Skip to main content

SECRET - KEY ENCRYPTION

SECRET - KEY ENCRYPTION

Secret-key encryption, also known as symmetric encryption, involves the use of a shared key for both encryption by the transmitter and decryption by the receiver. Secret-key encryption works in the following way: Anne wishes to send a purchase order (PO) to Bob in such a way that only Bob can read it. Anne encrypts the PO (the plaintext) with an encryption key and sends the encrypted PO (the cipher text) to Bob. Encryption scrambles the message, rendering it unreadable to anyone but the intended recipient.

Bob decrypts the cipher text with the decryption key and reads the PO. Note that in secret-key encryption, the encryption key and decryption key are the same (see Fig.). The transmitter uses a cryptographic secret “key” to encrypt the message, and the recipient must use the same key to decipher or decrypt it. A widely adopted implementation of secret-key encryption is data encryption standard (DES).

Although secret-key encryption is useful in many cases, it has signifi-cant limitations. All parties must know and trust each other completely, and have in their possession a protected copy of the key. If the transmitter and receiver are in separate sites, they must trust not being overheard during face-to-face meetings or over a public messaging system (a phone system, a postal service) when the secret key is being exchanged. Anyone



does not scale well to a business envi-ronment where a company deals with thousands of online customers. Further, secret-key encryption is impractical for exchanging messages with a large group of previously unknown parties over a public network. For in-stance, in order for a merchant to conduct transactions securely with Internet subscribers, each consumer would need a distinct secret key as-signed by the merchant and transmitted over a separate secure channel such as a telephone, adding to the overall cost. Hence, given the difficulty of providing secure key management, it is hard to see secret-key encryption becoming a dominant player in electronic commerce.

If secret encryption cannot ensure safe electronic commerce, what can? The solution to widespread open network security is a newer, more sophis-ticated form of encryption, first developed in the 1970s, known as public-key encryption.

Public-Key Encryption

Public-key encryption, also known as asymmetric encryption, uses two keys: one key to encrypt the message and a different key to decrypt the message. The two keys are mathematically related so that data encrypted with one key only be decrypted using the other. who over-hears or intercepts the key in transit can later use that key to read all en-crypted messages.
Since shared keys must be securely distributed to each communicating party, secret-key encryption suffers from the problem of key distribution-generation, transmission, and storage of keys.
Secure key distribution is cumbersome in large networks and Unlike secret-key encryption, which uses a single key shared by two (or more) parties, public-key encryption uses a pair of keys for each party. One of the two keys is “public” and the other is “private.” The public key can be made known to other parties; the private key must be kept confidential and must be known only to its owner. Both keys, however, need to be protected against modification. The best known public-key encryption algorithm is RSA (named after its inventors Rivest, Shamir, and Adleman). In the RSA method, each participant creates two unique keys, a “public key,” which is published in a sort of public directory, and a “private key,” which is kept secret. The two keys work to-gether; whatever data one of the keys “locks,” only the other can unlock.

For example, if an individual wants to send a snoop-proof e-mail mes-sage to a friend, she simply looks up his public key and uses that key to en-crypt her text. When the friend receives the e-mail, he uses his private key to convert the encrypted message on his computer screen back to the sender’s original message in clear text. Since only the bona fide author of an encrypted message has knowledge of the private key, a successful decryption using the corresponding public key verifies the identity of the author and ensures message integrity. Even if a would-be criminal intercepts the message on its way to the intended recipient, that criminal has no way of deciphering the message without the private key.

Figure illustrates what a public key looks like. This long string is actually a number represented in hexadecimal. The computer handles the hard work of manipulating the large numbers used in the math of encrypt-ing and decrypting messages.

Table compares secret- and public key systems. Both types of sys-tems offer advantages and disadvantages. Often, the two are combined to form a hybrid system to exploit the strengths of each method. To determine which type of encryption best meets its needs, an organization first has to identify its security requirements and operating environment.
Public-key encryption is particularly useful when the parties wishing to communicate cannot rely on each other or do not share a common key. This is often the case in online commerce.

Another prominent public key method being used in online commerce today is called Digital Signatures.

Comparing Secret key And public key Encryption methods.








Features Secret key Public Key
Number of keys Single key Pair of keys
Types of keys Key is secret One key is private, and one is public
Key Management Simple but difficult Need digital certificates & Trusted third parties.
Relative speeds
Very fast
Slower
Usage Used for bulk data Used for less demanding
Applications such as small documents

Digital signature are used for sending authentication. This also means that the originator cannot falsely deny having signed the data. In addition , a digital signature enables the computer to notarize the message , ensuring the recipient that the message has not been forged I transit.
Let us consider the following scenario of a customer, interacting with a merchant , Online mart. When the customer orders something from Online mart, he uses Online mart’s public key to encrypt her confidential information. Online Mart then uses its private key to decrypt the message ( only a private key can unlock a document deciphered with a public key); thus the customer knows that only Online Mart received that data. To ensure further security , the customer can enclose a digital signature , encrypted with her own private key, which Online
Mart could decrypt with the customers public key and know that only the particular customer could have sent it. In the other direction Online mart would send confidential information to the customer using her public key, and only she can decrypt it using her private key . This shows how digital signature work in combination with public key encryption to ensure authentication and privacy.

Technically, How Do Digital Signatures Work?

Data is electronically signed by applying the originator’s private key to the data. To increase the speed of the process, the private key is applied to a shorter form of the data, called a “hash” or “message digest,” rather than to the entire set of data. The resulting digital signature can be stored or transmitted along with the data. The signature can be verified by any party using the public key of the signer. This feature is very useful, for example, when distributing signed copies of virus-free .software. Any recipient can verify that the program re-mains virus-free. If the signature verifies properly, then the verifier has confidence that the data was not modified after 1:Jeing signed and that the owner of the public key was the signer.

Digital signatures ensure authentication in the following way. In order to digitally sign a document, a user combines her private key and the docu-ment and performs a computation on the composite (key+docurnent) in or-der to generate a unique number called the digital signature. For example, when an electronic document, such as an order form with a credit card number, is run through the digital signature process, the output is a unique “fingerprint” of the document. This “fingerprint” is attached to the original message and further encrypted with the signer’s private key. If a user is communicating with her bank, she sends the result of the second encryp-tion to her bank. The bank then decrypts the document using her public key, and checks to see if the enclosed message has been tampered with by a third party. To verify the signature, the bank performs a computation in-volving the original document, the purported digital signature, and the cus-tomer’s public key. If the results of the computation generate a matching “fingerprint” of the document, the digital signature is verified as genuine; otherwise, the signature may be fraudulent or the message altered.

Digital signatures, variations of which are being explored by several companies, are the basis for secure commerce. A digital signature provides a way to associate the message with the sender, and is the cyberspace equivalent of “signing” for purchases. In this way, consumers can use credit card accounts over the Internet. Interested readers can refer to [SCHN96] for a more detailed mathematical discussion of digital signatures.

Digital Certificates

Authentication is further strengthened by the use of digital certificates. Before two parties, Bob and Alice, use public-key encryption to conduct business, each wants to be sure that the other party is authenticated. Before Bob accepts a message with
Alice’s digital signature, he wants to be sure that the public key belongs to Alice and not to someone masquerading as Alice on an open network. One way to be sure that the public key belongs to Alice is to receive it over a secure channel directly from Alice. However, in most circumstances this solution is not practical.

An alternative to the use of a secure channel is to use a trusted third party to authenticate that the public key belongs to Alice. Such a party is known as a certificate authority (CA). Once Alice has provided proof of her identity, the certificate authority creates a message containing Alice’s name and her public key.
This message, known as a certificate, is digitally signed by the certificate authority. It contains owner identification information, as well as a copy of one of the owner’s public keys. To get the most benefit, the public key of the certificate authority should be known to as many people as possible. Thus by using one public key (that of a CA) as a trusted third- party means of establishing authentication, disparate parties can engage in electronic commerce with a high degree of trust.

In many ways, digital certificates are the heart of secure electronic transactions. Through the use of a common third party, digital certificates provide an easy and convenient way to ensure that the participants in an electronic commerce transaction can trust each other. For example, in the credit card industry, Visa provides digital certificates to the card-issuing financial institution, and the institution then provides a digital certificate to the cardholder. A similar process takes place for the merchant. At the time of the transaction, each party’s software validates both merchant and cardholder before any information is exchanged.
The validation takes place by checking the digital certificates that were both issued by an au-thorized and trusted third party. In short, digital certificates ensure that two computers talking to each other may successfully conduct electronic commerce.

Comments

  1. Its a very popular form of encryption that is using in the creation of digital certificates. I am not having complete idea about it but all this information helped me to know about it in detail. Thanks.
    public key infrastructure

    ReplyDelete

Post a Comment

Popular posts from this blog

Production planning and control in mass production

Production planning and control in mass production Mass production Only one type of product or maximum 2 or 3 type of products are manufactured in large quantities and much emphasis is not given to retail consumer orders. Standardization of products, processes, materials, machines, uninterrupted flow of materials are the main characteristics of this system. Example: - petrochemical industry, cement industry, steel industry, sugar industry, cigarette industry etc. Features of mass production system o It includes manufacturing of high volume standardized products. o There is a smooth flow material from one work station to another workstation. o Production time of production unit as a whole is short (i.e. because of specialization principle). o Closely spaced work station reduce material handling. o Production planning and control is simple. o Work in progress inventory is less. Production planning and control is possible under mass production only with the help of line balan

ELECTRONIC COMMERCE AND ONLINE PUBLISHING

ELECTRONIC COMMERCE AND ONLINE PUBLISHING Electronic Commerce and Online Publishing The Web may have blossomed because of peer-to-peer publishing, but judg-ing from recent product offerings, there is an enormous groundswell of in-terest among both commercial and corporate publishers in the Web. For instance, it was reported that, in less than three months, the Wall Street Journal Interactive Edition attracted 500,000 registered readers on the Web, and that number is growing by some 3,000 readers per day. Also, the elec-tronic edition has attracted more than thirty advertisers paying to reach this audince. Initially, growth in the online publishing marketplace was driven by the potential of new interactive technologies and applications. The promise of new interactive publishing captured the imagination of both content providers and the public. However, from 1993 to 1995 much of online publishing was inhibited by a lack of business purpose. At that time, the con-tent creation s

MANAGEMENT ISSUES IN ONLINE BANKING

MANAGEMENT ISSUES IN ONLINE BANKING The challenge facing the banking industry is whether management has the creativity and vision to harness the technology and provide customers with new financial products necessary to satisfy their continually changing fi-nancial needs. Banks must deliver high quality products at the customers’ convenience with high-tech, high-touch personal and affordable service. In order to achieve this, management has to balance the five key values that increasingly drive customers’ banking decisions: simplicity, customized ser-vice, convenience, quality, and price. if you like my post then pls click on advertisment and add as you in my follower list . Its beneficial for you and me both.