Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Do you need encryption

advertisement 
Do you need encryption?
By
Dr. Francisco Eduardo Rivera
Federal Aviation Administration
ATO-E (AUA-6)
800 Independence Ave. SW
Washington DC, 20591
(202) 385-8309
Francisco.rivera@faa.gov
SALT Washington Interactive Technologies 2004
Arlington, Virginia – August 18-20, 2004
ABSTRACT
In the information society we live in, everybody needs to record confidential information.
The quantity of confidential information depends on the assets you have and your job.
Particularly, many web sites require you to have a login name and a password to enter in
to the site and require you to change them often. In fact, some of the web sites even let
you make transactions. To keep confidential information on paper is not a viable solution
because, it is easier to lose, hard to recover, clumsy to store, and changes frequently.
Lastly, once found, anybody can see it and use it. The solution is to store this
information in a computer, on a disk or in a Personal Digital Assistant (PDA); and of
course to encode it secretly, that makes the information encrypted. The need to protect
confidential information is becoming a priority due not only to direct hackers but also
because of the latest phenomenon -- identity theft. In this article we examine the meaning
of encryption and its relevance for a common user. We review the different techniques
for encryption and how secure they are, in a non-mathematical language. We also review
different strategies to manage this confidential information using some common
commercial software.
STRUCTURE
We want to write this article in a non-technical language and of course far to use
mathematics, although we can just say that Cryptology is a Mathematical based
Computer Science and when we say Mathematics is with Upper case and can be very
complex. In fact is a speciality that is offered in some PhD programs such as University
of Maryland, or the Central European University. There are many research centers,
companies and gubernamental organisms such Department of defense, National Security
Agency, or Homeland Security dedicated to the study of Cryptology. So we are not going
to enter into the many complexitities of this field and try just to answer if for a normal
user like you or me is Encryption a need and a suitable tool. Cryptography has a long
history by which humans transmitted secretly messages from Romans to Aztecs, but
probably Cryptography acquiers its fame during the Second World War. In this War the
information (and misinformation) acquiered a special value to win the battles and finally
the war, with plenty of stories of spies and machines to decipher. Today thanks to the
Internet as a public, open network of data, it is the normal way in which we communicate
us, but the Internet is intrinsecally open not only in its standards but in its contents too. It
is a network of networks in which you do not know a priori where your messages are
going to pass through and these messages are needed to be repeated from one node to
another in this super-network. There is no direct way to keep secret something.
What is Cryptography or Encryption?
We must first attempt to define what are we undestand for Crypotography. Cryptography
is the Science and the process is called Encryption. Cryptography is undestood mainly as
the science (or the art) of “converting data into a secret code for transmission over a
public network.” (Techencyclopedia 2004). Thus Encryption is “the reversible
transformation of data from the original (the plaintext) to a difficult-to-interpret format
(the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes
its authenticity. Encryption uses an encryption algorithm and one or more encryption
keys.” (Techencyclopedia, 2004)
Encryption is transforming the data into an ureadable format and by definition it needs to
be reversivble in the sense that at the other end of the communication line (or network) it
can be decipher to obtain the message into plaintext again. The process is based on an
algorithm in order to repeat the process or to send other messages using the same process.
The algorithm can be very complex composed of several steps, combinations,
compressions, permutations, but in the last it can be described as a mathematical
transformation. We assume that only those who know the algorithm can decipher the
encrypted message. So the algorithm must be secret by definition. But if the algorithm is
secret how it can be studied? The only way is to create an algorithm that can be public
and can be customized to each user that is modified but not in its structure and only in the
way in which it is applied. This is why it was invented the “key” which is a secret
“small”code that applied to the general algorithm can transform the algorithm in an
unique way such that the results of applying the same algorith with different key produce
different results and that cannot be deducted.
In the modern cryptography is thus always associated the encryption algorith with a key.
Nevertheless “encrypted messages can sometimes be broken by cryptanalysis, also called
codebreaking” (Webopedia, 2004) that helps to decipher the message. This is the main
problem of Cryptography how to avoid with a reasonable small (fast, finite, etc.)
algorithm to produce an encryption that is unbreakable.
Anyway, modern encryption techniques can be reasonable unbreakable. And although
you can invent your own algorithm that for you is very difficult, very probably it is not
difficult for many computer techniques to break code; including the intelligent trial and
error that repeated many times using a fast computer can decode your secret in a
reasonable short time. So do no try to re-invet the wheel, use one of the many well
proofed algorithms. The Clinton Administration enouraged “the use of strong encryption
techniques in commerce and private communication while protecting the public safety
and national security. It would be developed by industry and will be availbale for both
domestic and international use.” (Electronic Privacy Information Center, 1996)
Phishing is a technique that is currently being used by spammers, or more appropriately “scammers”, to
obtain, or “fish” for, private information of email consumers, particularly taking advantage of home email
users who do not have elaborate firewalls protecting them. Phishers are most commonly mining for bank
account numbers, social security numbers, and credit card information.
Security is the issue, Privacy in general and
confidentiality, integrity and sometimes its authenticity
Confidentiality is
Integrity is
Authenticity is
It is a Growing problem
Are there other alternatives to Encryption?
Password access
Password protecting files
Use a Vault. PGP Pretty Good Privacy
EFS
Ipsec
PPTP encryption
Do we need Encryption?
Encryption may be very complex. Ypou still need to manage keys secretly. If you want to
keep your procedures private, probably nobody can help you to retrieve your information.
What to do next?
References
Techencyclopedia, TechWeb a service of CMP, The Business Technology Network,
www.techweb.com, 2004.
Webopedia, a service of Jupitermedia Corporation. www.webopedia.com, 2004.
Electronic Privacy InformationCenter, Administration Statement on Commercial
Encryption Policy”, http://www.epic.org/crypto/key_escrow/wh_cke_796.html July 12,
1996.
Related documents
INFA 723 Applied Cryptography
INFA 723 Applied Cryptography
Description
Description
VideoCase08:_Security
VideoCase08:_Security
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
Hwk #11
Hwk #11
17.1 Case Study Worksheet1
17.1 Case Study Worksheet1
Test 2
Test 2
Notes16
Notes16
Download
advertisement