Secure Communication
Problems:
It is possible for a third party to interfere with communications in the following ways:
- Eavesdropping
Information remains intact, but its privacy is compromised. For example, someone could gather credit card numbers, record a sensitive conversation, or intercept classified information.
- Tampering
Information in transit is changed or replaced and then sent to the recipient. For example, someone could alter an order for goods or change a person's resume.
- Impersonation
Information passes to a person who poses as the intended recipient. Impersonation can take two forms:
- Spoofing
A person can pretend to be someone else. For example, a person can pretend to have the email address jdoe@example.net or a computer can falsely identify itself as a site called www.example.net.- Misrepresentation
A person or organization can misrepresent itself. For example, a site called www.example.net can purport to be an on-line furniture store when it really receives credit-card payments but never sends any goods.Normally, the network traffic is not monitored by the cooperating computers or networks which compose the Internet. However, many sensitive personal and business communications over the Internet require precautions that address potential security threats. Well-established standards and practices known as public- key cryptography make it relatively easy to take such precautions.
Public-key cryptography
Public-key cryptography facilitates the following tasks:
- Encryption and decryption allow two communicating parties to disguise information they send to each other. The sender encrypts, or scrambles, information before sending it. The receiver decrypts, or unscrambles, the information after receiving it. While in transit, the encrypted information is unintelligible to an intruder.
- Tamper detection allows the recipient of information to verify that it has not been modified in transit. Any attempts to modify or substitute data are detected.
- Authentication allows the recipient of information to determine its origin by confirming the sender's identity.
- Nonrepudiation prevents the sender of information from claiming at a later date that the information was never sent.