With the large growth of the Internet, has come an exciting promise for businesses, governments and consumers, dealing with the way that we use our computers and how we deal with sensitive information. Cryptography: defined as the study of mathematical techniques, related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication (Menezes 4); is shaping the way that information is safely and securely transmitted over the Internet. The list of items that may contain sensitive information is quit large.
This list has items in it such as:
• Credit Card Information
• Social Security Numbers
• Private correspondence
• Military correspondence
• Bank account information.
The need for a secure method to transmit information is very important in today’s world. The most secure forms of protection are known as encryption, the process of encoding information in such a way that only the person(s) who know the key, or code are able to view such information (Tyson 2). There are two main types of computer encryption. The first and least secure method is known as Symmetric Key Encryption. The second and most secure method is known as Public Key Encryption.
Both methods work using the same basic principle. Each character is designated by a random Prime number, and then is multiplied by another fixed prime number. The two computers that are talking to each other are then able to factor out the numbers by knowing the keys or the values for those prime numbers, and what they are multiplied by, in order that they may decipher the code. A simple example of this is given by Arcticsooft, who is a company that specializes in encryption languages.
For the set of all the letters in the alphabet {a.b.c.e…x.y.z}, let each letter be represented by the set of the first 26 prime numbers {2.3.5…..89.97.101}: now again assign a key value to multiply against. The key value remains the same for every letter of the alphabet and is also a prime number. The only difference between the example and a real world application is that the real world applications are going to use the numbers in binary form and the numbers will be very large such as 128 bit numbers. Using such large numbers makes it very difficult to factor out the two prime numbers, and figure out what the key is.
Symmetric Key Encryption is the least secure method of encryption due to the fact that the two keys required to factor the numbers are both public keys, Which means that both values are readily available, assuming that someone knows where to look for it. This type of information protection is generally acceptable for the mainstream population, to use with email, and other simple information transfers. Public Key Encryption is a more secure method of concealing sensitive information. This is because only one of the two keys required to compute the problem, are available to the public. The other key is private and is not shared with anyone. So even if someone knows one value and one of the keys it is still very difficult and time consuming to factor out the other values.
However cryptography is not fool proof. No one can guarantee one hundred percent security a good cryptographic system strikes the balance between what is possible and what is acceptable (Schneier 3). A major reason for this is that those assigned with the task of encryption; they must try and block every angle of attack upon their code. Whereas those people trying to break the encryption; all they have to find is one mistake, or a backdoor into the encryption. There are two different types of attacks on encryption and protocols.
“1. A passive attack is one where the adversary only monitors the communication channels. A passive attacker only threatens the confidentiality of information.
2. An active attack is one where the adversary attempts to delete, add, or in some other way alter the transmission on the channel. An active attacker threatens data integrity, and authentication as well as confidentiality.”(Menezes 41).
Strong cryptography can withstand targeted attacks until a certain degree of intensity has been reached. Even the most current algorithms created for computing these numbers are not fool proof.
The keys referred to in the above paragraphs are Hash Values. A hash value is a value that is computed from base input number and an algorithm.
Example (Tyson 4):
• Input number: 10,667
• Hashing Algorithm: Input number multiplied by 143
• Hash value: 1,525,381
As is evident by this formula it is very difficult to factor out the two numbers and get the multipliers to find the value of the input number. Public Key Encryption follows this basic principle just with much larger prime numbers. These numbers are usually upwards of 128 bit numbers, or a number with a possible value of 2^128.
Example (Menezes 71)
• Inputnumber: 3,402,823,669,209,384,634,633,746,074,300,000,000,000,000,000,000,000,000,000,000,000,000.
Using the fastest computers in the world it would take weeks to factor out one character. That is how the information is protected. By using extremely large input values and hashing algorithms; the encryption system is made safe by its simple complexity. The algorithms are basic in theory. However with the use of such large numbers, it makes it very difficult to factor out the values without knowing either the input value or the hashing algorithm.
In conclusion, there is a great need for a secure way to transfer data and information safely over the Internet. While cryptography is not perfect, its strengths out way its weaknesses. As the amount of information sent over the World Wide Web increases so will the need for a safe and secure method of encrypting that information.
_______________