IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
S 3.23 Introduction to basic cryptographic terms
Initiation responsibility: Head of IT Section, IT Security management
Implementation responsibility: Head of IT Section, IT Security management
As far as the user is concerned, the use of crypto products may mean
additional effort or -- depending on the complexity of the products used – may
even require a greater depth of knowledge. All staff who are supposed to make
use of cryptographic procedures and products should therefore be made aware
of the usefulness and necessity of the cryptographic techniques and be given
an introduction to basic cryptographic terminology. This applies in particular
of course to staff whose role it is to draw up a crypto concept or select, install
or manage crypto products.
The following sections are intended to provide an elementary understanding of
the fundamental cryptographic mechanisms. Examples are described as a
means of explaining which cryptographic technique can be used in which
situation.
Elements of cryptography
The term cryptographic refers to mathematical methods and techniques that
can be used for protecting information against unauthorised disclosure and/or
intentional manipulation. The protection of information by cryptographic
methods – in contrast with infrastructural and technical safeguards – is a
mathematical-logical form of protection.
Cryptographic procedures entail the implementation of a mathematical
calculation process – an algorithm – through specific techniques. Their
effectiveness is based on the assumption that a potential attacker will be
unable to solve a certain mathematical problem - and not because of a lack of
particular skills but because of not having knowledge of quite specific "key"
information.
Cryptographic methods always relate to the following situation: a sender A
(commonly referred to in cryptography as "Alice") sends a message via a nonsecure
channel to a recipient B (referred to as "Bob").
The sender and recipient may also be identical in this case, and the term
"channel" may refer to any transport medium. When it is a matter of
encrypting local data, the sender and recipient are of course identical, and the
"channel" is taken to be the storage medium.
Basic cryptographic objectives
Theoretical and practical considerations lead to a distinction being drawn
between four basic cryptographic objectives:
1. Confidentiality/secrecy: no unauthorised third party E (let her name be
"Eve") is to gain access to the contents of the message or file.
2. Integrity: It must be possible to detect unauthorised manipulation of the
message or file (e.g. the insertion, omission or replacement of parts).
3. Authenticity:
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000