Code and ciphers: Julius Caesar, the Enigma and the internet
Code and ciphers: Julius Caesar, the Enigma and the internet
Code and ciphers: Julius Caesar, the Enigma and the internet
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Public key cryptography 165<br />
graphics terminals communicating with <strong>the</strong>m by telephone lines. Many of<br />
<strong>the</strong>se organisations were also using computers at distant sites as well as<br />
those ‘in house’. In order that diverse users could communicate securely<br />
with each o<strong>the</strong>r some common form of encryption was required. Since all<br />
<strong>the</strong> users would have to know how <strong>the</strong> encryption would be carried out it<br />
was clear that <strong>the</strong> encryption algorithm would have to be made public <strong>and</strong><br />
that <strong>the</strong> individual users would have to have <strong>the</strong>ir own, secret, keys,<br />
without which it would be impossible to decipher <strong>the</strong>ir messages. This, in<br />
turn, implied that <strong>the</strong> method of encryption must be extremely secure.<br />
In addition to <strong>the</strong> problems already mentioned with <strong>the</strong> introduction<br />
of computer networks new aspects of security arose. Here are two examples:<br />
(1) ‘The au<strong>the</strong>ntication problem’. A user, X say, receives an e-mail<br />
message which apparently comes from Y. How does X know that <strong>the</strong><br />
message really has been sent by Y <strong>and</strong>, even if it has, that it has not been<br />
altered in some way? The fact that <strong>the</strong> message has Y’s e-mail address on it<br />
is no guarantee, since someone might be using Y’s computer in his<br />
absence. Even if Y has a password it is possible that, having logged on, he<br />
has gone out of <strong>the</strong> room for a few minutes leaving his computer idling, a<br />
bad habit which invites misuse. This would enable a third party, Z, to use<br />
Y’s computer in his absence to send <strong>the</strong> message to X. If X is Y’s bank <strong>and</strong><br />
<strong>the</strong> message is authorising <strong>the</strong> transfer of a large sum of money from Y’s<br />
account to an overseas account <strong>the</strong> bank needs to have some way of checking<br />
that <strong>the</strong> message is genuine, o<strong>the</strong>rwise a fraud can be successfully<br />
committed. Alternatively, is it possible that Y has indeed sent a message to<br />
X <strong>and</strong> that Z has somehow intercepted it <strong>and</strong> changed part of it so that it<br />
benefits him?<br />
(2) ‘The signature verification problem’. A user X sends a message to Y<br />
authorising some action or o<strong>the</strong>r. Subsequently X denies that he sent <strong>the</strong><br />
message to Y. The dispute goes to a third party, a judge perhaps, who has<br />
to decide if X really did send <strong>the</strong> message or not. Is <strong>the</strong>re a way in which X,<br />
having signed <strong>the</strong> message, cannot subsequently deny that he sent it <strong>and</strong>,<br />
conversely, that Y cannot claim to have received a different message?<br />
These are practical problems which have been <strong>the</strong> subject of much<br />
research <strong>and</strong> discussion ever since computer networks came into existence<br />
<strong>and</strong> we shall return to <strong>the</strong>m in <strong>the</strong> next chapter. Various solutions<br />
have been proposed but <strong>the</strong> essential feature of most of <strong>the</strong>m is that <strong>the</strong>re<br />
is a method whereby two people who wish to communicate are enabled to<br />
do so by means of a common encryption system which involves <strong>the</strong> use of