Digital communication is unsafe nowadays. Data are often transmitted in unprotected form via the internet, and are easily accessed and manipulated. E-mails are as confidential as postcards: anyone may read them on their way from the sender to the recipient, or even manipulate their contents.
There exist three basic requirements for the protection of digital communication:
• Confidentiality Protection against the disclosure of information toward non-authorized persons who possess the ability to eavesdrop on the communication channel.
• Integrity Preservation of the data consistency. No one except the author can alter the information unnoticed while it is being stored or transmitted via an unsafe medium.
• Authentication (non-deniability / access control) Protection of a person’s identity or of the authenticity of the data source. The data can later be traced to its author at any given time with no chance of denial on the author’s part. Nonauthorized access is recognized and deflected.
Cryptography is the science dealing with the security of information. Modern cryptography knows of two fundamental processes: encryption and decryption. Encryption transposes a message in plain text into another message using a key, into the so called key text, making it impossible1 to retrieve the plain text without knowledge of the key. Decryption, in turn, is the reverse process, transposing the coded text back into plain text by using the key. The security of modern cryptographic methods is based on the assumption that the likelihood of deciphering the correct key declines in proportion to the length of the key. Meaning, the longer the length of the key, the safer the encryption method. As a rule, the key length is defined in bits;
examples being the (by now dated) DES method using a 56 bits key length or the Triple DES method using 168 bits. Cryptography has nothing to do with clandestine activity. Cryptographic methods, interfaces and protocols have to comply with international standards in order to guarantee the interoperability among the various platforms and providers. The safety of a given cryptographic method has to rest solely in the ability to keep the key secret, not in the ability to keep the method secret! Cryptographic methods that are publicly known and discussed in detail by the expert community offer a trustworthy basis to providers for keeping their sensitive data safe.