Cryptography Reference
In-Depth Information
•
Confidential plaintext (readable text) must never flow through a network
others can eavesdrop, such as the Internet or intranets. It is believed that
every data packet crossing the Internet in the USA is listened in on with
a probability of 10 %. A DFN-CERT employee estimates a similar rate
for Germany.
•
Your computers have to be secured against illegal access over the net-
work.
IP spoofing
(a technique used to gain unauthorized access to
computers, whereby the intruder sends messages to a computer with an
assumed IP address) is actually a complicated matter. But thanks to the
wealth of software packages on the black market, this type of attack has
become 'respectable', in addition to many other ingenious methods. We
don't know how many of these attacks are malicious. Firewalls are not
impenetrable!
If all of this wasn't scary enough, think of software working as an active spy.
For example, the
Promis
program originally designed for criminal investiga-
tion had been universally used and might also have helped the NSA (National
Security Agency) in accessing a large number of international databases, pos-
sibly including those of Swiss banks. I refer readers interested in the details
to [SpiegDat] and spies you happen to know. The article referred to mentions,
among other things, that every normal computer with a normal screen works
like a TV transmitter. The signal can probably be filtered out from a distance
of even one kilometer, and the screen contents can be reconstructed from this
signal. Automatic teller machines (ATMs) are also computers, by the way. And
we don't know how many computers are out there running keyboard sniffers
that simply capture keystrokes and then send passwords or other sensitive stuff
they recovered over the network.
Don't give up just yet. At the advent of the Industrial Revolution in England,
most houses had no door locks, and current security technology wouldn't have
meant anything to anybody back then. The current change toward the informa-
tion society is just as revolutionary, and we'll once more have to learn things
from scratch. And it will get dangerous if we fail to understand the threats.
What Cryptology Means for Data Protection
Back to our topic. You have seen that cryptology is not everything, but is
something special. Why? Encryption can protect information when it is clear
that unauthorized access cannot be prevented. (A classical example are the
address lists on your Windows computer at your workplace.) However, I find
another aspect much more significant.
