Introduction to Cryptography: Module Overview |

In
this module we will investigate the role of cryptography, and security
mechanisms that employ cryptography, in supporting a security
architecture. You will discover on this MSc course that making a system
"secure" consists of many different processes and procedures, some of
which are managerial and some of which are technical. Cryptography is
the core technology that lies behind the majority of technical security
solutions that are currently available. It is for this reason that we
have devoted a full core module to understanding cryptography and how
it can be used.
The main aims of this module are to: - motivate the need for different types of security services
- introduce you to the main types of cryptographic mechanism
- explain how different cryptographic mechanisms provide different services
- identify some of the issues relating to the management of these services
We will discover that cryptography is not just about encryption, but is rather a whole collection of different mathematically based tools that can be employed to provide a host of different security services. You will hear many times on this course that three of the basic security services that are needed in almost any application are confidentiality, integrity and authentication. Cryptography provides the technical means to realise all three of these, not just the first.
Cryptography does nothing on its own. It is a basic and vital ingredient of any security architecture, but it is nothing more than that. Cryptography needs to be used in particular ways, it needs to be combined with other technologies, it needs to be implemented properly and it needs to be supported by the appropriate managerial processes. If any one of these aspects is deficient then it is quite likely that using cryptography does not bring the security guarantees that are being sought.
It is important to recognise that cryptography is not a panacea. Cryptography consists of mathematically-based techniques that can be used to provide security services. It is possible that in the future these security services will be provided by some other types of technology. However, for now, cryptography is widely recognised as being the only available technology for providing these core security services.
It is certainly true that the basic cryptographic mechanisms rely on mathematical ideas. However it is important to recognise that understanding what cryptography does, and how it can be used, does not require extensive mathematical knowledge. This module has been written under the assumption that you have very little mathematical background. This is about as non-mathematical an explanation of cryptography as you are likely to encounter anywhere! We will provide you with the little mathematics that you need to know in order to appreciate how some of the mechanisms work, but the rest requires you to understand ideas, not mathematics. At the end of this module you should be able to: - Explain exactly what cryptography can be used for
- Appreciate the differences between various types of cryptosystem and in which situations they are most usefully employed
- Identify the issues that need to be addressed when assessing what types of cryptographic mechanism are necessary to "secure" an application
- Describe several basic cryptographic mechanisms for providing each of the core security services
- Identify the limitations of cryptography and how to support it within a full security architecture
This module is divided into three parts:
Units 1 to 3 provide the basic principles underpinning this module. The need for cryptography is motivated and some of the core security services that can be provided by cryptography are identified. The basic model of a cipher system is introduced and the use of cryptography is discussed. We look back at a number of historical cipher systems. Most of these are unsuitable for any modern practical use, but they are simple algorithms with which to illustrate many of the core ideas and some of the basic cryptographic algorithm design principles. The differences between security in theory and security in practice are then discussed. It is shown that unbreakable cipher systems exist, but are not practical, and that most practical cipher systems are breakable in theory. Life is always about compromise!
Units 4 to 8 explore the various components that make up the cryptographic toolkit. This comprises encryption algorithms, cryptographic primitives and the cryptographic protocols that combine them. There are two types of cryptosystem, and we begin by looking at the first of these: symmetric cryptosystems. Different types of symmetric algorithms are discussed, as are the different ways in which they can be used. We then look at the ways in which (symmetric) cryptography can be used to provide security services other than confidentiality, including data integrity, pseudorandom number generation and entity authentication. Several different techniques for providing these services are described and compared. We then look at public key cryptosystems. The motivation for public key cryptography is explained and the two most famous public key algorithms are studied in some detail. We then look at the public-key cryptographic technique for providing non-repudiation, the digital signature. Finally we look at how all these cryptographic primitives can be combined in the form of cryptographic protocols.
Units 9 to 11 look at different ways in which the implementation of cryptography in practice needs to be supported. We begin by looking at the management of cryptographic keys. The life cycle of a cryptographic key and some of the most popular techniques for conducting the various components of this cycle are discussed. Public key infrastructures are investigated and the difficulties and problems that need to be overcome in order to set in place such a supporting framework are analysed in detail. We will wrap up the module by attempting to tie everything together by looking in detail at some real cryptographic applications. |

Introduction to Cryptography and Security Mechanisms |

Keith's Electronic Domicile |