- Shopping Bag ( 0 items )
Ships from: Fort Worth, TX
Usually ships in 1-2 business days
Ships from: Chatham, NJ
Usually ships in 1-2 business days
In its Chapter:
How you can detect if an electronic message has been modified What a cryptographic checksum is, and how it is used to ensure message integrity What MaCS are, and what MaCing is What a strong one-way function is, and how it is used to ensure message integrity How banks protect your aTM transactions from being modified during transmission. actually, the term Integrity Protection is somewhat of a misnomer. It doesn't prevent a message from being modified; it is a mechanism that detects any modification of a message. So, it really functions as an Integrity or a message modification detector.
In Chapter 1 "Symmetrical Key Cryptography," we saw how alice and Bob can send a confidential message over an insecure medium (i.e., in the presence of Eve) protected by symmetrical key cryptography. But what if alice wants to send Bob a message that she wants to be sure Eve doesn't change while the message is in transit? Because many electronic transmissions occur across "broadcast" medium, anyone (e.g., Eve) can both read and intercept messages. If Eve is malicious and clever (which we know she is), she can intercept a message and either change it or substitute a different one in its place. In Figure 2.1, we see Eve intercepting and changing an electronic check that alice is trying to send to Bob.
You may ask, based on Chapter 1, wouldn't a modern cryptographic symmetrical key cipher prevent a person from changing an encrypted message? That is, a change in the message should make the decrypted message unintelligible from that point on. Well, that's true; however, there are other considerations. First, many modern symmetricalkey ciphers are "self-correcting," especially if run in a "streaming" mode, which is used with long messages. This means that if a change is induced, there will be a short segment of the message that will not decrypt properly after the "error," but then, after the short uncorrected segment, the cipher will self-correct and properly decrypt the rest of the encrypted message. This "self-correcting" becomes a problem in a number of cases. For example, if a photograph is being sent, an error may show a small and perhaps unnoticeable glitch in the plaintext photo, which could be significant if the photo is being used for scientific or intelligence purposes, and if the glitch obscures an important feature in the photograph. another example might occur in the transmission of large block of random-looking data. Within the large block of data, a small string of incorrect data may be overlooked, or possibly even be decrypted into undetectable "normal" looking text. This incorrect data could be significant if it is part of a critically ill person's diagnostic test results.
On the other hand, maybe alice has cause to send a plaintext message to Bob, and Bob needs assurance that the plaintext message he receives from alice has not be modified either accidentally or overtly.
So, how can alice protect the message from being modified in transit? For instance, alice may be sending Bob an electronic check for a ticket for a show that everyone knows Bob is selling, so the check and the transmission are common knowledge. Nonetheless, Bob would be put out if he sold alice a $10 ticket and received an electronic check from alice for only $1.
One way alice could protect the check is to put the check in a glass box and lock the box with a secret key that only she and Bob share (see Figure 2.2). Eve could then see the check within the box when the check and box are in transit, but she couldn't change it. When Bob receives the glass box, he could unlock the lock with the secret key he shares with alice, remove the lock, open the box, and remove the check to cash it.
as we discussed in the last chapter, alice would have difficulty stuffing a glass box into a computer or telephone. So, how can alice protect the message if it is sent over an electronic medium? Modern Cryptography to the rescue! In order to explain the process, we need to make a small digression to the supermarket.
When you go to the supermarket and make purchases, you generally receive a receipt, as shown in Figure 2.3. On this receipt is a list of purchased items, their price, and at the bottom, a "sum" or "total." The total is a result of the prices of all the purchases. If you changed your purchase, the total would change (provided you bought items of different value, of course).
The total acts as a CHECKSUM, so that if you presented the receipt to a petty cash accountant for reimbursement, the accountant could total the sales and see that you had not changed it and falsified the receipt.
another property of the total acting as a checksum is that if you were to give only the total to someone, he or she would have a hard time recreating an identical detailed receipt that matched yours. The total (or sum, or checksum) is an example of a ONE-WaY FUNCTION. a property of the one-way function is that it is difficult to reconstruct the function's result (in this case, the total) without the original input.However, the shopping receipt total or checksum is said to be a WEaK ONE-WaY FUNCTION, because it is possible in a finite period of time to come up with another receipt that has the same total. To find this second list, you'd do a lot of guessing and fiddling with various goods until you have a selection of different items that would give the original checksum value, but you could do it if you wanted...
AN INTRODUCTION TO MODERN CRYPTOGRAPHY.
Symmetrical Key Cryptography.
The Key Management Problem.
Kerberos, a Symmetrical Key Solution of the n? Problem.
Public Key Cryptography.
Certificate Extension and Attribute Certificates.
The Future of Cryptography and the United States Governmental Politics of Cryptography.
A TUTORIAL ON THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY.
Underlying Mathematics for Cryptography.
CASE STUDIES OF MODERN CRYPTOGRAPHIC ARCHITECTURES.
Case Study: Protecting an Intranet with a Kerberos and PKC Hybrid.
Case Study: Protecting the California ISO Internet Communications Using PKC.
Posted February 20, 2001
The world of information security is full of complex inter-relationships between cooperating systems. A solid understanding of issues and possible solutions is a must for all levels of management. This book delivers on its promise of teaching security in E-commerce to readers of all levels. Though it is rich in content and full of excellent examples, it does not overwhelm the reader. Case studies are especially intriguing as they provide real-life examples of practical deployment scenarios. The humor in the book makes it very delightful to read. I highly recommend this book.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.