Professional Documents
Culture Documents
Encryption
Structure
8.1 Introduction
Objectives
8.2 Cryptography
8.3 Encryption
8.4 Digital Signature
8.5 Virtual Private Network
8.6 Summary
8.7 Glossary
8.8 Terminal Questions
8.9 Answers
References
8.1 Introduction
In the previous unit you learnt about security in electronic unit. In this unit, you
will learn about encryption. Encryption is an important cryptography technology
used to transform information using an algorithm to make it unreadable to anyone
except those possessing special knowledge (usually referred to as a key).
Cryptography is the science of writing in a secret code is called cryptography.
Since long, encryption is being used by militaries and governments to facilitate
secret communication as there are several instances of data in transit being
intercepted in recent years. Encryption is also used to protect data in transit,
i.e., data being transferred via networks (such as the Internet and e-commerce),
mobile telephones, wireless microphones, wireless intercom systems, Bluetooth
devices and bank automatic teller machines. Encrypting data in transit also
helps to secure it as it is often difficult to physically secure all access to networks.
Objectives
After studying this unit, you should be able to:
Define cryptography and describe the purposes of cryptography
Summarize the role of encryption in message security
Discuss the various methods of encryption
Identify the various features of digital signature
Discuss the role of virtual private network (VPN) in encryption
E-Commerce
Unit 8
8.2 Cryptography
Cryptography is derived from the Greek words kryptos (hidden, secret) and
grph (I write). It is the practice and study of hiding information. Cryptography
is today considered a branch of both mathematics and computer science, and
is used extensively in information theory, computer security and engineering.
Cryptography is used in applications which require security of data, such as in
the case of ATM cards, computer passwords and electronic commerce.
E-Commerce
Unit 8
(Decrypted Form)
Plain Text
Algorithm
Cipher Text
Algorithm
Plain Text
Goods
Iqqfu
Goods
Sales
rzkdr
Sales
Self-Assessment Questions
1. Fill in the blanks with appropriate words.
(a) The science of writing in a secret code is called_____________.
(b) _____ is a cryptography technology to scramble (encrypt) the data
with a key so that no one can make sense of it while it is being
transmitted.
(c) _______ is an intelligible message that needs to be converted into
an unreadable message or encrypted message.
8.3 Encryption
8.3.1 Methods of Encryption
There are three types of cryptography or methods of encryption:
Secret key or private key or symmetric key cryptography
Public key or asymmetric key cryptography
Hash function
Sikkim Manipal University
E-Commerce
Unit 8
Encrypted
Message
Secret Key
Encrypt
Internet
Encrypted
Message
Original
Message
Secret Key
Decrypt
E-Commerce
Unit 8
2. Triple Encryption
As discussed, the DES is a block cipher and employs shared secret encryption.
But, nowadays DES is considered unsafe for various applications primarily due
to the 56-bit key size which is too small. Triple DES is considered as an improved
version to overcome many of the shortcomings of DES. The triple encryption
technology is based on DES and is sometimes referred as Triple DES or 3DES.
The event follows an Encrypt-Decrypt-Encrypt (EDE) sequence. Decrypt
sequence is just the same encrypting operation with the keys reversed. It is
based on the DES algorithm and can easily modify the existing software to use
Triple DES. It has a longer key length that helps in eliminating many of the
shortcut attacks used to reduce the amount of time it takes to break DES. Thus,
Triple DES is considered as an exceptional and dependable option to fulfill the
security requirements of highly sensitive information.
Triple DES mode of operation takes three 64-bit keys for an overall key
length of 192 bits. In Private Key Encryption, the user can just type in the complete
192-bit (24 character) key rather than entering each of the three keys individually.
The procedure for encryption is exactly the same as regular DES, but it is repeated
three times. The data is encrypted with the first key, decrypted with the second
key and finally encrypted again with the third key (Refer to Figure 8.2).
E-Commerce
Unit 8
Original
Message
Encrypted
Message
Public Key
Encrypt
(Cipher Text)
Internet
Encrypted
Message
Original
Message
Private Key
Decrypt
(Cipher Text)
E-Commerce
Unit 8
Encrypt
(Hash function Message digest)
Digital Signature
With senders private
key
Sender
Receiver
Self-Assessment Questions
2. State whether the following statements are true or false:
(a) In secret key cryptography, only the sender possesses the same
key to encrypt and decrypt the data.
(b) Data Encryption Standard (DES) is an example of public key
cryptography.
(c) Triple DES mode of operation takes three 64-bit keys for an overall
key length of 192 bits.
(d) Data encrypted with a public key can only be decrypted with a private
key.
Sikkim Manipal University
E-Commerce
Unit 8
E-Commerce
Unit 8
Certificates authority
Certificates authority is an organization or institution that issues digital certificate
to companies and organizations that are accessible via the Internet. These
certificates are issued for a certain period of time and are used as an assurance
of the security of a website. It is also known as trusted third party. CAs form
characteristics of many public key infrastructure (PKI) schemes. There are many
commercial CAs that charge for their services. There are also several providers
issuing digital certificates to the public without any cost. Generally, institutions
and governments have their own CAs.
Certificates authority issues digital certificates that consist of the
identification details of the owner and his public key. The corresponding private
key is in a similar manner not made available publicly, but kept as a secret by
the end-user, who generates a key pair. The certificate also acts as evidence by
the CA such that the public key contained in the certificate is related to the
person, organization, server or other entities noted in the certificate. If the user
believes in the Certificate Authority (CA) and is able to validate the CAs signature,
then he can also validate the requirement of a certain public key that belongs to
whoever is identified in the certificate.
Digital certificate
A digital certificate serves as an electronic identity card that establishes the
users credentials when business deals are transacted across the Web. A digital
certificate is defined as a method to electronically verify for authenticity. The
digital certificate is just like an identity card, such as a drivers license. Digital
certificate is issued by a number of certificate authorities; it is used to prove that
a website, or a visitor to a website, is the entity or person they claim to be; An
electronic credential issued by a certification authority to establish the identity
of an organization when doing business on the Internet.
Contents of digital certificate
A digital certificate contains the following details:
Certificate Holders Name, organization and address.
The name of certificate authority who has issued this certificate.
Public key of the holders for cryptographic use.
Time limit, these certificates are issued for durations of six months to a
year.
Digital certificate identification number.
Sikkim Manipal University
E-Commerce
Unit 8
A digital certificate contains a public key that is used for encrypting messages
and digital signatures. It also has the digital signature of the certificate authority.
By this signature a recipient can verify that the certificate is genuine. Sometimedigital certificates conform to a standard, X.509. It can be kept in registries so
that authenticating users can look up other users public keys.
Integrity
Integrity is the basic requirement of a highly dependable identity infrastructure.
Identity systems serve the purpose of exchanging credentials as well as
messages and transactions pertaining to attributes, provisioning of information
and other data. Integrity builds a trust that the contents have not been tampered,
which is important in this environment. To understand this better, let us take an
example of a document that represents identity credentials. It is important to
validate the authenticity of the credentials to be sure of their originality.
Non-repudiation
Non-repudiation is the activity of presenting of tamper-proof evidence proving
that a message was sent or received. Critical identity-related acts should be
protected even though the messages or transactions can be disputed. For
understanding this better, let us take the instance of two people, Nadia and Joe,
who are exchanging messages. In one case, Nadia denies sending a message
to Joe that he claims to have received. The ability to counter Nadias denial is
called Non-repudiation of Origin (NRO). In the second scenario, Nadia claims
to have sent Joe a message that he denies having received. Provision of evidence
to counter Bobs claim is called Non-Repudiation of Receipt (NRR).
E-Commerce
Unit 8
Activity 2
Search on the Internet for the term digital signature and find out how it
ensures non-repudiation of data.
Self-Assessment Questions
3. Fill in the blanks with appropriate words.
(a) ______ are used to authenticate e-commerce business transactions.
(b) A ______ service issues timestamps which associate a date and
time with a digital document in a cryptographically strong way.
(c) A _____ is defined as a method to electronically verify for authenticity.
E-Commerce
Unit 8
VPN was not the first technology to make remote connections. Leased
lines, such as ISDN (integrated services digital network, 128 Kbps), are private
network connections that a telecommunications company could lease to its
customers. Leased lines provided a company with a way to expand its private
network beyond its immediate geographic area. These connections form a single
wide-area network (WAN) for the organization. Though leased lines are reliable
and secure, the leases are expensive, with costs rising as the distance between
offices and work places increases.
Self-Assessment Questions
4. State whether the following statements are true or false:
(a) A virtual private network (VPN) is a network that uses a private
communication infrastructure.
(b) The goal of a VPN is to provide the organization with the same
capabilities, but at a much lower cost.
8.6 Summary
Let us recapitulate the important concepts discussed in this unit:
The science of writing in a secret code is called cartography. It is supposed
to have been first used as far back as 1900 BC by an Egyptian scribe.
Encryption is a cryptography technology to scramble (encrypt) the data
with a key so that no one can make sense of it while it is being transmitted.
Encryption is a method by which plaintext can be converted into a
ciphertext.
Decryption is a method by which a ciphertext can be converted into a
plaintext.
In secret key cryptography, both the sender and the recipient possess the
same key to encrypt and decrypt the data.
Data Encryption Standard (DES) is a block cipher based scheme which
encrypts a 64 bit data block using a 56 bit key. The block is transformed
in such a way that it involves 16 iterations.
Public key cryptography operates on a double key, called pair key, one of
which is used to encrypt the message and the other is used to decrypt it.
Sikkim Manipal University
E-Commerce
Unit 8
8.7 Glossary
Cryptography: The science of writing in a secret code
Encryption: A cryptography technology to scramble (encrypt) the data
with a key so that no one can make sense of it while it is being transmitted
Intruder: Any person who does not have the authorization to access the
network or the information
Plaintext: An unreadable message that needs to be converted into an
intelligible message or encrypted message.
Ciphertext: A message in an encrypted form.
Hash function: is a formula that converts a message of a given length
into a string of digits called a message digest.
Non-repudiation: is the activity of presenting of tamper-proof evidence
proving that a message was sent or received
E-Commerce
Unit 8
8.9 Answers
Answers to Self-Assessment Questions
1. (a) Cryptography; (b) Encryption; (c) Plaintext
2. (a) False; (b) False; (c) True; (d) True
3. (a) Digital signatures; (b) Digital time stamping; (c) Digital certificate
4. (a) False; (b) True
E-Commerce
Unit 8
References
1. Turban, Efraim, Jae Kuy Lee and Michael Chung. Electronic Commerce:
A Managerial Perspective. Prentice-Hall, 1999.
2. Whitley, David. E-Commerce: Strategy, Technologies and Applications.
Tata McGraw-Hill, 1998.