Digital signature and its use
A digital signature is “a complex technique or procedure used to certify the integrity of specific digital content, software, or message” (Mele, Pels, & Polese, 2015, p. 128). The generation of a digital signature is something that follows a complex mathematical pattern or process. A process known as hashing takes place immediately after someone sends a specific message. The hashed message is “encrypted using the sender’s private key” (Waraich, 2008, p. 11). This encrypted message is then delivered to the receiver via the internet. The recipient will decrypt the hashed message using the sender’s public key. The two hashes are “then compared to establish if the message has been tampered with” (Waraich, 2008, p. 11). This analysis shows that the generation of digital signature follows the rules of encryption and decryption. The generation of digital signatures is, therefore, comparable to encryption whereby messages are coded and channeled to the receiver.
“For all practical purposes,” a particular encryption process is strong enough and safe
The presented assumption argues that encryption is a strong and effective process. This means that the encryption process is secure and can ensure documents and messages are delivered to the targeted recipients without being compromised. The process has the potential to decode messages and make them inaccessible to unauthorized parties (Mele et al., 2015). However, human errors and inappropriate implementation of encryption can make the data accessible to different users (Waraich, 2008). Modern technological advances continue to challenge the assumption. This is true because cyber-criminals can hack different systems and access unauthorized information.
New programs and systems have also emerged, thus threatening the security of encrypted information (Kim & Solomon, 2013). Some errors continue to weaken this assumption. For example, many departments and companies do not use advanced technologies to verify digital signatures and message authentication codes (MACs). Some users also fail to use multi-button applications in order to make their systems inaccessible. Additional security measures are also “avoided, thus weakening the manner in which encrypted information interacts with cloud systems” (AbuTaha, Farajallah, Tahboub, & Odeh, 2011, p. 299). The inability to use proper Key Management (KM) has also weakened the assumption.
The difference between public key infrastructure and private key infrastructure
A public key infrastructure (PKI) is “a set of policies, procedures, hardware, software, and people aimed at managing public-key encryption and create, revoke, or store digital certificates and manage public-key encryption” (Waraich, 2008, p. 2). On the other hand, a “private key infrastructure is a set of processes, hardware, and software for managing private encryption between a small number of authenticated users” (AbuTaha et al., 2011, p. 301). These approaches target different users, thus making public key infrastructures complex.
It should also be noted that such infrastructures are different from private and public keys. These two keys play a vital role in encryption. Private keys refer to “a decryption or encryption key known to specific parties that exchange secret information or messages” (Waraich, 2008, p. 4). A “public key can be defined as a value of encryption that is used to encrypt various digital signatures and messages” (AbuTaha et al., 2011, p. 308). These two keys are combined in order to improve the level of data security.
Information security and assurance, encryption systems, products, tools, and concepts
Information security (IS) is “a complex process that focuses on the best approaches to ensure transmitted information and data is secure” (Mele et al., 2015, p. 131). Information assurance focuses on both the digital and physical aspects of data. That being the case, encryption focuses on the digital aspect of the transmitted information. Waraich (2008) argues that “encryption products, tools, concepts, and systems, therefore, focus on confidentiality and integrity of the transmitted messages” (p. 19). Encryption safeguards the targeted information from unauthorized persons or processes. As well, integrity ensures “that the data is complete and accurate throughout its lifecycle” (Waraich, 2008, p. 29). Encryption, therefore, secures the integrity of the information or messages delivered to a specific recipient (Kim & Solomon, 2013).
That being the case, encryption systems cannot promote the effectiveness and physical security of different hardware systems. Encryption is “not a guarantee that a specific information system will serve its purpose” (Mele et al., 2015, p. 131). Encryption cannot safeguard data from physical attacks or disasters. This argument shows that encryption is one of the vital processes used to support information assurance and security.
Managers’ and users’ understanding of mathematics and use cryptographic systems
It is agreeable that encryption is based on number theory. This means that “many people and programmers will have to become more numerate and sophisticated in order to safeguard every data” (Waraich, 2008, p. 19). The knowledge will present the best mathematical approaches that can make it easier for organizations to use the most appropriate cryptographic systems. Such systems will ensure the organizations have the best information assurance and security processes. However, managers should not understand such numerical principles in order to safeguard the integrity of their organizations’ information.
Chief Information Officers (CIOs) and programmers should, therefore, be aware of the mathematics behind encryption. This knowledge will make it easier for them to develop powerful encryption systems that will safeguard the integrity of the transmitted data and information (Mele et al., 2015). The role of the managers is to ensure such systems are implemented properly. This approach will eventually safeguard every organization’s data and information.
Reference List
AbuTaha, M., Farajallah, M., Tahboub, R., & Odeh, M. (2011). Survey Paper: Cryptography is the Science of Information Security. International Journal of Computer Science and Security, 5(3), 298-309.
Kim, D., & Solomon, M. (2013). Information Security and Assurance Textbook: Fundamentals of Information Systems Security. Burlington, MA: Jones & Bartlett Learning.
Mele, C., Pels, J., & Polese, F. (2015). A Brief Review of Systems Theories and Their Managerial Applications. Service Science, 2(1), 126-135.
Waraich, R. (2008). 2-PKI: A Public and Private Key Infrastructure. ETH, 1(1), 1-39.