fips191_19
FIPS PUB 191
granular privilege mechanism,
2.2.3 Data and Message Confidentiality
The data and message confidentiality service can be used when the secrecy of information is
necessary. As a front line protection, this service may incorporate mechanisms associated with
the access control service, but can also rely on encryption to provide further secrecy protection.
Encrypting information converts it to an unintelligible form called ciphertext, decrypting converts
the information back to its original form. Sensitive information can be stored in the encrypted,
ciphertext, form. In this way if the access control service is circumvented, the file may be
accessed but the information is still protected by being in encrypted form. (The use of encryption
may be critical on PCs that do not provide an access control service as a front line protection.)
It is very difficult to control unauthorized access to LAN traffic as it is moved through the LAN.
For most LAN users, this is a realized and accepted problem. The use of encryption reduces the
risk of someone capturing and reading LAN messages in transit by making the message
unreadable to those who may capture it. Only the authorized user who has the correct key can
decrypt the message once it is received.
A strong policy statement should dictate to users the types of information that are deemed
sensitive enough to warrant encryption. A program level policy may dictate the broad categories
of information that need to be stringently protected, while a system level policy may detail the
specific types of information and the specific environments that warrant encryption protection.
At whatever level the policy is dictated, the decision to use encryption should be made by the
authority within the organization charged with ensuring protection of sensitive information. If
a strong policy does not exist that defines what information to encrypt, then the data owner
should ultimately make this decision.
Cryptography can be categorized as either secret key or public key. Secret key cryptography is
based on the use of a single cryptographic key shared between two parties . The same key is
used to encrypt and decrypt data. This key is kept secret by the two parties. If encryption of
sensitive but unclassified information (except Warner Amendment information) is needed, the use
of the Data Encryption Standard (DES), FIPS 46-2, is required unless a waiver is granted by the
head of the federal agency. The DES is a secret key algorithm used in a cryptographic system
that can provide confidentiality. FIPS 46-2 provides for the implementation of the DES
algorithm in hardware, software, firmware or some combination. This is a change from 46-1
which only provided for the use of hardware implementations. For an overview of DES,
information addressing the applicability of DES, and waiver procedures see [NCSL90].
Public key cryptography is a form of cryptography which make use of two keys: a public key
and a private key. The two keys are related but have the property that, given the public key, it
21