Cryptography Reference
In-Depth Information
DATA ORIGIN AUTHENTICATION PLUS A FRESHNESS CHECK CAN
PROVIDE ENTITY AUTHENTICATION
As we have just discussed, data origin authentication on its own is only concerned
with the origin of data, and not whether the sender of data is currently active.
However, if we carefully combine data origin authentication with some sort of
freshness check then we can often achieve entity authentication, since we know
where the data originated
and
we know that the originator is involved in the
current communication session. We will see examples of this in Section 8.5 and
Chapter 9.
CONFIDENTIALITY DOES NOT IMPLY DATA ORIGIN AUTHENTICATION
A common mistake is to believe that providing data confidentiality (primarily
through encryption) also provides assurance of who sent the data and that it
is correct. There are special situations where this is a reasonable deduction,
but it is generally not true. Where both of these security services are required
(which is the case for many cryptographic applications) then they should both
be provided explicitly, either by using separate cryptographic mechanisms or one
that is specially designed to provide both services. We will discuss this issue in
further detail in Sections 6.3.1 and 6.3.6.
Having set the scene, it is now time to look at the concept of a cryptosystem. We
examine the basic model of a cryptosystem and explain fundamental terminology
that will be used throughout the rest of the topic. We also explain the crucial
difference between two important types of cryptosystem.
1.4.1
Different cryptographic concepts
Before proceeding further, it is important to explain some common cryptographic
terminology.
Cryptography
is a generic term used to describe the design and analysis of
mechanisms based on mathematical techniques that provide fundamental
security services. We will use
cryptography
in a generic sense, but a more
formally accurate term is
cryptology
, which is the scientific study of
cryptog-
raphy
(the design of such mechanisms) and
cryptanalysis
(the analysis of such
mechanisms). It is appropriate to think of cryptography as the establishment
of a large toolkit of different techniques, the contents of which can either be
used on their own, or combined, in security applications.
A
cryptographic primitive
is a cryptographic process that provides a number of
specified security services. If cryptography is a toolkit, then cryptographic