Cryptography
Home Cryptography SSL Application Conclusion References Glossary

 

Introduction

The expansion of the Internet and the Web has allowed more people to have access to more and more information. At the same time, the ability to keep information private has become an important issue. Privacy is vital for businesses that want to protect proprietary and other sensitive information, and for individuals who engage in electronic commerce. Encryption is one of the most effective tools for keeping information secure.

Cryptography has a long history, but until recently only the government and the military were the users of cryptographic systems. Today, many civil organizations and individuals are using cryptography to protect information. There are several reasons for this. First, the equipment for encryption/decryption (i.e., powerful computers) has become more affordable. Second, an increasing amount of information is stored on computers, changing the way information is stored, transmitted and accessed in society. Next, because of the complexity of communication systems, users do not have complete control over the transmission channels. This is why users are looking for tools that allow secure communication over insecure channels. Finally, cryptography as a science has received the attention of the civilian sector, and important theoretical results and products are now available to the public.

There are many security challenges in building safe communication and collaboration. Typical security problems include the following:

  1. Authentication:
    How to know, when connecting to a site, who operates the site?
    How to perform authentication without sending the user name and the password over the Internet?
  2. Eavesdropping:
    How to protect the privacy of a communication?
    How to ensure that the messages have not been modified between the sender and the receiver?
    How to verify that the message received is an identical copy of the original document?
  3. Authorization:
    How to ensure that the documents are read only by the people who have the authorization to do so?

The topic of Internet security is a very large one. Because the Web operates at the highest level (application) in the OSI model of communication networks, all the security problems in the lower levels of the OSI model (data link, network, transport) are potential sources of security risk in the Web too. For example, the fact that the Internet's protocol (Domain Name System) to map human-readable host names (e.g., cs.depaul.edu) into IP addresses (e.g., 126.17.40.26) is insecure makes the Web system vulnerable to the same attacks. The goal here is to present the basic elements of cryptography used in achieving security in the Internet in general, and in the Web in particular.

Rich Aliano <raliano@shrike.depaul.edu>

 
Home    Digital Certificates    Firewalls    Cryptography    SSL    JAVA