Information Systems and Security - Essay Example

Running head: information systems and security Cryptography: Information Systems and Security Affiliation July 30, 2009 Table ofContents Table of Contents 2 Introduction 2 Cryptography 3 Emergence of Cryptography 7 Cryptography for Information Systems 8 Modern Cryptography 9 Techniques and Algorithm of Cryptography for Information Systems 11 12 Symmetric-key cryptography 12 Public-key cryptography 12 Cryptography system Practical Implementation 13 Conclusion 14 Work Cited 15 Introduction This research presents a detailed analysis of the "Information Systems and Security". The present age is the age of information technology; especially the ecommerce and communication technology has transformed the structure of business. At the present time, there are better ways to communicate, transfer data, information retrieval as well as distribution, dealing and especially online business, but all these improvements in the fields of information technology also brought the challenges regarding the security. At the present time we are facing the problems of online information security, personal information theft, bank frauds, viruses, and lot of other forms of security problems. Here we have a great concern for the management of the information systems and its security. The aim of this research is to discuss aspects and issues in the management of information systems security. This paper presents detailed overview of the cryptography and modern methods of cryptography implementation for the better management of information system and its security. Cryptography In the past the Internet offered vital communication among tens of millions of organizations, companies and people as well as is being progressively employed as a techniques and tool for security and commerce. This accomplishment has tremendously enhanced the power and strength of dealing and managing business and other areas of life. There are a lot of characteristics to safety a lot of applications, varying from safe dealing, commerce as well as payments to confidential communications and shielding passwords. One necessary feature for safe information hiding and communications is the utilization of cryptography and its modern tools and techniques (Kessler). Although it is significant to remember that methods of the cryptography are important for secure information, data transfer, and for the communications. It is necessary to understand the issues in information security before understanding the concept of cryptography. Below are some issues related to information security: given by (Menezes, Oorschot and Vanstone) Privacy and Confidentiality Hiding the information from those people who are not authorized to see and use it. Data Integrity Making certain the accuracy of the information, making certain information has not been modified by any unauthorized person. Entity Authentication Verification or confirmation of the identity of an entity (which can be a person, a credit card etc). Message verification Verifying the source of information, this is also acknowledged as data origin authentication. Signature A way to attach the information to an entity Authorization Distribution, to a further entity, of official authorizing to carry out or be something Validity A way to present the duration of authorization to make use of or manipulate information or resources Access control Confining the access to resources to confidential entities Certification Approval of information by a trusted entity Time stamping Noting the time of formation and presence of information Witnessing Authenticating the formation or presence of the information by an entity excluding the creator Receipt Response regarding the receiving of information Verification of Service Verification that services have been provided Ownership A way to offer an entity with the officially authorized right to make use of or distribute a resource to others Anonymity Concealing the identity of an entity engaged in a course of action Non repudiation Avoiding the denial of previous commitments or actions Revocation Retraction of approval One of the fundamental tools used in the information security is signature. It is building block for many other services such as non-repudiation, data origin authentication, identification, and witnessing, to mention a few. In the daily life, we use hand written signature for the reason of recognition. This signature is proposed to be only one of its kinds to the individual and serve as a means to identify, confirmation, and authorization (Menezes, Oorschot and Vanstone). Cryptography is a technique, practice as well as study of hiding information. Contemporary cryptography techniques intersect the areas of computer science, mathematics as well as engineering. Implementation of cryptography comprises computer passwords, ATM cards as well as E-commerce (Cryptography). Cryptography is frequently acknowledged as the black art. Cryptography is frequently used for the protection of personal data and information. Encryption is the discipline of varying information and data consequently that it is unrecognizable as well as inadequate to an illegal person. Converting or encrypted data or “Decryption” is transforming it back to its actual shape. The mainly safe methods employed an algebraic algorithm as well as a character value recognized as a key. The chosen key is a frequently a number of random integer and character string is used on encryption as well as is important to the alternation of the information and data. The precise similar key has to be input to allow decryption of the information and data (Cryptography). Emergence of Cryptography Before the current era, the practice of cryptography was concerned exclusively with message privacy adaptation of messages from an understandable shape into an impenetrable one as well as back once more at the further end, report of unreadable through interceptors or else eavesdroppers exclusive of secret information. In current decades, the area has extended outside discretion distresses to consist of methods for data or message reliability inspection, receiver / sender uniqueness digital signatures, corroboration, interactive verifications as well as protected computation, with others (Kessler). The preliminary forms of security, secret writing essential for small or additional than confined pen as well as paper analogs, because the majority public might not interpret. The major customary cipher techniques and types are transposition ciphers. These techniques of modification ciphers rearrange and transform the order and shape of text/ message/letters in a message and substitution ciphers, these techniques methodically change text/ message/letters or collections of letters by means of other groups of letters. Straightly the versions of either accessible less privacy from innovative rivals, as well as still dont.1 A procedure that is used traditionally is acknowledged as the substitution cipher or the Caesar cipher, in that every letter in the message or plaintext was replaced with a letter that determined through a fixed number of places additionally down the alphabet. This technique of cryptography was named after Julius Caesar who is stated to have employed it, by means of a altering of 3, to speak to his army generals throughout his military operations, immediately similar to EXCESS3 code that is used in Boolean algebra (Cryptography). Cryptography for Information Systems This section describes the cryptography techniques and ways those can be implemented for the information system security and management. In fundamental nature, cryptography implementation for the information system security will involve four major objectives. To avoid misunderstanding as well as the extreme widespread mystical confusion regarding the theme, it is significant to recognize through these reasons as well as their linked boundaries. I have presented the four main actions that should be kept in mind during the development and implementation of security parameters for the information system (Techniques): 1. Message integrity: The receiver must be capable to make a decision if the information/message has been changed all the way through broadcast of information. 2. Message privacy: merely an permitted receiver must be capable to access the data and an information content of the transmitted message from it’s changed from through the encryption technique implementation. Additionally, it should not be probable to gain data and information regarding the message since this builds cryptanalysis easier therefore producing privacy fewer possible. 3. Sender non-repudiation: The data and information sender must not be capable to refuse sending the message. 4. Sender verification: The receiver must be capable to identify the sender, as well as confirm that the supposed sender really did send the message. Not every cryptographic idea or technique attains the intact of the above given objectives and aims for the information system privacy, or are still expected to. Insufficiently intended or inadequately applied crypto algorithm or systems for the information system value them merely through accident or trick or be short of attention on the fraction of the conflict. Clients can, as well as frequently perform, to discover flaws in information system security. Still by means of effectively planned, finely implemented, plus correctly employed crypto systems, a number of objectives are not practically accomplished in information system in a number of contexts. For instance, the sender of the data can wish to be unidentified, as well as would consequently purposely decide not to problem by means of non-repudiation. Otherwise, the structure can be planned for an environment by means of unsatisfactory computing resources; if not data/message privacy might not be a matter (Cryptography). Modern Cryptography This section provides different new and modern techniques of cryptographic for the information system security implementation and enhancement. The emergence of useful encryption algorithms has transformed the management of security for the information system. One of the popular techniques is symmetric key algorithms that involve the similar cryptographic key utilization using the fundamental algorithm through mutually the recipient and the sender who has together maintained it secret. The overall electromechanical technology used in World War II was of this rational class. The cryptographic key for a code is, undoubtedly, the codebook that has to be similarly given to sender and receiver and reserved conditional (Public-key-cryptography). New emergence of enhanced ways of cryptography technique is acknowledged as conventional key cryptosystem. D-H key substitute (following developments as well as alternatives) prepared course of these systems a great deal of straightforward, and additional protected, than had ever been probable in the past (Uses). In point of fact, a number of the well appreciated and the majority extensively employed public key/private key techniques of cryptography and the algorithms of these techniques can be broken through one or any more cryptanalytic attempts and as a result, equivalent to other encryption techniques, the protocols inside that they are employed have to be chosen as well as applied widely to stop similar hits. Undoubtedly, the entire would be smashed if the cryptography key length used is small enough to allow realistic brute force key investigate; this is fundamentally true for all the encryption techniques and algorithms utilizing keys, encompassing together asymmetric and symmetric algorithms (information). In real life for successfully planned/applied/used encryption and crypto systems, this is supposed by knowledgeable researchers and observers to be sufficient, as well as probably still adequate in the face of the entire potential assailants. Characteristics among successfully planned/applied/utilized crypto arrangements and the abundant (frequently a great deal encouraged as well as occasionally from greatly credentialed maker) crypto waste is one more, moderately tough, complicatedness for persons who are not themselves expert cryptographers (information). Techniques and Algorithm of Cryptography for Information Systems There are a number of techniques of categorizing cryptographic algorithms. The three types of algorithms are (Figure 1): Given by: (Kessler) Secret Key Cryptography (SKC): Makes use of a single key for both encryption and decryption Public Key Cryptography (PKC): Makes uses of one key for encryption and different key for decryption Hash Functions: utilizes a mathematical transformation to permanently "encrypt" information Figure 1 Algorithms for Cryptography Image source: (Kessler) Symmetric-key cryptography This technique is an up-to-date and modern technique of cryptography that engages the encryption techniques in which together the receiver and sender share the similar encryption key. The contemporary research for symmetric key ciphers linked generally to the examining of block ciphers as well as stream ciphers plus to their implementation (Uses). Public-key cryptography In pervious technique of the Symmetric key cryptography that makes use of the similar encryption keys for data hiding and security as well as decryption of a data and information. Here in public key encryption a message or data can have diverse types of encryption keys. An important difficulty of symmetric ciphers is the encryption key handling and management indispensable to make use of them strongly. Every distinct couple of equivalent groups has to preferably assign a different encryption key, as well as possibly every cipher text swapped as well. The amount of encryption keys required augmented for the reason that the square of the digits of system affiliates, which tremendously rapidly necessitate difficult encryption key organization systems to carry on the entire secret and straight. The complexity of steadily instituting an undisclosed encryption key among two functioning and communicate groups, when a protected control does not previously subsist among them (Public-key-cryptography). Unfortunately, primary key or PKI is not a well-organized process of distribution of massive quantity of e-payment data and information, and frequently employed simply because an initial step to authorize two gatherings to convince upon a main symmetric furtive key for the e-payment data encryption (information). Cryptography system Practical Implementation SSL (Secure Sockets Layer) protects a communication channel as opposed to individual messages. It makes use of the public key encryption and offers data encryption, server confirmation, message reliability and non-compulsory customer confirmation (Search Security). Secure Sockets Layer is a practice for protecting the online information system based web systems and other ecommerce system. Secure Sockets Layer is reflected through the techniques of the cryptography system. The majority widespread technique used to proffer verification of an online website is to make use of Secure Sockets Layer. SSL is a standard that makes use of the cryptology to offer not merely authentication, on the other hand confidentiality for the reason that data transmits among browser as well as online website are encrypted. The entire industry that carries out monetary transactions over the web makes use of the Secure Sockets Layer for these reasons (Kessler). Because phishing engages the utilization or exploitation of the confirmation module of Secure Sockets Layer, it is significant to learn methods of authenticates the Secure Sockets Layer information we are obtainable through (Kessler). Conclusion The advantages of employing cryptography must be reasonably clear. A contentious idea acknowledged as digital rights administration is able to gain advantage from digital signatures. Cryptography could consequently be taken as an essential in todays information and digital era. In this research I have presented detailed analyses of cryptography. I have discussed the Cryptography’s emergence, uses, modern needs and techniques, and potential benefits. This provides overall paradigm of the cryptography and its uses for the securing and managing the information system data. Work Cited Cryptography. Techniques of Cryptography. 2009. 27 07 2009 . GUIDE, THE CRYPTOGRAPHY INTRODUCTION AND. CRYPTOGRAPHY. 2009. 27 07 2009 . information, Secure cryptographic methods for electronic transfer of. Secure cryptographic methods . 2009. 29 07 2009 . Kessler, Gary C. An Overview of Cryptography. 2009. 28 07 2009 . Menezes, Alfred J., Paul C. Van Oorschot and Scott A. Vanstone. Handbook of applied cryptography . New York: CRC Press, 1996. Also available online at: http://books.google.com.pk/books?id=nSzoG72E93MC&dq=cryptography&printsec=frontcover&source=bl&ots=MuCkE7qJfJ&sig=jWythTc0FdUPmdrwP3tNLEpQW1A&hl=en&ei=fzlxSsuGO6Xa6gOA4_25Cw&sa=X&oi=book_result&ct=result&resnum=3 Public-key-cryptography. Cryptography. 2009. 29 07 2009 . Search Security. "Enterprise Encryption: Crytography history, methods and Algorithms." 08 09 2008. SearchSecurity.Com. 31 07 2009 . Techniques, Cryptography. Cryptography . 2009. 28 07 2009 . Uses, Modern Cryptography - Methods and. Modern Cryptography. 2009. 29 07 2009 . Read More