Concept

Encryption is the process of transforming information so it is unintelligible to anyone but the intended recipient. Decryption is the process of transforming encrypted information so that it is intelligible again. A cryptographic algorithm, also called a cipher, is a mathematical function used for encryption or decryption. In most cases, two related functions are employed, one for encryption and the other for decryption.

With most modern cryptography, the ability to keep encrypted information secret is based not on the cryptographic algorithm, which is widely known, but on a number called a key that must be used with the algorithm to produce an encrypted result or to decrypt previously encrypted information. Decryption with the correct key is simple. Decryption without the correct key is very difficult, and in some cases impossible for all practical purposes.

Secret Key Cryptography and Public Key Cryptography

The success or failure of an e-commerce operation depends on different key factors, including but not limited to the business model, the team, the customers, the investors, the product, and the security of data transmissions and storage. Data security has taken on heightened importance since a series of high-profile "cracker" attacks have humbled popular Web sites, resulted in the impersonation of Microsoft employees for the purposes of digital certification, and the misuse of credit card numbers of customers at business-to-consumer e- commerce destinations.

Security is on the mind of every e-commerce entrepreneur who solicits, stores, or communicates any information that may be sensitive if lost. Technologists are building new security measures while others are working to crack the security systems. One of the most effective means of ensuring data security and integrity is encryption.

Encryption is a generic term that refers to the act of encoding data, in this context so that those data can be securely transmitted via the Internet. Encryption can protect the data at the simplest level by preventing other people from reading the data. In the event that someone intercepts a data transmission and manages to deceive any user identification scheme, the data that they see appears to be gibberish without a way to decode it.

Encryption technologies can help in other ways as well, by establishing the identity of users (or abusers); control the unauthorized transmission or forwarding of data; verify the integrity of the data (i.e., that it has not been altered in any way); and ensure that users take responsibility for data that they have transmitted.

Encryption can therefore be used either to keep communications secret (defensively) or to identify people involved in communications (offensively).

Encryption Provide Following Security:

  • Message Integrity: provides assurance that the message has not been altered.
  • No repudiation: prevents the users from denying he/she sent the message
  • Authentication: provides verification of the identity of the person (or machine) sending the message.
  • Confidentiality: give assurance that the message was not read by others.

There are two types of encryption: symmetric key encryption and asymmetric key encryption. Symmetric key and asymmetric key encryption are used, often in conjunction, to provide a variety of security functions for data and message security in e-commerce.

Symmetric Key Encryption (Private or Secret Key Encryption):

Encryption algorithms that use the same key for encrypting and for decrypting information are called symmetric-key algorithms. The symmetric key is also called a secret key because it is kept as a shared secret between the sender and receiver of information. Otherwise, the confidentiality of the encrypted information is compromised. Figure below shows basic symmetric key encryption and decryption.

                                     

                                               Fig: Encryption and Decryption with a Symmetric Key

Symmetric key encryption is much faster than public key encryption, often by 100 to 1,000 times. Symmetric key technology is generally used to provide secrecy for the bulk encryption and decryption of information.

Cryptography-based security technologies use a variety of symmetric key encryption algorithms to provide confidentiality. Symmetric algorithms have the advantage of not consuming too much computing power. People can use this encryption method as either a "stream" cipher or a "block" cipher, depending on the amount of data being encrypted or decrypted at a time. A stream cipher encrypts data one character at a time as it is sent or received; while a block cipher processes fixed block (chunks) of data. Common symmetric encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), and International Data Encryption Algorithm (IDEA).

Asymmetric Key Encryption (Public Key Encryption):

Encryption algorithms that use different keys for encrypting and decrypting information are most often called public-key algorithms but are sometimes also called asymmetric key algorit. Public key encryption requires the use of both a private key (a key that is known only to its owner) and a public key (a key that is available to and known to other entities on the network). A user's public key, for example, can be published in the directory so that it is accessible to other people in the organization. The two keys are different but complementary in function. Information that is encrypted with the public key can be decrypted only with the corresponding private key of the set. Figure below shows basic encryption and decryption with asymmetric keys.

                           

                                               Fig: Encryption and Decryption with Asymmetric Keys                                      

Today, public key encryption plays an increasingly important role in providing strong, scalable security on intranets and the Internet. Public key encryption is commonly used to perform the following functions:

  • Encrypt symmetric secret keys to protect the symmetric keys during exchange over the network.
  • Create digital signatures to provide authentication and non-repudiation for online entities.
  • Create digital signatures to provide data integrity for electronic files and documents. Algorithms that use public key encryption methods include RSA and Diffie-Hellman.

Common Cryptosystems

  1. RSA Algorithm: RSA is the most commonly used public key algorithm, although it is vulnerable to attack. Named after its inventors, Ron Rivest, Adi Shamir and Len Adleman, of the MIT, RSA was first published in 1978. It is used for encryption as well as for electronic signatures (discussed later). RSA lets you choose the size of your public key. The 512-bit keys are considered insecure or weak. The 768-bit keys are secure from everything but 1024-bit keys are secure from virtually anything.
  2. Data Encryption Standards (DES): DES was developed by IBM in1974 in response to a public solicitation from the US Department of Commerce. It was adopted as a US federal standard in1977 and as a financial industry standard in1981. DES uses a 56-bit key to encrypt.
  3. 3DES: A stronger version of DES, called 3DES or Triple DES, uses three 56-bit keys to encrypt each block. The first key encrypts the data block, the second key decrypts the data block, and the third key encrypts the same data block again. The 3DES version requires a 168-bit key that makes the process quite secure and much safer than plain DES.
  4. RC4: RC4 was designed by Ron Rivest RSA Data Security Inc. this variable-length cipher is widely used on the Internet as the bulk encryption cipher in the SSL protocol, with key length ranging from 40 to 128 bits. RC4 has a repudiation of being very fast.
  5. IDEA: IDEA (International Data Encryption Algorithm) was created in Switzerland it offers very strong encryption using 1 128-bit key to encrypt 64-bit blocks. This system is widely used as the bulk encryption cipher in older version of Pretty Good Privacy(PGP).