Term Paper: Internet Encryption the Growing Sophistication

Pages: 15 (4113 words)  ·  Bibliography Sources: 0  ·  Level: College Senior  ·  Topic: Education - Computers  ·  Buy This Paper

SAMPLE EXCERPT:

[. . .] A more secure variant of DES, called Triple DES (which contains 112- or 128-bit keys), is now in wide use in the private sector. (Hillison, et.al, 2001) According to government officials, DES may be soon replaced: In October 2000, the U.S. Department of Commerce announced an encryption algorithm named Rijndael as the proposed new Advanced Encryption Standard (AES). If the AES development process proceeds as has been planned, the new encryption standard should be completed during the summer of 2001. Rijndael will be released as an unclassified, royalty-free, and publicly available encryption process for use and export anywhere in the world. (Hillison, 2001)

Public key (asymmetric) encryption

Unlike private key cryptography, public key cryptography uses a cipher with two unique keys. The two keys are mathematically designed such that one key encrypts the message but cannot subsequently decrypt it. The second key decrypts the code and reveals the message. Additionally, the first key can decrypt only a message encrypted with the second key. This approach to encryption increased the security of the transmission, because the first key cannot be deduced by knowing the second, or vice versa.

The two-key set is used to create unique electronic signatures as follows: The first key can be a signing key that is kept private and the second key can be a validation key available in the public domain. For example, in this scenario, Paul can encrypt a message to Sally using his private key, and Sally can decrypt only with Paul's public key. Paul can also send messages to Tom, Mary, and any other of his staff, and as long as they have access to the public key, all members in the communication chain can decrypt the message, and be sure of the authenticity. As long as the private signing key is kept private by Paul, the integrity of the process can be virtually assured and Sally knows that Paul has signed the message, and that the message has not been received by others during transmission.

In this case, every digital signature is unique to the document for which it was created because it is signed with the authors own key. The process prevents a forger from digitally signing a document and masquerading for another sender, or substituting one document for another. As long as the receiving party can gain access to the public key, the authenticity objective can be met. The level of security provides is determined by the length of the key. Given a key of sufficient length, public-key cryptography can provide protection similar to that of private-key techniques but without the drawbacks of the shared-secret method. (Hillison, et.al, 2001)

Electronic Signatures

Traditionally, a signature is any mark made with the intention of authenticating a specific document. Ling understood by the public is the uniqueness of each person's hand written signature. As documents become increasingly more digital in their origin, the changes in technology have required a reinvention of how to sign electronic documents in order to create the same level of validity confidence with a digital document. Rapid advancement of electronic signature technology as described above implies a need for continual evaluation of related control methods. Two of the current categories of electronic signature technologies are the cryptographic and the noncryptographic.

These approaches are primarily designed to limit identification and authentication risks. Cryptographic methods, in some cases, provide the controls necessary to meet the risks of non-repudiation as identified above, and of personal security. Virtually all noncryptographic and some cryptographic technologies rely on the "shared secret" method - that only the parties to the transaction or communication know the shared secret. When the sender includes the shared secret, then the receiver knows that it can only represent a communication from the sender. Thus, the communication can be considered signed, and the receiver holds the confidence of this validated communication. Although the shared secret method has proved effective in many circumstances, the technique has a number of weaknesses:

The parties must first have a prior relationship to establish the shared secret.

The shared secret must remain known only to the two parties. Without face-to-face contact, establishing the validity of the provided shared secret is often difficult.

Certain cryptographic controls can control authentication as well as nonrepudiation and security risks. In general, a highly secure e-commerce implementation will combine both noncryptographic and cryptographic technologies. (Hillison et.al, 2001)

Regulatory issues related to digital encryption

Advancing encryption technologies, and the increased demand for the same is creating a dilemma for the federal government. While current laws require that a burden of proof be established before a search warrant, or the right to place a wire tap is issues, the federal government is currently able to monitor radio wave-based communications. The NSA has long been thought to be able to monitor millions of conversations daily as they search for key words which could alert them to terrorist, or other illegal activity. With the growing demand for widespread encryption technology, the government is facing the elimination of their ability to perform what they consider as vital national security function.

The Brooks Act authorizes the Department of Commerce to research and recommend data processing standards for the federal government.(International Security Assistance and Arms Export Control Act, 1976) Pursuant to this authority, the Department of Commerce issued the government's first encryption standard, the Data Encryption Standard, (DES) for use in protecting unclassified computer data and communications.

Although the DES algorithm was developed by IBM, as part of the approval process, it had to be submitted to the NSA for approval. The interaction between the computer giant and the government agency left many wondering if the encryption had not been either watered down by the NSA, or if the NSA had written their own back door into the encryption methods to enable them to be able to decrypt messages at will. The result was a basis for future suspicions concerning the NSA's role in the development of encryption.(Flynn, 1995)

Bringing this debate into the present the increasing demands for widespread encryption usage has again places the government agency on opposite sides of the issue from encryption developers. On February 9, 1994, when National Institute of Standards and Technology, (NIST) announced the federal Escrowed Encryption Standard (EES), this simmering debate over encryption policy in the United States boiled over once again. Public interest groups argued that the nationally devised standard would jeopardize an individual's privacy. U.S. multinationals voiced concerns that the government would undercut private encryption technology, and limit their choice of encryption products which became available in the marketplace. Computer software groups claimed that EES lacked commercial appeal. The law enforcement and national security communities weighed in, and countered that the interests of national security required the adoption of EES.

The source of the conflict is that the new standard provided a mandated back door for the government to be able to break into the encoded transmissions. Until recently, the government has enjoyed monopoly oversight over its development and use, but with the increasing demands of the market, the government is in competition for the rights, and the abilities to create, send, and review encrypted information. And the government doesn't like to compete with the private sector. (Flynn, 1995)

Encryption - the need for security vs. The requirements of freedom

In the same way the need for a central government is balanced by the U.S. constitution, the need for government control and oversight of encryption technology also must be dynamically balanced by the guaranteed freedom of U.S. citizens. The following statements, made during congressional hearings regarding internet security issues describe these opposing interests. Presenting the case of freedom is Phillip Zimmerman, the creator of one of the most successful commercial encryption technologies.

When making public policy decisions about new technologies for the government, I think one should ask oneself which technologies would best strengthen the hand of a police state. Then, do not allow the government to deploy those technologies. This is simply a matter of good civic hygiene."(Online Security Issues, 1996)

Phillip R. Zimmermann, creator of "Pretty Good Privacy" encryption standard. (PGP)

On the side of the government, and presenting the governments need to monitor communications as a function of protecting the country is Louis Free, acting director of the FBI.

Thank you Mr. Chairman and members of the Committee for providing me with this opportunity to discuss with you an issue of extreme importance and of great concern to all of law enforcement, both domestically and abroad -- the serious threat to public safety posed by the proliferation and use of robust encryption products that do not allow for timely law enforcement access and decryption." (The creation of online commerce, 1997)

Louis J. Freeh, Director, Federal Bureau of Investigation

This debate on encryption export controls, or encryption control which is in the hands of any one other than the government, is an ongoing exercise in balancing these two viewpoints. With the Internet's… [END OF PREVIEW]

Four Different Ordering Options:

?
Which Option Should I Choose?

1.  Buy the full, 15-page paper:  $26.88

or

2.  Buy & remove for 30 days:  $38.47

or

3.  Access all 175,000+ papers:  $41.97/mo

(Already a member?  Click to download the paper!)

or

4.  Let us write a NEW paper for you!

Ask Us to Write a New Paper
Most popular!

Computers Internet Computer Technology Term Paper


Mara Salvatrucha and 18th Street Gangs: Threat to National Security? Thesis


Dependable Distributed Computing Term Paper


SPAM Filtering Term Paper


Managing Information Technology Term Paper


View 10 other related papers  >>

Cite This Term Paper:

APA Format

Internet Encryption the Growing Sophistication.  (2004, March 13).  Retrieved April 20, 2019, from https://www.essaytown.com/subjects/paper/internet-encryption-growing-sophistication/2726373

MLA Format

"Internet Encryption the Growing Sophistication."  13 March 2004.  Web.  20 April 2019. <https://www.essaytown.com/subjects/paper/internet-encryption-growing-sophistication/2726373>.

Chicago Format

"Internet Encryption the Growing Sophistication."  Essaytown.com.  March 13, 2004.  Accessed April 20, 2019.
https://www.essaytown.com/subjects/paper/internet-encryption-growing-sophistication/2726373.