Cryptography

Cryptography

            Some data is very sensitive and therefore it has to be hidden away from parties who are not supposed to view it. In this age of computers, their capacity for transfer and retrieval of information may be exploited by other parties to gain access to confidential and potentially dangerous data. Therefore, measures have been taken to ensure that data is not accessed by others which is done by using several methods which, besides physical security, includes the use of encryption algorithms which are programs that change the way information looks by rendering it illegible.

Data encryption is an important part of computing and, if done properly, can provide the user with means through which data can be protected from other parties. Encryption is done in many areas including end point devices such as computer terminals and servers which store important information. As such, data encryption has been applied in the military, banking sector, in businesses and other areas which require secure storage and transfer of data. Data encryption is simply the change of raw data or ordinary information referred to as plaintext into indecipherable material called cipher text. The data can then be stored or transferred securely since it cannot be read by another party. If the data is to be accessed, a cipher, which is the pair of algorithms that encrypts and decrypts data, is used to decrypt the data. The data can then be read and it is therefore accessible only to those with the cipher.

In commercial uses, encryption helps businesses identify the client and the client can also identify the business over a long distance. Data is protected and non-repudiation of the message after the use of verification means that both the business and the customer are safe from exploitation by the other. Two methods are used for decryption by the commercial sources; private key encryption and public key encryption. In the private key scheme, the business and the user use the same kind of key. In the public key encryption system, however, the user and the business use a different set of keys which means that the encryption and the decryption keys are different.

3DES stands for the Triple Data Encryption Standard which is a cipher program that applies the Data Encryption Standard (DES) thrice on data. The DES was developed in 1974 by IBM inventors and it was adopted as a US national standard in 1977. The 3DES is billions of times more secure than the original software but it is about three times slower, a small price to pay for its improved security[1]. The software encrypts the data the first time using a key; it is then decrypted using another key and then encrypted using a third key. This procedure is responsible for the slower speed of 3DES but its security is superior. When the decryption is being done, the cipher goes through the same steps but in reverse.

Diagram 1. Operation of 3DES

Source: Tropical Software, 2007.

With increases in the processing power of a computer and its growing cheaper and cheaper, the DES is becoming easier to break but the complexity of the 3DES makes it virtually impossible to break. Therefore the security provided by the 3DES cipher is far greater than the DES and almost impossible to crack with a relatively high performance computer. An important feature in the 3DES is its longer key length which makes it impossible to cut time through shortcuts as was possible while cracking DES.

The key is a secret parameter known to the users and without which one cannot access the data. There are about 72 quadrillion keys that could be used for encryption and for each message, a key is chosen at random from this large number which could serve as an illustration on the complexity of 3DES[2]. Though 3DES has these advantages, its reliability may come into question in future given the rapidly improving computer capability in the world and replacements have been suggested[3].

The 3DES takes an input of 64-bit keys from a key length of 192. The entered key is then broken down into three sub-keys. The information to be encrypted is broken down into 64 bit parts which are then encrypted using each sub-key. This complex procedure ensures that the data is safe from being accessed by other parties[4]. Therefore, the key is an important component of the data encryption process since it is the one that makes the data into a unique cipher text that cannot be accessed by other individuals and it is also applied while decrypting the data. The key in computers is measured in bits and if an individual knows the algorithm but does not know the key, the data cannot be accessed algorithmically since the key is a major component to its being decrypted.

The most common method for breaking a cipher is through brute-force attack where the possible combinations of the key are guessed and applied until the right combination is arrived at. Therefore, the longer the key the harder it would be to crack the code.

The personal involvement of Janet as shown by the message which asks her to personally transfer money to her own bank account is suspect. This is in view of the fact that Janet knows the key to Susan’s account and could have used it to transfer the money to her own account. Therefore, the bank could be using the private key encryption system in which the key is known to the business-in this case Janet and to the customer-Susan. The fact that 3DES requires that one knows the key to access information may be the clue to unraveling the truth. Since Janet is supposed to have the key for her to be able to operate Susan’s account on her end, it is apparent that she should be the first suspect over the transfer of the money. Also, since the money was transferred into her account, a motive is found which, coupled with her privileged knowledge of the account’s key, should be evidence enough for convicting her.

If the bank is to continue using 3DES, it has to change its policies since the cipher has been shown to be relatively secure from attacks and thus the bank’s policies could be the source of these failures. These policies will be aimed at managing the knowledge of the keys of various clients. The only weak point for 3DES is the key and thus the key’s identity should be protected. This can be managed through different methods which would ensure that it is not accessible to the employees or if it accessible, it cannot be used fraudulently. Therefore, the bank could also change its transfer policies to ensure that employees do not send clients money to themselves.

The bank could change its key encryption method into the public key encryption method which would ensure that the staffs, including Janet, do not know the key to operate an account as customers would. The bank could also introduce digital signatures which are implemented through the public key encryption. In this mode, the message is passed through a cryptographic function which calculates the message digest and then it is encrypted using the public key.

Any changes in the format of the message that is sent by the client could generate great changes in the message digest received by the business and, therefore, it would be easy for the bank to ascertain the authenticity of the client. Also, the problems such as those experienced by Megagargantuan Bank and Trust could be avoided since the staff would not know the key of the client and thus they would not act on their behalf. The bank could also make illegal any transactions made by the staff on behalf of the clients as a policy change. Through this barring, they would not be expected to transfer money on behalf of the clients as did Janet and thus clients would be safe from any type of exploitation.

If used correctly, encryption could be useful to businesses which work online such as Susan’s bank, Megagargantuan Bank and Trust. The encryption, however, should not come alone and its use should be accompanied by changes in the policies and regulations in an organization since it could be misused for personal benefit as shown by the case of Janet. Through these policies, the organization could also be able to protect itself from clients who could exploit it. Since the encryption software 3DES has been shown to be formidable in its protection of data, its soft points such as the encryption key should be looked into and methods established for its protection. The use of public encryption keys coupled with vigilance over employee behavior on the part of the business could help establish a relatively safe environment for business to thrive. Through these methods and the constant upgrade of encryption software as well as changes in the keys used, the business would be able to protect its interests and its customers’ interests and thus bring about an environment that could increase its success.

 

 

 

 

 

 

Notes



[1] Tropical Software (2007). Triple DES Encryption. Retrieved 27 September 2009 from, http://www.tropsoft.com/strongenc/des3.htm

[2] Biasci, L. Granum, L. & Rundatz, F. (10 Jul 2006). Data Encryption Standard. Retrieved 27 September 2009 from, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213893,00.html

[3] Tropical Software 2007

[4]Lay Networks (2008). DES Explanation. Retrieved 27 September 2009 from, http://www.laynetworks.com/users/webs/des.htm

 

Bibliography

Biasci, L. Granum, L. & Rundatz, F. (10 Jul 2006). Data Encryption Standard. Retrieved 27 September 2009 from, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213893,00.html

Lay Networks (2008). DES Explanation. Retrieved 27 September 2009 from, http://www.laynetworks.com/users/webs/des.htm

ThinkQuest Team (1999). Basic Concepts in Data Encryption. Retrieved 27 September 2009 from, http://library.thinkquest.org/27158/concept.html

Tropical Software (2007). Triple DES Encryption. Retrieved 27 September 2009 from,

http://www.tropsoft.com/strongenc/des3.htm

Still stressed from student homework?
Get quality assistance from academic writers!

WELCOME TO OUR NEW SITE. We Have Redesigned Our Website With You In Mind. Enjoy The New Experience With 15% OFF