Keith Martin - Everyday Cryptography: Fundamental Principles and Applications

Everyday Cryptography

Everyday Cryptography

Fundamental Principles and Applications

SECOND EDITION

KEITH M. MARTIN

Great Clarendon Street, Oxford, OX2 6DP, United Kingdom

Oxford University Press is a department of the University of Oxford. It furthers the Universitys objective of excellence in research, scholarship, and education by publishing worldwide. Oxford is a registered trade mark of Oxford University Press in the UK and in certain other countries

Keith Martin 2017

The moral rights of the author have been asserted

First Edition published in 2012

Second Edition published in 2017

Impression: 1

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of Oxford University Press, or as expressly permitted by law, by licence or under terms agreed with the appropriate reprographics rights organization. Enquiries concerning reproduction outside the scope of the above should be sent to the Rights Department, Oxford University Press, at the address above

You must not circulate this work in any other form and you must impose this same condition on any acquirer

Published in the United States of America by Oxford University Press 198 Madison Avenue, New York, NY 10016, United States of America

British Library Cataloguing in Publication Data

Data available

Library of Congress Control Number: 2017938463

ISBN 9780191092060(ebook.)

ISBN 9780198788010(pbk.)

Printed and bound by

CPI Litho (UK) Ltd, Croydon, CR0 4YY

Links to third party websites are provided by Oxford in good faith and for information only. Oxford disclaims any responsibility for the materials contained in any third party website referenced in this work.

When this book was first published in 2012, it was argued to be relatively timeless and hence would be just as relevant in 2022 as it would have been in 2002. This is because the focus was on fundamental principles and not the latest technology. So, is a second edition really needed?

I stand by the initial statement, so one answer is that a second edition is not strictly needed. The fundamental principles behind cryptography have not changed. Indeed, there has been relatively little change in the most common cryptographic algorithms used to implement these principles, so most of the cryptographic toolkit presented in the first edition remains the same. However, there are reasons why a new edition of Everyday Cryptography is merited.

The last part of the book illustrates the underlying principles by examining how cryptography is used in some everyday applications. There have inevitably been developments to these applications since 2012, several of which have resulted in changes to the cryptography used within them. The second edition thus presents an opportunity to update this material. In addition, some further details about some of the cryptographic tools used to support them have been provided. The new material includes discussion of TLS 1.3, LTE, and Apple Pay.

However, the most significant development since 2012 is that there is now a much greater awareness of cryptography throughout society. This has arisen from a very public debate about use of cryptography following the revelations by former US Government contractor Edward Snowden in 2013, which revealed a great deal of information about how the use of cryptography has been controlled by government agencies.

Society has always been faced with a dilemma when it comes to the use of cryptography. The tensions between provision of privacy and a desire for targeted surveillance have existed for decades, and are ongoing. Snowdens revelations relating to this are just the latest twist in an old story. The first edition of Everyday Cryptography made only passing reference to this issue. This second edition devotes an entire chapter to the control of cryptography. This chapter presents the dilemma posed by cryptography and discusses strategies and implications of attempts to address it. Note that it is not our intention to either cast judgement or propose resolution.

There is no doubt that one of the impacts of the Snowden revelations has been a greater interest in the use of cryptography. This second edition reflects this by extending the set of illustrative cryptographic applications to include two that have had a relatively high profile since 2012. The first is Tor, which uses cryptography to create a network providing a degree of anonymity for its users. The second is the digital currency Bitcoin.

Since 2012, we have also seen more cryptographic protection being offered by a range of consumer devices. In recognition of this, a new chapter has been dedicated to cryptography for personal devices. This discusses the use of cryptography to protect files, disks, email, and messaging on devices such as mobile phones. It includes case studies of technologies such as WhatsApp and iOS.

I would like to thank the following people who shared their personal expertise and took time to review the changes made to this new edition of Everyday Cryptography: James Alderman, Tom Atkinson, Ela Berners-Lee, Giovanni Cherubin, Danny De Cock, Jason Crampton, Ben Curtis, Matthew Dodd, Thalia Laing, David Main, Sarah Meiklejohn, Frederik Mennes, Steven Murdoch, Kenny Paterson, Nick Robinson, Thyla van der Merwe, and Mike Ward.

The importance of cryptography and its role in our everyday lives has never been greater. This second edition of Everyday Cryptography explains both why and how.

Cryptography is a subject whose relevance to everyday life has undergone a dramatic transformation. Cryptography used to manifest itself in the public imagination through its historical use, primarily to protect military communications, and through recreational puzzles. However, largely due to the development of computer networks, particularly the Internet, most of us now use cryptography on a daily basis.

Cryptography is fundamental to the provision of a wider notion of information security. Electronic information can easily be transmitted and stored in relatively insecure environments. This has resulted in fundamental changes to the risks to which information is exposed. As the financial impact of information security incidents rises, so does the need for information security protection and control. Cryptography is a vital technology which underpins many of these controls. It provides a suite of basic mechanisms for implementing the security services that protect electronic information, such as confidentiality, data integrity, and authentication. Cryptography does not secure information on its own, but many technical mechanisms for protecting information have cryptography at their core.

Cryptography is thus an important subject for anyone with an interest in information security. Other reasons for the wide interest in cryptography as a subject are that:

Cryptography plays an interesting political role. It is a key technology during times of conflict. Its modern use presents society with several intriguing moral and political dilemmas.

Cryptography has a wide intrinsic appeal to the general public. Many people are fascinated by secrets and codes. This has been successfully exploited by the mainstream media.