Delivery in day(s): 4
Encryption Techniques Proof Reading Services
The rise of internet has made efficiency in sharing of data and services all over the world but the problems are together in form of security and integrity. Encryption is answer to data discloser issues those may arise during transactions and sharing. Encryption is a process which converts plain text information into cipher text because cipher algorithms are capable to make the information unintelligible for others. Encryption has been used form a long time in banking sector to secure ATM cards, computer authorization information security and e-commerce transactions. Banking sector needs to store critical information of users and their accounts, therefore security is at major concern for the industry to ensure the accomplish of following objectives:
- Confidentiality: Encryption ensures that nobody else than desired receiver can understand the information.
- Integrity: Information at receiver side will be error proof and unmodified.
- Non-repudiation: A process to prove that sender is real source of information.
- Authorization: encryption is also used as the user authentication process.
Need of encryption
Recently British banks have lost about tens of millions of pounds from more than 100 financial institutes all over the world. The reasons behind the theft of money and information were considered as the ignorance of strong encryption and implementation of strong anti malware programs (Gupta and Sharma, 2011). As the result, Russian attacker injected a persistent malware in their systems to achieve all the information and transactional details for a long time without being detected. Attackers have been monitored for few months and whenever they were ready to attack they made use of all the information achieved form video cameras, computers and accounts to attack. They used their dummy accounts in banks to transmit a big amount of pounds into their accounts by controlling the computers and transactions in network. Major reasons behind the hazard were:
- Ignorance of strong encryption methods in transaction and stored information.
- Pure monitoring tools and algorithms in network.
- Existence of dummy accounts in banks.
Banks have lost about £650 millions from number of institutes. For specific to British banks robbed by attackers digitally, it has been determined that they were using 128 bit RC4 encryption techniques. However, it is also strong enough to prevent guess on keys and original data but malware had helped them to crack it from inside the network. 128 bit based encryption. Poor encryption of information stored in network had become advantage for attackers to view the original information (Selvaraju and Sekar, 2010). The hack in network with a lot loss had taught a lesson to banks to protect their network with stronger and complex encryption of information so the information cannot be revealed by attackers.
Types of encryption techniques
Encryption is a sub part of cryptography science to make the original data unrevealed before unauthorized users. Opposite to encryption, decryption process is used to change cipher text into plain text information. There are mainly three types of encryption techniques are used in banking sectors to protect the theft: symmetric, asymmetric and now triple data encryption standard (TDES).
Public key encryption which is also known as asymmetric encryption method is developed to work with two keys to encrypt and decrypt the information. This is the first encryption approach admired by banking sector for transactional activities. The asymmetric encryption is used to ensure the non-repudiation services and authentication at receiver side to decrypt the cipher text. In public key encryption, public key is available to all to encrypt the original database information with public key but private key is only known to receiver. Public key is freely distributed with online transaction and user’s information is encrypted during the transmission which can be unlocked to original form by using private secret key which is only available to banks. However, problem persists when someone else knows private key.
Today, public key encryption is used in many of internet transactions and sharing due to its robustness and easy to implement nature. Banking sectors normally uses the public key based encryption to share the secret keys in header of messages and remaining data is send in encrypted form to user so that key can be used to decrypt the payload (Fujisaki and Okamoto, 2013). Public key encryption has complexity in computation and requires a lot time to decrypt the information. Due to slower and complex computation associated with this encryption method, it is only used to deal with small amount of data which may be authentication code or decryption key for receiver.
Asymmetric encryption is mainly studied with two branches which are commonly used in internet transactions and sharing:
- Public key encryption: This is the major topic of consideration with this encryption technique as private key is private to receiver and nobody else can disclose the original information from cipher text prepared with public key. In order to communicate, sender must need to use right public key specific for receiver.
- Digital signature: it is the process of identifying the right sender in a transaction. In digital signature, receiver contains the public key and sender encrypts the data with private key. Receiver uses public key to ensure that data is integrated and from right sender. This is part of message hashing technique in which hash unction is used to generate encrypted form of data.
Main advantage associated with public key encryption is in ease distribution of secret keys. For a network where n encrypting devices are connected, total number of required keys will be n2. In banking areas where number of customers are too large, this type of technique is used to transmit the public key to customers via some open channel and private key is kept secure to decrypt the data which will be encrypted with public keys by customers. At customer side, original data is encrypted with DEA key and public key. In this manner, secure communication channel is made between sender and receiver during the online transactions. With the time, number of techniques is introduced to improve the data confidentiality and integrity with public keys. In distribution of public key, it is possible to transmit the keys when authentication server is down. In same manner, private key distribution each time needs the server to be online to connect securely (Gupta and Sharma, 2011). In contrast to private key, public key distribution has less number of trust centres in network. Addition to it, public key encryption is well suited and applicable in banking industry due to wide acceptance of RSA algorithm.
Secret key encryption is another type of encryption techniques which uses the same secret key to encrypt and decrypt information. Sender crushes the information with secret key and sends the data to receiver. Secret key is also only known to receiver which uses the same key to unlock the content in cipher text. For that, it is required to share identical secret key between two more trustworthy centres those want to communicate secretly. However, problem may be persist in leak of private keys when party is not trustworthy to keep the information secure and safe from disclose or theft.
Normally algorithms used in such type of encryption uses cipher text of two types. In stream cipher algorithms, only single bit of information is converted into cipher at a time which is linear and sequential. In another type of algorithms, a block of plain text is input into cipher algorithm to generate encrypted form. Whole combination of such blocks may be sequential or not. Most of algorithm uses the chunk of 64 bits as size of encrypting block. However, variable length block size is used to make cipher text (Minaam.et.al.2010). Modern algorithms use the 128 bit long block to make the encryption faster and not guessable. Bank sectors uses this encryption techniques to protect the ATM cards and for internal connectivity of network.
Main advantages of using secret key encryption are in less computational power and faster encryption of data in comparison of asymmetric encryption method. But it has some problems in sharing of unique and identical secret key among all the parties those want to appear in private network. Because each member in connection needs to have same key to decrypt the data shared within network, it is difficult to keep the key secure and confidential from being disclose. Also some of historical events are made on cracking of symmetric encryption by introducing plain text keys on encrypted packages. However, a complex and well designed private key can eliminate the chances of decryption of data by decision making assumptions and trails.
Triple Data Encryption Standard (TDES)
DES is vulnerable to brute force and dictionary attacks due to the weaker 56-bit key used in encryption. This vulnerabilities has encouraged Feistel and team to introduce TDES in which encryption is made three times on a set of information to provide more secure access. For instance, small size DES key (56- bit) is not capable to encrypt the data as it can be cracked with high speed devices and algorithms. But TDES uses the three different DES keys to encrypt the data. As a result length of TDES key becomes 168 bit and addition of 3 parity bits it final results into 192- bits. However, to avoid in middle attacks, it uses 112 bits as the effective bits to represent whole the key. Besides to use a new algorithm to overcome the weakness of DES key, TDES is capable to provide security and enlargement of key with effective answers to in middle attacks in network (Ivan and Ciurea, 2011).
TDES can be implemented in two forms: based on number of key to use and on operation orders. Normally three different DES key are used to create the TDES key which is impossible to crack with present developments in computers and technologies as it requires a lot number of known plain text, key patterns and computation power. This is the main reason that most of banks are using TDES two encrypt the data during transmission and storage. Transactions in banks are protected with TDES encryption to ensure the easy decrypt with right key but impossible for attacker to look into the data.
The research paper has been identified the need of strong encryption techniques in banking like sectors to protect the data form disclosure and modification. Critical analysis is made on the working of banking sectors to find the actual implementations with three different encryption techniques. It has been discovered how encryption is helpful and effective to avoid security breaches and vulnerabilities in encryption methodology. TDES is recommended and preferred to use in transactions in banks so that information can be protected more securely and in strong manner. TDES is assumed impossible to crack with currently available human resource powers and configurations.
Books and Journals
Fujisaki, E. and Okamoto, T., 2013. Secure integration of asymmetric and symmetric encryption schemes. Journal of cryptology, 26(1), pp.80-101.
Gupta, H. and Sharma, V.K., 2011. Role of multiple encryption in secure electronic transaction. International Journal of Network Security & Its Applications, 3(6), p.89.
Ivan, I. and Ciurea, C.R.I.S.T.I.A.N., 2011, November. Security of Collaborative Banking Systems. In Proceedings of the 4th International Conference on Security for Information Technology and Communications, SECITC (Vol. 11, pp. 17-18).
Minaam, D.S.A., Abdual-Kader, H.M. and Hadhoud, M.M., 2010. Evaluating the Effects of Symmetric Cryptography Algorithms on Power Consumption for Different Data Types. IJ Network Security, 11(2), pp.78-87.
Selvaraju, N. and Sekar, G., 2010. A method to improve the security level of ATM banking systems using AES algorithm. International Journal of Computer Applications, 3(6), pp.5-9.
OZ Assignmnet Help is pioneer assignmnet writing service and provide the best quality assignment in australia collage and school students from OZ expert on all type of subjects.