S 4.34 Using encryption, checksums or digital signatures

Initiation responsibility: IT Security Management

Implementation responsibility: IT-users

If confidential information or information with high demands for integrity is transmitted and if there is a possibility of this data being disclosed, manipulated by unauthorised parties or changed due to technical failure, a cryptographic procedure for the protection of the data intended for transfer should be considered.

Protection of confidentiality by means of encryption

Confidential information should be encrypted before transmission. The decisive features of any encryption procedure are the quality of the algorithm and the selected key. An algorithm which has proven adequate for medium-level protection is the Triple DES, which is based on the Data Encryption Standard (DES). It is easy to implement, as example source code using the programming language C is provided in many books. For use on stationary and portable PCs, BSI can, under certain basic prerequisites, provide public agencies with an offline encryption program (Chiasmus for Windows) meeting medium-level protection requirements. An order form can be found on the CD-ROM of this manual (see appendix: Auxiliary Materials).

In order to comply with confidentiality requirements of the information to be transmitted, the recipient's and sender's IT system must provide sufficient access protection for the encryption program. Where necessary, it should be stored on an exchangeable data medium, kept under lock and key and only used/imported when the need arises.

Integrity protection using checksums, encryption or digital signatures

If only the integrity of data intended for transfer is to be protected, it should be clarified whether the protection should only be sufficient for incidental alterations, i.e. due to transmission errors, or also for manipulation. If only incidental alterations are to be detected, checksum procedures (e.g. Cyclic Redundancy Checks) or error correction codes can be used. Protection against manipulation is also offered by processes which create a so-called Message Authentication Code (MAC) using a symmetric encryption algorithm (e.g. DES) from the information to be transmitted. Other processes use an asymmetric encryption algorithm (e.g. RSA) in combination with a hash function and create a "digital signature". The resulting "fingerprints" (checksum, error correction codes, MAC, digital signature) are transferred together with the data to the recipient, who can then check them.

See S 2.46 Appropriate key management for the transmission or exchange of any necessary keys. Further information on the use of cryptographic procedures and products can be found in chapter 3.7 Crypto-concept.

Additional controls:

• Are encryption programs or checksum procedures available for protecting the confidentiality or integrity of data?

• Are those responsible for data transmission informed about correct encryption key management?

• Is the protection of confidentiality/integrity to be ensured only on the transport/transmission route or also on the receiving/transmitting systems?