SlideShare una empresa de Scribd logo
1 de 27
Descargar para leer sin conexión
Cryptography and Network Security 1
Running head: LITERATURE REVIEW OF CRYPTOGRAPHY & NETWORK SECURITY
Literature Review of Cryptography and its Role in Network Security Principles and Practice
Daniel Lloyd Calloway
Capella University, OM8302, § 4
8 September 2008
Dr. Hannon, Instructor
Cryptography and Network Security 2
Abstract
This literature review looks at the research that has been published in the area of
cryptography as it relates to network data and global communications security. It compares and
contrasts the research pointing out overall trends in what has already been published on this
subject. It analyzes the role that cryptography has played and will play in the future relative to
security. This review addresses cryptography around the central theme of the security that it
provides or should provide individuals, corporations, and others in the modern age of computing
technology, networking, and Web-based ecommerce. By reviewing both scholarly and non-
scholarly works, it is our objective to make a case that continuing research into the use of
cryptography is paramount in preserving the future of electronic data security and privacy as well
as the continuing development of Web-based applications that will permit the growth of
ecommerce business worldwide to be conducted over the Internet.
Cryptography and Network Security 3
CONTENTS
Abstract............................................................................................................................................2
Introduction - Early vs. Modern Cryptography .............................................................................4
Introduction - Overall Trends in the Research...............................................................................7
Scholarly Literature .......................................................................................................................10
Non-Scholarly Literature ...............................................................................................................18
Conclusions....................................................................................................................................22
References......................................................................................................................................24
Cryptography and Network Security 4
Introduction -
Early vs. Modern Cryptography
Today’s cryptography is vastly more complex than its predecessor. Unlike the original
use of cryptography in its classical roots where it was implemented to conceal both diplomatic
and military secrets from the enemy, the cryptography of today, even though it still has far-
reaching military implications, has expanded its domain, and has been designed to provide a
cost-effective means of securing and thus protecting large amounts of electronic data that is
stored and communicated across corporate networks worldwide. Cryptography offers the means
for protecting this data all the while preserving the privacy of critical personal financial, medical,
and ecommerce data that might end up in the hands of those who shouldn’t have access to it.
There have been many advances in the area of modern cryptography that have emerged
beginning in the 1970s as the development of strong encryption-based protocols and newly
developed cryptographic applications began to appear on the scene. On January, 1977, the
National Bureau of Standards (NBS) adopted a data encryption standard called the Data
Encryption Standard (DES), which was a milestone in launching cryptography research and
development into the modern age of computing technology. Moreover, cryptography found its
way into the commercial arena when, on December, 1980, the same algorithm, DES, was
adopted by the American National Standards Institute (ANSI). Following this milestone was yet
another when a new concept was proposed to develop Public Key Cryptography (PKC), which is
still undergoing research development today (Levy, 2001).
When we speak of modern cryptography, we are generally referring to cryptosystems
because the cryptography of today involves the study and practice of hiding information through
Cryptography and Network Security 5
the use of keys, which are associated with Web-based applications, ATMs, Ecommerce,
computer passwords, and the like.
Cryptography is considered not only a part of the branch of mathematics, but also a
branch of computer science. There are two forms of cryptosystems: symmetric and asymmetric.
Symmetric cryptosystems involve the use of a single key known as the secret key to encrypt and
decrypt data or messages. Asymmetric cryptosystems, on the other hand, use one key (the public
key) to encrypt messages or data, and a second key (the secret key) to decipher or decrypt those
messages or data. For this reason, asymmetric cryptosystems are also known as public key
cryptosystems. The problem that symmetric cryptosystems have always faced is the lack of a
secure means for the sharing of the secret key by the individuals who wish to secure their data or
communications. Public key cryptosystems solve this problem through the use of cryptographic
algorithms used to create the public key and the secret key, such as DES, which has already been
mentioned, and a much stronger algorithm, RSA. The RSA algorithm is the most popular form
of public key cryptosystem, which was developed by Ron Rivest, Adi Shamir, and Leonard
Adleman at the Massachusetts Institute of Technology in 1977 (Robinson, 2008). The RSA
algorithm involves the process of generating the public key by multiplying two very large (100
digits or more) randomly chosen prime numbers, and then, by randomly choosing another very
large number, called the encryption key. The public key would then consist of both the
encryption key and the product of those two primes. Ron Rivest then developed a simple
formula by which someone who wanted to scramble a message could use that public key to do
so. The plaintext would then be converted to ciphertext, which was transformed by an equation
that included that large product. Lastly, using an algorithm developed through the work of the
great mathematician, Euclid, Ron Rivest provided for a decryption key—one that could only be
Cryptography and Network Security 6
calculated by the use of the original two prime numbers. Using this encryption key would
unravel the ciphertext and transform it back into its original plaintext. What makes the RSA
algorithm strong is the mathematics that is involved. Ascertaining the original randomly chosen
prime numbers and the large randomly chosen number (encryption key) that was used to form
the product that encrypted the data in the first place is nearly impossible (Levy, 2001).
A very popular public key cryptosystem is known as Pretty Good Privacy (PGP),
developed by Phil Zimmerman beginning in early 1991 (Levy, 2001). The strength of the keys
that are created to encrypt and decrypt data or communications is a function of the length of
those keys. Typically the longer the key, the stronger that key is. For example, a 56-bit key
(consisting of 56 bits of data) would not be as strong as a 128-bit key. And, consequently, a 128-
bit key would not be as strong as a 256- or 1024-bit key.
Next, let’s address the overall trends identified in the research that has been conducted in
the field of cryptography and network security.
Cryptography and Network Security 7
Introduction -
Overall Trends in the Research
In reviewing the research that has already been published with regard to cryptography
and network security since the 1970s, some noteworthy trends have emerged.
There is a prevailing myth that secrecy is good for security, and since cryptography is
based on secrets, it may not be good for security in a practical sense (Schneier, 2004; Baker,
2005). The mathematics involved in good cryptography is very complex and often difficult to
understand, but many software applications tend to hide the details from the user thus making
cryptography a useful tool in providing network and data security (Robinson, 2008). Many
companies are incorporating data encryption and data loss prevention plans, based on strong
cryptographic techniques, into their network security strategic planning programs (Companies
Integrate, 2006). Cryptographic long-term security is needed but is often difficult to achieve.
Cryptography serves as the foundation for most IT security solutions, which include: (1) Digital
signatures that are used to verify the authenticity of updates for computer operating systems,
such as Windows XP; (2) Personal banking, ecommerce, and other Web-based applications that
rely heavily on Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for
authentication and data security; and (3) The introduction of health cards that allow access to
medical history, prescription history, and medical records in countries such as Germany, which
contain the electronic health information of its citizens and which depend on digital signature
and other encryption schemes for security and privacy of critical data (Perspectives for, 2006).
There are product design criteria that designers can meet for implementing strong encryption
protocols into software applications; however, strong public-key cryptography may prove too
computationally expensive for small devices, and the alternative may be to incorporate
Cryptography and Network Security 8
cryptographic hardware into embedded designs (Robinson, 2008). Although cryptography and
information security are multi-billion dollar industries, the economy of the world and the defense
of almost every nation worldwide depend upon it and could not be carried out without it (Fagin,
Baird, Humphries, & Schweitzer, 2008). An individual’s identity in the digital world could be
controlled by what is termed the federated identity management system consisting of software
components and protocols that manage the identify of individuals throughout their identity
lifecycle (Bhargav-Spantzel, Camenisch, Gross, & Sommer, 2007). With the rise in threats to
sensitive data from outsiders, encryption is seen as a necessary tool in ensuring corporate
networks and individuals’ information is as secure as possible (Toubba, 2006). The ubiquity of
the Internet makes it extremely difficult to trace and identify intruders of corporate networks and
Internet-based businesses involved in ecommerce with the public domain. Primary security
concerns are confidentiality, data integrity, data origin authenticity, agent authenticity, non-
repudiation, and so on. Current cryptographic techniques, such as smart cards, PINs, password
authentication, etc., have performed well in keeping data secure. However, the overall security
of an encryption system depends upon its ability to keep cipher keys secret, while the typical
human behavior is to write down passwords so they aren’t forgotten, which often makes security
very vulnerable to compromise. The concept of biometric-based keys appears to be one possible
solution to this dilemma (Hogue, Fairhurst, Howells, & Deravi, 2005). Security must be the
primary design consideration from a mission-critical or safety-related product’s conception,
through design and development, production, deployment, and the end of its lifecycle.
Embedded systems that find themselves installed in devices that are an integral part of the
manufacturing, health, transportation, and finance sectors, as well as the military, without having
near-flawless strong cryptographic security built into them would be vulnerable to would-be
Cryptography and Network Security 9
hackers, organized crime, terrorists, or enemy governments (Webb, 2006; S., E, 2007). The
concept of data hiding technologies whose aim is to solve modern network security, quality of
services control, and secure communications, has been seen as a cost-effective alternative to
other means of data security, which does not require protocol modifications, and is compatible
with existing standards of multimedia compression and communications (Lovoshynovskiy,
Deguillaume, Koval, & Pun, 2005). Security is an important aspect of any network, but in
particular to wireless ad-hoc networks where mobile applications are deployed to perform
specific tasks. Since these networks are wireless, the potential for hacking into them using
mobile devices is greater as there is no clear line of defense for protecting them. The
development of the Mobile Application Security System (MASS) utilizing a layered security
approach and strong cryptographic techniques is seen as a viable low-cost solution to protecting
these application-based wireless networks (Floyd, 2006). And, finally, a new concept in
cryptographic security known as Quantum Encryption, which uses quantum fluctuations of laser
light at the physical layer introduced into existing network transmission lines is seen as a means
of enabling ultra-secure communications and near perfect security (Hughes, 2007).
It is the intent of this review of the literature to look at what has been published regarding
cryptography in recent years from the standpoint of network and data security and privacy, and
to specifically address the role that cryptography plays in enabling this security.
Cryptography and Network Security 10
Scholarly Literature
There is much skepticism surrounding cryptography. Fagin et al. (2008) indicates that
there is progress being made in this area to remove the skepticism. The National Institute of
Standards and Technology (NIST) has joined forces with the National Security Agency (NSA) to
form the “Common Criteria” process known as the Common Criteria for Information
Technology Security Evaluation 2005 whose aim it is to increase the confidence in
cryptographic and information-related security products. Additionally, the Department of
Defense (DoD) has enacted policy directives requiring Information Assurance (IA) professionals
to receive information security training in addition to basic IA training for all of its DoD
employees (Fagin et al.). Fagin et al. further notes that security today requires some level of
skepticism and critical thinking.
Bhargav-Spantzel et al. (2007) contends that there is a recent paradigm in identify
management called user-centricity identity management. The study conducted by Bhargav-
Spantzel et al. differentiated between two predominant notions: relationship-focused and
credential-focused identity management. In the former approach, a user only maintains
relationships with identity providers (IDPs) and thus every transaction providing identity
information is conveyed to the appropriate IDP. In the latter approach, the user must obtain
long-term credentials and store them in a local provider database.
Bhargav-Spantzel et al. indicates that the most predominant identity management model
on the Internet today is the silo model where users handle their own data and provide it to
organizations separately. One solution to this dilemma offered by Bhargav-Spantzel et al. is the
centralized federation model, such as Microsoft’s Passport, which removes the inconsistencies
and redundancies of the silo model and provides the Web users a seamless experience. Bhargav-
Cryptography and Network Security 11
Spantzel et al. offers a taxonomy for unifying the relationship-focused and credential-focused
identity management, and investigated the idea of a universal user-centric system, which
incorporates the current approaches. The open research question offered by Bhargav-Spantzel et
al. in their study is the search for a credential-based user-centric system that crosses the
boundaries of user-centricity. The study also supports their approach in unifying the notions in
user-centricity that could be useful in the field of user-centric federated identity management
systems (FIMS).
The study conducted by Bohli et al. (2007) examined popular proof models for group key
establishment and the tools offered for analyzing group key establishment protocols in the
presence of malicious participants. The framework introduced by Bohli et al. indicates that a
protocol proposed by Katz & Yung (2003) offer guarantees of security against a single malicious
participant, whereas a proposal offered by Kim, Lee & Lee (2004) fails to do so. Furthermore,
Bohli et al. showed that established group key establishment schemes from CRYPTO 2003 and
ASIACRYPT 2004 do not fully meet these requirements and proved a variant of the
ASIACRYPT2004 group key establishment scheme based on the Computational Diffie-Hellman
(CDH) assumption and the Random Oracle Model is secure in the strictest sense.
In the area of wireless security, Tafaroji, & Falahati (2007) proposed a means of
improving security of the code division multiple access (CDMA)—one of the most widely used
wireless air link interfaces in 3G wireless communication—by applying an encryption algorithm
over the spreading codes. In the Tafaroji et al. study the cross-correlation between outputs of
encryption algorithm causing multi-user interference was studied thoroughly, since multi-user
detection is the inherent characteristic of CDMA. A combination of encrypted and unencrypted
M-sequence is used as the spreading code to mitigate system performance. Thus Tafaroji et al.
Cryptography and Network Security 12
proposed a new method named “hidden direct sequence” to enhance the security of CDMA
systems through the application of the cryptographic algorithm in the channelization code. This
secure spectrum-spreading method prevents eavesdroppers from hearing an intercepted message,
and further prevents them from attempting to decipher the communication using the most
powerful means.
In a study conducted by Pistoia, Chandra, Fink, & Yahav (2007), three areas of security
vulnerability in software systems were analyzed. These were: access-control, information flow,
and application-programming interface conformance. Static analysis techniques were used to
analyze two major areas of access-control: stack-based and role-based access control. Static
analysis techniques were also used to address integrity violations and confidentiality violations,
which comprise information flow. The study also discussed how static analysis could be used to
verify the correct usage of security libraries and interfaces for component-based systems.
In the area of chosen ciphertext attacks (CCA), Boneh, Canetti, Halevi, & Katz (2006)
proposed a CCA-secure public-key encryption scheme based on identity-based encryption (IBE).
These schemes provide for a new paradigm for achieving CCA-security, which avoids “proofs of
well-formedness” that was the basis for previous constructions. Furthermore, by instantiating
their constructions using known IBE constructions, Boneh et al. was able to obtain CCA-secure
public-key encryption schemes whose performance was competitive with other CCA-secure
schemes already in existence.
Research conducted by Callas (2007) covered such topics as the social expectations of
cryptography, the myth of non-repudiation, the paradox of stronger keys, cryptography and
reliability, rights management, privacy enhancing technologies, new cryptographic ciphers, and
legal changes regarding cryptography. The future of cryptography is dependent on the way that
Cryptography and Network Security 13
society uses it. This relies on current laws, customs, regulations, and what we as a society expect
cryptography to do. Callas indicates that there are gaps in the research that are left to future
researchers to address. Callas points out that the concept that digital signatures, used for signing
documents and email, offer the property of non-repudiation—that the signer can’t say they didn’t
sign the document—is a myth and they present examples to further explain it. The research
goes on to explain that stronger cryptographic keys does not necessarily make the system more
secure since stronger cryptography in a chaotic system might actually promote the chaotic state;
thus the paradox of stronger keys. Callas differentiates between secure cryptography and
reliability in safety systems by noting that security systems protect against intelligent attackers
while reliability systems protect against unintelligent attackers. Ensuring the wrong people don’t
have the cryptographic keys will ensure a secure cryptographic system while making certain the
right people have the keys will ensure a reliable cryptographic system. Callas points out that the
future of cryptography is dependent upon a strong key management system that will ensure the
right people have the keys and the wrong people don’t gain access to the keys. Furthermore,
Callas shows that there is another myth that there needs to be tradeoffs between security and
privacy in the use of cryptography. They demonstrate that a cryptosystem can be private while
being secure. New ciphers such as elliptic curve, bi-linear, and quantum cryptography are
introduced in the study. And, finally, Callas points out that the way people think about data and
communications privacy and security is a reflection of changes in the law that have come about
by events like the terrorist attacks of September, 2001, and ubiquitous cryptography has played a
major role in that shift. As a result, cryptography will play a critical role in protecting
information now and in the future.
Cryptography and Network Security 14
Walters (2007) proposes a draft IS security curriculum that should be incorporated into
the core body of knowledge of the business curriculum, and proposes that additional practical
guidance to Accounting Information Security (AIS) educators who would like to incorporate IS
security into their existing curriculum needs to be undertaken.
Zanin, Di Pietro, & Mancini (2007) in their study present a new distributed signature
protocol based on the RSA cryptographic algorithm, which is suitable for large-scale ad-hoc
networks. This signature protocol is shown to be distributed, adaptive, and robust while
remaining subject to tight security and architectural constraints. The study reveals that the
robustness of this protocol scheme can be enhanced by involving only a fraction of the nodes on
the network. Zanin et al. demonstrated that their protocol scheme is correct, because it allows a
chosen number of nodes to produce a valid cryptographic signature; it is secure, because an
attacker who compromises fewer than the given number of nodes is unable to disrupt the service
or produce a bogus signature; and it is efficient, because of the low overhead in comparison to
the number of features provided.
Not only is security important in wired networks, but it is an important factor in any
network, including wireless networks. Floyd (2006) devised a cryptographic solution to securing
mobile ad-hoc networks that are especially vulnerable to malicious attacks since they possess no
clear line of defense. This cryptographic system was dubbed, the Mobile Application Security
System (MASS). This system was shown to prevent unauthorized modifications of mobile
applications by other running applications and other hosts on the wireless network, by ensuring
the mobile code was both authentic and authorized.
Employing encryption based on cryptographic algorithms to secure consumer data is of
paramount importance today, especially in the area of ecommerce on the Internet. Toubba
Cryptography and Network Security 15
(2006) stresses the importance of strong encryption key management and granular access control
to Web-based applications. Toubba shows that corporations that store, transmit, and use
consumer data must take steps to choose strong cryptographic solutions to protect this data, and
to employ complementary network security procedures to maximize the overall effectiveness of
the encryption product. Strong key management and granular access control are viewed as the
complementary network security procedures. Furthermore, in another study conducted by
Kodaganallur (2006), it was shown that the use of public key cryptography based on asymmetric
key ciphers overcomes the shortcomings of using symmetric key ciphers in isolation by enabling
confidentiality, message integrity, and authentication. Klappenecker (2004) further demonstrate
the ability to break a cryptosystem and demonstrate that the authentication problem of their
protocol that allowed them to break this seemingly “unbreakable data encryption” is fixable.
Limitations in computer platform security in the use of cryptography are demonstrated in
the study conducted by (Young, 2004). This study showed the experimental results of launching
a crypto-viral payload on the Microsoft Windows platform, specifically on the Microsoft
Cryptographic API. The study revealed that using eight types of API calls and 72 lines of C
code, the payload was able to hybrid encrypt sensitive data and hold it hostage. The researchers
in this study were able to develop a countermeasure to the crypto-viral attack, which forces the
API caller to show that an authorized party can successfully recover the asymmetrically
encrypted data.
The importance of the use of strong cryptography in voice communication can’t be
overstated. In a study conducted by Li., C, Li., S., Zhang, & Chen (2006), a new Voice-Over-
Internet Protocol (VOIP) technique with a new hierarchical data security protection (HDSP)
scheme was developed using a secret chaotic bit sequence. However, there are limitations in this
Cryptography and Network Security 16
scheme involving known chosen/plaintext attacks in which only one known chosen/plaintext
attack was sufficient to break the secret key. Additionally, brute force attacks against HDSP
indicate the security of HDSP to be weak in this regard. The researchers offer suggestions to
strengthen HDSP, but cautioned against the use of HDSP in security-sensitive applications,
especially if the secret key will be reused to encrypt more than one plaintext.
One means of strengthening data encryption and authentication in cryptosystems on
corporate networks is discussed in a study by Hogue et al. in which the feasibility of generating
biometric key encryption is presented. Experimental analysis of this study revealed encouraging
prospects for its use in modern cryptosystems.
Recent developments have shown that network security, Quality of Service (QoS) and
secure data communications over public networks (and the Internet) can benefit from theoretical
data-hiding technologies. In their study, Lovoshynovskiy et al. demonstrated that cryptographic
techniques for hiding data on heterogeneous public networks was a very cost-effective
alternative to other network security measures, which do not require significant upfront
investment, protocol modifications, and are totally compatible with existing multimedia
compression and communication standards. These data hiding techniques include state-of-the-
art watermarking, watermark-assisted multimedia processing, tamper proofing, and secure
communications.
Finally, in a study conducted by Schneier (2004), the researchers concluded that the
argument that secrecy is good for security is a myth and worthy of rebuttal. They further
demonstrated that secrecy is especially not good for security with respect for vulnerability and
reliability information. They also show that security that relies totally on secrecy is extremely
fragile, and once it is lost, there is no way to regain it. Schneier goes on to make a case that
Cryptography and Network Security 17
cryptography—since it is based on secret keys that are short, easy to transfer, and easy to
change—must rely on one of its basic principles that the cryptographic algorithm be made public
if it is to remain strong and offer good security. Using the public key system avoids the fallacy
in the argument that secrecy works. Those who oppose secrecy ignore the security value of
openness. The only reliable means to improve security is to embrace public scrutiny.
Now that we have analyzed some of the research that has been conducted and reported in
scholarly literature, let’s switch our focus and review some of the non-scholarly literature that
has been published on this topic as well.
Cryptography and Network Security 18
Non-Scholarly Literature
As pointed out in Companies Integrate (2008) many corporations are beginning to realize
that using cryptography to encrypt the PC or perimeter device is not an all-inclusive, effective
means of protecting their essential data. Taking measures to prevent data loss is also needed.
Additionally with the myriad ways of sharing data on corporate networks and the Internet that
exist today, it is time to employ strong cryptography as a means of securing the data and to
protect individuals’ privacy (Harris, 2007).
Embedded systems that are designed today depend entirely on the same technologies that
corporate IT depends upon. These technologies involve Ethernet, TCP/IP, and operating
systems. This fact suggests that embedded systems, such as mobile phones, refrigerators, smart
light switches, automobiles to military weapons are now as vulnerable to the same security
threats that have plagued corporate IT systems for many years (Robinson). The reliance on
strong cryptography is necessary to protect these embedded systems from viral and other
malicious attacks. Especially vulnerable are embedded systems that rely on wireless technology,
such as Bluetooth, Blackberry, RFID, and the like. Robinson first develops the fundamental
concepts surrounding cryptography, such as public key/private key encryption, Diffie-Hellman
Key Exchange, block ciphers, Hash algorithms, DES, AES, the implications of IP Security
(IPSEC) and Internet Key Exchange (IKE), elliptic curve cryptography, SSL/TLS used heavily
in Web-based applications, Wi-Fi, and other embedded security concerns. Next, Robinson
makes a case that developing strong encryption protocols in software for small devices may be
too cost prohibitive, and these designers should consider including cryptographic hardware in the
embedded designs.
Cryptography and Network Security 19
One of the biggest issues facing privacy and data security in the health industry today, as
pointed out by Protect Those Portable (2008), is that while the Health Insurance Portability and
Accountability Act (HIPAA) requires all medical providers in the U.S. to protect paper health
records, Federal law does not require the same protection when these records are digitally
exported to non-healthcare providers. This issue surfaces with recent partnerships such as the
AT&T/Tennessee Plan, Microsoft’s Health Vault Plan, and a recent Google partnership with a
Cleveland, OH health clinic that permit individuals to view their health record information
online. A USA Today article cited in Protect Those Portable (2008) reports that both Microsoft
and Google have assured individuals using their plans that strong cryptographic measures on the
Web will ensure their data will remain secure and private.
To echo recent studies conducted involving quantum cryptography, Hughes (2007);
Baker (2005) report recent developments in a new cryptographic protocol called Keyed
Communication in Quantum Noise (KCQ). Because KCQ uses encryption involving quantum
noise of light at the physical layer of network transmission, many scientists theorize that this new
protocol will offer greater security than heretofore secure communication systems that rely only
on cryptographic encryption technology involving mathematical cryptography complexity.
The instantiation of KCQ into existing communications at the physical layer is called the
AlphEta protocol in the United States. The AlphaEta protocol injects thousands of photons for
each logical data bit transmitted on existing networks at the physical layer. These radiation
states of multiple photons emitted by lasers are the means of information transport in the
network. These states of light—from a quantum physics standpoint—are fuzzy waves of light in
that their amplitude, phases, and polarization states do not exist in clearly quantifiable packets.
Rather, these observable characteristics are random variables, which possess means and
Cryptography and Network Security 20
variances about those means. This quantum random noise is irreducible and cannot be filtered
away. This is based on a fundamental property of quantum mechanics. This fact makes the use
of the AlphaEta protocol especially promising for securing data due to the quantum uncertainty
principle in measuring fluctuations in quantum noise polarization and phase states. Coupling the
use of the AlphaEta protocol with other stringent mathematically-complex cryptographic
algorithms forms a near perfect security cryptosystem.
Many IT professionals and information security professionals are beginning to realize the
importance of remaining current in the area of network security through the development of
information technology safeguards and corporate policies that keep companies’ information
assets secure. Since there is a greater reliance on cryptography as the means of securing those
assets more effectively, many of these professionals are turning to the non-profit organization
known as the International Information Systems Security (ISC) Certification Consortium, which
has certified more than 42,000 information security professionals in 110 countries (Pratt 2006).
Many of these IS security professionals must now manage complex applications that involve
advanced cryptosystems that help corporations comply with a growing list of federally- and
state-mandated regulations that commission strict data security and privacy.
Perspectives for (2006) reports that cryptography serves as the foundation of many IT
security systems. One of the main challenges of computer science research is maintaining
security on an ever-increasingly vulnerable IT network infrastructure, which includes
communications, commerce, public administration, medical care, politics, and education that
depend heavily on IT technology. The long-term security of these systems will also depend
extensively on cryptography.
Cryptography and Network Security 21
And, finally, Webb reports the necessity of “hack-proof” design in embedded systems.
These devices provide unattended operation for thousands of safety-related and mission-critical
systems in the medical, manufacturing, health care, transportation, finance, and military sectors.
Any one of these systems could be a potential target for hackers, organized crime, adversarial
governments, and terrorists throughout the world. It is imperative that the designers of these
embedded devices not only seek to protect the data that passes through them, but the intellectual
property itself. The use of cryptography on either a software or hardware level, or both, is seen
as the means of providing this protection.
Cryptography and Network Security 22
Conclusions
A review of the scholarly and non-scholarly literature over the past decade would suggest
that although cryptography has had its limitations on desktop PC platforms, it has played a key
role in providing strong, reliable, and robust network data security. Furthermore, network
security principles and practice depend on cryptography to function properly and reliably, and it
appears that cryptography will continue to figure prominently into the strategic IT and business
plans for the foreseeable future with regard to protecting critical financial, personal, medical,
transportation, and ecommerce data via corporate networks and click-and-mortar Internet
businesses on the World Wide Web while providing a respectable level of privacy.
Scholarly research also indicates that there are gaps in the research, especially in the area
involving credential-based user-centric identity systems that crosses the boundaries of user-
centricity, and in another area involving the way that society uses cryptography due to the
reliance on current laws, customs, regulations, and, in general, what we as a society expect
cryptography to do.
From its inception in the latter 1970s, modern-day cryptography has evolved from the
basic Data Encryption Standard that was used to secure early digital data on desktop PCs and
later networks and communications devices to the incorporation of a much stronger cryptography
involving RSA encryption and IKE, which has been used extensively in the development of
SSL/TLS and IPSec to provide a cost effective means to secure Web ecommerce applications,
mobile devices, and provide security for worldwide global communications with both
commercial and military application.
The prevailing myth that secrecy is good for security has been proved wrong with the
association that cryptosystems provide extremely strong security when these systems utilize an
Cryptography and Network Security 23
asymmetric key management system process where the public key is known to everyone and the
secret key is known only to the one who possesses it; that is to say, security is achieved when
cryptography relies on one of its most basic principles that the algorithms remain public.
Modern-day applications such as Pretty Good Privacy (PGP) attest to the power cryptography
that uses this asymmetric key system to encrypt and decipher data and electronic mail provides.
Even though cryptography is based on mathematical complexity that is not fully understood by
everyone and especially by its typical users, cryptosystems such as PGP provide an application
software interface that allows for a very user-friendly experience, which removes the complexity
while still affording the user the strong security that is required and that they demand.
Although cryptography is of paramount importance in providing crucial data security
through the use of digital signatures, state-of-the-art watermarking, data hiding, SSL/TLS, IPSec,
etc., IT network administrators and corporate CEOs should not forget that other network security
principles that don’t involve cryptography shouldn’t be pushed aside. Good network security
principles and practice should, instead, be used in conjunction with cryptography to form a more
secure complementary network security system.
And, finally, since cryptography is here to stay, many IT and IT security professionals are
becoming aware of the importance of keeping current through the development of information
technology safeguards and corporate policies that keep companies’ information assets secure.
As a result, they are turning to third-party non-profit organizations to assist in this regard.
Cryptography and Network Security 24
References
Baker, M. (2005, January). Keeping a Secret. Technology Review, 108(1), 82-83. Retrieved
August 2, 2008, from Academic Search Premier database.
Bhargav-Spantzel, A., Camenisch, J., Gross, T., & Sommer, D. (2007, October). User centricity:
A taxonomy and open issues. Journal of Computer Security, 15(5), 493-527. Retrieved
August 2, 2008, from Academic Search Premier database.
Bohli, J., González Vasco, M., & Steinwandt, R. (2007, July). Secure group key establishment
revisited. International Journal of Information Security, 6(4), 243-254. Retrieved August
2, 2008, doi:10.1007/s10207-007-0018-x
Boneh, D., Canetti, R., Halevi, S., & Katz, J. (2006, December). CHOSEN-CIPHERTEXT
SECURITY FROM IDENTITY-BASED ENCRYPTION. SIAM Journal on Computing,
36(5), 1301-1328. Retrieved August 2, 2008, doi:10.1137/S009753970544713X
Callas, J. (2007, January). The Future of Cryptography. Information Systems Security, 16(1), 15-
22. Retrieved August 2, 2008, doi:10.1080/10658980601051284
COMPANIES INTEGRATE ENCRYPTION/DATA LOSS PREVENTION. (2008, July).
Computer Security Update, Retrieved August 2, 2008, from Academic Search Premier
database.
Fagin, B., Baird, L., Humphries, J., & Schweitzer, D. (2008, January). Skepticism and
Cryptography. Knowledge, Technology & Policy, 20(4), 231-242. Retrieved August 2,
2008, doi:10.1007/s12130-007-9030-8
Floyd, D. (2006, Fall2006). Mobile application security system (MASS). Bell Labs Technical
Journal, 11(3), 191-198. Retrieved August 2, 2008, doi:10.1002/bltj.20188
Cryptography and Network Security 25
Harris, D. (2007, April 27). Has Anyone Seen My Data?. Electronic Design, 55(9), 41-46.
Retrieved August 2, 2008, from Academic Search Premier database.
Hoque, S., Fairhurst, M., Howells, G., & Deravi, F. (2005, March 17). Feasibility of generating
biometric encryption keys. Electronics Letters, 41(6), 1-2. Retrieved August 2, 2008,
doi:10.1049/el:20057524
Hughes, D. (2007, May). Cyberspace Security via Quantum Encryption. Military Technology,
31(5), 84-87. Retrieved August 2, 2008, from Academic Search Premier database.
Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.)
Advances in Cryptology—CRYPTO’03, Lecture Notes in Computer Science, vol. 2729,
pp. 110–125. Springer, Berlin (2003)
Kim, H.J., Lee, S.M., Lee, D.H.: Constant-round authenticated group key exchange for dynamic
groups. In: Lee, P.J. (ed.) Advances in Cryptology—ASIACRYPT’04, Lecture
Notes in Computer Science, vol. 3329, pp. 245–259. Springer, Berlin (2004)
Klappenecker, A. (2004, December). REMARK ON A NON-BREAKABLE DATA
ENCRYPTION SCHEME BY KISH AND SETHURAMAN. Fluctuation & Noise
Letters, 4(4), C25-C26. Retrieved August 2, 2008, from Academic Search Premier
database.
Kodaganallur, V. (2006, January). Secure E-Commerce: Understanding the Public Key
Cryptography Jigsaw Puzzle. Information Systems Security, 14(6), 44-52. Retrieved
August 2, 2008, from Academic Search Premier database.
Levy, S. (2001). Crypto: How the code rebels beat the Government - Saving privacy in the
digital age. New York: Viking Penguin Publishing.
Cryptography and Network Security 26
Li, C., Li, S., Zhang, D., & Chen, G. (2006, February). Cryptanalysis of a data security
protection scheme for VoIP. IEE Proceedings -- Vision, Image & Signal Processing,
153(1), 1-10. Retrieved August 2, 2008, doi:10.1049/ip-vis:20045234
Lovoshynovskiy, S., Deguillaume, F., Koval, O., & Pun, T. (2005, January). INFORMATION-
THEORETIC DATA-HIDING:: RECENT ACHIEVEMENTS AND OPEN
PROBLEMS. International Journal of Image & Graphics, 5(1), 5-35. Retrieved August 2,
2008, from Academic Search Premier database.
PERSPECTIVES FOR CRYPTOGRAPHIC LONG-TERM SECURITY. (2006, September).
Communications of the ACM, Retrieved August 2, 2008, from Academic Search Premier
database.
Pistoia, M., Chandra, S., Fink, S., & Yahav, E. (2007, April). A survey of static analysis methods
for identifying security vulnerabilities in software systems. IBM Systems Journal, 46(2),
265-288. Retrieved August 2, 2008, from Academic Search Premier database.
Pratt, M. (2006, December 4). Moving Target. Computerworld, 40(49), 39-40. Retrieved August
2, 2008, from Academic Search Premier database.
Prince, B. (2008, June 2). Playing the waiting game. eWeek, 25(17), 20-20. Retrieved August 2,
2008, from Academic Search Premier database.
Protect Those Portable Devices. (2008, May). Information Management Journal, Retrieved
August 2, 2008, from Academic Search Premier database.
Robinson, S. (2008, June). Safe and secure: data encryption for embedded systems. (Cover
story). EDN Europe, 53(6), 24-33. Retrieved August 2, 2008, from Academic Search
Premier database.
Cryptography and Network Security 27
S., E. (2007, February). HACK-PROOF INTERNET. Popular Science, 270(2), 48-49. Retrieved
August 2, 2008, from Academic Search Premier database.
Schneier, B. (2004, October). The Nonsecurity of Secrecy. Communications of the ACM,
47(10), 120-120. Retrieved August 2, 2008, from Academic Search Premier database.
Tafaroji, M., & Falahati, A. (2007, June). Improving code division multiple access security by
applying encryption methods over the spreading codes. IET Communications, 1(3), 398-
404. Retrieved August 2, 2008, doi:10.1049/iet-com:20060295
Toubba, K. (2006, July). Employing Encryption to Secure Consumer Data. Information Systems
Security, 15(3), 46-54. Retrieved August 2, 2008, from Academic Search Premier
database.
Walters, L. (2007, Spring2007). A Draft of an Information Systems Security and Control Course.
Journal of Information Systems, 21(1), 123-148. Retrieved August 2, 2008, from
Academic Search Premier database.
Webb, W. (2006, July 20). HACK-PROOF DESIGN. (Cover story). EDN, 51(15), 46-54.
Retrieved August 2, 2008, from Academic Search Premier database.
Young, A. (2006, March). Cryptoviral extortion using Microsoft's Crypto API. International
Journal of Information Security, 5(2), 67-76. Retrieved August 2, 2008,
doi:10.1007/s10207-006-0082-7
Zanin, G., Di Pietro, R., & Mancini, L. (2007, February). Robust RSA distributed signatures for
large-scale long-lived ad hoc networks. Journal of Computer Security, 15(1), 171-196.
Retrieved August 2, 2008, from Academic Search Premier database.

Más contenido relacionado

La actualidad más candente

Data Partitioning In Cloud Storage Using DESD Crypto Technique
Data Partitioning In Cloud Storage Using DESD Crypto TechniqueData Partitioning In Cloud Storage Using DESD Crypto Technique
Data Partitioning In Cloud Storage Using DESD Crypto TechniqueIJCSIS Research Publications
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityEditor IJCATR
 
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHY
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHYA SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHY
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHYcsandit
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) ijceronline
 
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...CSCJournals
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithmsijtsrd
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsIJNSA Journal
 
A novel approach to information security using safe
A novel approach to information security using safeA novel approach to information security using safe
A novel approach to information security using safeeSAT Publishing House
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...Secure Medical Data Computation using Virtual_ID Authentication and File Swap...
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...IJASRD Journal
 
A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...eSAT Journals
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture NotesFellowBuddy.com
 
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA AlgorithmEncryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithmijtsrd
 

La actualidad más candente (19)

Data Partitioning In Cloud Storage Using DESD Crypto Technique
Data Partitioning In Cloud Storage Using DESD Crypto TechniqueData Partitioning In Cloud Storage Using DESD Crypto Technique
Data Partitioning In Cloud Storage Using DESD Crypto Technique
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122
 
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHY
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHYA SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHY
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHY
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish AlgorithmsPerformance Comparison of File Security System using TEA and Blowfish Algorithms
Performance Comparison of File Security System using TEA and Blowfish Algorithms
 
s117
s117s117
s117
 
CNS Solution
CNS SolutionCNS Solution
CNS Solution
 
Research
ResearchResearch
Research
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
 
A novel approach to information security using safe
A novel approach to information security using safeA novel approach to information security using safe
A novel approach to information security using safe
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...Secure Medical Data Computation using Virtual_ID Authentication and File Swap...
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...
 
A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...A novel approach to information security using safe exchange of encrypted dat...
A novel approach to information security using safe exchange of encrypted dat...
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture Notes
 
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA AlgorithmEncryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
Encryption Data Measurement and Data Security of Hybrid AES and RSA Algorithm
 
Report dna
Report dnaReport dna
Report dna
 

Similar a Cryptoandnetworksecuritylitreview

What Role Does The Government Play In Encryption
What Role Does The Government Play In EncryptionWhat Role Does The Government Play In Encryption
What Role Does The Government Play In EncryptionTonya Strongheart
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAijcisjournal
 
Annotated Bibliography On Rsa Cryptography
Annotated Bibliography On Rsa CryptographyAnnotated Bibliography On Rsa Cryptography
Annotated Bibliography On Rsa CryptographyRenee Delgado
 
Protecting Data Through Encryption Essay
Protecting Data Through Encryption EssayProtecting Data Through Encryption Essay
Protecting Data Through Encryption EssayDawn Mora
 
Particle magic need for quantum
Particle magic need for quantumParticle magic need for quantum
Particle magic need for quantumijaia
 
Cryptography And Embedded Systems Used
Cryptography And Embedded Systems UsedCryptography And Embedded Systems Used
Cryptography And Embedded Systems UsedCarla Bennington
 
Introduction And Mechanics Of Encryption
Introduction And Mechanics Of EncryptionIntroduction And Mechanics Of Encryption
Introduction And Mechanics Of EncryptionSamantha Reed
 
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docxRunning Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docxtodd271
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docxalinainglis
 
Image Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A ReviewImage Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A ReviewAIRCC Publishing Corporation
 
Image Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A ReviewImage Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A ReviewAIRCC Publishing Corporation
 
IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEW
IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEWIMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEW
IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEWijcsit
 
A Study Of Cryptography To Protect Data From Cyber-Crimes
A Study Of Cryptography To Protect Data From Cyber-CrimesA Study Of Cryptography To Protect Data From Cyber-Crimes
A Study Of Cryptography To Protect Data From Cyber-CrimesJoe Osborn
 
Study and implementation of DES on FPGA
Study and implementation of DES on FPGAStudy and implementation of DES on FPGA
Study and implementation of DES on FPGAVenkata Kishore
 
10.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.1210.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.12Arindam Paul
 

Similar a Cryptoandnetworksecuritylitreview (20)

What Role Does The Government Play In Encryption
What Role Does The Government Play In EncryptionWhat Role Does The Government Play In Encryption
What Role Does The Government Play In Encryption
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
 
Annotated Bibliography On Rsa Cryptography
Annotated Bibliography On Rsa CryptographyAnnotated Bibliography On Rsa Cryptography
Annotated Bibliography On Rsa Cryptography
 
Protecting Data Through Encryption Essay
Protecting Data Through Encryption EssayProtecting Data Through Encryption Essay
Protecting Data Through Encryption Essay
 
Particle magic need for quantum
Particle magic need for quantumParticle magic need for quantum
Particle magic need for quantum
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
Cryptography And Embedded Systems Used
Cryptography And Embedded Systems UsedCryptography And Embedded Systems Used
Cryptography And Embedded Systems Used
 
Introduction And Mechanics Of Encryption
Introduction And Mechanics Of EncryptionIntroduction And Mechanics Of Encryption
Introduction And Mechanics Of Encryption
 
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docxRunning Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
Running Head CRYPTOGRAPHYCRYPTOGRAPHY2CRYPTOGRAPH.docx
 
L017136269
L017136269L017136269
L017136269
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
 
Image Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A ReviewImage Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A Review
 
Image Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A ReviewImage Encryption Techniques Using Fractal Function : A Review
Image Encryption Techniques Using Fractal Function : A Review
 
IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEW
IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEWIMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEW
IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEW
 
Week12 b
Week12 bWeek12 b
Week12 b
 
A Study Of Cryptography To Protect Data From Cyber-Crimes
A Study Of Cryptography To Protect Data From Cyber-CrimesA Study Of Cryptography To Protect Data From Cyber-Crimes
A Study Of Cryptography To Protect Data From Cyber-Crimes
 
Study and implementation of DES on FPGA
Study and implementation of DES on FPGAStudy and implementation of DES on FPGA
Study and implementation of DES on FPGA
 
10.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.1210.11648.j.ijdst.20160204.12
10.11648.j.ijdst.20160204.12
 

Último

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 

Último (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 

Cryptoandnetworksecuritylitreview

  • 1. Cryptography and Network Security 1 Running head: LITERATURE REVIEW OF CRYPTOGRAPHY & NETWORK SECURITY Literature Review of Cryptography and its Role in Network Security Principles and Practice Daniel Lloyd Calloway Capella University, OM8302, § 4 8 September 2008 Dr. Hannon, Instructor
  • 2. Cryptography and Network Security 2 Abstract This literature review looks at the research that has been published in the area of cryptography as it relates to network data and global communications security. It compares and contrasts the research pointing out overall trends in what has already been published on this subject. It analyzes the role that cryptography has played and will play in the future relative to security. This review addresses cryptography around the central theme of the security that it provides or should provide individuals, corporations, and others in the modern age of computing technology, networking, and Web-based ecommerce. By reviewing both scholarly and non- scholarly works, it is our objective to make a case that continuing research into the use of cryptography is paramount in preserving the future of electronic data security and privacy as well as the continuing development of Web-based applications that will permit the growth of ecommerce business worldwide to be conducted over the Internet.
  • 3. Cryptography and Network Security 3 CONTENTS Abstract............................................................................................................................................2 Introduction - Early vs. Modern Cryptography .............................................................................4 Introduction - Overall Trends in the Research...............................................................................7 Scholarly Literature .......................................................................................................................10 Non-Scholarly Literature ...............................................................................................................18 Conclusions....................................................................................................................................22 References......................................................................................................................................24
  • 4. Cryptography and Network Security 4 Introduction - Early vs. Modern Cryptography Today’s cryptography is vastly more complex than its predecessor. Unlike the original use of cryptography in its classical roots where it was implemented to conceal both diplomatic and military secrets from the enemy, the cryptography of today, even though it still has far- reaching military implications, has expanded its domain, and has been designed to provide a cost-effective means of securing and thus protecting large amounts of electronic data that is stored and communicated across corporate networks worldwide. Cryptography offers the means for protecting this data all the while preserving the privacy of critical personal financial, medical, and ecommerce data that might end up in the hands of those who shouldn’t have access to it. There have been many advances in the area of modern cryptography that have emerged beginning in the 1970s as the development of strong encryption-based protocols and newly developed cryptographic applications began to appear on the scene. On January, 1977, the National Bureau of Standards (NBS) adopted a data encryption standard called the Data Encryption Standard (DES), which was a milestone in launching cryptography research and development into the modern age of computing technology. Moreover, cryptography found its way into the commercial arena when, on December, 1980, the same algorithm, DES, was adopted by the American National Standards Institute (ANSI). Following this milestone was yet another when a new concept was proposed to develop Public Key Cryptography (PKC), which is still undergoing research development today (Levy, 2001). When we speak of modern cryptography, we are generally referring to cryptosystems because the cryptography of today involves the study and practice of hiding information through
  • 5. Cryptography and Network Security 5 the use of keys, which are associated with Web-based applications, ATMs, Ecommerce, computer passwords, and the like. Cryptography is considered not only a part of the branch of mathematics, but also a branch of computer science. There are two forms of cryptosystems: symmetric and asymmetric. Symmetric cryptosystems involve the use of a single key known as the secret key to encrypt and decrypt data or messages. Asymmetric cryptosystems, on the other hand, use one key (the public key) to encrypt messages or data, and a second key (the secret key) to decipher or decrypt those messages or data. For this reason, asymmetric cryptosystems are also known as public key cryptosystems. The problem that symmetric cryptosystems have always faced is the lack of a secure means for the sharing of the secret key by the individuals who wish to secure their data or communications. Public key cryptosystems solve this problem through the use of cryptographic algorithms used to create the public key and the secret key, such as DES, which has already been mentioned, and a much stronger algorithm, RSA. The RSA algorithm is the most popular form of public key cryptosystem, which was developed by Ron Rivest, Adi Shamir, and Leonard Adleman at the Massachusetts Institute of Technology in 1977 (Robinson, 2008). The RSA algorithm involves the process of generating the public key by multiplying two very large (100 digits or more) randomly chosen prime numbers, and then, by randomly choosing another very large number, called the encryption key. The public key would then consist of both the encryption key and the product of those two primes. Ron Rivest then developed a simple formula by which someone who wanted to scramble a message could use that public key to do so. The plaintext would then be converted to ciphertext, which was transformed by an equation that included that large product. Lastly, using an algorithm developed through the work of the great mathematician, Euclid, Ron Rivest provided for a decryption key—one that could only be
  • 6. Cryptography and Network Security 6 calculated by the use of the original two prime numbers. Using this encryption key would unravel the ciphertext and transform it back into its original plaintext. What makes the RSA algorithm strong is the mathematics that is involved. Ascertaining the original randomly chosen prime numbers and the large randomly chosen number (encryption key) that was used to form the product that encrypted the data in the first place is nearly impossible (Levy, 2001). A very popular public key cryptosystem is known as Pretty Good Privacy (PGP), developed by Phil Zimmerman beginning in early 1991 (Levy, 2001). The strength of the keys that are created to encrypt and decrypt data or communications is a function of the length of those keys. Typically the longer the key, the stronger that key is. For example, a 56-bit key (consisting of 56 bits of data) would not be as strong as a 128-bit key. And, consequently, a 128- bit key would not be as strong as a 256- or 1024-bit key. Next, let’s address the overall trends identified in the research that has been conducted in the field of cryptography and network security.
  • 7. Cryptography and Network Security 7 Introduction - Overall Trends in the Research In reviewing the research that has already been published with regard to cryptography and network security since the 1970s, some noteworthy trends have emerged. There is a prevailing myth that secrecy is good for security, and since cryptography is based on secrets, it may not be good for security in a practical sense (Schneier, 2004; Baker, 2005). The mathematics involved in good cryptography is very complex and often difficult to understand, but many software applications tend to hide the details from the user thus making cryptography a useful tool in providing network and data security (Robinson, 2008). Many companies are incorporating data encryption and data loss prevention plans, based on strong cryptographic techniques, into their network security strategic planning programs (Companies Integrate, 2006). Cryptographic long-term security is needed but is often difficult to achieve. Cryptography serves as the foundation for most IT security solutions, which include: (1) Digital signatures that are used to verify the authenticity of updates for computer operating systems, such as Windows XP; (2) Personal banking, ecommerce, and other Web-based applications that rely heavily on Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for authentication and data security; and (3) The introduction of health cards that allow access to medical history, prescription history, and medical records in countries such as Germany, which contain the electronic health information of its citizens and which depend on digital signature and other encryption schemes for security and privacy of critical data (Perspectives for, 2006). There are product design criteria that designers can meet for implementing strong encryption protocols into software applications; however, strong public-key cryptography may prove too computationally expensive for small devices, and the alternative may be to incorporate
  • 8. Cryptography and Network Security 8 cryptographic hardware into embedded designs (Robinson, 2008). Although cryptography and information security are multi-billion dollar industries, the economy of the world and the defense of almost every nation worldwide depend upon it and could not be carried out without it (Fagin, Baird, Humphries, & Schweitzer, 2008). An individual’s identity in the digital world could be controlled by what is termed the federated identity management system consisting of software components and protocols that manage the identify of individuals throughout their identity lifecycle (Bhargav-Spantzel, Camenisch, Gross, & Sommer, 2007). With the rise in threats to sensitive data from outsiders, encryption is seen as a necessary tool in ensuring corporate networks and individuals’ information is as secure as possible (Toubba, 2006). The ubiquity of the Internet makes it extremely difficult to trace and identify intruders of corporate networks and Internet-based businesses involved in ecommerce with the public domain. Primary security concerns are confidentiality, data integrity, data origin authenticity, agent authenticity, non- repudiation, and so on. Current cryptographic techniques, such as smart cards, PINs, password authentication, etc., have performed well in keeping data secure. However, the overall security of an encryption system depends upon its ability to keep cipher keys secret, while the typical human behavior is to write down passwords so they aren’t forgotten, which often makes security very vulnerable to compromise. The concept of biometric-based keys appears to be one possible solution to this dilemma (Hogue, Fairhurst, Howells, & Deravi, 2005). Security must be the primary design consideration from a mission-critical or safety-related product’s conception, through design and development, production, deployment, and the end of its lifecycle. Embedded systems that find themselves installed in devices that are an integral part of the manufacturing, health, transportation, and finance sectors, as well as the military, without having near-flawless strong cryptographic security built into them would be vulnerable to would-be
  • 9. Cryptography and Network Security 9 hackers, organized crime, terrorists, or enemy governments (Webb, 2006; S., E, 2007). The concept of data hiding technologies whose aim is to solve modern network security, quality of services control, and secure communications, has been seen as a cost-effective alternative to other means of data security, which does not require protocol modifications, and is compatible with existing standards of multimedia compression and communications (Lovoshynovskiy, Deguillaume, Koval, & Pun, 2005). Security is an important aspect of any network, but in particular to wireless ad-hoc networks where mobile applications are deployed to perform specific tasks. Since these networks are wireless, the potential for hacking into them using mobile devices is greater as there is no clear line of defense for protecting them. The development of the Mobile Application Security System (MASS) utilizing a layered security approach and strong cryptographic techniques is seen as a viable low-cost solution to protecting these application-based wireless networks (Floyd, 2006). And, finally, a new concept in cryptographic security known as Quantum Encryption, which uses quantum fluctuations of laser light at the physical layer introduced into existing network transmission lines is seen as a means of enabling ultra-secure communications and near perfect security (Hughes, 2007). It is the intent of this review of the literature to look at what has been published regarding cryptography in recent years from the standpoint of network and data security and privacy, and to specifically address the role that cryptography plays in enabling this security.
  • 10. Cryptography and Network Security 10 Scholarly Literature There is much skepticism surrounding cryptography. Fagin et al. (2008) indicates that there is progress being made in this area to remove the skepticism. The National Institute of Standards and Technology (NIST) has joined forces with the National Security Agency (NSA) to form the “Common Criteria” process known as the Common Criteria for Information Technology Security Evaluation 2005 whose aim it is to increase the confidence in cryptographic and information-related security products. Additionally, the Department of Defense (DoD) has enacted policy directives requiring Information Assurance (IA) professionals to receive information security training in addition to basic IA training for all of its DoD employees (Fagin et al.). Fagin et al. further notes that security today requires some level of skepticism and critical thinking. Bhargav-Spantzel et al. (2007) contends that there is a recent paradigm in identify management called user-centricity identity management. The study conducted by Bhargav- Spantzel et al. differentiated between two predominant notions: relationship-focused and credential-focused identity management. In the former approach, a user only maintains relationships with identity providers (IDPs) and thus every transaction providing identity information is conveyed to the appropriate IDP. In the latter approach, the user must obtain long-term credentials and store them in a local provider database. Bhargav-Spantzel et al. indicates that the most predominant identity management model on the Internet today is the silo model where users handle their own data and provide it to organizations separately. One solution to this dilemma offered by Bhargav-Spantzel et al. is the centralized federation model, such as Microsoft’s Passport, which removes the inconsistencies and redundancies of the silo model and provides the Web users a seamless experience. Bhargav-
  • 11. Cryptography and Network Security 11 Spantzel et al. offers a taxonomy for unifying the relationship-focused and credential-focused identity management, and investigated the idea of a universal user-centric system, which incorporates the current approaches. The open research question offered by Bhargav-Spantzel et al. in their study is the search for a credential-based user-centric system that crosses the boundaries of user-centricity. The study also supports their approach in unifying the notions in user-centricity that could be useful in the field of user-centric federated identity management systems (FIMS). The study conducted by Bohli et al. (2007) examined popular proof models for group key establishment and the tools offered for analyzing group key establishment protocols in the presence of malicious participants. The framework introduced by Bohli et al. indicates that a protocol proposed by Katz & Yung (2003) offer guarantees of security against a single malicious participant, whereas a proposal offered by Kim, Lee & Lee (2004) fails to do so. Furthermore, Bohli et al. showed that established group key establishment schemes from CRYPTO 2003 and ASIACRYPT 2004 do not fully meet these requirements and proved a variant of the ASIACRYPT2004 group key establishment scheme based on the Computational Diffie-Hellman (CDH) assumption and the Random Oracle Model is secure in the strictest sense. In the area of wireless security, Tafaroji, & Falahati (2007) proposed a means of improving security of the code division multiple access (CDMA)—one of the most widely used wireless air link interfaces in 3G wireless communication—by applying an encryption algorithm over the spreading codes. In the Tafaroji et al. study the cross-correlation between outputs of encryption algorithm causing multi-user interference was studied thoroughly, since multi-user detection is the inherent characteristic of CDMA. A combination of encrypted and unencrypted M-sequence is used as the spreading code to mitigate system performance. Thus Tafaroji et al.
  • 12. Cryptography and Network Security 12 proposed a new method named “hidden direct sequence” to enhance the security of CDMA systems through the application of the cryptographic algorithm in the channelization code. This secure spectrum-spreading method prevents eavesdroppers from hearing an intercepted message, and further prevents them from attempting to decipher the communication using the most powerful means. In a study conducted by Pistoia, Chandra, Fink, & Yahav (2007), three areas of security vulnerability in software systems were analyzed. These were: access-control, information flow, and application-programming interface conformance. Static analysis techniques were used to analyze two major areas of access-control: stack-based and role-based access control. Static analysis techniques were also used to address integrity violations and confidentiality violations, which comprise information flow. The study also discussed how static analysis could be used to verify the correct usage of security libraries and interfaces for component-based systems. In the area of chosen ciphertext attacks (CCA), Boneh, Canetti, Halevi, & Katz (2006) proposed a CCA-secure public-key encryption scheme based on identity-based encryption (IBE). These schemes provide for a new paradigm for achieving CCA-security, which avoids “proofs of well-formedness” that was the basis for previous constructions. Furthermore, by instantiating their constructions using known IBE constructions, Boneh et al. was able to obtain CCA-secure public-key encryption schemes whose performance was competitive with other CCA-secure schemes already in existence. Research conducted by Callas (2007) covered such topics as the social expectations of cryptography, the myth of non-repudiation, the paradox of stronger keys, cryptography and reliability, rights management, privacy enhancing technologies, new cryptographic ciphers, and legal changes regarding cryptography. The future of cryptography is dependent on the way that
  • 13. Cryptography and Network Security 13 society uses it. This relies on current laws, customs, regulations, and what we as a society expect cryptography to do. Callas indicates that there are gaps in the research that are left to future researchers to address. Callas points out that the concept that digital signatures, used for signing documents and email, offer the property of non-repudiation—that the signer can’t say they didn’t sign the document—is a myth and they present examples to further explain it. The research goes on to explain that stronger cryptographic keys does not necessarily make the system more secure since stronger cryptography in a chaotic system might actually promote the chaotic state; thus the paradox of stronger keys. Callas differentiates between secure cryptography and reliability in safety systems by noting that security systems protect against intelligent attackers while reliability systems protect against unintelligent attackers. Ensuring the wrong people don’t have the cryptographic keys will ensure a secure cryptographic system while making certain the right people have the keys will ensure a reliable cryptographic system. Callas points out that the future of cryptography is dependent upon a strong key management system that will ensure the right people have the keys and the wrong people don’t gain access to the keys. Furthermore, Callas shows that there is another myth that there needs to be tradeoffs between security and privacy in the use of cryptography. They demonstrate that a cryptosystem can be private while being secure. New ciphers such as elliptic curve, bi-linear, and quantum cryptography are introduced in the study. And, finally, Callas points out that the way people think about data and communications privacy and security is a reflection of changes in the law that have come about by events like the terrorist attacks of September, 2001, and ubiquitous cryptography has played a major role in that shift. As a result, cryptography will play a critical role in protecting information now and in the future.
  • 14. Cryptography and Network Security 14 Walters (2007) proposes a draft IS security curriculum that should be incorporated into the core body of knowledge of the business curriculum, and proposes that additional practical guidance to Accounting Information Security (AIS) educators who would like to incorporate IS security into their existing curriculum needs to be undertaken. Zanin, Di Pietro, & Mancini (2007) in their study present a new distributed signature protocol based on the RSA cryptographic algorithm, which is suitable for large-scale ad-hoc networks. This signature protocol is shown to be distributed, adaptive, and robust while remaining subject to tight security and architectural constraints. The study reveals that the robustness of this protocol scheme can be enhanced by involving only a fraction of the nodes on the network. Zanin et al. demonstrated that their protocol scheme is correct, because it allows a chosen number of nodes to produce a valid cryptographic signature; it is secure, because an attacker who compromises fewer than the given number of nodes is unable to disrupt the service or produce a bogus signature; and it is efficient, because of the low overhead in comparison to the number of features provided. Not only is security important in wired networks, but it is an important factor in any network, including wireless networks. Floyd (2006) devised a cryptographic solution to securing mobile ad-hoc networks that are especially vulnerable to malicious attacks since they possess no clear line of defense. This cryptographic system was dubbed, the Mobile Application Security System (MASS). This system was shown to prevent unauthorized modifications of mobile applications by other running applications and other hosts on the wireless network, by ensuring the mobile code was both authentic and authorized. Employing encryption based on cryptographic algorithms to secure consumer data is of paramount importance today, especially in the area of ecommerce on the Internet. Toubba
  • 15. Cryptography and Network Security 15 (2006) stresses the importance of strong encryption key management and granular access control to Web-based applications. Toubba shows that corporations that store, transmit, and use consumer data must take steps to choose strong cryptographic solutions to protect this data, and to employ complementary network security procedures to maximize the overall effectiveness of the encryption product. Strong key management and granular access control are viewed as the complementary network security procedures. Furthermore, in another study conducted by Kodaganallur (2006), it was shown that the use of public key cryptography based on asymmetric key ciphers overcomes the shortcomings of using symmetric key ciphers in isolation by enabling confidentiality, message integrity, and authentication. Klappenecker (2004) further demonstrate the ability to break a cryptosystem and demonstrate that the authentication problem of their protocol that allowed them to break this seemingly “unbreakable data encryption” is fixable. Limitations in computer platform security in the use of cryptography are demonstrated in the study conducted by (Young, 2004). This study showed the experimental results of launching a crypto-viral payload on the Microsoft Windows platform, specifically on the Microsoft Cryptographic API. The study revealed that using eight types of API calls and 72 lines of C code, the payload was able to hybrid encrypt sensitive data and hold it hostage. The researchers in this study were able to develop a countermeasure to the crypto-viral attack, which forces the API caller to show that an authorized party can successfully recover the asymmetrically encrypted data. The importance of the use of strong cryptography in voice communication can’t be overstated. In a study conducted by Li., C, Li., S., Zhang, & Chen (2006), a new Voice-Over- Internet Protocol (VOIP) technique with a new hierarchical data security protection (HDSP) scheme was developed using a secret chaotic bit sequence. However, there are limitations in this
  • 16. Cryptography and Network Security 16 scheme involving known chosen/plaintext attacks in which only one known chosen/plaintext attack was sufficient to break the secret key. Additionally, brute force attacks against HDSP indicate the security of HDSP to be weak in this regard. The researchers offer suggestions to strengthen HDSP, but cautioned against the use of HDSP in security-sensitive applications, especially if the secret key will be reused to encrypt more than one plaintext. One means of strengthening data encryption and authentication in cryptosystems on corporate networks is discussed in a study by Hogue et al. in which the feasibility of generating biometric key encryption is presented. Experimental analysis of this study revealed encouraging prospects for its use in modern cryptosystems. Recent developments have shown that network security, Quality of Service (QoS) and secure data communications over public networks (and the Internet) can benefit from theoretical data-hiding technologies. In their study, Lovoshynovskiy et al. demonstrated that cryptographic techniques for hiding data on heterogeneous public networks was a very cost-effective alternative to other network security measures, which do not require significant upfront investment, protocol modifications, and are totally compatible with existing multimedia compression and communication standards. These data hiding techniques include state-of-the- art watermarking, watermark-assisted multimedia processing, tamper proofing, and secure communications. Finally, in a study conducted by Schneier (2004), the researchers concluded that the argument that secrecy is good for security is a myth and worthy of rebuttal. They further demonstrated that secrecy is especially not good for security with respect for vulnerability and reliability information. They also show that security that relies totally on secrecy is extremely fragile, and once it is lost, there is no way to regain it. Schneier goes on to make a case that
  • 17. Cryptography and Network Security 17 cryptography—since it is based on secret keys that are short, easy to transfer, and easy to change—must rely on one of its basic principles that the cryptographic algorithm be made public if it is to remain strong and offer good security. Using the public key system avoids the fallacy in the argument that secrecy works. Those who oppose secrecy ignore the security value of openness. The only reliable means to improve security is to embrace public scrutiny. Now that we have analyzed some of the research that has been conducted and reported in scholarly literature, let’s switch our focus and review some of the non-scholarly literature that has been published on this topic as well.
  • 18. Cryptography and Network Security 18 Non-Scholarly Literature As pointed out in Companies Integrate (2008) many corporations are beginning to realize that using cryptography to encrypt the PC or perimeter device is not an all-inclusive, effective means of protecting their essential data. Taking measures to prevent data loss is also needed. Additionally with the myriad ways of sharing data on corporate networks and the Internet that exist today, it is time to employ strong cryptography as a means of securing the data and to protect individuals’ privacy (Harris, 2007). Embedded systems that are designed today depend entirely on the same technologies that corporate IT depends upon. These technologies involve Ethernet, TCP/IP, and operating systems. This fact suggests that embedded systems, such as mobile phones, refrigerators, smart light switches, automobiles to military weapons are now as vulnerable to the same security threats that have plagued corporate IT systems for many years (Robinson). The reliance on strong cryptography is necessary to protect these embedded systems from viral and other malicious attacks. Especially vulnerable are embedded systems that rely on wireless technology, such as Bluetooth, Blackberry, RFID, and the like. Robinson first develops the fundamental concepts surrounding cryptography, such as public key/private key encryption, Diffie-Hellman Key Exchange, block ciphers, Hash algorithms, DES, AES, the implications of IP Security (IPSEC) and Internet Key Exchange (IKE), elliptic curve cryptography, SSL/TLS used heavily in Web-based applications, Wi-Fi, and other embedded security concerns. Next, Robinson makes a case that developing strong encryption protocols in software for small devices may be too cost prohibitive, and these designers should consider including cryptographic hardware in the embedded designs.
  • 19. Cryptography and Network Security 19 One of the biggest issues facing privacy and data security in the health industry today, as pointed out by Protect Those Portable (2008), is that while the Health Insurance Portability and Accountability Act (HIPAA) requires all medical providers in the U.S. to protect paper health records, Federal law does not require the same protection when these records are digitally exported to non-healthcare providers. This issue surfaces with recent partnerships such as the AT&T/Tennessee Plan, Microsoft’s Health Vault Plan, and a recent Google partnership with a Cleveland, OH health clinic that permit individuals to view their health record information online. A USA Today article cited in Protect Those Portable (2008) reports that both Microsoft and Google have assured individuals using their plans that strong cryptographic measures on the Web will ensure their data will remain secure and private. To echo recent studies conducted involving quantum cryptography, Hughes (2007); Baker (2005) report recent developments in a new cryptographic protocol called Keyed Communication in Quantum Noise (KCQ). Because KCQ uses encryption involving quantum noise of light at the physical layer of network transmission, many scientists theorize that this new protocol will offer greater security than heretofore secure communication systems that rely only on cryptographic encryption technology involving mathematical cryptography complexity. The instantiation of KCQ into existing communications at the physical layer is called the AlphEta protocol in the United States. The AlphaEta protocol injects thousands of photons for each logical data bit transmitted on existing networks at the physical layer. These radiation states of multiple photons emitted by lasers are the means of information transport in the network. These states of light—from a quantum physics standpoint—are fuzzy waves of light in that their amplitude, phases, and polarization states do not exist in clearly quantifiable packets. Rather, these observable characteristics are random variables, which possess means and
  • 20. Cryptography and Network Security 20 variances about those means. This quantum random noise is irreducible and cannot be filtered away. This is based on a fundamental property of quantum mechanics. This fact makes the use of the AlphaEta protocol especially promising for securing data due to the quantum uncertainty principle in measuring fluctuations in quantum noise polarization and phase states. Coupling the use of the AlphaEta protocol with other stringent mathematically-complex cryptographic algorithms forms a near perfect security cryptosystem. Many IT professionals and information security professionals are beginning to realize the importance of remaining current in the area of network security through the development of information technology safeguards and corporate policies that keep companies’ information assets secure. Since there is a greater reliance on cryptography as the means of securing those assets more effectively, many of these professionals are turning to the non-profit organization known as the International Information Systems Security (ISC) Certification Consortium, which has certified more than 42,000 information security professionals in 110 countries (Pratt 2006). Many of these IS security professionals must now manage complex applications that involve advanced cryptosystems that help corporations comply with a growing list of federally- and state-mandated regulations that commission strict data security and privacy. Perspectives for (2006) reports that cryptography serves as the foundation of many IT security systems. One of the main challenges of computer science research is maintaining security on an ever-increasingly vulnerable IT network infrastructure, which includes communications, commerce, public administration, medical care, politics, and education that depend heavily on IT technology. The long-term security of these systems will also depend extensively on cryptography.
  • 21. Cryptography and Network Security 21 And, finally, Webb reports the necessity of “hack-proof” design in embedded systems. These devices provide unattended operation for thousands of safety-related and mission-critical systems in the medical, manufacturing, health care, transportation, finance, and military sectors. Any one of these systems could be a potential target for hackers, organized crime, adversarial governments, and terrorists throughout the world. It is imperative that the designers of these embedded devices not only seek to protect the data that passes through them, but the intellectual property itself. The use of cryptography on either a software or hardware level, or both, is seen as the means of providing this protection.
  • 22. Cryptography and Network Security 22 Conclusions A review of the scholarly and non-scholarly literature over the past decade would suggest that although cryptography has had its limitations on desktop PC platforms, it has played a key role in providing strong, reliable, and robust network data security. Furthermore, network security principles and practice depend on cryptography to function properly and reliably, and it appears that cryptography will continue to figure prominently into the strategic IT and business plans for the foreseeable future with regard to protecting critical financial, personal, medical, transportation, and ecommerce data via corporate networks and click-and-mortar Internet businesses on the World Wide Web while providing a respectable level of privacy. Scholarly research also indicates that there are gaps in the research, especially in the area involving credential-based user-centric identity systems that crosses the boundaries of user- centricity, and in another area involving the way that society uses cryptography due to the reliance on current laws, customs, regulations, and, in general, what we as a society expect cryptography to do. From its inception in the latter 1970s, modern-day cryptography has evolved from the basic Data Encryption Standard that was used to secure early digital data on desktop PCs and later networks and communications devices to the incorporation of a much stronger cryptography involving RSA encryption and IKE, which has been used extensively in the development of SSL/TLS and IPSec to provide a cost effective means to secure Web ecommerce applications, mobile devices, and provide security for worldwide global communications with both commercial and military application. The prevailing myth that secrecy is good for security has been proved wrong with the association that cryptosystems provide extremely strong security when these systems utilize an
  • 23. Cryptography and Network Security 23 asymmetric key management system process where the public key is known to everyone and the secret key is known only to the one who possesses it; that is to say, security is achieved when cryptography relies on one of its most basic principles that the algorithms remain public. Modern-day applications such as Pretty Good Privacy (PGP) attest to the power cryptography that uses this asymmetric key system to encrypt and decipher data and electronic mail provides. Even though cryptography is based on mathematical complexity that is not fully understood by everyone and especially by its typical users, cryptosystems such as PGP provide an application software interface that allows for a very user-friendly experience, which removes the complexity while still affording the user the strong security that is required and that they demand. Although cryptography is of paramount importance in providing crucial data security through the use of digital signatures, state-of-the-art watermarking, data hiding, SSL/TLS, IPSec, etc., IT network administrators and corporate CEOs should not forget that other network security principles that don’t involve cryptography shouldn’t be pushed aside. Good network security principles and practice should, instead, be used in conjunction with cryptography to form a more secure complementary network security system. And, finally, since cryptography is here to stay, many IT and IT security professionals are becoming aware of the importance of keeping current through the development of information technology safeguards and corporate policies that keep companies’ information assets secure. As a result, they are turning to third-party non-profit organizations to assist in this regard.
  • 24. Cryptography and Network Security 24 References Baker, M. (2005, January). Keeping a Secret. Technology Review, 108(1), 82-83. Retrieved August 2, 2008, from Academic Search Premier database. Bhargav-Spantzel, A., Camenisch, J., Gross, T., & Sommer, D. (2007, October). User centricity: A taxonomy and open issues. Journal of Computer Security, 15(5), 493-527. Retrieved August 2, 2008, from Academic Search Premier database. Bohli, J., González Vasco, M., & Steinwandt, R. (2007, July). Secure group key establishment revisited. International Journal of Information Security, 6(4), 243-254. Retrieved August 2, 2008, doi:10.1007/s10207-007-0018-x Boneh, D., Canetti, R., Halevi, S., & Katz, J. (2006, December). CHOSEN-CIPHERTEXT SECURITY FROM IDENTITY-BASED ENCRYPTION. SIAM Journal on Computing, 36(5), 1301-1328. Retrieved August 2, 2008, doi:10.1137/S009753970544713X Callas, J. (2007, January). The Future of Cryptography. Information Systems Security, 16(1), 15- 22. Retrieved August 2, 2008, doi:10.1080/10658980601051284 COMPANIES INTEGRATE ENCRYPTION/DATA LOSS PREVENTION. (2008, July). Computer Security Update, Retrieved August 2, 2008, from Academic Search Premier database. Fagin, B., Baird, L., Humphries, J., & Schweitzer, D. (2008, January). Skepticism and Cryptography. Knowledge, Technology & Policy, 20(4), 231-242. Retrieved August 2, 2008, doi:10.1007/s12130-007-9030-8 Floyd, D. (2006, Fall2006). Mobile application security system (MASS). Bell Labs Technical Journal, 11(3), 191-198. Retrieved August 2, 2008, doi:10.1002/bltj.20188
  • 25. Cryptography and Network Security 25 Harris, D. (2007, April 27). Has Anyone Seen My Data?. Electronic Design, 55(9), 41-46. Retrieved August 2, 2008, from Academic Search Premier database. Hoque, S., Fairhurst, M., Howells, G., & Deravi, F. (2005, March 17). Feasibility of generating biometric encryption keys. Electronics Letters, 41(6), 1-2. Retrieved August 2, 2008, doi:10.1049/el:20057524 Hughes, D. (2007, May). Cyberspace Security via Quantum Encryption. Military Technology, 31(5), 84-87. Retrieved August 2, 2008, from Academic Search Premier database. Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) Advances in Cryptology—CRYPTO’03, Lecture Notes in Computer Science, vol. 2729, pp. 110–125. Springer, Berlin (2003) Kim, H.J., Lee, S.M., Lee, D.H.: Constant-round authenticated group key exchange for dynamic groups. In: Lee, P.J. (ed.) Advances in Cryptology—ASIACRYPT’04, Lecture Notes in Computer Science, vol. 3329, pp. 245–259. Springer, Berlin (2004) Klappenecker, A. (2004, December). REMARK ON A NON-BREAKABLE DATA ENCRYPTION SCHEME BY KISH AND SETHURAMAN. Fluctuation & Noise Letters, 4(4), C25-C26. Retrieved August 2, 2008, from Academic Search Premier database. Kodaganallur, V. (2006, January). Secure E-Commerce: Understanding the Public Key Cryptography Jigsaw Puzzle. Information Systems Security, 14(6), 44-52. Retrieved August 2, 2008, from Academic Search Premier database. Levy, S. (2001). Crypto: How the code rebels beat the Government - Saving privacy in the digital age. New York: Viking Penguin Publishing.
  • 26. Cryptography and Network Security 26 Li, C., Li, S., Zhang, D., & Chen, G. (2006, February). Cryptanalysis of a data security protection scheme for VoIP. IEE Proceedings -- Vision, Image & Signal Processing, 153(1), 1-10. Retrieved August 2, 2008, doi:10.1049/ip-vis:20045234 Lovoshynovskiy, S., Deguillaume, F., Koval, O., & Pun, T. (2005, January). INFORMATION- THEORETIC DATA-HIDING:: RECENT ACHIEVEMENTS AND OPEN PROBLEMS. International Journal of Image & Graphics, 5(1), 5-35. Retrieved August 2, 2008, from Academic Search Premier database. PERSPECTIVES FOR CRYPTOGRAPHIC LONG-TERM SECURITY. (2006, September). Communications of the ACM, Retrieved August 2, 2008, from Academic Search Premier database. Pistoia, M., Chandra, S., Fink, S., & Yahav, E. (2007, April). A survey of static analysis methods for identifying security vulnerabilities in software systems. IBM Systems Journal, 46(2), 265-288. Retrieved August 2, 2008, from Academic Search Premier database. Pratt, M. (2006, December 4). Moving Target. Computerworld, 40(49), 39-40. Retrieved August 2, 2008, from Academic Search Premier database. Prince, B. (2008, June 2). Playing the waiting game. eWeek, 25(17), 20-20. Retrieved August 2, 2008, from Academic Search Premier database. Protect Those Portable Devices. (2008, May). Information Management Journal, Retrieved August 2, 2008, from Academic Search Premier database. Robinson, S. (2008, June). Safe and secure: data encryption for embedded systems. (Cover story). EDN Europe, 53(6), 24-33. Retrieved August 2, 2008, from Academic Search Premier database.
  • 27. Cryptography and Network Security 27 S., E. (2007, February). HACK-PROOF INTERNET. Popular Science, 270(2), 48-49. Retrieved August 2, 2008, from Academic Search Premier database. Schneier, B. (2004, October). The Nonsecurity of Secrecy. Communications of the ACM, 47(10), 120-120. Retrieved August 2, 2008, from Academic Search Premier database. Tafaroji, M., & Falahati, A. (2007, June). Improving code division multiple access security by applying encryption methods over the spreading codes. IET Communications, 1(3), 398- 404. Retrieved August 2, 2008, doi:10.1049/iet-com:20060295 Toubba, K. (2006, July). Employing Encryption to Secure Consumer Data. Information Systems Security, 15(3), 46-54. Retrieved August 2, 2008, from Academic Search Premier database. Walters, L. (2007, Spring2007). A Draft of an Information Systems Security and Control Course. Journal of Information Systems, 21(1), 123-148. Retrieved August 2, 2008, from Academic Search Premier database. Webb, W. (2006, July 20). HACK-PROOF DESIGN. (Cover story). EDN, 51(15), 46-54. Retrieved August 2, 2008, from Academic Search Premier database. Young, A. (2006, March). Cryptoviral extortion using Microsoft's Crypto API. International Journal of Information Security, 5(2), 67-76. Retrieved August 2, 2008, doi:10.1007/s10207-006-0082-7 Zanin, G., Di Pietro, R., & Mancini, L. (2007, February). Robust RSA distributed signatures for large-scale long-lived ad hoc networks. Journal of Computer Security, 15(1), 171-196. Retrieved August 2, 2008, from Academic Search Premier database.