June 2010 Edition
Computer Science Department, University of Cape Town
| MSc-IT Study Material June 2010 Edition Computer Science Department, University of Cape Town |
Both these examples are based upon securing verbal information by means of a code.
In the movie Mission Impossible, the hero breaks into the CIA's headquarters and steals a list of all the undercover agents around the world. This is obviously very important information and it should be kept secure. The security measures the CIA used were extensive, and required a lot of effort to overcome them.
In the book, Enigma, by Robert Harris — a novel based closely on Turing and the work at Bletchley Park in the UK during the Second World War. The 'Enigma' machine was a mechanical coding device used to pass messages between U-boats and their command headquarters. In times of war, secure communication is perhaps extra important. The cracking of the code at Bletchley Park was greatly assisted by the capture of an Enigma machine and various decoding pamphlets from an abandoned German U-boat. Alan Turing, the mathematician and computer pioneer, was a leading figure in this work.
This is a memory device which allows you to carry the value of pi to 14 decimal places. That is, the number of letters in each word of the above sentence gives the following series of digits:
3 1 4 1 5 9 2 6 5 3
HOW I WANT A DRINK, ALCOHOLIC OF COURSE, AFTER THE
5 8 9 7 9
HEAVY LECTURES INVOLVING QUANTUM MECHANICS
In other words: 3.14159265358979.
The result is a compressed version of one element of the original message. This is not normally how we like to receive information. We prefer information in a compressed form. It would be best if we started from simple information, which gave us more complex information such as numbers standing for specific words. Therefore, there are high levels of redundancy in this original message.
Nevertheless, the human dimension works quite well. It is a lot easier to remember the sentence than to remember the number sequence. In this simple example we can see how the technical requirement for low redundancy can be at odds with the human requirement for memorability.
Do you use any similar mnemonic tricks to remember telephone numbers of credit card numbers?
It is possible to encrypt multiple times, make it more difficult to crack. To decrypt, one would have to apply the decryption algorithms in reverse order. E2 is decrypted to E1 using decryption algorithm 2; E1 is then decrypted back to A using decryption algorithm 1.
You would use public key encryption and digital signature technology.
First, you would ensure that your colleague had a public and private key. If not, ask them to generate one using, for instance, PGP.
Register with a digital signature authority, and generate your own digital signature. This would include information about you, the time the message was sent, and so on. All of this information would be encrypted using your digital signature private key.
Sign the message with your digital signature, and encrypt the message using your colleague's public key. The message may now be sent.
Your colleague would decrypt the message using their private key, while they will decrypt your Digital Signature using the public key from your digital signature authority.
The information is confidential since no one would be able to decrypt it apart from your colleague, since their private key is only in their possession. The message would be the one you sent (integrity), because no one could have changed it. If they had changed it, they couldn't have produced your digital signature. Your colleague could see that it was you who sent it (authentication) because of your digital signature. They could also prove that it was you that had sent it, because because only you could have signed your digital signature (non-repudiation).