>Cryptology And The InternetFebruary 11, 2011 at 11:16 pm | Posted in Article | Leave a comment
>Internet transactions such as the purchase of books or applications for loans usually require the customer or applicant to submit important personal information, such as a credit card number or a Social Security number. Identity theft is a crime that occurs when someone fraudulently poses as another person in order to use that person’s credit, assets, or benefits. Common identity theft crimes include the use of stolen credit card numbers to make purchases, and the use of stolen Social Security numbers to apply for loans or benefits. The network of computers making up the Internet is not secure or private – information passes from computer to computer as it travels to its destination, and it can be intercepted easily in route. To keep information private, Internet transactions must be encrypted.
Most of the time, computer programs automatically perform the necessary encryption, employing the methods discussed above. But Internet browsers such as the Microsoft Corporation’s Internet Explorer will not normally encrypt information unless the user visits a Web site with a secure link. These sites are identified with a Web address beginning with https rather than http. A procedure known as a protocol governs the manner by which the browser, running on the visitor’s computer, interacts with the Web server, which is the computer hosting the Web page. An older version of this protocol is known as Secure Sockets Layer (SSL), and a newer version is called Transport Layer Security (TSL). The protocol specifies that the computers follow a specific encryption algorithm such as RSA, the selection of which depends on the algorithms the computers are capable of running. The cryptography is asymmetric, so the computers create a public and private key with which they will encrypt and decrypt messages. These functions are “transparent” to the computer user, meaning the operations are handled by the computer.
Many browsers indicate SSL or TSL connections with an icon positioned somewhere on the page. Internet Explorer uses a gold padlock, which in the 7.0 version appears near the top, to the right of the address (on previous versions of this browser the padlock appeared near the bottom). The padlock is a visual indication that the connection between the client computer (the computer on which the browser is running) and the Web server is secure. In some cases, only a portion of a page is secure; for instance, a Web page may have a log-in program that establishes a secure connection, in which case the gold padlock does not appear on the page.
But any cryptography system is only secure if the user is careful. Criminals can write computer programs that install themselves on a person’s computer without the owner’s consent. For example, viruses and worms are malicious programs that travel along computer networks in e-mails or other network traffic, infecting computers that are not protected with antivirus software. These programs may have instructions for searching a person’s computer files for personal information, including private keys. Computer users who are connected to the Internet should exercise caution when opening e-mails from unknown persons or when visiting unfamiliar Web sites.
Another common technique known as phishing has emerged recently to bypass cryptographic protection. The technique, whose name resembles the word fishing, is an attempt to get unwary computer users to visit a Web site and provide personal information. The Web site may appear to be from a legitimate bank, company, or other institution, and the connection may also be secure, but the Web site is actually phony, designed specifically for the purpose of collecting credit card numbers or other private data. Criminals entice users to visit these sites by providing links in fraudulent e-mails that for instance, may claim to be from a bank or company requesting personal information for some reason, such as updating its files. When users click on the link, they are taken to the phony Web site.
To avoid phishing scams, computer users must be careful about using links to visit important Web sites. If a link appears doubtful, a user can type in the correct address, rather than trust the link. At secure Web sites, identified with an icon such as the gold padlock on Internet Explorer, users can usually double-click on the icon to reveal Web site information provided by certification authorities, who verify Web sites as well as cryptography keys. The information should match the Web site’s owner and address.
E-mail is not generally encrypted unless the user installs a program such as PGP. The Internet community may eventually opt for standard encryption of e-mails, however, as more and more people use e-mail for important correspondence.
Tactics such as viruses and phishing are not attacks on the encryption algorithm itself, but rather attempts to trick a person into revealing secrets. These attempts are similar to stealing codebooks or keys, as secret agents did during World War II.
Encryption tools such as the Advanced Encryption Standard and public key cryptography are hard to break, but the rapid increases in computer processing speed mean the chances for success of a determined cryptanalyst are getting better. Much of the research on the security of today’s encryption algorithms involves the field of computational complexity. This field of computer science studies the efficiency of algorithms and the problems they are capable of solving in a reasonable period of time. Encryption algorithms are designed to be extremely tough to solve, even with the fastest computers.
But no one has found any proof that efficient solutions do not exist for even the most difficult problems, even though researchers have spent years searching for and failing to find such solutions. And certain methods, such as those known as differential cryptanalysis, probe for patterns, where the computer encryption algorithm fails to be random. Such patterns are similar to those found in the Enigma machine’s encrypted messages by Rejewski, and later exploited by Turing and his colleagues during World War II.
The most dangerous threat at present to the security of modern cryptographic systems is probably not a cryptanalysis technique, but a new kind of computer on the horizon. Quantum computers, would employ quantum mechanics – the physics of small particles such as atoms – to make amazingly fast calculations. Although quantum computers do not yet exist, the early phases of research into these machines have been successful enough to make cryptographers take notice.