Cryptography Reference
In-Depth Information
Flexibility
. The eID card scheme is primarily an enabler for cryptographic
applications. It therefore leaves specific applications a degree of flexibility
on how they manage security of applications interacting with eID cards.
In particular, applications must manage their own certificate revocation
processing.
Most of the previous applications use cryptography in a fairly transparent
manner, in the sense that the end user may not even be aware of the underlying
cryptography when they interact with the application. In this section we briefly
consider some situations where an end user may take the active decision to
use cryptography to protect some data. We focus our attention on a 'home
user', by which we rather loosely mean a user who is not particularly computer
literate and not part of a wider organisation with centralised security controls.
Since there are so many tools and products providing cryptographic support
to home users, we restrict ourselves to general remarks rather than specific
analysis. The two applications that we will focus on are file encryption and
email security.
12.7.1
File protection
Typically, there are twomain reasons for a home user wanting to use cryptography
to protect a file:
Additional storage protection
. Most computer systems, including desktops,
laptops, PDAs and smart phones, have basic security controls that provide
some protection against unauthorised parties from accessing the files that
are stored on them. Most home users rely on basic user access control
mechanisms for this protection. The commonest such control is to provide
entity authentication to the computer itself through the use of a password-
based mechanism. However, such controls do not normally provide strong
protection, since it is relatively easy to overcome them. In addition, different
types of portable media exist for storing files, such as DVDs, memory cards
and USB tokens, many of which have no default file storage protection
mechanisms.
File transfer security
. A user may wish to transfer a file from one computer
system to another. While the end computer systems may be protected, the
communication channel is potentially insecure.
In both of these cases, the primary security service that is required is confiden-
tiality, since the main concern is unauthorised parties accessing the contents of
the file.
