The growing sophistication of internet, along with advancing abilities of individuals to hack into electronic systems is creating a growing need for improved encryption technology. The internet is becoming a domain all to itself, with its own rules, and requirements. The internet is creating new opportunities for the business and communication industries. It is also creating new demands. The internet is now facing a period in its evolution similar to the period of our country's history of westward expansion, and settlement
Wild Wild West years of the internet have passed with the bursting of the Tech bubble in the early 21st century. Now business is building entire enterprises on the net. As hundreds of thousands of dollars change hands based on digital bleeps, the needs for government, business, and individuals to protect their data is becoming of paramount importance. Who will be the Texas Ranger's of the internet, those who will travel long distances, and overcome every obstacle just to keep the e-town safe, and capture the cyber-criminal when they appear? The time has come for an internet police force, and encryption technology will likely be some of the more reliable cyber-deputies.
The science of cryptography offers many potential solutions to the drawbacks of early copy protection schemes, and the operative word is 'potential'. Cryptography has long been used by military and intelligence agencies to transmit messages so that foreign governments could not decipher them. (Fleischmann 1995) As early as the second world war, the U.S. And foreign governments utilized encryption schemes in order to disguise their communications. Simple encryption is the process of scrambling readable text to make it unreadable based on a key known only to the sender and the receiver. Decryption, on the other hand, is the unscrambling process which occurs on the other end.
Before proceeding further into this complex and technical area, it may be useful to review some fundamentals. Cryptography is the practice of transforming a message into gibberish (encryption), transmitting it, and transforming it back into "plaintext" (decryption) at the other end.(Defense Institute of Security Assistance Management, 1994) Though once the province of spies, diplomats, and generals as a device to protect sensitive military and government communications, encryption has moved gradually into the mainstream. With the increasing prevalence of networked computing and its increasing vulnerability to tampering, cryptography has become a valued tool both for businesses and consumers in the protection of proprietary and personal information.
Properly employed, cryptography can perform three distinct functions:
authenticate the sender by means of a unique "signature"; protect the confidentiality of the message during transmission and in storage; and assure the integrity of the message through encrypting a digest.(The Neutrality act of 1939)
In general, the method by which the message is transformed into and out of gibberish is the algorithm." Each particular encryption is achieved by plugging a string of numbers, or a key," into the algorithm and then applying the result to the message. Decryption works by running the encrypted message back through the algorithm key combination. The strength of a cryptographic system is gauged by the length of its key and the complexity of its algorithm. "(Flynn, 1995)
Today, both encryption and decryption are accomplished by means of complex mathematical algorithms. Modern algorithms use keys -- strings of alphanumeric digits -- to encrypt and decrypt messages. (Froomkin, 1995) The length of the key determines the strength of the encryption, and longer keys can produce a theoretically unbreakable security system. For example, to decrypt a 128-bit key would require a computer capable of processing one million keys per second over 10(25) years, which is the numeral 1 followed by 25 zeros. To break this code using a 'trial and error' approach would require a time period longer than the projected age of the universe.
Computer encryption has not garnered a large amount of attention until now because both encryption and decryption require a great deal of computer processing power. Until recently, the processing overhead required to decrypt information in real-time was prohibitive. (Yoshida, 1996) however, with the development of faster computers the science of cryptography can now be applied to many new applications and still be economical, both to the developer and the user.
For example, PGP (.com) is now selling PGP 8.0, and one of the versions is personal encryption software. Early reports describe the software as user-friendly. If the company has managed to create a user friendly product, it will have major ramifications for the security state, the war on terrorism, and the balance of privacy vs. governmental monitoring.
PGP stands for Pretty Good Privacy. It is encryption based on what is called public-key cryptography which is built from the following scenario. Sender and received of messaged have two keys, each being a large binary number. One is a public key, which can safely be given to anyone, or even made available on the Internet. The sender can use this public key to encrypt any message sent out. The other number is called the private key, which is revealed to no one but the person whom you wish to decode the message. Only the private key can decrypt the message. (Reed, 2002)
Economic and E-Business factors related to Encryption
E-commerce can encompass a wide range of electronic transactions, and e-commerce, which is the actual transaction occurring in cyberspace is supported by the ability to send secure email. The expected growth in consumer online sales from $4.5 billion in 1998 to $35 billion in 2002 provides a benchmark of expected growth for the entire sector (Hillison, et.al., 2001). Such explosive growth in electronic transactions will continue to place a tremendous burden on control systems which are used to assure the integrity of the transaction process. With the grow demands, new risks have emerged, creating significant demand for user friendly, and effective controls.
Conducting business in cyberspace entails the traditional risks of sales and contracting plus new risks which are unique to the electronic environment. Some risks result from the physical separation of customers from goods and services providers. The risk of trust, reliability of vendors, and the assurance that the goods which are sold match what the vendor is advertising are important considerations, which must be addressed as part of the sales process. Other risks arise result from the requirement of creating proper documentation. The following risks, which have been addressed in the non-ebusiness community thorough the use of paper documents, require closer consideration in relationship to security in the e-business world.
Authentication. Just as manual, handwritten signatures have traditionally proven authenticity, electronic signatures are used for the same purpose: to assure the approval of an authorized individual. Certain technologies used in electronic signatures can even offer higher levels of confidence than the handwritten signature. The need for authentication is one security risk of the internet,
Nonrepudiation. Neither party to a sale or contract can be able to claim that the "agreement" is not what was agreed to in order for trust, positive business e-relationships to be established and built. Currently, disputes can arise from the signed and dated copies of documents held by each party. The internet need for digital verification have created additional requirements for verification. Given the appropriate use, electronic signature technology needs to be capable of addressing this risk.
Security. Electronic storage and communications create security risks that are not independent of e-commerce issues. Risks of loss and interception are present during transmission over the open architecture of the internet. Stored digital messages must also be protected after they are received. In today's environment, copies of documents can be made and disseminated in an instant, and database and server environments, which can often make sensitive information widely available. (Hillison, et.al, 2001)
Technical Aspects and Examples of Encryption
Encryption is typically approached through the use of two schemas, private key encryption and public key encryption.
Private Key encryption. The sender signs a document and the receiver verifies the signature using a single key that is not known publicly. The cipher, or decoding sequence is public knowledge. Under this scenario, if Paul wants to send Sally an encrypted message, he uses a key to encode the message and transmits the message to Sally. Sally uses the same key to decode the message, and no other key will work. The encryption process works because one key fills both-functions and only Paul and Sally know the key. Therefore the validity of the message is confirmed, and the message must have come from Paul.
The possibility that others can gain access to the key can undermine confidence in the authentication process. But if the key is kept private between the sender and recipient, then both security and authentication are preserved because any message can be understood only by someone who possesses the appropriate key. In this case, the shared secret code is not based on the cipher algorithm, but on the key that must be used with the cipher to encode and decode the message.