Cryptography Reference
In-Depth Information
• used as the basis for the design of other cryptographic primitives (for example,
we will see in Chapter 6 that block ciphers can be used to design hash functions
and message authentication codes);
• adopted within cryptographic protocols to provide different security services
(we will see in Section 9.4 that encryption algorithms can be used as
components of protocols that provide entity authentication).
IMPLEMENTATION
As anyone with practical security experience will know only too well, security
technology is worthless without careful implementation. Developers do not always
understand cryptography and how to use it. There have been many instances
in the past of basic errors being made at the implementation stage, which
later have disastrous consequences. Two potential problems with cryptographic
implementations are:
Implementation tricks
. All cryptographic primitives slow down an application,
and some cryptographic primitives do so substantially (particularly public-key
primitives). This has led to the development of various implementation 'tricks'
to speed up certain cryptographic primitives. It is important that these are done
in such a way that they do not inadvertently affect the security of the primitive
itself.
Backwards compatibility measures
. Developers sometimes make provision for
backwards compatibility
, which allows an application to be used with legacy
systems that are not running the latest version software and/or hardware.
Making such provisions can sometimes result in parts of a cryptographic
mechanism being bypassed.
Also of great significance to the resulting security of a cryptosystem is whether its
implementation is in software or hardware. Software-based cryptography is much
more vulnerable to attack since the primitive and its keys will typically reside in
memory and be vulnerable to attacks on the computing platform. For example,
malicious code on a platformmight seek to locate and export cryptographic keys.
Hardware-based cryptography is generally more secure, with the best protection
being provided when specialised hardware security modules are deployed. We
examine this issue in more detail in Section 10.5.
We will not discuss implementation issues in any great detail in this topic.
Implementation security, including the development of secure software, is a topic
of more general significance and is one that should be studied as part of any wider
information security education.
KEY MANAGEMENT
The management of the cryptographic keys used by a cryptographic primitive is a
vital part of the cryptographic process.We discuss this topic in detail inChapter 10
and Chapter 11.
