History
Cryptography or encrypting the message is just like a letter, which at the time of posting is sealed in the envelope. Piper & Murphy (2002) Cryptography is a well-established science that has been a significant historical influence for more than 2,500 years. Cryptography was used in the form of ‘substitution ciphers’ in the reign of Julius Caesar. In that encryption, each letter was replaced by three other letters.
In the nineteenth century, it started with a traditional aim of securing governments and the military. At that time, i.e., prior to the 1970s, cryptography was only practiced by the government and military personnel; however, later, it spread in the public sector. Piper & Murphy (2002) has also mentioned cryptography of the 1970s as a ‘black art’ only accessible by the government.
In a traditional context, its popularity and increase in public awareness lead the museums and places of historic interest to discover their origin. Therefore the museums started exhibiting the old cipher machines. Later, when media started exposing cryptography as a means for providing security, many films on the Second World War stressed the importance of code-breaking. However, films like Pearl Harbor explained the impact of the breaking of encrypted messages.
With the passage of time, cryptography was made available to all sectors of society. Two forces that influenced this transition of awareness were ‘business’ and ‘Internet,’ and both, when combined, gave rise to ‘online’ companies. With the advent of online business, the concept of ‘e-commerce’ gradually appeared, thereby creating awareness on the customer level. Governments who once adopted ‘cryptography’ while communicating with their militants now started communicating with their citizens via the Internet. These were, on the one hand, provided opportunities; on the other created concerns which involved security at every level like ‘taxation,’ ‘illegal transaction,’ etc. So, in order to deal with such issues, there emerged a need to advance cryptography.
Today’s Encryption
Today’s encryption is the process that converts text in an unreadable form. This scrambling process is what today is known as ‘cryptography’ and based on algorithms that use various forms of substitution or transposition to encrypt the message. Algorithms are mathematical constructs that are applied through various applications to secure data transmissions or storage. (Andress, 2003, p. 69)
Cryptography is used in restricting access to important documents and information so that an unauthorized user cannot make alterations to documents. Indeed, at least for the commercial sector, the provision of confidentiality is no longer its major application. In addition to its traditional use for privacy, cryptography is now used to provide:
- Data Integrity: To assure that information has not been accessed or altered by unknown means.
- Entity authentication: corroborating the identity of an entity
- Data origin authentication: corroborating the source of the information
- Non-repudiation: preventing the denial (this is usually by the originator) of the content of the information and/or the identity of the originator
Modern cryptography has evolved considerably over the past three decades. Not only has the technology changed, but there is a wider range of ‘secure’ applications. You can use encryption to protect network communications over the Internet or to help secure an intranet, e-mail, database entries, and files on a workstation or file server. Encryption can provide confidentiality, authentication, integrity, and non-repudiation for data traveling over a network or stored on a system.
According to Piper & Murphy (2002), “When integrating cryptography into a security solution, there are two potentially conflicting approaches to the selection of an encryption algorithm:
- use the lowest level of security that offers adequate protection;
- use the highest level of security that implementation considerations allow.
Today, encryption is used as an important security tool that can protect confidential information. Since the machine can be used to identify the source of information and can be easily broken therefore encryption types that are used today are two:
- Private key encryption and
- Public key encryption
Private key encryption, known as symmetric-key encryption, is used to encrypt and decrypt the information by using the same key, i.e., both the sender and receiver of the message must possess the same key. However, the latest invention is the public key encryption which uses two keys to encrypt and decrypt messages while private key uses a single key. (Maiwald, 2001, p. 219) It provides the confidentiality of the information while it is encrypted and is known by only those who can decrypt the message. It is mostly implemented in today’s hardware and software. Today security measures like anti-virus software, access controls, and security control devices like firewalls are being used. Firewalls and smartcards are the most convenient way of achieving secure web connections.
Firewalls: Firewalls are access control devices for the network that can assist in protecting an organization’s internal network from external threats. The first step in physically implementing your security infrastructure is determining what type of perimeter security works best in your environment. The three main firewall technologies are packet filter, proxy, and stateful inspection.
Smart Cards: To alleviate the problem of guessing passwords, security has moved to ‘smartcards’ – cards that authenticate and ensures while minimizing the risk of guessing a password. However, in the case of losing a smartcard, one cannot ensure security because a single attack or hacking will not be prevented with smart cards as a smart card system is a dependant upon its user. (Maiwald, 2001, p. 11)
Future Encryption
The future authentication mechanism that can even reduce the risk of guessing passwords is the use of biometrics. A concise definition of biometrics is “automatic recognition of a person using different characteristics of a machine.” (Woodward et al., 2003, p. 1) Biometric devices measure the physical attributes of an individual with fingerprints as the most commonly measurable attribute. Other measurable attributes include the shape of a person’s face, the pattern of the eye’s iris, the person’s typing patterns, or the sound of his or her voice is also measurable attributes. Often security experts argue that biometrics is the only true form of user authentication because it physically authenticates the person since each person’s trait is different and no two person’s characteristics are the same.
Different types of biometrics are:
Iris Scan
Iris scan identifies and verifies the person by scanning and measuring iris patterns. The Colour of the eyes does not matter. Since iris patterns in each eye of the person are different, therefore iris scanning is highly distinctive and secure in nature. Even identical twins have different iris scans.
Retinal Scan
A retinal scan measures the blood vessel patterns in the back of the eye. The device through which the retina is measured sheds a light source into the eye of a user who must be standing very still within inches of the device. Retinal scan has not gained that much popularity as an iris scan or facial recognition.
Facial Recognition
Facial recognition makes the human recognition somewhat automated and computerized process, after which a human considers himself as the main part of the computerized scan. It records the main geometrical features of the face like eyes, nose, and lips measurement angles. However, there is no hard and fast rule or methods of facial recognition. However, all focus on measures of key features of the face. Today facial recognition security has come in mobiles so that there is no threat of snatching or stealing mobiles. (Young, Oct 23, 2005) Similarly, it is also many built-in vehicles.
However, the foremost benefit it provides is to ensure protection to its general public in public places, parks, and shopping areas. The system, after capturing faces of people in public areas, stores for a possible future incident, and in case of burglaries and robberies, identifies the culprit. The most amazing thing is that facial recognition is not dependant upon any physical contact with a person.
Voice Recognition
Voice or speaker recognition makes adequate use of vocal characteristics to identify individuals using a pass-phrase. Voice recognition is a cheap and deployable technology that can serve as a sensor to identify the pitch and tone of voices. The main disadvantage lies in the notion that if affected by environmental factors like noise could interfere in recognition.
Fingerprint
Often used by law enforcement agencies, the fingerprint biometric identifies and verifies the person in the same manner in which the manual ‘signature’ identification was made in the past. In order to read the e-print, the biometric device involves the person placing his hands on the plate. After reading the e-print, the details are then extracted by the vendor’s algorithm, thereby making it fingerprint. Fingerprints are being used by various agencies and crime departments of the Government to identify the trace of criminals.
References
Andress Amanda, (2003) Surviving Security: How to Integrate People, Process, and Technology: Auerbach Publications: Boca Raton, FL.
Maiwald Eric, (2001) Network Security: A Beginner’s Guide: Osborne, Mc Graw Hill
Piper Fred & Murphy Sean, (2002) Cryptography: A Very Short Introduction: Oxford University Press: Oxford, England.
Woodward D. John, Horn Christopher, Gatune Julius & Thomas Aryn, (2003) Biometrics: A Look at Facial Recognition: Rand: Santa Monica, CA.
Young Ken, 2005