Page 52

able technical safeguards, cryptography has been one of the least utilized to date.2

In general, the many security safeguards in a system or network not only fulfill their principal task but also act collectively to mutually protect one another. In particular, the protection or operational functionality that can be afforded by the various cryptographic safeguards treated in this report will inevitably require that the hardware or software in question be embedded in a secure environment. To do otherwise is to risk that the cryptography might be circumvented, subverted, or misused—hence leading to a weakening or collapse of its intended protection.

As individual stand-alone computer systems have been incorporated into ever larger networks (e.g., local area networks, wide area networks, the Internet), the requirements for cryptographic safeguards have also increased. For example, users of the earliest computer systems were almost always clustered in one place and could be personally recognized as authorized individuals, and communications associated with a computer system usually were contained within a single building. Today, users of computer systems can be connected with one another worldwide, through the public switched telecommunications network, a local area network, satellites, microwave towers, and radio transmitters. Operationally, an individual or a software process in one place can request service from a system or a software process in a far distant place. Connectivity among systems is impromptu and occurs on demand; the Internet has demonstrated how to achieve it. Thus, it is now imperative for users and systems to identify themselves to one another with a high degree of certainty and for distant systems to know with certainty what privileges for accessing databases or software processes a remote request brings. Protection that could once be obtained by geographic propinquity and personal recognition of users must now be provided electronically and with extremely high levels of certainty.

2.2 WHAT IS CRYPTOGRAPHY AND WHAT CAN IT DO?

The word "cryptography" is derived from Greek words that mean secret writing. Historically, cryptography has been used to hide informa-

2 Other safeguards, in particular software safeguards, are addressed in various standard texts and reports. See, for example, National Institute of Standards and Technology, An Introduction to Computer Security, NIST Special Publication 800-12, Department of Commerce, Washington, D.C., October 1995; Department of Defense, Trusted Computer System Evaluation Criteria, August 15, 1983; Computer Science and Telecommunications Board, National Research Council, Computers at Risk: Safe Computing in the Information Age, National Academy Press, Washington, D.C., 1991.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement