An Addendum to previous Encryption Papers
Intro
In today’s world of constantly advancing technology, more and more people
are gaining access to the internet. While there many people conduct business,
research for either work or school, play games or shop. In all of these
functions of the internet, there is the potential for the broadcasting and
transferring of personal information. For a long while, individuals have been
under the assumption that all of this personal data is kept private and
protected. But, as has been made abundantly clear in recent times, this is not
always the case. A popular commercial campaign by Citi Credit cards has made the reality
of information and identity theft a more tangible concept for many consumers of
all ages. While the ads are often comical, they touch upon a very serious
issue. With the knowledge of the possibility of information theft, the concept
of encryption has become vitally important to conduct any amount of activity on
the internet, from sending private emails to making purchases using a credit
card or bank account. The information being submitted needs to be protected in
some fashion. This is where encryption comes in handy. While the older pages
have done a wonderful job of defining what encryption is and how it works, some
information needed to be added to better understand the route that modern
encryption has followed.
Types Of Encryption
There exist two types of encryption that are widely used,
Private-Key algorithms (symmetric key
cryptography) and Public- Key algorithms (asymmetric key
cryptography). While asymmetric systems generally allow for a greater level
of security, as each individual on the network has their own key and is
responsible for their keys privacy, many of these systems rely on symmetric key
systems in some aspect of the whole system. While this does open the system up
to vulnerabilities, it is far safer than using straight symmetric systems for
means of security and far more cost and time effective than using a straight
asymmetric system.
Private Key algorithms (I include these as the link to
the previous list seemed to be faulty)
|
AES (Rijndael) |
|||
|
CAST5 (CAST-128) |
RC4 (ARCFOUR) |
Policies and Regulations
In the wake of a number of events following public
questioning of the Patriot Act and related laws, congress has been quite busy
in order to try to balance public safety and personal privacy. While
individuals may well encrypt the information that they transmit electronically,
certain provisions may well have allowed the government to view packets of said
information that may be considered suspect of possible terrorist use. As the
wording of the public statement was vague in regards to the system known as
Carnivore, it was never entirely clear as to what information that the system
allowed access to. As it was known that information regarding the September
11th attacks had been transmitted over the internet and not caught by the
government, Carnivore and the provisions surrounding it apparently gave the
government access to all information transmitted over ISPs involved in the
system. The depth and breadth of this program has been called into question and
has been a major point of discussion in recent times. Information regarding
recent governmental decisions can be found at the CDT website.
Since its inception, it has been proven that Carnivore was not being used to its
full potential. While it did act to do what it was needed to do, it was
discovered that tools of encryption had been developed to circumnavigate it and
thus transmit data over a private network. While this could be seen as
detrimental to national safety, some see it as a way to retain their privacy
from what some see as an overly intrusive law. One of these programs is known
as Cryptobox,
an open source project that was developed in order to offer users
close-to-complete anonymity while using internet resources. This concept has
been developed in both software and hardware forms and is now available for
mainstream purchase.
This development may well be both a blessing and a curse as it allows for
privacy but also allows for secrecy of possible detrimental intentions. I
suppose like many tools of the internet it is a double edged sword.
Use of Encryption at the School level
The previous pages
set forth a god deal of information in regards to the application of encryption
in the school system. One of the leading programs in this respect was the SchoolCruiser Program, a system that
allowed for district wide communication between administrators, teachers,
parents and students. Curious as to the security of these systems I looked into
what type of encryption they used while transmitting information that could
potentially be quite sensitive. Like many systems it seems that they use a
multi-cryptographic approach, using both public and private key systems.
Specifically they use LDAP
in order to authenticate users and SSL in order to
keep the information secure.
With the push towards digitalization, even the Educational
Testing Service is moving towards transmitting information via the
internet. While this is more secure than the standard mail system, it still has
pitfalls. A dedicated individual may well find a way onto the system albeit no
one has yet been known to do so. This is why encryption must be used.
Conclusions
While the expansion of the internet and its use has allowed for greater
mobility of ideas and information, it has also allowed for certain individuals
to obtain information that was not rightfully theirs using tools to break
into/onto "private" networks. It is because of these individuals and
the desire to keep some information (i.e. credit card numbers, social security
numbers, etc) private due to safety reasons that encryption is necessary and
important. As those individuals move to update their techniques to gain
information, those that develop encryption tools must stay at least one step
ahead. Because of this, encryption tools and resources are constantly changing
and thus this forum and documentation style seems ideal to keep abreast of the
developments.
Educational Testing Service retrieved June 10th at http://www.ets.org/portal/site/ets/menuitem.3a88fea28f42ada7c6ce5a10c3921509/?vgnextoid=85b65784623f4010VgnVCM10000022f95190RCRD
Gross, Grant Newsforge June 14th, 2001 "Cryptobox project: Making the Web
more anonymous" retrieved June 7th at http://www.newsforge.com/article.pl?sid=01/06/14/1823205&mode=thread
School Cruiser retrieved June 8th at
http://www.schoolcruiser.com/welcome.html
Upbeat and Downstairs:
"Citibank Identity Theft Solutions Advertisements" retrieved June 9th
at http://daryld.com/citi-ads/
Wikipedia:
Encryption and related sub articles retrieved June 8th at http://en.wikipedia.org/wiki/Encryption