IMPLEMENTATION AND MANAGEMENT ISSUES
This section explores important issues that should be considered when de-signing, implementing, and integrating encryption to engage in electronic commerce.
Hardware versus Software Implementations
Encryption can be imple-mented in either hardware or software.
Each has its related costs and bene-fits. The trade-offs among security, cost, simplicity, efficiency, and ease of implementation need to be studied when acquiring security products.
In general, software is less expensive and slower than hardware, al-though for large applications, hardware may be less expensive.
In addition, software is less secure, since it is more easily modified or bypassed than some hardware products.
In many cases, encryption is implemented in a hardware device (such as a card/key entry system), but is controlled by software. This software re-quires integrity protection to ensure that the hardware device is provided with correct information (controls, data) and is not bypassed. Thus, a hy-brid solution of software and hardware is generally provided. Effective se-curity requires the correct management of the entire hybrid solution.
Key Management
All keys need to be protected against modification, and secret keys and private keys need protection against unauthorized disclo-sure. The proper management of cryptographic keys is essential to the effec-tive use of encryption for security. Key management involves the procedures and protocols, both manual and automated, used throughout the entire life cycle of the keys. This includes the generation, distribution, storage, entry, use, destruction, and archiving of cryptographic keys.
Ultimately, the security of information protected by encryption directly de-pends upon the protection afforded to keys.
With secret-key encryption, the secret key(s) must be securely distrib-uted (safeguarded against unauthorized replacement, modification, and disclosure) to the parties wishing to communicate.
Depending on the num-ber and location of users, this task may be difficult. Automated techniques for generating and distributing cryptographic keys can ease overhead costs of key management, but some resources have to be devoted to this task.
Public-key encryption users also have to satisfy certain key manage-ment requirements. For example, since a private/ public-key pair is associ-ated with (generated or held by) a specific user, it is necessary to link the public part of the key pair to the user. In some cases, the key may be linked to a position or an organization, rather than to an individual user.
In a small community of users, public keys and their II owners
II can be strongly bound by simply exchanging public keys.
However, business con-ducted on a larger scale, involving geographically distributed users, neces-sitates a means for obtaining public keys online with a high degree of confidence in their integrity and binding to individuals. The support for the binding between a key and its owner is generally referred to as a public-key infrastructure. This involves support for users being able to enter the com-munity of key holders, generate keys (or have them generated on their be-half), disseminate public keys, revoke keys (in case, for example, of compromise of the private key), and change keys. In addition, it may be necessary to build in time/date stamping and to archive keys for verifica-tion of old signatures.
Complying with Export Rules
A number of governments have regula-tions regarding the import or export of encryption. The V.S. government controls the export of cryptographic implementations because it considers them part of munitions. As a general rule, the V.S. government allows en-cryption to be used when: the data being encrypted is of a financial nature and the transaction is between known banks; the content of the data is well- defined; the length of the data is limited; and the encryption cannot easily be used for other purposes. The rules governing export can be quite com-plex, since they consider multiple factors. In addition, encryption is a rapidly changing field, and rules may change from time to time. Questions concerning the export of a particular implementation should be addressed to appropriate legal counsel.
Other Business Issues
Three problems deter widespread acceptance of encryption for public commerce. First, successful encryption requires that all participating parties use the same encryption scheme. Standards that make encryption feasible have to be established within an organization or a cooperating group (such as banks).
Second, the distribution of keys has prevented wider use of encryption, as there is no easy way to distribute the secret key to an unknown person on the network. The only safe way to communicate a key is in person, and even then the distributor must provide a different secret key for each per-son. Even public-key schemes require a method for key distribution.
The final deterrent to widespread acceptance of encryption is that it is difficult to use. For encryption to flourish, the encryption user interface must be simplified so that an average consumer can easily use the software. Currently, a consumer will not wait more than a few seconds for informa-tion access or retrieval. In the future, encryption will be done by fast hard-ware rather than software.
Legal Issues
As encryption becomes commonplace in the commercial world, employers will face the problem of producing documents that only certain employees can decrypt. Given labor force mobility, a company may be confronted with the task of producing documents encrypted by ex- employees who may not wish to cooperate.
Encryption raises a plethora of legal problems for corporations including: Will courts tolerate the production of pivotal evidence in encrypted form? Will a party’s counsel produce information or data without first hav-ing it decrypted, leaving the opposing counsel with the task of “cracking” the encryption?
On what basis could counsel claim such a data file was ir-relevant or privileged? Will the producer have the onus of contacting the ex-employee in the hope that the employee will remember the password necessary for decryption? Will the courts compel individuals to provide their passwords?
Imagine the operational problems if all employees routinely used en-cryption and changed their passwords regularly, both encouraged practices in security-minded organizations. It may not be unusual, in the years ahead, to find that 100 percent of all electronic mail messages, and perhaps 30 to 50 percent of computer-based documents, are stored in encrypted form [AJL94].
This section explores important issues that should be considered when de-signing, implementing, and integrating encryption to engage in electronic commerce.
Hardware versus Software Implementations
Encryption can be imple-mented in either hardware or software.
Each has its related costs and bene-fits. The trade-offs among security, cost, simplicity, efficiency, and ease of implementation need to be studied when acquiring security products.
In general, software is less expensive and slower than hardware, al-though for large applications, hardware may be less expensive.
In addition, software is less secure, since it is more easily modified or bypassed than some hardware products.
In many cases, encryption is implemented in a hardware device (such as a card/key entry system), but is controlled by software. This software re-quires integrity protection to ensure that the hardware device is provided with correct information (controls, data) and is not bypassed. Thus, a hy-brid solution of software and hardware is generally provided. Effective se-curity requires the correct management of the entire hybrid solution.
Key Management
All keys need to be protected against modification, and secret keys and private keys need protection against unauthorized disclo-sure. The proper management of cryptographic keys is essential to the effec-tive use of encryption for security. Key management involves the procedures and protocols, both manual and automated, used throughout the entire life cycle of the keys. This includes the generation, distribution, storage, entry, use, destruction, and archiving of cryptographic keys.
Ultimately, the security of information protected by encryption directly de-pends upon the protection afforded to keys.
With secret-key encryption, the secret key(s) must be securely distrib-uted (safeguarded against unauthorized replacement, modification, and disclosure) to the parties wishing to communicate.
Depending on the num-ber and location of users, this task may be difficult. Automated techniques for generating and distributing cryptographic keys can ease overhead costs of key management, but some resources have to be devoted to this task.
Public-key encryption users also have to satisfy certain key manage-ment requirements. For example, since a private/ public-key pair is associ-ated with (generated or held by) a specific user, it is necessary to link the public part of the key pair to the user. In some cases, the key may be linked to a position or an organization, rather than to an individual user.
In a small community of users, public keys and their II owners
II can be strongly bound by simply exchanging public keys.
However, business con-ducted on a larger scale, involving geographically distributed users, neces-sitates a means for obtaining public keys online with a high degree of confidence in their integrity and binding to individuals. The support for the binding between a key and its owner is generally referred to as a public-key infrastructure. This involves support for users being able to enter the com-munity of key holders, generate keys (or have them generated on their be-half), disseminate public keys, revoke keys (in case, for example, of compromise of the private key), and change keys. In addition, it may be necessary to build in time/date stamping and to archive keys for verifica-tion of old signatures.
Complying with Export Rules
A number of governments have regula-tions regarding the import or export of encryption. The V.S. government controls the export of cryptographic implementations because it considers them part of munitions. As a general rule, the V.S. government allows en-cryption to be used when: the data being encrypted is of a financial nature and the transaction is between known banks; the content of the data is well- defined; the length of the data is limited; and the encryption cannot easily be used for other purposes. The rules governing export can be quite com-plex, since they consider multiple factors. In addition, encryption is a rapidly changing field, and rules may change from time to time. Questions concerning the export of a particular implementation should be addressed to appropriate legal counsel.
Other Business Issues
Three problems deter widespread acceptance of encryption for public commerce. First, successful encryption requires that all participating parties use the same encryption scheme. Standards that make encryption feasible have to be established within an organization or a cooperating group (such as banks).
Second, the distribution of keys has prevented wider use of encryption, as there is no easy way to distribute the secret key to an unknown person on the network. The only safe way to communicate a key is in person, and even then the distributor must provide a different secret key for each per-son. Even public-key schemes require a method for key distribution.
The final deterrent to widespread acceptance of encryption is that it is difficult to use. For encryption to flourish, the encryption user interface must be simplified so that an average consumer can easily use the software. Currently, a consumer will not wait more than a few seconds for informa-tion access or retrieval. In the future, encryption will be done by fast hard-ware rather than software.
Legal Issues
As encryption becomes commonplace in the commercial world, employers will face the problem of producing documents that only certain employees can decrypt. Given labor force mobility, a company may be confronted with the task of producing documents encrypted by ex- employees who may not wish to cooperate.
Encryption raises a plethora of legal problems for corporations including: Will courts tolerate the production of pivotal evidence in encrypted form? Will a party’s counsel produce information or data without first hav-ing it decrypted, leaving the opposing counsel with the task of “cracking” the encryption?
On what basis could counsel claim such a data file was ir-relevant or privileged? Will the producer have the onus of contacting the ex-employee in the hope that the employee will remember the password necessary for decryption? Will the courts compel individuals to provide their passwords?
Imagine the operational problems if all employees routinely used en-cryption and changed their passwords regularly, both encouraged practices in security-minded organizations. It may not be unusual, in the years ahead, to find that 100 percent of all electronic mail messages, and perhaps 30 to 50 percent of computer-based documents, are stored in encrypted form [AJL94].
Comments
Post a Comment