Professional Documents
Culture Documents
Why Everyone Should Use Encryption Systems.: Technology of Information Security
Why Everyone Should Use Encryption Systems.: Technology of Information Security
Every individual or organization needs to allow access to their systems to some people in
order to make use of the technology in commerce, data transfer and storage. They need to ask
themselves as to how much and what level of security they need to protect themselves and other
people who have access to their system, and most important of all who can be trusted to set up
that security. If everyone uses a common security system that is trusted and proven this will
make it easier to trust each other and make it less expensive to implement.
Different laws and enactments have been made by States to prevent and punish electronic
security breaches and fraud. However, no law can be a substitute for engineering. The security
provision should be such that it prevents break-in and theft/ vandalism of data. Encryption
systems offer protection against breaches of security while using the internet for communications
and data transfer. Making such communications proof against eavesdropping and resulting
losses. Encryption systems are built around the science of cryptography, a part of the number
theory, and have one purpose, that of ensuring privacy in the use of ICT. Good encryption
systems withstand attacks on the systems, resources and data up to a point where it is becomes
easier to for the attacker to obtain the information from other sources rather than through an
attack on the system guarded by the encryption system. Instead of every individual or
organization developing its own system of security and encryption, that might not be compatible
with others systems and thus cause mayhem, there is a need for the development and use of a
common system that provides good protection. Design of good security systems is an art and not
many are adept at it. Such a system will help in making security an affordable and efficient PGP is one such system.
The most widely used system is the TCP/IP which is not very effective; PGP an open
source encryption code is far superior. No system can provide an ironclad guarantee on its
effectiveness, for ways can be found to breach the tightest security, thus a compromise has to be
found between the possible and acceptable.
Pretty Good Privacy (PGP) is a encryption system that uses both public-key cryptography
and symmetric key cryptography, and includes a system that binds the public keys to user
identities (Wikipedia). PGP requires that a receipient must establish a linked key pair, public and
private, and the sender uses the receipients public key to encrypt the message being sent. The
secret key is protected by a password while the public key is not.The receipient deciphers the
message using the private key. Use of two ciphers helps enhance the security of message or
infromation transfer. Data that is encrypted with a public key can only be decrypted by the
matching secret key. This is also used to sign transfers. In order to sign, a hash is taken and
encoded with the secret key, since files encrypted by the secret key can be decoded using the
public key the recipient can then verify that the information is actually from the sender and has
not been tampered with by checking the encoded form of the signature.
PGP is believed to be capable of very high security equalling military level systems with
no known way for anyone to break into areas protected by PGP. PGP protects data in long-term
data storage such as disk files as compared to other systems that only protect data during tranfer.
The earliest versions of PGP have no detected flaw as yet and newer versions have added
encryption algorithms making them even more secure. PGP has the additional benefit of now
being adopted by a large base of user and being compatible with a host of other systems and
software.
It is known that most electronic fraud takes place by or with the assistance an insider, no
systems can guard against such attacks. Even honest users can cause problems because in their
hurry to get the job done and their desire to keep things simple they overlook security aspects
and this leaves flaws that can then be exploited by an outsider. Any system must be designed
keeping the convenience and the need of the users. Only then will it be able to guard and protect
their systems, resources and data.