CHAPTER ONE: INTRODUCTION

1.1 BACKGROUND OF THE STUDY

Cryptography is an effective way of protecting sensitive information that is stored on media or transmitted through network communication paths.

Although the ultimate goal of cryptography, and the mechanisms that make it up, is to hide information from unauthorized individuals because most protocols can be broken into and the information can be revealed if the attacker has enough time, desire, and resources. Consequently, a more realistic goal of cryptography is to make obtaining the information too work-intensive to be worthwhile to the attacker and this is done through encryption.

The first encryption methods dated back to four thousand years ago and were considered more of an ancient art. As encryption evolved, it was mainly used to pass messages through hostile environments of war, crisis, and for negotiation processes between conflicting groups of people. Throughout history, individuals and governments have worked to protect communication by encrypting it. As time went on, the encryption algorithms and the devices that used them increased in complexity, new methods and algorithms were continually introduced, and it became an integrated part of the computing world.  Smith,A(2004)

While cryptography is the science of securing of data, cryptanalysis is the science of analyzing and breaking secure communication. Cryptology embraces both cryptography and cryptanalysis. In order words, it is the coding of plaintext and at the same time decoding it. (Smith 2004)

 Cryptanalysis involves the process of an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination and luck. In order words, cryptanalyst are also called attackers.

Data that can be read and understood without any special method is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is encryption. The encrypted plaintext (which is unreadable) is known as the cipher text. The process of converting the cipher text back to the plaintext is decryption.

Cryptography can be strong or weak. The cryptographic strength can be measured in the time and resources it will take to recover the plaintext.  (Smith.2004)     

Cryptography currently plays a major role in many information technology applications. For example, when engaging in electronic commerce, customers provide their credit cards numbers when purchasing products. If the connection is not secure, an attacker can easily obtain this sensitive data. In order to implement a comprehensive security plan, the following must be provided:

a)     Confidentiality: Information cannot be observed by an unauthorized party. This is accomplished through public key and symmetric key encryption.

b)    Data security: Transmitted data within a given communication session cannot be altered in transit due to error or an unauthorized party. This is accomplished through the use of hash function and message authentication codes(MACs)

c)     Message authentication: Parties within the given communication session must provide certified proof validating the authenticity of a message. This is accomplished through the use of digital signatures. The only communicating party that can generate a digital signature that will successfully verify as belonging to the originator of the message is the originator of the message. This process validates the authenticity of the message (it shows if the acclaimed originator of the message is really the actual originator of the said message)

d)    Non repudiation: in this case neither the sender nor the receiver of the message may deny transmission. This is accomplished through Digital Signatures and third party notary services.     

e)     Entity authentication: Establishing the identity of an entity such as person or device.

f)      Access control: controlling access to data and resources is determined base on the privilege assigned to the data and resources as well as the privilege of the entity attempting to access the data and resources. Schneier Bruce (1996)