Applications of Cryptography
Cryptography can be applied in communication of data and information, which we will see in the form of IPSec, SSL, and PGP. In this article we will examine these applications and see how cryptography fits in.
IPSec
Internet Protocol Security (IPSec) is a set of protocols designed to protect the confidentiality and integrity of data as it flows over a network. The set of protocols is designed to operate at the Network layer of the OSI model and process packets according to a predefined group of settings.
Some of the earliest mechanisms for ensuring security worked at the Application layer of the OSI model. IPSec is a new technology that works at the Network layer of the OSI model and has proven to be more successful than many of the previous methods. IPSec has been widely adopted not only because of its tremendous security benefits, but also because of its ability to be implemented without major changes to individual computer systems. IPsec is especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks.
IPSec provides two mechanisms for protecting information: Authentication Header and Encapsulating Security Payload. The two modes differ in what they provide:
- Authentication Header (AH) provides authentication services and provides a way to authenticate the sender of data.
- Encapsulating Security Payload (ESP) provides a means to authenticate information as well as encrypt the data.
Pretty Good Privacy
Pretty Good Privacy (PGP) is another application of cryptographic technologies. Using public key encryption, PGP is one of the most widely recognized cryptosystems in the world. PGP has been used to protect the privacy of e-mail, data, data storage, and other forms of communication such as instant messaging.
PGP was designed to provide the privacy and security measures that are not currently present in many forms of online communication. The e-mail or instant message travels to the destination or recipient in this encrypted form. The recipient will use PGP to decrypt the message back into plaintext.
The PGP system is a simple but innovative mechanism that uses a process similar to the public and private key system we explored earlier in this chapter. The key pair consists of a public key and a private key; the public key encrypts messages, and the private key decrypts them.
A PGP user can also use their private key to digitally sign outgoing mail so that the recipient knows the mail originated from the named sender. A third party would not have access to the private key, so the digital signature authenticates the sender. Sensitive data files stored on your hard drive or on removable media can also be protected using PGP. You can use your public key to encrypt the files and your private key to decrypt them. Some versions also allow the user to encrypt an entire disk. This is especially useful for laptop users in the event the laptop is lost or stolen.
Secure Sockets Layer (SSL)
Another important mechanism for securing information is the Secure Sockets Layer (SSL). The SSL protocol was developed by Netscape in the mid-1990s and rapidly became a standard mechanism for exchanging data securely over insecure channels such as the Internet.
When a client connects to a location that requires an SSL connection, the server will present the client with a digital certificate that allows the client to identify the server. The client makes sure the domain name matches the name on the CA and that the CA has been generated by a trusted authority and bears a valid digital signature.
Once the handshake is completed, the client will automatically encrypt all information that is sent to the server before it leaves the computer. Encrypted information will be unreadable en route. Once the information arrives at the secure server, it is decrypted using a secret key. If the server sends information back to the client, this information will also be
encrypted on the server end before being transmitted.
