Keith M. Martin - Everyday cryptography: Fundamental principles and applications

Everyday Cryptography

Fundamental Principles
and Applications

KEITH M. MARTIN

Professor of Information Security
Information Security Group
Royal Holloway, University of London

Great Clarendon Street, Oxford OX2 6DP

Oxford University Press is a department of the University of Oxford.
It furthers the Universitys objective of excellence in research, scholarship,
and education by publishing worldwide in
Oxford New York

Auckland Cape Town Dar es Salaam Hong Kong Karachi
Kuala Lumpur Madrid Melbourne Mexico City Nairobi
New Delhi Shanghai Taipei Toronto
With offices in

Argentina Austria Brazil Chile Czech Republic France Greece
Guatemala Hungary Italy Japan Poland Portugal Singapore
South Korea Switzerland Thailand Turkey Ukraine Vietnam

Oxford is a registered trade mark of Oxford University Press
in the UK and in certain other countries

Published in the United States
by Oxford University Press Inc., New York

Keith M. Martin 2012

The moral rights of the author have been asserted
Database right Oxford University Press (maker)

First published 2012

All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any means,
without the prior permission in writing of Oxford University Press,
or as expressly permitted by law, or under terms agreed with the appropriate
reprographics rights organization. Enquiries concerning reproduction
outside the scope of the above should be sent to the Rights Department,
Oxford University Press, at the address above

You must not circulate this book in any other binding or cover
and you must impose this same condition on any acquirer

British Library Cataloguing in Publication Data
Data available

Library of Congress Cataloging in Publication Data

Library of Congress Control Number: 2011944049

Typeset by Cenveo Publisher Services
Printed in Great Britain
on acid-free paper by
Clays Ltd, St Ives plc

ISBN 978-0-19-969559-1

1 3 5 7 9 10 8 6 4 2

Preface

C ryptography is a subject whose relevance to everyday life has undergone a dramatic transformation. Cryptography used to manifest itself in the public imagination through its historical use, primarily to protect military communications, and through recreational puzzles. However, largely due to the development of computer networks, particularly the Internet, most of us now use cryptography on a daily basis.

Cryptography is fundamental to the provision of a wider notion of information security. Electronic information can easily be transmitted and stored in relatively insecure environments. This has resulted in fundamental changes to the risks to which information is exposed. As the financial impact of information security incidents rises, so does the need for information security protection and control. Cryptography is a vital technology that underpins many of these controls. It provides a suite of basic mechanisms for implementing the security services that protect electronic information, such as confidentiality, data integrity and authentication. Cryptography does not secure information on its own, but many technical mechanisms for protecting information have cryptography at their core.

Cryptography is thus an important subject for anyone with an interest in information security. Other reasons for the wide interest in cryptography as a subject are:

Cryptography plays an interesting political role. It is a key technology during times of conflict. Its modern use presents society with several intriguing moral and political dilemmas.

Cryptography has a wide intrinsic appeal to the general public. Many people are fascinated by secrets and codes. This has been successfully exploited by the mainstream media.

Who should read this book?

There have been many books written about cryptography, but what distinguishes the approach taken in this book is the combination of the following:

Fundamental principles It is intended to be both relevant and relatively timeless. It is easy to write a cryptography book that is quickly out of date. This book is intended to be just as relevant in ten years time as it would have been relevant ten years ago. This is because it is primarily concerned with the fundamental principles rather than technical details of current technology.

Application-focussed It is primarily concerned with the cryptography that a user or practitioner of information security needs to know. While there is a great deal of contemporary theoretical research on cryptography, few of these ideas make it through to real-world applications, which tend to deploy only well-tested and understood techniques. This book focusses on cryptography for everyday applications.

Widely accessible It is intended to be suitable as a first read on cryptography. It focusses on core issues and provides an exposition of the fundamentals of cryptography. Note that it deliberately does not concentrate on the mathematical techniques underpinning cryptographic mechanisms. This book is intended to be introductory, self-contained and widely accessible.

We will explain why cryptography is important, how it can be used, and what the main issues are regarding its implementation. The main requirements that guided the writing of this book were that it should:

1. assume no prior knowledge of cryptography;

2. require almost no prior knowledge of mathematics;

3. focus on the principles behind cryptography, rather than the mathematical details of how it works;

4. stress the practical issues that accompany the use of cryptography;

5. present cryptography within the context of it being an underlying technology that supports information security, rather than as a topic in its own right.

It can either be read as a self-contained introduction to cryptography or can be used to support an educational course on cryptography. To this end, some supporting activities have been linked to the main chapters. The intended audiences are primarily:

Users and practitioners of information security Cryptography is a subject of relevance to anyone who needs to secure digital data. This book is intended to be of interest to:

general users of information technology who seek an understanding of how to protect their data;

information technology professionals who need to apply security techniques to data;

information security professionals whose role is to protect information;

managers of organisations who seek an understanding of issues concerning data security.

Students of cryptography It could form the basis for an undergraduate or postgraduate course that covers the principles of cryptography without delving into the mathematical detail of the underlying algorithms. Indeed this book has been developed from precisely such a course. It may also be of interest to students studying the mathematics of cryptography, since it complements more mathematical treatises by providing a bridge between the theory of cryptography and the real-world problems that it attempts to solve. For students who already know the how, this book will explain the why.

General interest audience It has been written in order to appeal to a general science or engineering audience who seek a greater understanding of what cryptography is and how it works.