Internet Encryption
The growing sophistication of internet, along with advancing abilities of individuals to hack into electronic systems is creating a growing need for improved encryption technology. The internet is becoming a domain all to itself, with its own rules, and requirements. The internet is creating new opportunities for the business and communication industries. It is also creating new demands. The internet is now facing a period in its evolution similar to the period of our country's history of westward expansion, and settlement
Wild Wild West years of the internet have passed with the bursting of the Tech bubble in the early 21st century. Now business is building entire enterprises on the net. As hundreds of thousands of dollars change hands based on digital bleeps, the needs for government, business, and individuals to protect their data is becoming of paramount importance. Who will be the Texas Ranger's of the internet, those who will travel long distances, and overcome every obstacle just to keep the e-town safe, and capture the cyber-criminal when they appear? The time has come for an internet police force, and encryption technology will likely be some of the more reliable cyber-deputies.
The science of cryptography offers many potential solutions to the drawbacks of early copy protection schemes, and the operative word is 'potential'. Cryptography has long been used by military and intelligence agencies to transmit messages so that foreign governments could not decipher them. (Fleischmann 1995) As early as the second world war, the U.S. And foreign governments utilized encryption schemes in order to disguise their communications. Simple encryption is the process of scrambling readable text to make it unreadable based on a key known only to the sender and the receiver. Decryption, on the other hand, is the unscrambling process which occurs on the other end.
Before proceeding further into this complex and technical area, it may be useful to review some fundamentals. Cryptography is the practice of transforming a message into gibberish (encryption), transmitting it, and transforming it back into "plaintext" (decryption) at the other end.(Defense Institute of Security Assistance Management, 1994) Though once the province of spies, diplomats, and generals as a device to protect sensitive military and government communications, encryption has moved gradually into the mainstream. With the increasing prevalence of networked computing and its increasing vulnerability to tampering, cryptography has become a valued tool both for businesses and consumers in the protection of proprietary and personal information.
Properly employed, cryptography can perform three distinct functions:
authenticate the sender by means of a unique "signature"; protect the confidentiality of the message during transmission and in storage; and assure the integrity of the message through encrypting a digest.(The Neutrality act of 1939)
In general, the method by which the message is transformed into and out of gibberish is the algorithm." Each particular encryption is achieved by plugging a string of numbers, or a key," into the algorithm and then applying the result to the message. Decryption works by running the encrypted message back through the algorithm key combination. The strength of a cryptographic system is gauged by the length of its key and the complexity of its algorithm. "(Flynn, 1995)
Today, both encryption and decryption are accomplished by means of complex mathematical algorithms. Modern algorithms use keys -- strings of alphanumeric digits -- to encrypt and decrypt messages. (Froomkin, 1995) The length of the key determines the strength of the encryption, and longer keys can produce a theoretically unbreakable security system. For example, to decrypt a 128-bit key would require a computer capable of processing one million keys per second over 10(25) years, which is the numeral 1 followed by 25 zeros. To break this code using a 'trial and error' approach would require a time period longer than the projected age of the universe.
Computer encryption has not garnered a large amount of attention until now because both encryption and decryption require a great deal of computer processing power. Until recently, the processing overhead required to decrypt information in real-time was prohibitive. (Yoshida, 1996) however, with the development of faster computers the science of cryptography can now be applied to many new applications and still be economical, both to the developer and the user.
For example, PGP (.com) is now selling PGP 8.0, and one of the versions is personal encryption software. Early reports describe the software as user-friendly. If the company has managed to create a user friendly product, it will have major ramifications for the security state, the war on terrorism, and the balance of privacy vs. governmental monitoring.
Economic and E-Business factors related to Encryption
E-commerce can encompass a wide range of electronic transactions, and e-commerce, which is the actual transaction occurring in cyberspace is supported by the ability to send secure email. The expected growth in consumer online sales from $4.5 billion in 1998 to $35 billion in 2002 provides a benchmark of expected growth for the entire sector (Hillison, et.al., 2001). Such explosive growth in electronic transactions will continue to place a tremendous burden on control systems which are used to assure the integrity of the transaction process. With the grow demands, new risks have emerged, creating significant demand for user friendly, and effective controls.
Risks
Conducting business in cyberspace entails the traditional risks of sales and contracting plus new risks which are unique to the electronic environment. Some risks result from the physical separation of customers from goods and services providers. The risk of trust, reliability of vendors, and the assurance that the goods which are sold match what the vendor is advertising are important considerations, which must be addressed as part of the sales process. Other risks arise result from the requirement of creating proper documentation. The following risks, which have been addressed in the non-ebusiness community thorough the use of paper documents, require closer consideration in relationship to security in the e-business world.
Authentication. Just as manual, handwritten signatures have traditionally proven authenticity, electronic signatures are used for the same purpose: to assure the approval of an authorized individual. Certain technologies used in electronic signatures can even offer higher levels of confidence than the handwritten signature. The need for authentication is one security risk of the internet,
Nonrepudiation. Neither party to a sale or contract can be able to claim that the "agreement" is not what was agreed to in order for trust, positive business e-relationships to be established and built. Currently, disputes can arise from the signed and dated copies of documents held by each party. The internet need for digital verification have created additional requirements for verification. Given the appropriate use, electronic signature technology needs to be capable of addressing this risk.
Security. Electronic storage and communications create security risks that are not independent of e-commerce issues. Risks of loss and interception are present during transmission over the open architecture of the internet. Stored digital messages must also be protected after they are received. In today's environment, copies of documents can be made and disseminated in an instant, and database and server environments, which can often make sensitive information widely available. (Hillison, et.al, 2001)
Technical Aspects and Examples of Encryption
Encryption is typically approached through the use of two schemas, private key encryption and public key encryption.
Private Key encryption. The sender signs a document and the receiver verifies the signature using a single key that is not known publicly. The cipher, or decoding sequence is public knowledge. Under this scenario, if Paul wants to send Sally an encrypted message, he uses a key to encode the message and transmits the message to Sally. Sally uses the same key to decode the message, and no other key will work. The encryption process works because one key fills both-functions and only Paul and Sally know the key. Therefore the validity of the message is confirmed, and the message must have come from Paul.
The possibility that others can gain access to the key can undermine confidence in the authentication process. But if the key is kept private between the sender and recipient, then both security and authentication are preserved because any message can be understood only by someone who possesses the appropriate key. In this case, the shared secret code is not based on the cipher algorithm, but on the key that must be used with the cipher to encode and decode the message.
The most popular and widely used private-key cipher is the Data Encryption Standard (DES),which is a federal encryption standard established in 1977. A more secure variant of DES, called Triple…
Executive Summary The purpose of this study is to develop timely and informed answers to a series of guiding research questions and subquestions to identify the risks and barriers that are associated with Internet of Things implementations. These types of studies are important today because the Internet of Things is changing the manner in which companies of all sizes and types operate their businesses, and current trends indicate that these implementations
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework
Risk analysis projects are relatively expensive, and were so even in the mainframe computing era, because they involved the collection and evaluation of a significant volume of data. Earlier risk studies were conducted by in house staff or consultants and the in house people did not have much experience regarding the matter and the consultants did not know much about the requirements of the organization. Presently, the familiarization task has
However, nothing can be done until the malware actually occurs. With all the different viruses, worms and Trojans, how can security managers possibly predict what malware will occur next? In contrast, a behavioral rule defines legitimate activity in a system. Any activity not matching the profile will cause the security product to be triggered. As rules are not specific to a particular type of attack, they can block malicious
Internet has grown exponentially since its first introduction to the public. The precursor to the Internet was the ARPANET. The Advanced Research Projects Agency (ARPA) of the Department of Defense (Carlitz and Zinga, 1997) and the National Science Foundation (NSF) were the primary creators of the ARPANET. Subsequently however, efforts from private entities and universities have helped develop the network infrastructure, as it exists today. "The goals of ARPA's
ERP and Information Security Introduction to ERP Even though the plans of information security include the prevention of outsiders to gain access of internal network still the risk from the outsiders still exists. The outsiders can also represent themselves as authorized users in order to cause damage to the transactions of the business systems. Therefore, strict prevention measures should be taken to avoid such situations. The threats of both the hackers have been
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now