography can be divided into several areas of study, symmetric-key cryptography, public-key cryptography, and cryptanalysis.
Symmetric-key cryptography[1] is an encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt messages. These systems are simple and fast, but their main drawback is that the two parties must somehow exchange the key in a secure way. Public-key encryption avoids this problem because the public key can be distributed in a non-secure way, and the private key is never transmitted.This allows any party to encrypt a message, but only the recipient can decrypt it back into its original form. Symmetric-key cryptography is sometimes called secret-key cryptography and the most popular symmetric-key system is the Data Encryption Standard (DES).
Public key cryptography[2] was invented in 1976 by Martin Hellman and Whitfield Diffie. It is a cryptographic system that requires two keys for each user, a public key that is known to everyone and a secret key that is known only to that user. This negates the problem with symmetric key encryption where the key must be exchanged before messages can be understood. When a user wants to send a secure message, they use the public key of the recipient to encrypt the message before the recipient then decrypts the message by using their own private key. It is important that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. It is also important that the private key cannot be discovered by knowing the public key.
Public key systems are becoming very popular for transmitting information over the Internet due to the fact that they are very secure and easy to use. The main difficulty with this system is that to encrypt a message correctly it is necessary to already have the intended recipient’s public key. This means that a public server needs to be used which holds all the user’s public keys, which can be accessed by anybody. An example of a popular application that utilises the Public-key cryptography principles is the Voice over IP (VoIP) program Skype.
The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme, thus allowing an encryption to be ‘broken’ and the information revealed. It is a commonly held misconception that every encryption method can be broken. Claude Shannon proved that his one-time pad cipher is unbreakable, provided that the key material is truly random, never reused, never intercepted, and is greater than or equal to the length of the message. This means that if you were to send two messages to an ally (the receiver knowing that the longer of the two would be the key) and only one of either of the messages was intercepted by the enemy, both messages would still reach the receiver for deciphering, but the interceptor without both messages would not be able break the encryption and make sense of the content.
Past Uses of Cryptography
Cryptography was used extensively in World War II for encrypting military orders in case of enemy interception. The Enigma was a revolutionary cryptography system developed by the German navy in order to pass secret messages and orders to each other without the Allies intercepting them and interfering with their plans. The system was primarily mechanical and was a stream cipher, meaning that every point in the input message affected the encrypting of every later point. For example if the clear-text messages ‘eff, and ‘egf’ were encrypted, the third letter on both of the output cipher-text messages would not necessarily be the same letter, even though the letter in the clear-text messages is. Enigma itself was a reciprocal cipher, which meant that if the machine was reset, the encrypted messages could be entered into the machine in order to output the clear-text message.
Modern applicaitons of cryptography
Cryptography has many applications in modern day-to-day life, and is a major part of providing privacy while we communicate over the Internet using our computers. Applications such as Skype use cryptography to prevent others from listening in on conversations, this helps maintain privacy but also makes it more difficult for law enforcement to prevent the organising of crime. There is much debate over how far information should be encrypted and who should have access to it, privacy and freedom of speech are very important considerations but the general population also has a right to safety and high encryption can impede the maintaining of the peace.
One of the primary uses of encryption online is through HTTPS (Hyper Text Transfer Protocol with an added s for secure sockets layer) in order to make online purchasing through websites secure. Sites that feature HTTPS include Amazon, Tesco, and Ebay. It is also used in new peer to peer applications to help prevent outsiders knowing what users are downloading. This allows downloads to remain private, but also makes it easier to download illegal and copywritten content without legal action being taken against the user, a boon for those downloading illegally by making it harder for law enforcement to take action. Credit cards use encryption in their smart card technology; smart cards are highly portable and have enough power to compute modern cryptographic algorithms. Automated tele-machines (ATMs) use encryption to secure information sent to and from the bank. Cryptography is also used with DVDs to help prevent video piracy. By encrypting DVDs, they cannot be copied in order to be re-sold illegally. Music files such as the AAC Itunes song formats and many modern CDs are encrypted to cut down on piracy and prevent people from sharing files without paying for them.
Some legislation regarding cryptography.
The Encrypted Communications Privacy Act of 1997 (S376) “Sets penalties for willfully endeavoring by means of encryption to obstruct, impede, or prevent the communication to an investigative or law enforcement officer of information in furtherance of a felony.”[3] This means that if the government requires an encryption key from somebody and they do not share it with the government, they will face charges. This may contradict the citizen’s rights to prevent self-incrimination, in which the key would allow access to confidential information which would incriminate the key-holder. This act also allows any person within the United States and any American citizen in a foreign country to make use of any encryption type and key, and also prevents the legal authorities requiring the key be transferred to another person when an encryption program is sold. This means that an encryption application can be sold to somebody without giving them the key required to break or decrypt the system. This makes encryption applications much more secure as only a selected person or persons will have the knowledge required to void the system and this knowledge is not available to the general public. People may now sue the government for damages if they are affected by the unlawful use or disclosure of recovered information[7]. The S.909 Congress bill sets forth conditions under which a key recovery agent may disclose recovery information, such as an encryption key, but only if certain conditions are met, otherwise they are liable to be sued by the owner of the encryption program. A recovery agent is a person entrusted by other persons to hold information that allows access to encrypted data and is registered with the government.
Issues with cryptography
The main issues with cryptography arise from the extent of encryption that should be available to the general public and who has unrestricted access to encrypted material. It is possible to encrypt not only digital messages such as emails but also computer hard-drives, partially or completely, by those sufficiently computer literate. This prevents access to confidential data by a physical user of the machine, as well as a digital ‘hacker’. Windows Vista now offers complete data encryption security with an improved Encrypted File System (EFS) and the new BitLocker feature. With these two features, it’s possible to cover all aspects of storage security on a Vista PC. There is once again the issue of privacy or increased crime prevention and decreased risk of terrorist attack.
According to specialists, the VoIP application Skype[4] is being used by terrorists for secure communication. Skype is one of the most popular VoIP tools around the world with over 100 million users. It is possible to intercept conversations taking place through Skype, but many areas around the globe that are considered to be terrorist hot spots do not have the technology that is needed in order to perform such an action. Countries as wealthy and technologically advanced as the Unites States still have difficulty tracking conversations in real time even with the most advanced technology available. Skype uses the Advanced Encryption Standard to secure its conversations, which is an encryption standard adopted by the United States government. Skype conversations are hard to intercept not only due to the encryption used, but also due to how VoIP works. The information is broken down into bits which are transferred through the Internet in the form of packets. The difficulty arises through the nature of packet delivery, not every packet in the conversation is required to take the same route through the Internet, and the order of delivery does not need to remain static. Tracking and receiving all these packets mid-transfer is complex.
Another example of terrorist usage of encrypted software comes from the British Broadcasting Company (BBC) who have claimed criminals in Italy are also switching to making phone calls over Skype in order to avoid providing police with incriminating evidence and information through mobile phone intercepts. Investigators within the country have become increasingly reliant on wire taps in recent years. Skype has also refused to share the encryption system with the Italian authorities.
The obstructing of free speech is an important argument against government access to encrypted information. A university student, Daniel Bernstein developed an encryption algorithm known as ‘Snuffle’ which he intended to publish with a mathematical paper for discussion at conferences. He has been obstructed by American laws stating that he must have his work reviewed by government prior to public release, and must also apply for a license as an arms dealer and a special government license in order to publish. The consequences of failing to do so according to civil and criminal legislation are severe and given the nature of his work Bernstein has taken the government to court in an attempt to sue them for violating his right to free speech.
Conclusion
Cryptography has proved to be an essential tool that has become highly developed and advanced in protecting important communications over the years, from Word War II, to modern day digital e-commerce. Without it, most applications of the Internet would not be safe, and therefore not be viable. Due to its increasing complexity, range of use, and popularity, legislation over cryptography needs to be kept up to date in order to keep a control over this vital, yet possibly dangerous study. It is crucial that the right people are entrusted with these encryption keys and do not abuse them, in order to maintain security, yet still have a high degree of privacy. Governments need to tread a fine line regarding legislation dealing with cryptography to protect the public from criminal harm and not intruding on people’s right to free speech and privacy.
Bibliography
1) “Symmetric key cryptography” Encyclopedia Britannica.Online: . Accessed: 2009-5-14.
2) “Public key cryptography”. Encyclopedia Britannica. Online: . Accessed: 2009-5-14.
3) The Library of Congress. “Encrypted Communications Privacy Act of 1997″. Online: . Accessed: 2009-5-13.
4) Softpedia. “Terrorist Communication on Skype”. Online: . Accessed: 2009-5-14.
5) BBC News. “Italy Police Warn of Skype Threat”. Online: . Accessed: 2009-5-14.
6) Electronic Frontier Foundation. “Bernstein V US Department of Justice”. Online: . Accessed: 2009-5-14.
7) The Library of Congress. “S.909 : A bill to provide Federal assistance to States, local jurisdictions, and Indian tribes to prosecute hate crimes, and for other purposes”. Online: . Accessed: 2009-5-14
