Introduction
Technological advancements exhibited in the communication industry calls for stringent measures to ensure security of information transmitted in the distribution channels. Such information is protected by transforming the messages from their original readable text to more complicated form known as ciphertext which requires special knowledge to access. This encryption technique ensures confidentiality of information as only the transmitter and the recipient have access to the secret key needed to decrypt the message (Breton, 1999). Encryption has been successfully employed by many governments as well as militaries in enhancing the secrecy of their communication. It is currently utilized in many civilian systems to protect data both in transit as well as stored information. Data stored in computers or other storage devices such as flash discs can be protected against leakages through encryption. Encryption of data on transit is also necessary in protecting such information from interception during communication through telephone, internet among other communication systems (Breton, 1999).
Applications of encryption
Pretty good privacy (PGP)
This is one of the encryption applications developed in early nineties by Zimmerman to enhance cryptographic security of the information transmitted. PGP is a cryptosystem encompassing both the public key as well as conventional cryptography and is meant to compress information transmitted when plaintext is encrypted with the PGP. As a result, both space and time are effectively utilized (PGP, 2004). Encryption of plaintext with PGP enhances resistance to cryptanalysis since compression eliminates patterns in the plaintext which are always exploited by such techniques in cracking the cipher. Subsequently, PGP creates a secret key which encrypts the plaintext into ciphertext aided by a fast and secure conventional encryption algorithm. This key is encrypted to the public key of the recipient and transmitted to the recipient along with the cipher text (PGP, 2004).
In decryption, session key is recovered by private key using the recipient’s copy of PGP. This key is thus used to decrypt the cipher text thereby making it readable (PGP, 2004).
“Smart” credit card
Smart card has an in-built microprocessor necessary for verification process. Anyone using the card has to ascertain his identity any time a transaction is made. The card and the reader execute a chain of encrypted signs to confirm that both the parties are genuine as far as transaction is concerned. Such transaction is performed in encrypted form to enhance security of the information (Breton, 1999). As a result, chances of parties defrauding the system are minimized. Such cards are currently used in many businesses in U.S as well as Europe.
Personal Identification number (PIN)
This is a coded identification number that is inserted into the automatic teller machine together with the bank card to ascertain the legitimacy of the bearer before carrying out a transaction. The PIN is stored in an encrypted form on the ATM card or in the computers in the bank. Given the PIN and the bank’s keys, it is possible to compute the cipher but not the reverse since such transformation is a one way cryptography. This system ensures protection of information against leakages or even interception by adversaries (Breton, 1999).
Secure Electronic Transaction (SET)
This is a procedure developed by Visa and MasterCard that utilizes public-key system to enhance security of the payment transaction in a business. This protocol restores data integrity in addition to its confidentiality. Moreover, it also verifies the authenticity of cardholder as well as the merchant. Leakage of information as a result of use dual signatures is highly unlikely in this protocol (Segev, Porra, & Roldan, 1998).
Implications of encryption on organizations
Various corporate businesses as well as private ventures depended on pure information in the late 20th century as a result of transition witnessed in the communication industry. This entailed better access to affordable communications as well as capability of such ventures in obtaining, storing, and distributing infinite amount of information. Instances such as e-banking, personal computers, e-commerce and internet use are some of the developments of the revolution that influenced every aspect of business activities in the aforementioned era (Segev, Porra, & Roldan, 1998). Cryptology has been fundamental in the protection of information during communication especially in the above mentioned instances. It is therefore noteworthy that cryptology extends beyond provision of secrecy to encompass protection of information integrity against interception by adversaries. In e-commerce for instance, the transactions between the customer and the merchant are protected through encryption so as to restore confidentiality of the information. Moreover, the merchant is assured of full payment as the information concerning transactions is protected and the customer can not claim otherwise (Segev, Porra, & Roldan, 1998).
As stated before, the science of encryption has been helpful not only in ensuring secrecy and confidentiality of the information but also in restoring integrity of any transaction across corporate networks. Besides, encryption also helps in verifying the authenticity of messages in a communication. According to PGP (2004) conventional encryption is both fast as well as convenient in the protection of stored data.
However, products formed from encryption may not be perfect as far as protection of the integrity, secrecy, as well as authenticity of messages is concerned. Additional techniques are needed to ensure the protection of authenticity and integrity of messages (Breton, 1999). At the outset, encryption of e-mails has to be accompanied by digital signatures at the point of their formation so as to ensure confidentiality of the information. Without such signatures, the sender has the right to argue that information was tampered with before encryption but after it had left their computer. Additionally, sending e-mails from outside the organization network by mobile users may not be practical when using encryption product. The utilization of encryption technique in protecting information may be challenging especially when a mistake is done while executing or designing the system. In such circumstances, unencrypted information may be accessed by adversaries even without decryption hence paving way for successful attacks. Moreover, poor handling of cipher keys also pose risks as far as protection of data is concerned. Such errors may enable adversaries get access to vital information on the communication (Breton, 1999).
There has to be trust developed between the sender and the recipient of the encrypted message so as to ensure the secrecy of the key thereby protecting it from interception by any adversary. If anyone intercepts the messages in a communication, s/he can forge or modify the information thereby exposing vital transaction information that may be used to sabotage the operations of the organization.
Evolution of old and current encryption practices
Originally, cryptography entailed concealing of information and subsequent revelation of such information to the legitimate users through utilization of a secret key. This involved the transformation of information from plaintext to cipher text via encryption and decryption respectively which ensured security of such data. Encryption technique only ensured the confidentiality of written messages during world war (Segev, Porra, & Roldan, 1998). However, similar principles have been found to auger well with the modern technologies. Encryption currently encompasses the protection of information stored in computers as well as those flowing between such electronic equipments (Segev, Porra, & Roldan, 1998).
Besides, signals from fax machines as well as TVs are also encrypted in addition to verification of participants’ identity in the e-commerce. When incorporated with other techniques such as digital signatures, encryption technique not only ensures confidentiality of messages but also the integrity as well as authenticity of the information in communication across networks. Generally, the revolution of encryption as a technology in protection of information is attributed to changes in information technology, e-commerce as well as internet use. Public key cryptography provides for secure exchange of information between individuals who have no prior security arrangements. It limits the sharing of private keys unlike public keys. This improves the security of information as anyone having the public key can only encrypt the message but not decrypt it (Segev, Porra, & Roldan, 1998).
Conclusion
Encryption has been an important technique in ensuring the confidentiality of information in a communication. This technique transforms information from its original form known as plaintext to ciphertext which requires special key to access. The encrypted information can not therefore be accessed by anyone else except the transmitter and the recipient who have the secret key. Consequently, the information is protected from interception. Developments in information, e-commerce as well as internet have made it necessary for the protection of data both on transit as well as stored information in the computers. Encryption technique is therefore vital for organizations as it enhances the security of information across networks. However, this technique may not be successful enough in securing information and therefore requires other techniques to restore the integrity as well as authenticity of messages in a communication (Segev, Porra, & Roldan, 1998).
Reference List
Brenton, C. (1999). Authentication and Encryption. Sybex, Inc. Web.
PGP. (2004). An Introduction to Cryptography. Web.
Segev, A., Porra, J., & Roldan, M. (1998). Internet Security and the Case of Bank of America. Communications of the ACM, 41(10), 81-87. Web.