Encryption History

1
Encryption - History

• Encryption or ciphers as old as communication
• Encryption in wartime - most famously the
  cracking of the Enigma code at Bletchley,
  Hertfordshire (Alan Turing and his team).
• Simple encryption involves substitution of
  letters for numbers, rotation of letters,
  scrambling.
• More complex use computer algorithms to rearrange
  the data bits in digital signals
• Contrast with checksums which detect
  modifications to a message

2
Encryption

• No encryption method is infallible
• Encryption frustrates attempts to gain access
  externally
• It makes the task too costly or too time
  consuming
• Information has a value and that value has a life
  span
• The cost of encryption is related to the value of
  the information that it is protecting

3
Security - Encryption

• Protection is provided by both the request and
  the document being sent being coded in such a way
  that the text cannot be read by anyone but the
  intended recipient
• No universal solution to encryption as there are
  different standards for coding or keys
• So we can have an encryption key (a lock) and a
  decryption key. The more complex the encryption
  algorithm - the more difficult to break

4
Diagram
server
Message is decoded
Message is coded
key
key
User sends message via server
Message is received
Data is transmitted to another server
5
Encryption

• Authentication system - everyone owns a unique
  set of codes (or keys)
• symmetric encryption - both the receiver and
  sender own the same encryption key
• asymmetric or public form of encryption
• One of the keys is a public key (duplicated lock)
• The second is a private key that is kept secret -
  message is sent with public key (lock) but can
  only be read with private key

6
Encryption

• The asymmetric/public key is like a certification
  that the sender is okay
• Most popular system of this type in use at
  present is RSA product BSAFE encryption
  technology
• RSA now include a digital certificate system
  (PKI)
• see article from computing
• see www.rsasecurity.com

7
Encryption keys

• Key length is important
• Why? Think about costs.
• Key length - embryonic at the moment Amazon using
  a 128bit key (top site) - most using 32bit/64bit
  key.
• See article about 512bit key attempted by Banks
  but broken!
• Hong Kong currently experimenting with 1k key

8
Why dont we just have big keys?

• There are naughty people in the world!
• The guys who think they are the good guys want to
  know what the bad guys are doing
• Political intervention, legislation and control
• Social tensions, international tensions and
  disagreements

9
Standards

• 3 main standards or protocols for secure
  transactions over the Internet
• SSL Secure Sockets Layer (most used Netscape)
• SET Secure Electronic Transaction
  (Mastercard/Visa)
• Digital signature technology

10
Standards

• SSL Provides encryption of http packets on TCP/IP
  routes between Internet hosts
• SSL has not been accessed by hackers so far
• SET is based on the idea of a digital certificate
  - the customer and the merchant identity is
  validated or certified
• Need for trusted agencies Who decides who is
  trustworthy?

11
Security/Fraud/error 404!

• How can you tell if a site is secure?
• Navigator uses SSL to determine whether you are
  surfing a registered secure site
• Which? Magazine have a webtrader stamp see
  www.which.net/webtrader

12
Security/Fraud/error 404!

• BT Trustwise/VeriSign label
• Global Business Dialogue trustmark stamp - see
  www.gbde.org
• www.eff.org - The Electronic Frontier Foundation
• www.webdeveloper.com