Digital Signatures, Timestamps etc Most computer systems are far from being secure. A lack of security - it is said - might hinder the developments of new information technologies. Everybody knows electronic transactions involve a more or less calculated risk. Rumors about insecurity let consumers doubt whether the commodity of e-commerce is bigger or its risks. First of all the market depends on the consumer's confidence. To provide that another application for public key cryptography gets essential: the digital signature, which is used to verify the authenticity of the sender of certain data. It is done with a special private key, and the public key is verifying the signature. This is especially important if the involved parties do not know one another. The DSA (= Digital Signature Algorithm) is a public-key system which is only able to sign digitally, not to encrypt messages. In fact digital signature is the main-tool of cryptography in the private sector. Digital signatures need to be given for safe electronic payment. It is a way to protect the confidentiality of the sent data, which of course could be provided by other ways of cryptography as well. Other security methods in this respect are still in development, like digital money (similar to credit cards or checks) or digital cash, a system that wants to be anonymous like cash, an idea not favored by governments as it provides many opportunities for money laundry and illegal transactions. If intellectual property needs to be protected, a digital signature, together with a digital timestamp is regarded as an efficient tool. In this context, the difference between identification and authentication is essential. In this context smartcards and firewalls are relevant, too. A lot of digital transactions demand for passwords. More reliable for authentication are biometric identifiers, full of individual and unrepeatable codes, signatures that can hardly be forged. For more terms of cryptography and more information see: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acessing the Internet The Net connections can be based on wire-line and wireless access technolgies.
Usually several kinds of network connections are employed at once. Generally speaking, when an E-mail message is sent it travels from the user's computer via copper wires or coaxial cables Satellite communication Although facing competition from fiber-optic cables as cost-effective solutions for broadband data transmission services, the space industry is gaining increasing importance in global communications. As computing, telephony, and audiovisual technologies converge, new wireless technologies are rapidly deployed occupying an increasing market share and accelerating the construction of high-speed networks. Privatization of satellite communication Until recently transnational satellite communication was provided exclusively by intergovernmental organizations as Scheduled privatization of intergovernmental satellite consortia:
When Intelsat began to accumulate losses because of management failures and the increasing market share of fiber-optic cables, this organizational scheme came under attack. Lead by the USA, the Western industrialized countries successfully pressed for the privatization of all satellite consortia they are members of and for competition by private carriers. As of February 2000, there are 2680 satellites in service. Within the next four years a few hundred will be added by the new private satellite systems. Most of these systems will be so-called Low Earth Orbit satellite systems, which are capable of providing global mobile data services on a high-speed level at low cost. Because of such technological improvements and increasing competition, experts expect satellite-based broadband communication to be as common, cheap, and ubiquitous as satellite TV today within the next five or ten years. Major satellite communication projects
Source: Analysys Satellite Communications Database | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Steganography Ciphers as well as codes are transmitted openly. Everyone can see that they exist. Not so with steganograms. Steganography is the art and science of communicating in a way which hides the existence of the secret part in that communication. During the Italian Renaissance and the time of the Elizabethan Age in England cryptography was very popular, for political reasons as well as for amusements (see John Dee). In literature steganography played an important role. Many steganographs of that period have only been deciphered recently like some of the Shakespearean sonnets, which now seem to proof that the actor William Shakespeare was not the author of the famous poems and dramas, but that the latter' name was, and Francis Bacon, or even Francis Tudor, as some ciphers and other sources talk of him as Queen Elisabeth I.'s secret son. for further details see: One kind of steganogram is digital watermarking: Watermarks protect digital images, videos, but also audio and multimedia products. They are made out of digital signals, put into other digital signals. They try to be invisible on first sight and should be nearly impossible to remove. The process of producing watermarks is to overlay some sort of identifying image over the original image (non-digital watermarks, like on money can be seen by holding the paper against light). Copying the image destroys the watermark, which cannot be copied. Any alteration of the original destroys the watermark, too. Watermarking is one of the typical inventions of cryptography to assist the biggest content owners, but advertised as something necessary and helpful for everybody. Who in fact gets any advantage out of watermarking? The private user most of the time will not really need it except for small entities of pictures maybe. But the big enterprises do. There is a tendency to watermark more and more information in the Internet, which until now was considered as free and as a cheap method to receive information. Watermarking could stop this democratic development. for further information see: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Operating the net: overview The Net consists of thousands of thousands of governmental and private networks linked together. No legal authority determines how and where networks can be connected together, this is something the managers of networks have to agree about. So there is no way of ever gaining ultimate control of the Internet. Although each of these networks is operated and controlled by an organization, no single organization operates and controls the Net. Instead of a central authority governing the Net, several bodies assure the operability of the Net by developing and setting technical specifications for the Net and by the control of the technical key functions of the Net as the coordination of the domain name system and the allocation of IP numbers. Originally, the Net was a research project funded and maintained by the US Government and developed in collaboration by scientists and engineers. As the standards developed for ensuring operability ensued from technical functionality, technical coordination gradually grew out of necessity and was restricted to a minimum and performed by volunteers. Later, in the 1980s, those occupied with the development of technical specifications organized themselves under the umbrella of the Internet Society in virtual organizations as the Internet Engineering Task Force, which were neither officially established nor being based on other structures than mailing lists and commitment, but nonetheless still serve as task forces for the development of standards ensuring the interoperability on the Net. Since the late 80s and the early 90s, with the enormous growth of the Net - which was promoted by the invention of Since the year 2000, a new model for technical coordination has been emerging: Formerly performed by several bodies, technical coordination is transferred to a single non-governmental organization: the Internet Coordination of Assigned Numbers and Names. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Recent "Digital Copyright" Legislation: European Union Directive on Copyright and Related Rights in the Information Society In November 1996 the European Commission adopted a communication concerning the follow-up to the Green Paper on - the legal protection of computer programs - rental right, lending right and certain rights related to copyright in the field of - copyright and related rights applicable to broadcasting of programs by satellite and cable retransmission - the term of protection of copyright and certain related rights - the legal protection of databases The proposal was first presented by the Commission in January 1998, amended in May 1999 and currently is at second reading before the Parliament. Final adoption of the Directive could take place at the end of 2000 or the beginning of 2001 respectively. A full-text version for download (pdf file) of the amended proposal for a Directive on copyright and related rights in the Information Society is available on the website of the European Commission (DG Internal Market): General critique concerning the proposed EU Directive includes: - Open networks The new law could require (technological) surveillance of communications to ensure enforcement. Also because Service Providers might be legally liable for transmitting unauthorized copies, the might in turn have to deny access to anybody who could not provide them with financial guaranties or insurance. - Interoperable systems The draft could negate the already established right in EU law for software firms to make their systems interoperable with the dominant copyright protected systems. This would be a threat to the democratic and economic rights of users. - Publicly available information It is yet unclear whether new legal protections against the bypassing of Comments from the library, archives and documentation community on the amended Directive embrace: The Library Association EBLIDA (European Bureau of Library, Information and Documentation Associations) Society of Archivists (U.K.) and Public Record Office (U.K.) EFPICC (European Fair Practices In Copyright Campaign) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Cryptography's Terms and background "All nature is merely a cipher and a secret writing." Blaise de Vigenère In the (dis-)information age getting information but at the same time excluding others from it is part of a power-game (keeping the other uneducated). The reason for it eventually has found an argument called security. Compared to the frequency of its presence in articles, the news and political speeches security seems to be one of the most popular words of the 90's. It must be a long time ago when that word was only used for and by the military and the police. Today one can find it as part of every political issue. Even development assistance and nutrition programs consider it part of its work. The so-called but also real need for information security is widespread and concerning everybody, whether someone uses information technology or not. In any case information about individuals is moving globally; mostly sensitive information like about bank records, insurance and medical data, credit card transactions, and much much more. Any kind of personal or business communication, including telephone conversations, fax messages, and of course e-mail is concerned. Not to forget further financial transactions and business information. Almost every aspect of modern life is affected. We want to communicate with everybody - but do not want anybody to know. Whereas the market already depends on the electronic flow of information and the digital tools get faster and more sophisticated all the time, the rise of privacy and security concerns have to be stated as well. With the increase of digital communication its vulnerability is increasing just as fast. And there exist two (or three) elements competing and giving the term digital security a rather drastic bitter taste: this is on the one hand the growing possibility for criminals to use modern technology not only to hide their source and work secretly but also to manipulate financial and other transfers. On the other hand there are the governments of many states telling the population that they need access to any kind of data to keep control against those criminals. And finally there are those people, living between enlightening security gaps and at the same time harming other private people's actions with their work: computer hackers. While the potential of global information is regarded as endless, it is those elements that reduce it. There is no definite solution, but at least some tools have been developed to improve the situation: cryptography, the freedom to encode those data that one does not want to be known by everybody, and give a possibility to decode them to those who shall know the data. During the last 80 years cryptography has changed from a mere political into a private, economic but still political tool: at the same time it was necessary to improve the tools, eventually based on mathematics. Hence generally cryptography is regarded as something very complicated. And in many ways this is true as the modern ways of enciphering are all about mathematics. "Crypto is not mathematics, but crypto can be highly mathematical, crypto can use mathematics, but good crypto can be done without a great reliance on complex mathematics." (W.T. Shaw) For an introduction into cryptography and the mathematical tasks see: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Introduction "A man is crazy who writes a secrete in any other way than one which will conceal it from the vulgar." Roger Bacon (~1250 AD) The essence of human communication is not only the social behavior to give or get messages (of whatever meaning) but also how to give and get them, and to include certain people by excluding others from the process of informing. e.g. whispering is an effective way of talking to exclude the majority. What about ways of writing? Already some of the first written messages in human history obviously found special forms of hiding contents from the so-called others. When the knowledge of writing meant a privilege in a stronger sense as it is true today (in China for a long period writing was forbidden to people not working for the government), the alphabet itself was a kind of cryptography (that is why Catholic churches were painted with pictures explaining the stories of the Bible). Certainly the methods of deciphering and enciphering improved a lot during the last 4.000 years. In the meantime cryptography has become a topic without end and with less technological limits every day. On the one hand there is the field of biometrics, which is highly related to cryptography but still in its beginnings, on the other hand there emerge so-called infowars, which intend to substitute or at least accompany war and are unthinkable without cryptography. But there is much more to detect, like the different forms of de- and encoding. And very important, too, there is the history of cryptography that tells us about the basics to make it easier to understand today's issues. In the actual age of (dis-)information storing and transporting electronic information safely increases its importance. Governments, institutions, economy and individuals rely on the hope that no-one can read or falsify their messages/data as it is much more difficult to detect and proof abuses in electronic media than in elder forms of written communication. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Another Question of Security Even with the best techniques it is impossible to invent a cryptographic system that is absolutely safe/unbreakable. To decipher a text means to go through many, sometimes nearly - but never really - endless attempts. For the computers of today it might take hundreds of years or even more to go through all possibilities of codes, but still, finally the code stays breakable. The much faster quantum computers will proof that one day. Therefore the decision to elect a certain method of enciphering finally is a matter of trust. For the average user of computers it is rather difficult to understand or even realize the dangers and/or the technological background of electronic transmission of data. For the majority thinking about one's own necessities for encryption first of all means to trust others, the specialists, to rely on the information they provide. The websites explaining the problems behind (and also the articles and books concerning the topic) are written by experts of course as well, very often in their typical scientific language, merely understandable for laymen. The introductions and other superficial elements of those articles can be understood, whereas the real background appears as untouchable spheres of knowledge. The fact that dangers are hard to see through and the need for security measures appears as something most people know from media reports, leads directly to the problem of an underdeveloped democracy in the field of cryptography. Obviously the connection between cryptography and democracy is rather invisible for many people. Those mentioned media reports often specialize in talking about the work computer hackers do (sometimes being presented as criminals, sometimes as heroes) and the danger to lose control over the money drawn away from one's bank account, if someone steals the credit card number or other important financial data. The term "security", surely connected to those issues, is a completely different one from the one that is connected to privacy. It is especially the latter that touches the main elements of democracy. for the question of security see: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||