130 UN I T 18 Data Security 1

SPECIALIST READING Safe Data Transfer

Secure transactions across the Internet have
Flnd the answers to these questions in the three goals. First, the two parties engaging in a
followingtext. transaction (say, an email or a business
purchase) don't want a third party to be able to
1 What does data encryption provide? read their transmission. Some form of data
a encryption is necessary to prevent this.
privacy b Second,
integrity the receiver of the message should be able to
detect whether someone has tampered with it in
2 c A message encrypted with the transit. This calls for a message-integrity
authenticati
recipient's public key can only be scheme. Finally, both parties must know that
on
decrypted
a thewith
sender's they're communicating with each other, not an
private key b the impostor. This is done with user authentication.
sender's public key Today's data encryption methods rely on a
3 cWhatthe recipient's
system private used for
is commonly technique called public-key cryptography.
key
encryption? Everyone using a public-key system has a public
4 What is the opposite of 'encrypt'? key and a private key. Messages are encrypted
and decrypted with these keys. A message
5 A message-digest function is used
encrypted with your public key can only be
ato: authenticate a decrypted by a system that knows your
user b create a MAC private
c encrypt a message key.
6 What information does a digital For the system to work, two parties engaging in
certificate give to a client? a secure transaction must know each other's
public keys. Private keys, however, are closely
guarded secrets known only to their owners.
When I want to send you an encrypted message,
This shows the complex process that's required to send data three basic tenets of secure transfer: data encryption,
securely across open communication lines while satisfying the interference prevention, and user authentification.

Message- Message-
digest authentication
Public
Sender function code 2 The sender encrypts
the MAC with their
1 The sender takes a document and produces a message- private key.
authentication code (MAC) using a message-digest function.

3 The sender attaches the encrypted MAC to the document 4 When the recipient receives the document,
and encrypts both with the recipient's public key. they can decrypt it with their private key.

Sender

5 The recipient produces a local copy of the document's MAC

using the same message-digest function the sender used.

Recipient
6 The recipient decrypts the sender's
MAC using the sender's public key.
Recipient
7 The recipient compares its local copy of the MAC to the
sender's unencrypted MAC. If the two match, then the recipient
knows the document hasn't been tampered with and that only
the sender could have created the original message.
 UNIT 18 Data Security 1
131

I use your public key to turn my message into

gibberish. I know that only you can turn the Re-read the text to find the answers to
gibberish back into the original message, these questions.
because only you know your private key.
Public- 1 Match the functions in Table 1 with the
key cryptography also works in reverse - that is, keys in Table 2.
only your public key can decipher your private
key's encryption.
Table 1
To make a message tamper-proof (providing
message integrity), the sender runs each a to encrypt a message for
message through a message-digest function. This sending b to decrypt a received
function within an application produces a
number called a message-authentication code message
(MAC). The system works because it's almost c. to encrypt the MAC of a message
impossible for an altered message to have the
same MAC as another message. Also, you can't d. to encrypt the MAC of a digital
take a MAC and turn it back into the original signature
Table 2
message.
i. sender's private key
The software being used for a given exchange
produces a MAC for a message before it's ii. trusted issuer's private key
encrypted. Next, it encrypts the MAC with the iii.the recipient's private key iv
sender's private key. It then encrypts both the
message and the encrypted MAC with the the recipient's public key
recipient's public key and sends the message.
When the recipient gets the message and 2 Match the terms in Table A with the
decrypts it, they also get an encrypted MAC. The statements in Table B.
software takes the message and runs it through
the same message-digest function that the Table A
sender used and creates its own MAC. Then it
decrypts the sender's MAC. If the two are the a. Gibberish
same, then the message hasn't been tampered
with. b. Impostor

The dynamics of the Web dictate that a user- c. Decipher

authentication system must exist. This can be d. MAC
done using digital certificates.
e. Tenets
A server authenticates itself to a client by
f. Tamper
sending an unencrypted ASCII-based digital
certificate. A digital certificate contains
information about the company operating Table B
the
server, including the server's public key. i Message-authentication code
The ii Principal features
digital certificate is 'signed' by a trusted digital-
certificate issuer, which means that the issuer iii. Meaningless data
has investigated the company operating the iv. Person pretending to be someone else
server and believes it to be legitimate. If the
client trusts the issuer, then it can trust the v Make unauthorised changes
server. The issuer 'signs' the certificate by vi Convert to meaningful data
generating a MAC for it, then encrypts the MAC
with the issuer's private key. If the client trusts
the issuer, then it already knows the issuer's
public key.
The dynamics and standards of secure Additional exercises on page 129
transactions will change, but the three basic
tenets of secure transactions will remain the
same. If you understand the basics, then you're
already three steps ahead of everyone else.
[Jeff Downey, 'Power User Tutor', PC Magazine, August 1998]
 Answers

B1:
a- iv b- iii c- i d-ii

B2:
a- iii b- iv c- vi d- i e- ii f- v