Add to collection(s) Add to saved
  1. Math
  2. Applied Mathematics

exp2010_w03_script_encryption

advertisement 
PUBLIC KEY ENCRYPTION AND DATA SAFETY IN THE
INFORMATION AGE
By Nancy Larson and Your Name
The Information Age
The current era in history has been dubbed “The Information Age.” Sharing information quickly and
electronically is the starting point of this moniker. An ever increasing amount of information is available
wirelessly through computer systems. Books are stored on Google’s servers. Wikipedia allows everyone
who registers to update the information. Educational institutions post research and grades online.
Corporations and organizations advertise on websites to advertise and inform. Medical groups maintain
records electronically. Access to information is critical for our progress. Restricting access on a “need to
know” basis is also critical.
The History of the Internet
What is now referred to as “the Internet” began as a defense department project to ensure continuous
communication for the military in the event of a nuclear war. The contract to construct the network was
awarded in 1968 and the network was physically constructed in 1969 with only four hosts.1 This network
could not yet be called a public source.
Throughout the next twenty years the network grew in range and was increased in speed. In 1981 the
National Science Foundation developed CSNET to allow research institutions to communicate through
50 Kbps lines. The system of naming domains was established by the University of Wisconsin and the
TCP/IP protocols were put in place in 1983. By the mid-80s, the demand for service on the network
increased and T-1 lines were implemented. Demand continued to increase and the development of the
next generation of lines (to be called T-3 lines) began immediately. These lines (at 45 Mbps) were
1
History of the Internet2010. 27 March 2010. <http://www.davesite.com/webstation/net-history.shtml>
available by 1990. Through the 1980s and 90s, the internet transitioned from a military and research
communication tool to a public communication tool.2
By the mid-1990s, companies were finding ways to market through the internet. Microsoft’s Windows
98 provided a source of standardized internet access to a large number of consumers, both business and
individuals. Other software companies followed suit. E-commerce was going strong, led by companies
such as Amazon. The former military network was now used by a majority of the public in the United
States.3 E-commerce brought the need for sharing private information securely from a public site.
Payment was usually made by credit card, so the number must be sent through the internet. The use of
electronic records, accessible from multiple locations, has required a secure system which can transfer
larger packets of information securely. These records are used in many fields, including education,
banking and medicine. How are these records protected?
Protecting Data
Transferring data is possible because computers handle all information numerically. The letters of the
alphabet are matched to numbers in a code referred to as ASCII. (See the table in Appendix A.) Each
letter and number symbol is represented by a number. The computer does not use “E”. It uses 069. For
“e” the computer uses 101. The complete table is in the appendix. Since all data is represented by
numbers, performing calculations on the numbers hides the data. The technique that is most commonly
used for this is called public key encryption.
Founders of Public Key Encryption
2
Zakon, Robert. Hobbes' Internet Timeline. 1 January 2010. 25 March 2011
<http://www.zakon.org/robert/internet/timeline/
3
Howe, Walt. A Brief History of the Internet. March 24, 2010. Retrieved March 27,
2011.<http://www.walthowe.com/navnet/history.html>.
A trio of mathematical researchers proposed an asymmetric cypher in mathematical literature in 1976.4
These researchers were Whitfield Diffie, Martin Hellman, and Ralph Merkle and the asymmetrical
cypher became known as public key encryption. The paper published at that time provided a means of
encryption, but the cypher to the encryption (the means to return the coded data to the original) would
have to be transferred to the recipient of the communication. The transfer of the information that
would break a code was a weak point in the encryption technique. Intercepting the cypher would allow
the breaking of the code. But the paper published by Diffie, Hellman and Merkle proposed that an
asymmetric function would solve this problem. There was only one drawback; no one knew of an
asymmetrical function.
A group of researchers for MIT, that were located in East Africa, were determined to make the
asymmetric function a reality. Ronald Rivest, Adi Shamir, and Leonard Adleman tried ideas and
discarded them for over a year. Leonard Adleman was the mathematician of the group. Rivest and
Shamir were creative thinkers. They made a good team. Rivest and Shamir proposed ideas. Adleman
found the fallacy in their proposals. Little time was wasted on ideas that would not work. In April 1977
Rivest proposed a solution that Adleman could not refute. 5
In August, 1977, Martin Gardner announced RSA public key encryption in the Games column of
Scientific American. (Gardner) The underlying premise of public key encryption is that the person
receiving the information will choose two large prime numbers. (Prime numbers are those that can be
evenly divided only be itself and one.) These two prime numbers are the private key. The product of
these two primes, resulting from multiplication of the two prime numbers, is the public key. 6
Data Safety
4
Singh, Simon. The Code Book. New York: Random House, 1999.
5
Singh, Simon. The Code Book. New York: Random House, 1999.
6
Singh.
Are credit card numbers safe with a basic set of calculations like this? Are medical records secure? All
the hacker would have to do is find one prime number that is a factor of the public key, and the second
number will reveal itself, too. Luckily, it isn’t as easy as that. Martin Gardner, in the article that first
announced public key encryption, challenged his readers to decode a cyphertext using a public key of
129 digits that he printed in the article.7 Eighteen years later a group of 600 volunteers was able to
break the encryption by factoring the public key. The group split the job into parts and used the
computers and supercomputers in a parallel effort to succeed. One other point must be considered. The
public key in this example was 129 digits. Many are 300 digits in length, vastly complicating the
factoring. (Singh) Public key encryption makes other forms of hacking more appealing than breaking the
key for encryption.
Locating the Public Key
Everyone who has purchased products online has used public key encryption. The computer user
doesn’t need to enter the number. The public key is sent to the computer sending information by the
computer that will receive the information. For the user it is invisible. The visible signals that encryption
is in place are a padlock at the bottom left of the browser window and/or a web address that starts
https:// indicating a secure site.
The public key can be regenerated as often as it is needed. How often that occurs is determined by a
company’s security protocols. Based on prime numbers, the encryption has a large number of
possibilities. The number of prime numbers is at this time limited, but the total number of prime
numbers has been proven to be infinite. If, or when, a better method of finding prime numbers is
developed, the flexibility of public key encryption will increase.
Usernames and Passwords
7
Gardner, Martin. "A new kind of cypher that would take millions of years to break." Scientific America
August 1977: 120-124.
Internal company websites, intranets, and emails often require a specific login, usually requiring a
unique username and password for each individual. These websites will also use public key encryption
when these passwords are transmitted. The double layer of encryption provides more security for the
protection of proprietary information, personnel information and other information that the
corporation wishes to protect. These types of security measures are also used for controlling access to
medical and school records.
The choice of password also influences the level of security. Some corporations are now requiring
sixteen characters in the passwords with upper and lower case letters and numbers included in every
password. Some security software will check the password for recognizable words, names and phrases.
These weaken the password and are rejected by the security software. Randomly generated passwords
are harder to break. However, passwords that are randomly generated are usually more difficult to
remember. When the password is hard to remember, people are inclined to write it down, or save it on
their computer. This reduces security. Choosing the length and security of passwords is a balancing act.
The Future of Security
The security issue will need to be constantly updated as the criminals become more adept at decoding
or stealing the information to break current security measures. Public key encryption will be a strong
part of network security for a long time in the future. The ability to access data from multiple locations
provides more accurate medical records for the benefit of both doctors and patients, provides parents
and students the opportunity to monitor grades throughout the school year and provides online banking
and financial services at any hour of the day. This is the expected standard in the twenty-first century.
Appendix A
Table 1: ASCII Codes
Sample ASCII codes
ASCII value
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
Character
0
1
2
3
4
5
6
7
8
9
:
;
<
=
>
?
@
A
B
C
D
E
F
G
H
I
J
ASCII value
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
Character
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
[
\
]
^
_
a
b
c
d
e
ASCII value
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
Character
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Prime Numbers
2
13
31
53
73
101
127
151
179
199
233
263
283
317
353
383
419
443
467
503
3
17
37
59
79
103
131
157
181
211
239
269
293
331
359
389
421
449
479
509
5
19
41
61
83
107
137
163
191
223
241
271
307
337
367
397
431
457
487
521
7
23
43
67
89
109
139
167
193
227
251
277
311
347
373
401
433
461
491
523
11
29
47
71
97
113
149
173
197
229
257
281
313
349
379
409
439
463
499
541
Related documents
exp2010_w03_script_encrytption_solution1_LastnameFirstname
exp2010_w03_script_encrytption_solution1_LastnameFirstname
Description
Description
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
Hwk #11
Hwk #11
Generic encryption
Generic encryption
2_23
2_23
Security Strategy
Security Strategy
Electronic Data Encryption Policy 2015
Electronic Data Encryption Policy 2015
Download
advertisement