Cryptography



=What exactly is it? How is it illustrated through the Internet?=

toc Is a method of ensuring that information intended only for a desired persons(s) can read it. This has been implemented through the past 2000 years from the early times of the Egyptians to the present day of the CIA. Cryptography serves many purposes and comprises a family of technologies that include the following: In the presence of the internet the following procedures of cryptograhy help contribute to a sense of demanding security. Another reason for wanting to encrypt would be for invasions of privacy.
 * **Encryption** transforms data into some unreadable form to ensure privacy. Internet communication is like sending postcards in that anyone who is interested can read a particular message; encryption offers the digital equivalent of a sealed envelope.
 * **Decryption** is the reverse of encryption; it transforms encrypted data back into the original, intelligible form.
 * **Authentication** identifies an entity such as an individual, a machine on the network or an organization.
 * **Digital signatures** bind a document to the possessor of a particular key and are the digital equivalent of paper signatures. Signature verification is the inverse of a digital signature; it verifies that a particular signature is valid."

=Implications of Digital Cryptography on the Internet=



The most affected aspect of the internet is e-commerce. Thousands of transactions between consumers and suppliers occur every hour and the constant flow of cash is an increasing target of crime - and in particular e-payment systems. Therefore the use of cryptography to secure such transactions is increasing exponentially along with the increase of such transactions. A good example of digital cryptography of important information is through online banking - banks such a RBC stress the importance of keeping their client's information as private as possible. However, "It's hard to build a system that provides strong authentication on top of systems that can be penetrated by knowing someone's mother's maiden name." Furthermore our systems are constantly under attack from hackers who attempt to decrypt encryption methods. As a result businesses which facilitate e-commerce are trying to establish a sense of security for consumers. There are 5 security aspects that businesses try to establish in e-commerce situations:
 * **Confidentiality** - the communication between two parties has not been seen by a third party and the material of the communication has remained secret.
 * **Integrity** - the communication has not been tampered with nor has the message been edited (or the amount of money been changed) and there is must be a way of matching the copy held by the receiver, to the original sent by the sender.
 * **Authentification** - the identity of the author/sender can be verified so that the receiver knows the message / information did indeed come from the proper source
 * **Non-repudiation** - the sender cannot deny having sent the message nor can they have means to change any of the content (including currency amounts) within the message. This is critical to keeping agreements when time lag (between sending and receiving) sees market conditions change.
 * **Access Control** - only the authorized recipient can open the message. Usually to open it you need some sort of cyber key which will be a large unbreakable number hopefully difficult to hack in to.

=How To Secure Transactions=

Presently it may appear that any transaction, which wishes privacy should be encrypted. While encryption allows for the people with the right "key" to receive access through decryption it does not do the following:
 * Provide proof that the original intended participant has actually participated in the transaction
 * Authenticate the identity of the sender/receiver
 * Protect data from being intercepted

So what now?
Digital signatures appear be an attractive alternative. While signatures can be forged by hackers/people with enough personal information on the individual when the government or some other central authority acts as a "certification authority" assurance can be provided. This allows for:
 * The sender of a message/transaction is who they claim to be
 * The sender has participated in the transaction, meaning they are aware of the content and the amounts if money is part of the message)
 * The information details, (payee or payor) and any statement of money has not been changed in mid-transit.

=References=

Schneier Bruce "Why Cryptography Is Harder Than It Looks." Bruce Schneier. 24 February 2006. .

"Security and Cryptography" Scotia Bank. 24 February 2006. .

Images
"Scd-Cosic," east.kuleuven. <[|source]> "Enter,"Banamex [|]