Category: Cryptography

Introduction

Cryptography signifies that which is concealed or hidden. It is writing or a description in a brief manner that secretly conveys a particular intelligence or words that we may wish to communicate. Cryptography may be used as a form of clandestine communication. The art of cryptography is a legitimate form of communication that is acknowledged in the world.

This is because there can be some times of danger and stress between individuals or nations that will make the use of cryptography inevitable especially when there is need to carry out a successful operation, by ensuring that the enemy does not get to understand the deliberations or communications between various agents of government (Ashchenko, 2002).

Cryptography is the study of mathematical techniques for different dimensions of security. The other words that are closely related to cryptography are cryptanalysis and cryptology. Cryptanalysis is the science that is applied in defeating the mathematical techniques while cryptology is the study of both cryptography and cryptanalysis. The terminologies that are applied in cryptography include:

Encryption: this is the action of concealing or disguising a message with an intention of hiding the information content. This may be achieved through encoding or enciphering.

Protocol: this is an algorithm which can be defined by series of steps and can specify the series to various parties.

Plain text: this is the message that can be transited or that can be stored whether encoded or decoded.

Cipher: this is a map from a space of plain text to a space of cipher text

Encode: to convert a message into a representation in a particular standard alphabet

Decode: to covert the coded message back into its original alphabet.

Keeping Information Private

Secrecy of communication can take many forms just in the same way that the perception regarding the movement the eye can be interpreted to give different meanings.

The key features of information that can enhance the security of information are confidentiality, privacy, integrity of data, authentication and non repudiation. Security of message is always addressed by cryptographic standard methods. Any information that is stored on a data base can easily be accessed and shared by the intruders (Privacy and Human Rights, 2003).

Privacy of information is an inherent culture of every individual. The emergence of computer technology and especially communication transmitted through computer networks have raised a lot of ethical concerns regarding privacy due to the volume of information that passes through a computer in one day. Computer privacy raises several ethical and moral dilemmas.

There are several technologies that have been developed to enhance privacy during communication. These technologies include cryptography, authentication and digital signatures.

Cryptography, for example, is a technology that can utilize several firms of algorithms and protocols in computer networks. Computers have raised few and new privacy problems mainly resulting from communication and storage of information (Diane, 1997).

The technologies that enhance privacy have raised several concerns among governments and other authorities due to the difficulty of the interception of the encrypted communication that is transmitted through computer networks.

The main ethical issue is the dilemma between the privacy of a group and individuals and their safety and security, for example, on what side the government would want to maintain the privacy of its citizens but at the same time it would wish to have knowledge of the information that is transmitted for security purposes.

There are therefore several devices and techniques that have been developed to enhance interception (Computer Professionals for Social Responsibility, 2009).

At this age of computer, private or personal information which has been transmitted through the computer can be stored through a data base, this database can be searched and accessed by any person and it can be used for purposes of advertisement without the knowledge of the communicating parties.

Consequently, privacy is not perceived in similar manner and it is not viewed in the same dimension, various countries and several individual have different perceptions of what privacy is (Diffie & Landau, 1998).

Computer Systems and Networks Threats

The advent of computer has raised several privacy issues and users are worried that they might risk loosing their information to authorities or companies who may utilize it for commercial purpose. Privacy is defined as the right of an individual or a group of people not to expose information touching on their personal issues; it may as well be understood as the right to maintain personal information from being misused.

Privacy on computer networks are vulnerable to access and manipulation by unauthorized intruders who have no right to such information. Since time immemorial, communication between people has been left exposed to both gossip and government (Banisar, 1995).

The interception of both telephone and telegraph conversations is a normal occurrence. The development of computer network has enhanced the degree of communication leading to an increase in the volume of data sent through telecommunication and network systems.

The wireless computer networks have enhanced eavesdropping of conversations. The threats emanating from computer networks have never been solved (Pipkin, 1998). Among the threats that have been enabled by the computer network include the following:

Criminal Actions: information technology has expanded freedom of expression and the open architecture of the internet has exposed the society to threats of criminal communication. These criminal acts should be protected under free speech. There are several criminal acts that are executed through the computer which is connected to a particular network.

These criminal actions include software piracy, computer sabotage and the electronic break-ins. The criminal actions of software nature can be executed when proprietary software, monies and music gets copied and distributed in networks without permission.

Other categories of crimes of the software nature are viruses, worms and Trojan horses; they have the ability of infecting computers with malicious pieces of code. Computer break-ins are actualized by hackers who at many occasions have the power to break into forbidden system without the permission of the owner.

Computer trespass can also be a form of criminal activity of technological nature. Trespass fall in the category of spam (Horniak, 2004).

Cryptography and Protection of Privacy and Public Safety

The protection of individual rights is the main aim of cryptography. It facilitates the safe custody of private information from thieves and intruders. This enhances security and privacy of individual information. The private use of cryptography may at times lead to privacy problems, several countries have expressed reservations that encrypted information can be intercepted by enemies.

Consequently, the problem from the use of cryptography is that any communication that is passed by use of computer networks is that it is hard to wiretap such as telephone communication.

This has led to the regulations of all the encrypted keys whether public or private by the use of the Clipper Chip which enhances wiretapping of communications. Other wiretapping devices used are the carnivore and echelon (Encyclopedia of Business, 2011).

Policies in the use of Cryptography

The significance of information and communication technology is gaining prominence and popularity in the society and the global world economy. This is necessitated by the intensification and the increase in the value and the quantity of data that is transacted and transmitted.

These communication systems and the networks are growing increasingly vulnerable to various threats like unauthorized access, misappropriation, alteration and destruction (Electronic Privacy Information Center, 2009). The increased proliferation of computers has enhanced the computing power growth of networks, convergence of information and communication technology and decentralization.

Cryptography is considered as a best component of securing information and communication systems, hence there are varieties of technologies that have been developed to incorporate cryptographic techniques to provide security. Cryptography is an important tool and an effective measure of ensuring that data transmitted is confidential and of integrity but the increased and widespread use of cryptography raises several issues.

Every government has the responsibility to protect the privacy and rights of its citizens among other inherent rights (Furnell, Lambrinoudakis & Pernul, 2011).

Cryptography was commonly used exclusively by government unlike in the modern times when it is accessible and available to every individual willing to have. It has been used to encode information so as to conceal secret messages from being accessed by unauthorized parties. This is particularly in the case of military and national security uses.

Cryptography utilizes algorithm in order to transform data so as to render it unintelligible to all those parties who do not have the knowledge or copy of secret information which is often referred as cryptographic key which is necessary for the decryption of the data.

The use of cryptography has been enhanced by the increased circulation of power caused by development of digital computing which has made it possible to utilize complex mathematical algorithms for the encryption of data.

The advancement of information and communication technology has facilitated vast and bulk transmission of information which can be copied faster and stored very quickly.

This has prompted the need for protection of privacy and the maintaining of data confidentiality of both private and public records and even commercial data. Cryptography is critical and an effective tool to address such technological problems in a networked environment since it can be used to conceal and protect classified information and data. The policies that can be taken into consideration regarding cryptography are:

User Trust: individuals, authorities, enterprises and governments are all affected by electronic information and communication systems yet they all have increased dependence on uninterrupted proper functioning. These users need to be assured that the communication systems can be made reliable and secure especially in this era of electronic commerce and electronic funds transfer.

Lack of confidence in these systems can hinder the development and the use of information and communication technologies. With the advent of credit card, failure to have a secure security and communication system may easily result losing if huge amounts of cash.

The users of this system require to be trustworthy and to have a strong sense of confidence in the existing information and communication technology (Golic, 1995).

User Choice: solutions to protecting any threat to information and communication technology can take different forms and the choice of cryptographic methods is wise since it is available to meet all the wide varieties of the user requirements and data security which may comprise hardware and software which show the potential to integrate all the products that can provide some strength and complexity based on the type of algorithm and the product.

Market Driven Development: the private sector is an indispensable partner in the creation of information infrastructure and they are the ones who are responsible for its creation and construction hence they have the duty to develop the products and to determine the standards based on the needs of the market.

There are however some cases where the government may influence the product development by expressing their specifications for particular product but care is always observed as to hinder government from driving the markets towards their favored directions.

Standardization: this is an important ingredient in security mechanism. Cryptographic methods together with information infrastructure develop quickly due to market dominance. There is always need for the government and the infrastructure industry to work together by providing the necessary architecture and the informations standards in order to enhance the production of quality information and communication system.

Protection of Privacy: privacy is a fundamental right and the confidentiality of information is an inherent value in any democratic society. The right to privacy has been placed at a greater risk due to the advancement of communication and information technology infrastructure. Cryptography forms a basis of a new dawn in privacy enhancement techniques.

Use of an effective cryptography in any networked environment can aid in protecting privacy of personal information. Failure to make use of cryptography in an environment where data is not secure may jeopardize some interests like national security and the safety of the public. Cryptography maintains the integrity of data especially in electronic transactions where lack of privacy may have some implications (Garay, 2010).

Lawful Access: a controversial policy regarding cryptography is the conflict between confidentiality and public safety. Whereas cryptography is necessary in the protection of privacy there may be a need to consider circumstance for lawful access to information by the public. There should be rules guiding the interception and access of information by the government (Department of Justice, 2000).

Conclusion

Computer has made communication flow to be very efficient. A lot of information is transferred from one place to another. Some of the information transferred might be quite sensitive as it might be touching on personal details of significant people in the society. Information transferred over computers through the internet ought to be protected against unauthorized intervention.

At this age of computer literacy, the art of computer hacking has been perfected and information transferred from one place to another is prone to be interfered with. Hacking is a great threat to securities of nations as terrorists can access vital information about a countrys national security system and use to plan launch attacks.

Hacking also poses a great danger of exposing personal information and business secrets to unknown parties who may use information to their own advantage but at the expense of the owners of the information. Encryption provides a solution to the hacking threat. The security of any information transferred is boosted by encrypting the information.

By encrypting information it becomes hard to access such information. However, it has been noted that encryption may pose another challenge to the government as it will very hard to detect information flow which may targeted at compromising the security of a country. For this reason, encryption is always controlled and the government can always intercept any information for the sake of a nations security.

References

Ashchenko, V. (2002). Cryptography: an introduction, American Mathematical Soc. New York, NY: Prentice Hall.

Banisar, D. (1995). Cryptography and Privacy Sourcebook, 1995: Documents on Encryption Policy, Wiretapping, and Information. New York, NY: DIANE Publishing.

Computer Professionals for Social Responsibility. (2009). The Third CPSR cryptography and privacy conference: sourcebook. Pennsylvania: Computer Professionals for Social Responsibility. Pennsylvania, PA: Cengage Learning.

Department of Justice. (2000). OECD guidelines for cryptography policy: report on background and issues of cryptography policy. Department of Justice. Web.

Diane, P. (1997). Cryptography and Privacy Sourcebook. New York, NY: DIANE Publishing Company.

Diffie, W & Landau, S. (1998). Privacy on the Line: The Politics of Wiretapping and Encryption. New York, NY: The MIT Press.

Electronic Privacy Information Center. (2009). Cryptography and Liberty 1999 An International Survey of Encryption Policy. Global Internet Liberty Campaign. Web.

Encyclopedia of Business. (2011). Computer security. References for Business. Web.

Furnell, S, Lambrinoudakis, C & Pernul, G. (2011). Trust, Privacy and Security in Digital Business: 8th International Conference. New York, NY: Springer.

Garay, J.A. (2010). Security and Cryptography for Networks: 7th International Conference, SCN 2010. New York, NY: Prentice Hall.

Golic, J. (1995). Cryptography: policy and algorithms: international conference. Brisbane, Queensland: Springer.

Horniak, V. (2004). Privacy of communication- ethics and technology. Malardalen University. Web.

Pipkin, D.L. (1998). Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, NJ: Prentice Hall.

Privacy and Human Rights. (2003). An International Survey of Privacy Laws and Developments. Privacy International. Web.

Whenever you are doing transactions online or in-store, are you tired of forgetting your credit card somewhere, or being asked to provide your Zip Code or three-digit secure code at the back of your credit card, well say hello to easy, secure, and worldwide transactional means called cryptocurrency that avoid all this. The technologies of cryptocurrency have a major capacity and potential in changing how we do transactions drastically. Even though, the word cryptocurrency start to come to light recently, the history goes back all the way to 1983, when the American cryptographer “David Chaum” introduced and conceived an anonymous “electronic money” called ecash, which he later also implemented “Digicash”. But it was after the first decentralized cryptocurrency, bitcoin, was created in 2009, that cryptocurrency became an internet buzzword and was getting news & media coverage and became well known to most people.

There are many different types of cryptocurrency including Bitcoin, Litecoin, Namecoin, Peercoin, Dogecoin, Gridcoin, Primecoin, Ripple, Nxt, Auroracoin, Dash, NEO, MazaCoin, Monero, NEM, PotCoin, Bitcoin, Verge, Stellar, Vertcoin, Ether, Ethereum Classic, Tether, Zcash, Bitcoin Cash, and EOS.IO.

This is a clear indication that cryptocurrency started to get attention beginning of 2009 and it has been growing & expanding significantly. The majority of its customers feel more freedom, flexibility, ease of access, and enhanced security compared to the traditional banking system. Many cryptocurrency users are located in the United States, Japan, Switzerland, Malta, Estonia, the UK, France, Italy, Germany, and Canada. As the number of cryptocurrency customers grows, the number of companies accepting digital currency or cryptocurrency has also grown significantly including, Overstock.com, EGifter, Newegg, Microsoft, Expedia, PayPal, Shopify, Virgin Galactic, Dish Network, and Wikipedia. The majority of these businesses are accommodating cryptocurrency as part of their online e-commerce transaction. While both Cryptocurrency and traditional banks provide means for customers a way to do transactions online, Cryptocurrency compared to traditional banks provides more flexibility and easy access.

As stated above, cryptocurrency provides more freedom and limited regulation compared to the traditional banking system. “Since cryptocurrency is not governed by exchange and interest rates, transactions are not affected by additional fees. This makes cryptocurrency a primed means to facilitate global transaction without dealing with traditional banking system red taps”. A lower transaction fee is a huge benefit for companies and individuals who deal with international trading, import, and export using cryptocurrency. Also, compared to traditional banking worldwide transaction fees are very minimal. Cryptocurrency comes with great advantages when it comes to anonymity and privacy. Speed is another core feature of cryptocurrency, it operates on a decentralized financial system that is stored via blockchain.

Easy access to financial statements and to perform transactions is key to attracting and winning new customers in this technological era. Cryptocurrency is designed in a way to fulfill this need by allowing its customers to easily access it using handheld devices such as smartphones, tablets, laptops, iPad, and other portable devices. It is believed that there are almost 5 billion people all around the world who have mobile phones and 2.2 billion individuals with access to the Internet, thus is it very critical to be able to reach each customer via mobile phone. In contrast, the traditional banking system has not reached that level yet and most of the time, customers have to carry a banking debit or credit card in order to either access their financial statement or perform a transaction. Cryptocurrencies are accessed on a decentralized network and anyone can earn them, unlike the traditional banking system, one must have bank either a checking or saving account in order to either receive or pay for any good or service.

It is well known that major banks have been a victim of hacking that resulted in the exposure of millions of customers’ financial and personal sensitive information. As security is the core component of any financial system, the traditional banking system has to deliver well-proven means or system that protects customers’ data from any unauthorized access by any third party. Although, some banks are putting in place further precautionary measures while others are confident of the security of their systems and continue to make all card transactions fully available to their customers. However, as most banking systems are built on outdated technologies it has become increasingly difficult to keep up with the latest sophisticated attacks by hackers targeting customers financial data, and the means of online banking gateway for banks remains a risky act. Furthermore, in traditional banks there is no 100% guarantee the money saved up will not vanish, this can happen as a result of collection agencies due to several reasons such as failing to make a payment on a loan, tax due, child care support, or other related reasons. If we take PayPal for example: if the company decides for some reason that your account has been misused, it has the power to freeze all of the assets held in the account, without consulting you.

In contrast, cryptocurrency is very unique unlike traditional banking systems. Some of its functionality reduces and eliminates fraud because a payment cannot be reversed after the fact. This makes it different from debit or credit card payments, which can be under chargebacks, a feature that hackers/fraudsters can exploit. A “push” mechanism is another strong future that cryptocurrency uses that allows cryptocurrency holders to send exact amounts without giving further information to the merchant, which gives the buyer great control over the amount of information being shared. In cryptocurrency the transaction data cannot be overwritten, data manipulation is not realistic, thus makes securing data and eliminating centralized points that hackers often target. Furthermore, In using cryptocurrency, the security layer is well proven that it has been customized and adapted by major Military agencies including Pentagon.

Another great benefit of using cryptocurrency is that when customers store money in cryptocurrency format, it can be considered an investment. Investing in cryptocurrency transfers money into a bitcoin token, whereas in traditional banks it will remain in the same amount or dollar, which is called fiat currency. Fiat currencies are also highly regulated and affected by government policy. The value of fiat currencies can increase or decrease based on several factors such as job growth, import-export, stock market, and other factors. Consider when we purchase a house or a car, it is considered as an asset. Cryptocurrency is also the same thing it can be considered as a digital asset designed to work as a medium of exchange. In contrast, a traditional bank account stores currency in its current form and can not be treated as an asset. Another downside of a traditional banking system is setting up a new bank account. First, a bank need to make sure the customer is eligible to open a bank account. This eligibility age, historical financial statement check, citizenship requirement, and a valid address. Depending on the bank some of them will require a direct deposit, this has another requirement that the customer has to have a paying job in order to set up a direct deposit. Most of the time, banks will also require a minimum deposit amount, or else an additional fee will be incurred in the form of a maintenance fee. All this detailed process has to be followed before anyone can set up a bank account in order to be able to put money in the bank.

Moreover, Cryptocurrency gives its customers freedom when it comes to using their own money at any given point to perform time-sensitive transactions. In contrast, traditional banks use a daily limit set that will not allow customers to withdraw more than a specific amount as part of a security feature put in place. This could have an adverse impact on customers using traditional banking systems during weekends or holidays. Unlike traditional banks cryptocurrency does not have any restrictions on any transactions that are made by its customers and all transactions can be made 24/7 which gives absolute financial control to its customers. In addition, digital currency transactions take place at the same speed, regardless of where the sender and receiver are located.

In addition, Printing currency notes is expensive and requires the collection of old notes and that has to be managed by traditional banks. Aside from printing costs, the physical currency note lifecycle is very short and can easily be damaged or lost. Managing and safeguarding the physical monetary notes puts an additional burden on customers. It could also be a source for criminal acts, this has been an ongoing safety issue for ATM users and bank tellers, and they have to put their lives on the line when dealing with theft and robbery acts. Whenever it reaches the end of its life cycle it has to be returned to the central bank.

People travel from place to place for various reasons including business, pleasure, or personal. Usually, those travels require travelers to have money with them in order to be able to pay for any expense for the duration of their trip. Using paper money requires a declaration form and each traveler has to declare the total amount of cash they have, and if it exceeds a specific amount, people are required to either provide a detailed explanation and proof as the money belongs to the person and the purpose of using it. This creates inconvenience to travelers and adds more delay to their trip. However, cryptocurrency uses digital currency or token, which does not require a wallet or a purse to carry around. Customers can just simply secure coins using digital keys such as smartphone and other electronic use, which is subject to security checkpoints inspection and has to undergo several processes to be clear.

Anyone with an internet or smartphone can have access to cryptocurrency from any part of the world. Cryptocurrencies are digital and can not be duplicated or counterfeited. Its decentralized feature makes it harder or impossible for any government to control it, this means the value cannot be altered by any individual person or agency. As cryptocurrency is being increasingly adopted worldwide, the value is the same in any part of the world. This avoids the risk of exchanging rates and any transaction amount, and It’s considered a worldwide universally recognized currency. On the other hand, the traditional banking system does not provide complete anonymity, government has full access to bank accounts and financial transactions. Whenever we swipe a debit or credit card, we are passing our personal information to any merchant. This creates a potential security risk that, hackers can exploit and gain access to financial records and statements. This issue has been reported on major news that had an impact on millions of bank clients/customers.

In conclusion, cryptocurrencies should be a legal currency due to the reasons of higher security, enabling you to sleep easy, knowing that you have a secure investment for the future, and controllability, so that you have the final say over what happens to your money, and no bank or government can intervene. They are easy, with an account that can be made in five minutes, and one of the most profitable enterprises in the world. For these reasons, I, and many economics experts besides me, believe that cryptocurrency is the means of the future, and anyone who wishes to get the biggest economic advantage since the internet should vote to make cryptocurrency the new world currency. As Rick Falkvinge said: Cryptocurrency will do to the economics market what email did to the postal industry.

1. http://www.aliantpayments.com/cryptocurrency-vs-traditional-money/
2. https://cryptohustle.com/7-reasons-why-bitcoin-is-better-than-banking
3. https://www.huffingtonpost.com/ameer-rosic-/7-incredible-benefits-of-_1_b_13160110.html
4. https://en.wikipedia.org/wiki/Cryptocurrency_and_security
5. https://medium.com/lgbt-foundation/6-ways-cryptocurrency-is-better-than-regular-banking-80464802d020
6. https://www.btcwires.com/round-the-block/top-10-companies-accepting-bitcoin-payments/
7. https://en.wikipedia.org/wiki/Cryptocurrency
8. https://www.zerohedge.com/news/2018-03-12/banks-versus-bitcoin-advantages-decentralized-financial-systems

Whenever you are doing transactions online or in-store, are you tired of forgetting your credit card somewhere, or being asked to provide your Zip Code or three-digit secure code at the back of your credit card, well say hello to easy, secure, and worldwide transactional means called cryptocurrency that avoid all this. The technologies of cryptocurrency have a major capacity and potential in changing how we do transactions drastically. Even though, the word cryptocurrency start to come to light recently, the history goes back all the way to 1983, when the American cryptographer “David Chaum” introduced and conceived an anonymous “electronic money” called ecash, which he later also implemented “Digicash”. But it was after the first decentralized cryptocurrency, bitcoin, was created in 2009, that cryptocurrency became an internet buzzword and was getting news & media coverage and became well known to most people.

There are many different types of cryptocurrency including Bitcoin, Litecoin, Namecoin, Peercoin, Dogecoin, Gridcoin, Primecoin, Ripple, Nxt, Auroracoin, Dash, NEO, MazaCoin, Monero, NEM, PotCoin, Bitcoin, Verge, Stellar, Vertcoin, Ether, Ethereum Classic, Tether, Zcash, Bitcoin Cash, and EOS.IO.

This is a clear indication that cryptocurrency started to get attention beginning of 2009 and it has been growing & expanding significantly. The majority of its customers feel more freedom, flexibility, ease of access, and enhanced security compared to the traditional banking system. Many cryptocurrency users are located in the United States, Japan, Switzerland, Malta, Estonia, the UK, France, Italy, Germany, and Canada. As the number of cryptocurrency customers grows, the number of companies accepting digital currency or cryptocurrency has also grown significantly including, Overstock.com, EGifter, Newegg, Microsoft, Expedia, PayPal, Shopify, Virgin Galactic, Dish Network, and Wikipedia. The majority of these businesses are accommodating cryptocurrency as part of their online e-commerce transaction. While both Cryptocurrency and traditional banks provide means for customers a way to do transactions online, Cryptocurrency compared to traditional banks provides more flexibility and easy access.

As stated above, cryptocurrency provides more freedom and limited regulation compared to the traditional banking system. “Since cryptocurrency is not governed by exchange and interest rates, transactions are not affected by additional fees. This makes cryptocurrency a primed means to facilitate global transaction without dealing with traditional banking system red taps”. A lower transaction fee is a huge benefit for companies and individuals who deal with international trading, import, and export using cryptocurrency. Also, compared to traditional banking worldwide transaction fees are very minimal. Cryptocurrency comes with great advantages when it comes to anonymity and privacy. Speed is another core feature of cryptocurrency, it operates on a decentralized financial system that is stored via blockchain.

Easy access to financial statements and to perform transactions is key to attracting and winning new customers in this technological era. Cryptocurrency is designed in a way to fulfill this need by allowing its customers to easily access it using handheld devices such as smartphones, tablets, laptops, iPad, and other portable devices. It is believed that there are almost 5 billion people all around the world who have mobile phones and 2.2 billion individuals with access to the Internet, thus is it very critical to be able to reach each customer via mobile phone. In contrast, the traditional banking system has not reached that level yet and most of the time, customers have to carry a banking debit or credit card in order to either access their financial statement or perform a transaction. Cryptocurrencies are accessed on a decentralized network and anyone can earn them, unlike the traditional banking system, one must have bank either a checking or saving account in order to either receive or pay for any good or service.

It is well known that major banks have been a victim of hacking that resulted in the exposure of millions of customers’ financial and personal sensitive information. As security is the core component of any financial system, the traditional banking system has to deliver well-proven means or system that protects customers’ data from any unauthorized access by any third party. Although, some banks are putting in place further precautionary measures while others are confident of the security of their systems and continue to make all card transactions fully available to their customers. However, as most banking systems are built on outdated technologies it has become increasingly difficult to keep up with the latest sophisticated attacks by hackers targeting customers financial data, and the means of online banking gateway for banks remains a risky act. Furthermore, in traditional banks there is no 100% guarantee the money saved up will not vanish, this can happen as a result of collection agencies due to several reasons such as failing to make a payment on a loan, tax due, child care support, or other related reasons. If we take PayPal for example: if the company decides for some reason that your account has been misused, it has the power to freeze all of the assets held in the account, without consulting you.

In contrast, cryptocurrency is very unique unlike traditional banking systems. Some of its functionality reduces and eliminates fraud because a payment cannot be reversed after the fact. This makes it different from debit or credit card payments, which can be under chargebacks, a feature that hackers/fraudsters can exploit. A “push” mechanism is another strong future that cryptocurrency uses that allows cryptocurrency holders to send exact amounts without giving further information to the merchant, which gives the buyer great control over the amount of information being shared. In cryptocurrency the transaction data cannot be overwritten, data manipulation is not realistic, thus makes securing data and eliminating centralized points that hackers often target. Furthermore, In using cryptocurrency, the security layer is well proven that it has been customized and adapted by major Military agencies including Pentagon.

Another great benefit of using cryptocurrency is that when customers store money in cryptocurrency format, it can be considered an investment. Investing in cryptocurrency transfers money into a bitcoin token, whereas in traditional banks it will remain in the same amount or dollar, which is called fiat currency. Fiat currencies are also highly regulated and affected by government policy. The value of fiat currencies can increase or decrease based on several factors such as job growth, import-export, stock market, and other factors. Consider when we purchase a house or a car, it is considered as an asset. Cryptocurrency is also the same thing it can be considered as a digital asset designed to work as a medium of exchange. In contrast, a traditional bank account stores currency in its current form and can not be treated as an asset. Another downside of a traditional banking system is setting up a new bank account. First, a bank need to make sure the customer is eligible to open a bank account. This eligibility age, historical financial statement check, citizenship requirement, and a valid address. Depending on the bank some of them will require a direct deposit, this has another requirement that the customer has to have a paying job in order to set up a direct deposit. Most of the time, banks will also require a minimum deposit amount, or else an additional fee will be incurred in the form of a maintenance fee. All this detailed process has to be followed before anyone can set up a bank account in order to be able to put money in the bank.

Moreover, Cryptocurrency gives its customers freedom when it comes to using their own money at any given point to perform time-sensitive transactions. In contrast, traditional banks use a daily limit set that will not allow customers to withdraw more than a specific amount as part of a security feature put in place. This could have an adverse impact on customers using traditional banking systems during weekends or holidays. Unlike traditional banks cryptocurrency does not have any restrictions on any transactions that are made by its customers and all transactions can be made 24/7 which gives absolute financial control to its customers. In addition, digital currency transactions take place at the same speed, regardless of where the sender and receiver are located.

In addition, Printing currency notes is expensive and requires the collection of old notes and that has to be managed by traditional banks. Aside from printing costs, the physical currency note lifecycle is very short and can easily be damaged or lost. Managing and safeguarding the physical monetary notes puts an additional burden on customers. It could also be a source for criminal acts, this has been an ongoing safety issue for ATM users and bank tellers, and they have to put their lives on the line when dealing with theft and robbery acts. Whenever it reaches the end of its life cycle it has to be returned to the central bank.

People travel from place to place for various reasons including business, pleasure, or personal. Usually, those travels require travelers to have money with them in order to be able to pay for any expense for the duration of their trip. Using paper money requires a declaration form and each traveler has to declare the total amount of cash they have, and if it exceeds a specific amount, people are required to either provide a detailed explanation and proof as the money belongs to the person and the purpose of using it. This creates inconvenience to travelers and adds more delay to their trip. However, cryptocurrency uses digital currency or token, which does not require a wallet or a purse to carry around. Customers can just simply secure coins using digital keys such as smartphone and other electronic use, which is subject to security checkpoints inspection and has to undergo several processes to be clear.

Anyone with an internet or smartphone can have access to cryptocurrency from any part of the world. Cryptocurrencies are digital and can not be duplicated or counterfeited. Its decentralized feature makes it harder or impossible for any government to control it, this means the value cannot be altered by any individual person or agency. As cryptocurrency is being increasingly adopted worldwide, the value is the same in any part of the world. This avoids the risk of exchanging rates and any transaction amount, and It’s considered a worldwide universally recognized currency. On the other hand, the traditional banking system does not provide complete anonymity, government has full access to bank accounts and financial transactions. Whenever we swipe a debit or credit card, we are passing our personal information to any merchant. This creates a potential security risk that, hackers can exploit and gain access to financial records and statements. This issue has been reported on major news that had an impact on millions of bank clients/customers.

In conclusion, cryptocurrencies should be a legal currency due to the reasons of higher security, enabling you to sleep easy, knowing that you have a secure investment for the future, and controllability, so that you have the final say over what happens to your money, and no bank or government can intervene. They are easy, with an account that can be made in five minutes, and one of the most profitable enterprises in the world. For these reasons, I, and many economics experts besides me, believe that cryptocurrency is the means of the future, and anyone who wishes to get the biggest economic advantage since the internet should vote to make cryptocurrency the new world currency. As Rick Falkvinge said: Cryptocurrency will do to the economics market what email did to the postal industry.

1. http://www.aliantpayments.com/cryptocurrency-vs-traditional-money/
2. https://cryptohustle.com/7-reasons-why-bitcoin-is-better-than-banking
3. https://www.huffingtonpost.com/ameer-rosic-/7-incredible-benefits-of-_1_b_13160110.html
4. https://en.wikipedia.org/wiki/Cryptocurrency_and_security
5. https://medium.com/lgbt-foundation/6-ways-cryptocurrency-is-better-than-regular-banking-80464802d020
6. https://www.btcwires.com/round-the-block/top-10-companies-accepting-bitcoin-payments/
7. https://en.wikipedia.org/wiki/Cryptocurrency
8. https://www.zerohedge.com/news/2018-03-12/banks-versus-bitcoin-advantages-decentralized-financial-systems

History

Cryptography or encrypting the message is just like a letter, which at the time of posting is sealed in the envelope. Piper & Murphy (2002) Cryptography is a well-established science that has been a significant historical influence for more than 2,500 years. Cryptography was used in the form of ‘substitution ciphers’ in the reign of Julius Caesar. In that encryption, each letter was replaced by three other letters.

In the nineteenth century, it started with a traditional aim of securing governments and the military. At that time, i.e., prior to the 1970s, cryptography was only practiced by the government and military personnel; however, later, it spread in the public sector. Piper & Murphy (2002) has also mentioned cryptography of the 1970s as a ‘black art’ only accessible by the government.

In a traditional context, its popularity and increase in public awareness lead the museums and places of historic interest to discover their origin. Therefore the museums started exhibiting the old cipher machines. Later, when media started exposing cryptography as a means for providing security, many films on the Second World War stressed the importance of code-breaking. However, films like Pearl Harbor explained the impact of the breaking of encrypted messages.

With the passage of time, cryptography was made available to all sectors of society. Two forces that influenced this transition of awareness were ‘business’ and ‘Internet,’ and both, when combined, gave rise to ‘online’ companies. With the advent of online business, the concept of ‘e-commerce’ gradually appeared, thereby creating awareness on the customer level. Governments who once adopted ‘cryptography’ while communicating with their militants now started communicating with their citizens via the Internet. These were, on the one hand, provided opportunities; on the other created concerns which involved security at every level like ‘taxation,’ ‘illegal transaction,’ etc. So, in order to deal with such issues, there emerged a need to advance cryptography.

Today’s Encryption

Today’s encryption is the process that converts text in an unreadable form. This scrambling process is what today is known as ‘cryptography’ and based on algorithms that use various forms of substitution or transposition to encrypt the message. Algorithms are mathematical constructs that are applied through various applications to secure data transmissions or storage. (Andress, 2003, p. 69)

Cryptography is used in restricting access to important documents and information so that an unauthorized user cannot make alterations to documents. Indeed, at least for the commercial sector, the provision of confidentiality is no longer its major application. In addition to its traditional use for privacy, cryptography is now used to provide:

1. Data Integrity: To assure that information has not been accessed or altered by unknown means.
2. Entity authentication: corroborating the identity of an entity
3. Data origin authentication: corroborating the source of the information
4. Non-repudiation: preventing the denial (this is usually by the originator) of the content of the information and/or the identity of the originator

Modern cryptography has evolved considerably over the past three decades. Not only has the technology changed, but there is a wider range of ‘secure’ applications. You can use encryption to protect network communications over the Internet or to help secure an intranet, e-mail, database entries, and files on a workstation or file server. Encryption can provide confidentiality, authentication, integrity, and non-repudiation for data traveling over a network or stored on a system.

According to Piper & Murphy (2002), “When integrating cryptography into a security solution, there are two potentially conflicting approaches to the selection of an encryption algorithm:

• use the lowest level of security that offers adequate protection;
• use the highest level of security that implementation considerations allow.

Today, encryption is used as an important security tool that can protect confidential information. Since the machine can be used to identify the source of information and can be easily broken therefore encryption types that are used today are two:

• Private key encryption and
• Public key encryption

Private key encryption, known as symmetric-key encryption, is used to encrypt and decrypt the information by using the same key, i.e., both the sender and receiver of the message must possess the same key. However, the latest invention is the public key encryption which uses two keys to encrypt and decrypt messages while private key uses a single key. (Maiwald, 2001, p. 219) It provides the confidentiality of the information while it is encrypted and is known by only those who can decrypt the message. It is mostly implemented in today’s hardware and software. Today security measures like anti-virus software, access controls, and security control devices like firewalls are being used. Firewalls and smartcards are the most convenient way of achieving secure web connections.

Firewalls: Firewalls are access control devices for the network that can assist in protecting an organization’s internal network from external threats. The first step in physically implementing your security infrastructure is determining what type of perimeter security works best in your environment. The three main firewall technologies are packet filter, proxy, and stateful inspection.

Smart Cards: To alleviate the problem of guessing passwords, security has moved to ‘smartcards’ – cards that authenticate and ensures while minimizing the risk of guessing a password. However, in the case of losing a smartcard, one cannot ensure security because a single attack or hacking will not be prevented with smart cards as a smart card system is a dependant upon its user. (Maiwald, 2001, p. 11)

Future Encryption

The future authentication mechanism that can even reduce the risk of guessing passwords is the use of biometrics. A concise definition of biometrics is “automatic recognition of a person using different characteristics of a machine.” (Woodward et al., 2003, p. 1) Biometric devices measure the physical attributes of an individual with fingerprints as the most commonly measurable attribute. Other measurable attributes include the shape of a person’s face, the pattern of the eye’s iris, the person’s typing patterns, or the sound of his or her voice is also measurable attributes. Often security experts argue that biometrics is the only true form of user authentication because it physically authenticates the person since each person’s trait is different and no two person’s characteristics are the same.

Different types of biometrics are:

Iris Scan

Iris scan identifies and verifies the person by scanning and measuring iris patterns. The Colour of the eyes does not matter. Since iris patterns in each eye of the person are different, therefore iris scanning is highly distinctive and secure in nature. Even identical twins have different iris scans.

Retinal Scan

A retinal scan measures the blood vessel patterns in the back of the eye. The device through which the retina is measured sheds a light source into the eye of a user who must be standing very still within inches of the device. Retinal scan has not gained that much popularity as an iris scan or facial recognition.

Facial Recognition

Facial recognition makes the human recognition somewhat automated and computerized process, after which a human considers himself as the main part of the computerized scan. It records the main geometrical features of the face like eyes, nose, and lips measurement angles. However, there is no hard and fast rule or methods of facial recognition. However, all focus on measures of key features of the face. Today facial recognition security has come in mobiles so that there is no threat of snatching or stealing mobiles. (Young, Oct 23, 2005) Similarly, it is also many built-in vehicles.

However, the foremost benefit it provides is to ensure protection to its general public in public places, parks, and shopping areas. The system, after capturing faces of people in public areas, stores for a possible future incident, and in case of burglaries and robberies, identifies the culprit. The most amazing thing is that facial recognition is not dependant upon any physical contact with a person.

Voice Recognition

Voice or speaker recognition makes adequate use of vocal characteristics to identify individuals using a pass-phrase. Voice recognition is a cheap and deployable technology that can serve as a sensor to identify the pitch and tone of voices. The main disadvantage lies in the notion that if affected by environmental factors like noise could interfere in recognition.

Fingerprint

Often used by law enforcement agencies, the fingerprint biometric identifies and verifies the person in the same manner in which the manual ‘signature’ identification was made in the past. In order to read the e-print, the biometric device involves the person placing his hands on the plate. After reading the e-print, the details are then extracted by the vendor’s algorithm, thereby making it fingerprint. Fingerprints are being used by various agencies and crime departments of the Government to identify the trace of criminals.

References

Andress Amanda, (2003) Surviving Security: How to Integrate People, Process, and Technology: Auerbach Publications: Boca Raton, FL.

Maiwald Eric, (2001) Network Security: A Beginner’s Guide: Osborne, Mc Graw Hill

Piper Fred & Murphy Sean, (2002) Cryptography: A Very Short Introduction: Oxford University Press: Oxford, England.

Woodward D. John, Horn Christopher, Gatune Julius & Thomas Aryn, (2003) Biometrics: A Look at Facial Recognition: Rand: Santa Monica, CA.

Young Ken, 2005

Abstract

This paper presents a detailed study of asymmetric and symmetric encryption and decryption algorithms by focusing on the operations, the strengths, and weaknesses of the RSA and Data Encryption Standard (DES) algorithms.

The best characteristics of DES and RSA algorithms can be combined to form a hybrid encryption algorithm to provide the desired properties of message integrity, authentication, and non-repudiation.

Cryptography

According to Curtin (2007), cryptography is the study of the mathematical methods used to develop algorithms which are used for secret writing to enforce message authentication, integrity, and confidentiality.

Cryptography enables the detection and prevention of cheating and malicious activities (Akl & Taylor, 1993).

Encryption

Encryption is a process that uses an encryption algorithm to convert a message from plaintext into ciphertext, making the message unreadable to a third party (Akl & Taylor, 1993). Figure 1 below shows a cryptographic system used to encrypt and decrypt messages.

The figure above illustrates the public and private cryptosystem which is used to achieve message encryption, decryption, integrity, authentication, non-repudiation, and confidentiality (Curtin, 2007).

Symmetric

Bellovin and Merritt (1992) argues that a symmetric algorithm uses one secret key to encrypt plaintext into ciphertext and to decrypt ciphertext into plaintext.

The advantage with the symmetric algorithm is that it consumes fewer resources than its asymmetric counterpart. The main challenge with symmetric algorithms is to keep the key secret. However, if the key is known to the attacker, the communication becomes unsafe (Curtin, 2007).

Asymmetric

An asymmetric encryption algorithm uses a public key to encrypt a message and a private key to decrypt the message (Curtin, 2007). The encryption key is kept public and is known as the “public key” while the decryption key is kept secret and is known as the “private or secret key”.

It is impossible to compute the secret key using the public key, making it difficult for a cryptanalyst to attack the asymmetric cryptosystem. The main disadvantage with asymmetric algorithms is that they are slower than symmetric algorithms (Fujisaki & Okamoto, 1999).

Block and Stream Ciphers

Curtin (2007) argues that block ciphers operate by breaking a message into fixed block sized messages which are encrypted using the same key. Stream ciphers operate by encoding each symbol of the plaintext into ciphertext.

The advantage with block ciphers is that a smaller block can be created from a large message. The “problem with the stream cipher is that an error can be propagated to the recipient after the message has been encoded” (Fujisaki & Okamoto, 1999).

Data Encryption Standard (DES)

The Data Encryption Standard (DES) is an algorithm that was developed by IBM in 1970 and has been used for classified government and commercial applications since its discovery.

DES is a block cipher which uses the Feistel structure which functions by processing 64 bits of plaintext into 64 bits of ciphertext based on a 56 bit variable. The message to be enciphered is subjected to substitution and permutation steps.

Substitution is done by mapping each element of the plaintext into the corresponding element of the ciphertext. Substitution takes a 48 bit number as input to produce a 32 bit number as output (Fujisaki & Okamoto, 1999).

In the permutation step, the input block is split into two halves, denoted as L (for the left block) and R (for the right block). For each substitution and permutation steps, the right half (R) remains unchanged but the left half (L) is transformed depending on the encryption key.

At the end of each permutation step, L is swapped into R and R is swapped into L. After each permutation step, the results are again swapped back illustrated in figure 2 below.

From the above diagram, F denotes the scrambling operation on the input message using the K_i round key, which is derived from the main encryption key. According to Curtin (2007), F is the Feistel function that is used to scramble the messages.

Suppose E denotes the encrypted message which consists of two output blocks at the end of the i^th round. The output messages are denoted by LE_i and RE_i respectively. The output messages after the (i-1) ^Th round are represented by LEi = REi−1 and REi = LEi−1 Φ F (REi−1, Ki) respectively.

In this case, Φ is the exclusive bitwise OR operator. The message is decrypted based on the Feistel structure. Each round of the decryption message provides an output corresponding to each round of the encryption message (Curtin, 2007).

This property does not change even if the Feistel function is changed. The encryption and decryption rounds are illustrated in figure 3 below.

The disadvantage with DES is that it uses a weak key and a weak substitution s-box. However, the strength with DES is that it has the desired property of completeness and avalanche effect (Layton, 2006).

Application areas

DES can be applied in a number of applications to provide the desired message security. DES operates in different modes which include the Electronic Code Book (ECB) which operates on a 64 bit key to transform plaintext into ciphertext.

The ECB provides secure transmission of single values. The other mode of operation is the Cipher Block Chaining (CBS) which is used for message authentication and block oriented communication. The ECB mode of operation depends on the XOR operation (Layton, 2006).

DES can operate on the Cipher Feedback (CFB) mode which requires the processing of j bits at a time. The method is used to authenticate stream based message communication.

Other modes of operation include the Output Feedback (OFB) which is a stream oriented communication paradigm and the Counter (CTR) mode which is used for high speed message communication.

Message Authentication (MA)

DES provides message authentication and integrity based on a mechanism that does not allow unauthorized modification of messages. Message Authentication (MA) is achieved by using a message authentication code (MAC) (Menezes, Oorschot & Vanstone, 1996).

To achieve message integrity, the sender of a message uses DES to encipher the last part of the message with the message authentication code (MAC) based on the Cypher Block Code (CBC).

Authentication is done by the recipient of the ciphertext which has the MAC appended to the last part of the message by running ciphertext on DES and comparing the results with the original plaintext (Liao & Chao, 2008).

RSA

The RSA algorithm was developed in 1977 by Rivest, Shamir & Adleman of the Massachusetts Institute of Technology (MIT) and is widely used as a public key scheme to encrypt and authenticate messages. The algorithm uses both public and private keys (Dent, 2004).

The public key is available to the public, but the private key is kept secret. The “public key is used for signature verification and message encryption while the private key is used to create signatures and to decrypt messages” (Gordon & Jeffrey, 2004). The message on transmission cannot be forged.

RSA solves the problem of key distribution and digital signature verification. The strength of the RSA algorithm is in the use of two relatively prime numbers (Menezes, Oorschot & Vanstone, 1996). Based on Euler’s theorem, RSA functions as follows:

a^{ø (n )}mod N = 1 (Akl & Taylor, 1993).

In this case, gcd (a, N) =1.

N is the product of p and q, i.e. N=p.q. (Akl & Taylor, 1993).

Based on the initial equation, ø (N) = (p-1) (q-1), if the values of p and q are carefully chosen, the values of e and d are the inverse of mod ø (N). If the results for mod ø (N) are correct, the condition for k in the equation expresses as e.d=1+k.ø (N) is true. The following are true:

C^d= (M^e) ^d.

M¹. (M^{ø (N)}) ^q

The sender uses a different and secure communication system to avoid the problem of white noise to achieve the desired privacy of the messages in ttransit based on the RSA algorithm, which makes the RSA cryptosystem system slow and expensive.

Message authentication

The sender of the message can prove that he or she is the source of the message, m, by using a private decoding component of the message to compute C= m^d mod N, which is transmitted to the recipient in the form of (C, m).

The recipient computes C^e mod N to confirm that the output message is similar to m (Stamp, 2005). The original code is (N, e) which is the message sent from the source. Consider a typical example in which m = 3, using the private key, we can compute the initial decryption as follows:

m^d (mod N) = 310 mod 559 = 542

Encryption is done on the message by the recipient as follows:

c^d (mod N) = 5425 (mod 559) = 3

Comparing RSA and DES

A comparative analysis of both RSA and DES shows that DES is better in decrypting messages than RSA. RSA is however, better than DES in providing a solution for key agreement and key exchanges. DES has a lower avalanche effect and lower power consumption.

RSA has a higher avalanche effect, higher power consumption, and lower throughput. DES has a higher confidentiality and scalability than RSA (Scheirer, 1995).

Hybrid Encryption Methods

The hybrid method enforces data integrity and authentication using DES for data transmission purposes by relying on the DES property of higher encryption efficiency.

RSA is used to encrypt the DES key, and the system uses RSA to send the encryption and decryption keys which operate at the same speed as triple DES (Nadeem & Younus, 2005).

Flaws

The weakness with the hybrid method is that it is practically difficult to implement and is slow.

Conclusion

This study has established the characteristics of symmetric and asymmetric algorithms.

To overcome the weaknesses of the RSA and DES algorithms, the research shows that the best of both algorithms can be combined to create a hybrid algorithm which provides higher message confidentiality, authentication, and integrity.

References

Akl, S. G., & Taylor, P. D. (1993). Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems (TOCS), 1 (3), 239-248.

Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Research in Security and Privacy, Proceedings. 1 (1), 72-84).

Curtin, M. (2007). Force: Cracking the Data Encryption. New York: Standard, Springer

Dent, A. W. (2004). Hybrid Cryptography. IACR Cryptology ePrint Archive, 210. CRC Press. Web.

Fujisaki, E., & Okamoto, T. (1999). Secure integration of asymmetric and symmetric encryption schemes. Advances in Cryptology—CRYPTO’99. Springer Berlin Heidelberg. Web.

Gordon, A. D., & Jeffrey, A. (2004). Types and effects for asymmetric cryptographic protocols. Journal of Computer Security, 12(3), 435-483.

Layton, T. P (2006). Information Security: Design, Implementation, Measurement, and Compliance. New York: Taylor & Francis.

Liao, H., & Chao. Y. (2008). A new data encryption algorithm based on the location of mobile users, JA: Information Technology Journal, 7 (1), 63-69.

Menezes, A., Oorschot , P., & Vanstone, S. (1996). Handbook of applied Cryptography. New York: CRC Press.

Nadeem, A., & Younus, J. M. (2005). A performance comparison of data encryption algorithms, CA: 1st International Conference on Information and Communication Technology, 2005 (1), 84-89.

Scheirer, B. (1995). Applied Cryptography “Protocols, Algorithms and source code in c. New York: John Wiley & Sons.

Stamp, M. (2005). Information Security: Principles and Practice. New York: John Wiley & Sons.

Quantum Cryptography for Mobile Phones by University of Bristol

This article explains that the use of modern technology has revolutionized the social, economic, and political activities of people. The increase in the sensitivity of mobile transactions and communication necessitates the need for a strong security mechanism that will protect the confidentiality of the information exchanged using these devices (University of Bristol 2014). The article describes the application of an ultra-high security scheme that is capable of using Quantum Key Distributing into mobile phones. The increased use of online platforms for banking, education, business, and political activities has raised the risks associated with this form of communication; therefore, there is the need to develop a secure way of ensuring the security of users’ information is protected. There has been an increase in the number of online attacks, fraud, and theft because most mobile phone users do not see the need to secure their devices (University of Bristol 2014). Dr. Anthony Laing argues that there is a possibility that the use of an optical chip will play significant roles in ensuring that mobile communication is secured. He believes that this will be the latest technology that will guarantee the safety of information received, stored, or send through mobile phones and other communication devices.

Vulnerability in Commercial Quantum Cryptography by Norwegian University of Science and Technology

Research conducted by the Norwegian University of Science and Technology, University of Erlangen-Nürnberg, and Max Planck Institute for the Science of Light in Erlangen exposed the weaknesses of quantum cryptography systems. These institutions used the ID Quantique products to develop and test their hypothesis. They argue that the security of information on mobile phones and other communication devices does not only rely on the laws of quantum physics, but also on the lack of weaknesses in implementing other measures that enhance the safety of information (Norwegian University of Science and Technology 2010).

References

University of Bristol. (2014). “Quantum cryptography for mobile phones.”Science Daily. Web.

Norwegian University of Science and Technology. (2010). “Vulnerability in commercial quantum cryptography.”Science Daily. Web.

According to Anil, Karthik and Abhishek (2008), cryptographic a key must possess certain properties for it to be regarded as secure. The property, which makes the key secure include weak backward secrecy, which is based on the requirement that once a key has been used, no other member in a group is able to discover the key. Another property is the forward key secrecy. Forward key secrecy is based on the requirement that the key should be computationally infeasible. The other property is key independence, which is a requirement for ensuring that an attacker does not know the secrecy of the keys being used and cannot manage to discover the keys (Daemen & Rijmen, 2002).

Two factor key property

The two factor and the three factor schemes guarantee security on the premise that the keys are generated by combining the properties of a token, which include the smartcard and the user’s password with the biometric (OSIRIS) code. Gaddam and Lal, (2010) provide an example, which is based on a two factor scheme without a password. The security of the system, which relies on the two factor keys shows that the security of the scheme relies on the token (for storing the error correction data) and a biometric factor. An intruder cannot acquire both the token and the biometric information at the same time, which makes it difficult for the attacker to successfully intrude and compromise a system. On the other hand, if the attacker comes across the token, he will be required to have all the knowledge about the data, which is stored in the token to be able to successfully compromise the system. Because it is the first step, it is a critical step in the scheme because it is used to ensure that the attacker cannot gain access to the key once the system is compromised. Once the two factor scheme has been implemented securely, the next step is to ensure that the security level of the system is escalated by using a password (Gaddam & Lal, 2010). The password takes the two factor scheme to another level, which is known as the three factor scheme security mechanism. The three factor scheme is able to overcome attacks, which are perpetrated by sophisticated attackers.

The sophisticated attacker has the ability to extract detailed information, which is stored in a token to successfully compromise the system. Thillaikkarasi & Duraiswamy, 2010). Here, the security of the system is guaranteed on the ground that the intruder cannot access all the factors at the same time. It makes it difficult to access information on the three factors, which makes the system secure. To successfully comprise the system, one must access information about the keys. However, the shortcomings of biometric data include biometric noise, which is based on the nature of biometric data and the inability to revoke biometric data. It has been established that biometric data cannot be replaced once it has been compromised and the situation becomes worse because new templates cannot be issued, which make the biometric data to suffer the weakness of template diversity (Jagadeesan, Thillaikkarasi & Duraiswamy, 2010). However, different theories have been proposed on the methods, which can be used to extract the key from the noisy biometric data. One approach is to use the fuzzy extractor. Here an error correction code is used when an input is being supplied to the system, which is followed by the application of a hash function. The rationale for using this method is based on the argument that information, which is leaked into the hash function, does not change the entire process. However, it is important to ensure that the noise biometric data is kept secret and secure from an intruder (Gaddam & Lal, 2010).

Another approach is to ensure that different keys are used for different applications is the use of fixed permutations, which are applied to the bits of the iris-code, which are generated by use of the hashing mechanism (Gaddam & Lal, 2010).

Key Diversity

The next property is key diversity. Key diversity provides that the scheme should operate on elevated security. However, little research has been done in this area. It is not possible for another person to change the biometric properties of a person (Jagadeesan, Thillaikkarasi & Duraiswamy, 2010). In addition, it is difficult for an attacker to feign that they are the actual biometric owners because it is impossible to do so. Biometric features have been shown to be inherent in an individual and are not transferable (Gaddam & Lal, 2010). That makes it critical and important to design a scheme, which provides the user with the ability to generate different keys, which can be used in different applications such as opening a bank account. It is important to ensure that the scheme enables for the provision of keys, which can be revoked when required to do so (Jagadeesan, Thillaikkarasi & Duraiswamy, 2010).

Research studies show that biometric data cannot be kept secret and it is possible to use a camera to capture the iris image in secret using a hidden camera. It is possible to expose biometric data because of the frequency of use of the biometric template. When biometric data is used frequently, it becomes less secret. The vulnerability of biometric data makes it unsuitable for use to ensure security, when used alone. Social acceptance “makes it difficult to use biometric as a technological breakthrough” (Rathgeb & Uhl, 2011). It is possible for “biometric data to be subjected to potential abuse and misuse, leading to public distrust of the biometric keys” (Rathgeb & Uhl, 2011).

Secure key management

The security of the key depends on secure key management is a critical property of the cryptographic system which uses biometric factors such as the eye to generate the keys. In addition, the system can be used to manage the keys to make the system secure by inspiring confidence in the users of the key because the system will be assumed to prevent the threat of unauthorized access (Rathgeb & Uhl, 2011). Other issues of critical importance are key storage and recovery mechanisms to ensure that the key is securely managed. It is important to ensure that a key can be easily revoked to ensure that no users can by accident or illegally access the keys, because it has been revoked. It is important to ensure that keys are chosen randomly from the available key space. Researchers have shown that keys with a long lifespan have to be used sparingly to avoid attackers accessing and attacking then.

Withstanding reverse engineering

It should not be possible to reverse engineer the key if one is given knowledge of the algorithm and the key. Typically, it should be computationally difficult if not impossible for the other one who has the knowledge of the key to reverse engineer it (Daemen, & Rijmen, 2002).

Iris Based Key generation mechanism

Capturing details

Different iris key generation mechanisms have been developed to create a secure and reliable key. One of the methods uses the iris in a process, which consists of extracting the image of the iris (Gaddam & Lal, 2010). The captured image is then converted to binary form in a process, which involves converting the elements of the image, which exist in pixel form of the image into binary form (Anil, Karthik & Abhishek, 2008). Thereafter, the binary data is processed in a procedure known as segmentation and normalisation. The process creates edge maps after the conversion of the images into binary form. After the normalisation process is over, the cryptographic key is generated. The extraction is necessary because it provides the best method of user authentication (Gaddam & Lal, 2010). Typically, the iris has a unique pupil, which looks black in the eye and consists of other unique features including the corona and the freckles. The feature extraction process is discussed below.

Here, the iris features are extracted using a high resolution camera to capture the details of the image colors. The “camera that is used has a resolution of 2 million pixels and a frame rate of 30 fps” (Gaddam & Lal, 2010). Based on the principle of the image density principle, the image has to have a width of 1 cm, which provides a resolution of 100 microns and a cowl of 20 cm by 10 cm (Gaddam & Lal, 2010).

Segmentation

Segmentation is a critical element in the extraction of the details of the iris and provides the basis for capturing and dividing an image into segments. Segmentation is a process which is defined into two steps, which include the process of estimating the boundaries of the iris and the noise removal process (Gaddam & Lal, 2010). The “boundary estimation consists of canny edge detection, which is done in the horizontal and vertical direction of the iris image” (Rathgeb & Uhl, 2011). Here, the “exact image can be established by the use of edge detection maps and based on the Hough transformation” (Rathgeb & Uhl, 2011). Linear filtering is used to determine the gradient of the image intensity. The process involves the use of thinning and thresholds to achieve the desired binary characteristics of the image (Gaddam & Lal, 2010). A good quality image is made by removing noise in it (Gaddam & Lal, 2010). The canny operator has the ability to provide the required characteristics with a binary form of the image. It has been established that the canny operator is reliable and secure compared with other operators available today. A critical look at the Hough transformation method shows that it plays a critical role in the determination and estimation of the lines of the iris, which is critical in ensuring that the image is accurate. In context of the segmentation process, the Hough transformation mechanism provides the basis for ensuring that the each parameter of the center coordinates of the x and y axis of a circle of radius r can be calculated using the following equation:

X²+y²=r²

It is critical in the process to be able to isolate the eyelashes and the eyelids, which occlude the regions, composed of the lower and upper region of the iris. Lines are fitted to ensure that the eye lids are isolated by use of a thresholding method (Gaddam & Lal, 2010).

Normalisation

According to Gaddam and Lal (2010) the pixel intensity is adjusted to ensure that the image of the iris fits into polar coordinates of rectangle with the same characteristics as those of the iris image. The procedure is defined by two processes, which include the Angular resolution, which is based on the radial lines that are generated in the iris area and the Radial resolution, which consists of a number of data points, which form a radial projection around the iris (Gaddam & Lal, 2010). In addition, the next step is to ensure that the features extracted from the iris are encoded appropriately to generate a code of 1024 bits long using the RGB (normalized color channels). It is possible to use the 3RGB to generate 3072 bits to ensure that the image details are protected and secured against the code being generated (Gaddam & Lal, 2010).

The bits generated above can be used to generate the required 128 bit key or the 256 bit key. Here, the AES (Advanced Encryption Standard) is used to generate the private key, which can be used for encryption and decryption (Salomaa, 1996).

Key generation

It is possible to use 128, 192, and 256 bits long keys using AES. Assume that 128 bits were generated from the above conversion and the encryption is done using the AES algorithm, which is based on the encryption, which uses10 runs or rounds of the 128 bits. Each round “consists of a single byte of substitution step, followed by permutations for each row, mixing of the columns” (Rathgeb & Uhl, 2011).the next round is to “gradually add the round key to the results’ (Rathgeb & Uhl, 2011). Each action of processing the input state array generates an output state array, which consist of a 128 bit output block. Here, the “encryption key consists of 44 4-byte words” (Rathgeb & Uhl, 2011). The encryption steps include substituting the bytes, shifting the rows, mixing the columns, and adding the round keys, which then undergoes the XORing step of the output (Gaddam & Lal, 2010).

The decryption consists of “inversely shifting the rows, substituting the bytes in the inverse, adding the round keys, and mixing the columns in the inverse direction” (Gaddam & Lal, 2010). Here, the third round must undergo the XORing operation. Typically, each round must consists of four rounds, which are not discussed here.

A state array is “created at the first step with each word, which consists of a word or 32 bits, or four bytes define the columns and rows in the state matrix” (Gaddam & Lal, 2010).

Evaluation of the security of the iris key generation method

Because the generation of the key depends on biometric factors such as the image of the iris of the user, it is difficult for the attacker to compromise the system which uses the biometric system. Typically, the generation of the key depends on natural factors, which cannot be duplicated by someone else and provides the best method of ensuring the generation of secure keys (Gaddam & Lal, 2010).

Public and private keys for individuals with iris image

Yes it is possible to create a public/private key pair for individuals using the individuals’ iris images. The following discussion shows the rationale of creating and using asymmetric key cryptography instead of the symmetric key cryptography.

The private key generation is based on the symmetric key generation algorithm. On the other hand, the asymmetric key, which is also known as the public key is based on the asymmetric algorithm. Both types of keys operate differently, with the private key being used for encryption and decryption operations. The “public key algorithms are based on two keys, which include the private and public keys” (Gaddam & Lal, 2010). Here, the private key uses the hashed value of the iris code, which is generated by following the data collection, segmentation and normalisation procedures (Gaddam & Lal, 2010). The code acts as the template for the symmetric key, which can reliably be replicated when different forms of the code are hushed. The template is interoperable and can be used on different applications, which is a source of weaknesses in the security of the key because it can be used repeatedly, making the security of the system to be vulnerable. Another problem with the symmetric key is that when it is lost or intercepted or guessed, it is easy to crack the key and decrypt any cipher text in the form of the iris code. It is advisable as a precaution to change the keys frequently, a problem which is inherent in the iris symmetric key. Another challenge is the distribution of the keys. Practical evidence shows that distributing the key, which has been generated for use, is difficult and slow because it is a complex task, which requires extreme care and security to ensure the key distribution mechanism is not compromised. It has also been established that symmetric keys are subject to brute force attack. That could enable the attacker to be aware of the right key by trying out all keys in the key space to discover the right key (Gaddam & Lal, 2010).

To overcome the disadvantages associated with the symmetric keys, the asymmetric key cryptography is used. Asymmetric key encryption is also known as the public key cryptography. The public key is always available for public access and distribution and the private key is always kept secret from the world and it is mathematically related with the public key. There are different methods which can be used to generate the public key and one of the methods is the Siyal’s method. The method can be used on digital signatures based on the DSA and RSA algorithms (Anshel, Anshel & Goldfeld, 1999).

Method for generating the key

The method of generating the public key depends on collecting the features, segmenting, normalisation, and encoding of the features to ensure the correct data with error correction code is generated for key generation as shown in the diagram below (Feng & Wah, 2002).

The key generation is done as follows:

Here, the numbers, which are used, are generated using the iris template. Assume that a 512 bytes have been generated using the iris template based on the Siyal method from the OSIRIS. The creation of the two keys is based on modulo arithmetic, which is not discussed here (Gaddam & Lal, 2010).

If an individual wants to perform a task (communicate) confidentially, they can use a pair of integers (e, n) as the public key and (d, n) as the private key. The public key will be used to encrypt the data and the private key can be used to decrypt the message or data being handled (Gaddam & Lal, 2010). The modulus n, which is selected, must meet the following requirement:

(M^e) ^d = M^ed = M (mod n)

The encrypted message in the above expression is C=M ^e mod n, which underpins the need to establish the guarantee that the value of M can be decrypted by using C^d mod n. Now that the guarantee is established that the n is the product of two prime numbers (p ×q-where p and q are relatively prime numbers to each other or coprimes), then the public/private keys can be implemented as follows.

Select two relatively prime numbers p (p=13) and (q=19) for the purpose of demonstrating generation and use of the keys using the RSA algorithm.

n= p ×q = 13×19=247

n= (p-1) × (q-1) = 12 × 18 = 216.

The values of keys are KU (5, 247) and KR (173, 247).

For the iris situation, the above steps are used to arrive at the right public and private keys.

Applications of the keys

The biometric key can be applied in a wide range of areas to provide the required security, which includes password replacement and authentication purposes. It has been established that simple passwords can be easily cracked and long passwords are difficult to crack and remember. The weaknesses with the conventional methods provide evidence of the need to use biometric encryption keys, which provide better security because it is difficult to forge a biometric feature, which belongs to a specific individual (Bertoni, Breveglieri, Koren, Maistri & Piuri, 2003).

Digital signatures

Digital signature provides an additional method of securing documents to ensure that the system has additional security. In addition, if a digital signature mechanism is combined with the iris key generation mechanism, the combined security makes the approach much more secure (Bertoni, Breveglieri, Koren, Maistri & Piuri, 2003). Digital signature generation depends on the properties of the eyes, which have been discussed before (Gaddam & Lal, 2010). The following steps are critical in generating the key verify the security of the key in use.

Signature generation

When a message is hashed and some computation done on it using the MD5 or the SHAI message digest algorithm, a digital signature is generated by signing the output from the hash with m. Here, the message is encrypted using the hash mechanism and is expressed as H (m). The formula that is used is expressed as S = (H(m))^d mod n where S is taken to be the digital signature and the message is encrypted by using the m+s mechanism and decrypted using the m+ S method (Bertoni, Breveglieri, Koren, Maistri & Piuri, 2003).

Two important properties

For the key generation to be effective, and to enforce the require security, the algorithm used must not allow the key to be mathematically computed if the attacker is given the knowledge of the encryption algorithm and the encryption key (Garfinkel, 1996). It is critical for each system to be able to generate its own key. When generating the keys, it is important to ensure that the large integers, which are the coprimes that are used.

References

Anil K, J., Karthik, N., & Abhishek, N. (2008). Biometric template security. EURASIP Journal on Advances in Signal Processing, 1(2), pp.34-45

Anshel, I., Anshel, M., & Goldfeld, D. (1999). An algebraic method for public-key cryptography. Mathematical Research Letters, 6 (2), 287-292.

Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., & Piuri, V. (2003). Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. Computers, IEEE Transactions on, 52(4), 492-505.

Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES-the advanced encryption standard. New York: Springer.

Feng, H., & Wah, C. C. (2002). Private key generation from on-line handwritten signatures. Information Management & Computer Security, 10(4), 159-164.

Gaddam, S. V., & Lal, M. (2010). Efficient Cancelable Biometric Key Generation Scheme for Cryptography. IJ Network Security, 11(2), 61-69.

Garfinkel, S. L. (1996). Public key cryptography. Computer, 29(6), 101-104.

Jagadeesan, A., Thillaikkarasi, T., & Duraiswamy, K. (2010). Cryptographic key generation from multiple biometric modalities: Fusing minutiae with iris feature. Int. J. Comput. Appl, 2(6), 16-26.

Rathgeb, C., & Uhl, A. (2011). Context-based biometric key generation for Iris. IET computer vision, 5(6), 389-397.

Salomaa, A. (1996). Public-key cryptography. Berlin: Springer.

Introduction

Cryptography signifies that which is concealed or hidden. It is writing or a description in a brief manner that secretly conveys a particular intelligence or words that we may wish to communicate. Cryptography may be used as a form of clandestine communication. The art of cryptography is a legitimate form of communication that is acknowledged in the world.

This is because there can be some times of danger and stress between individuals or nations that will make the use of cryptography inevitable especially when there is need to carry out a successful operation, by ensuring that the enemy does not get to understand the deliberations or communications between various agents of government (Ashchenko, 2002).

Cryptography is the study of mathematical techniques for different dimensions of security. The other words that are closely related to cryptography are cryptanalysis and cryptology. Cryptanalysis is the science that is applied in defeating the mathematical techniques while cryptology is the study of both cryptography and cryptanalysis. The terminologies that are applied in cryptography include:

Encryption: this is the action of concealing or disguising a message with an intention of hiding the information content. This may be achieved through encoding or enciphering.

Protocol: this is an algorithm which can be defined by series of steps and can specify the series to various parties.

Plain text: this is the message that can be transited or that can be stored whether encoded or decoded.

Cipher: this is a map from a space of plain text to a space of cipher text

Encode: to convert a message into a representation in a particular standard alphabet

Decode: to covert the coded message back into its original alphabet.

Keeping Information Private

Secrecy of communication can take many forms just in the same way that the perception regarding the movement the eye can be interpreted to give different meanings.

The key features of information that can enhance the security of information are confidentiality, privacy, integrity of data, authentication and non repudiation. Security of message is always addressed by cryptographic standard methods. Any information that is stored on a data base can easily be accessed and shared by the intruders (Privacy and Human Rights, 2003).

Privacy of information is an inherent culture of every individual. The emergence of computer technology and especially communication transmitted through computer networks have raised a lot of ethical concerns regarding privacy due to the volume of information that passes through a computer in one day. Computer privacy raises several ethical and moral dilemmas.

There are several technologies that have been developed to enhance privacy during communication. These technologies include cryptography, authentication and digital signatures.

Cryptography, for example, is a technology that can utilize several firms of algorithms and protocols in computer networks. Computers have raised few and new privacy problems mainly resulting from communication and storage of information (Diane, 1997).

The technologies that enhance privacy have raised several concerns among governments and other authorities due to the difficulty of the interception of the encrypted communication that is transmitted through computer networks.

The main ethical issue is the dilemma between the privacy of a group and individuals and their safety and security, for example, on what side the government would want to maintain the privacy of its citizens but at the same time it would wish to have knowledge of the information that is transmitted for security purposes.

There are therefore several devices and techniques that have been developed to enhance interception (Computer Professionals for Social Responsibility, 2009).

At this age of computer, private or personal information which has been transmitted through the computer can be stored through a data base, this database can be searched and accessed by any person and it can be used for purposes of advertisement without the knowledge of the communicating parties.

Consequently, privacy is not perceived in similar manner and it is not viewed in the same dimension, various countries and several individual have different perceptions of what privacy is (Diffie & Landau, 1998).

Computer Systems and Networks Threats

The advent of computer has raised several privacy issues and users are worried that they might risk loosing their information to authorities or companies who may utilize it for commercial purpose. Privacy is defined as the right of an individual or a group of people not to expose information touching on their personal issues; it may as well be understood as the right to maintain personal information from being misused.

Privacy on computer networks are vulnerable to access and manipulation by unauthorized intruders who have no right to such information. Since time immemorial, communication between people has been left exposed to both gossip and government (Banisar, 1995).

The interception of both telephone and telegraph conversations is a normal occurrence. The development of computer network has enhanced the degree of communication leading to an increase in the volume of data sent through telecommunication and network systems.

The wireless computer networks have enhanced eavesdropping of conversations. The threats emanating from computer networks have never been solved (Pipkin, 1998). Among the threats that have been enabled by the computer network include the following:

Criminal Actions: information technology has expanded freedom of expression and the open architecture of the internet has exposed the society to threats of criminal communication. These criminal acts should be protected under free speech. There are several criminal acts that are executed through the computer which is connected to a particular network.

These criminal actions include software piracy, computer sabotage and the electronic break-ins. The criminal actions of software nature can be executed when proprietary software, monies and music gets copied and distributed in networks without permission.

Other categories of crimes of the software nature are viruses, worms and Trojan horses; they have the ability of infecting computers with malicious pieces of code. Computer break-ins are actualized by hackers who at many occasions have the power to break into forbidden system without the permission of the owner.

Computer trespass can also be a form of criminal activity of technological nature. Trespass fall in the category of spam (Horniak, 2004).

Cryptography and Protection of Privacy and Public Safety

The protection of individual rights is the main aim of cryptography. It facilitates the safe custody of private information from thieves and intruders. This enhances security and privacy of individual information. The private use of cryptography may at times lead to privacy problems, several countries have expressed reservations that encrypted information can be intercepted by enemies.

Consequently, the problem from the use of cryptography is that any communication that is passed by use of computer networks is that it is hard to wiretap such as telephone communication.

This has led to the regulations of all the encrypted keys whether public or private by the use of the Clipper Chip which enhances wiretapping of communications. Other wiretapping devices used are the carnivore and echelon (Encyclopedia of Business, 2011).

Policies in the use of Cryptography

The significance of information and communication technology is gaining prominence and popularity in the society and the global world economy. This is necessitated by the intensification and the increase in the value and the quantity of data that is transacted and transmitted.

These communication systems and the networks are growing increasingly vulnerable to various threats like unauthorized access, misappropriation, alteration and destruction (Electronic Privacy Information Center, 2009). The increased proliferation of computers has enhanced the computing power growth of networks, convergence of information and communication technology and decentralization.

Cryptography is considered as a best component of securing information and communication systems, hence there are varieties of technologies that have been developed to incorporate cryptographic techniques to provide security. Cryptography is an important tool and an effective measure of ensuring that data transmitted is confidential and of integrity but the increased and widespread use of cryptography raises several issues.

Every government has the responsibility to protect the privacy and rights of its citizens among other inherent rights (Furnell, Lambrinoudakis & Pernul, 2011).

Cryptography was commonly used exclusively by government unlike in the modern times when it is accessible and available to every individual willing to have. It has been used to encode information so as to conceal secret messages from being accessed by unauthorized parties. This is particularly in the case of military and national security uses.

Cryptography utilizes algorithm in order to transform data so as to render it unintelligible to all those parties who do not have the knowledge or copy of secret information which is often referred as cryptographic key which is necessary for the decryption of the data.

The use of cryptography has been enhanced by the increased circulation of power caused by development of digital computing which has made it possible to utilize complex mathematical algorithms for the encryption of data.

The advancement of information and communication technology has facilitated vast and bulk transmission of information which can be copied faster and stored very quickly.

This has prompted the need for protection of privacy and the maintaining of data confidentiality of both private and public records and even commercial data. Cryptography is critical and an effective tool to address such technological problems in a networked environment since it can be used to conceal and protect classified information and data. The policies that can be taken into consideration regarding cryptography are:

User Trust: individuals, authorities, enterprises and governments are all affected by electronic information and communication systems yet they all have increased dependence on uninterrupted proper functioning. These users need to be assured that the communication systems can be made reliable and secure especially in this era of electronic commerce and electronic funds transfer.

Lack of confidence in these systems can hinder the development and the use of information and communication technologies. With the advent of credit card, failure to have a secure security and communication system may easily result losing if huge amounts of cash.

The users of this system require to be trustworthy and to have a strong sense of confidence in the existing information and communication technology (Golic, 1995).

User Choice: solutions to protecting any threat to information and communication technology can take different forms and the choice of cryptographic methods is wise since it is available to meet all the wide varieties of the user requirements and data security which may comprise hardware and software which show the potential to integrate all the products that can provide some strength and complexity based on the type of algorithm and the product.

Market Driven Development: the private sector is an indispensable partner in the creation of information infrastructure and they are the ones who are responsible for its creation and construction hence they have the duty to develop the products and to determine the standards based on the needs of the market.

There are however some cases where the government may influence the product development by expressing their specifications for particular product but care is always observed as to hinder government from driving the markets towards their favored directions.

Standardization: this is an important ingredient in security mechanism. Cryptographic methods together with information infrastructure develop quickly due to market dominance. There is always need for the government and the infrastructure industry to work together by providing the necessary architecture and the information’s standards in order to enhance the production of quality information and communication system.

Protection of Privacy: privacy is a fundamental right and the confidentiality of information is an inherent value in any democratic society. The right to privacy has been placed at a greater risk due to the advancement of communication and information technology infrastructure. Cryptography forms a basis of a new dawn in privacy enhancement techniques.

Use of an effective cryptography in any networked environment can aid in protecting privacy of personal information. Failure to make use of cryptography in an environment where data is not secure may jeopardize some interests like national security and the safety of the public. Cryptography maintains the integrity of data especially in electronic transactions where lack of privacy may have some implications (Garay, 2010).

Lawful Access: a controversial policy regarding cryptography is the conflict between confidentiality and public safety. Whereas cryptography is necessary in the protection of privacy there may be a need to consider circumstance for lawful access to information by the public. There should be rules guiding the interception and access of information by the government (Department of Justice, 2000).

Conclusion

Computer has made communication flow to be very efficient. A lot of information is transferred from one place to another. Some of the information transferred might be quite sensitive as it might be touching on personal details of significant people in the society. Information transferred over computers through the internet ought to be protected against unauthorized intervention.

At this age of computer literacy, the art of computer hacking has been perfected and information transferred from one place to another is prone to be interfered with. Hacking is a great threat to securities of nations as terrorists can access vital information about a country’s national security system and use to plan launch attacks.

Hacking also poses a great danger of exposing personal information and business secrets to unknown parties who may use information to their own advantage but at the expense of the owners of the information. Encryption provides a solution to the hacking threat. The security of any information transferred is boosted by encrypting the information.

By encrypting information it becomes hard to access such information. However, it has been noted that encryption may pose another challenge to the government as it will very hard to detect information flow which may targeted at compromising the security of a country. For this reason, encryption is always controlled and the government can always intercept any information for the sake of a nation’s security.

References

Ashchenko, V. (2002). Cryptography: an introduction, American Mathematical Soc. New York, NY: Prentice Hall.

Banisar, D. (1995). Cryptography and Privacy Sourcebook, 1995: Documents on Encryption Policy, Wiretapping, and Information. New York, NY: DIANE Publishing.

Computer Professionals for Social Responsibility. (2009). The Third CPSR cryptography and privacy conference: sourcebook. Pennsylvania: Computer Professionals for Social Responsibility. Pennsylvania, PA: Cengage Learning.

Department of Justice. (2000). OECD guidelines for cryptography policy: report on background and issues of cryptography policy. Department of Justice. Web.

Diane, P. (1997). Cryptography and Privacy Sourcebook. New York, NY: DIANE Publishing Company.

Diffie, W & Landau, S. (1998). Privacy on the Line: The Politics of Wiretapping and Encryption. New York, NY: The MIT Press.

Electronic Privacy Information Center. (2009). Cryptography and Liberty 1999 An International Survey of Encryption Policy. Global Internet Liberty Campaign. Web.

Encyclopedia of Business. (2011). Computer security. References for Business. Web.

Furnell, S, Lambrinoudakis, C & Pernul, G. (2011). Trust, Privacy and Security in Digital Business: 8th International Conference. New York, NY: Springer.

Garay, J.A. (2010). Security and Cryptography for Networks: 7th International Conference, SCN 2010. New York, NY: Prentice Hall.

Golic, J. (1995). Cryptography: policy and algorithms: international conference. Brisbane, Queensland: Springer.

Horniak, V. (2004). Privacy of communication- ethics and technology. Malardalen University. Web.

Pipkin, D.L. (1998). Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, NJ: Prentice Hall.

Privacy and Human Rights. (2003). An International Survey of Privacy Laws and Developments. Privacy International. Web.

Cybersecurity is one of the central issues in the operation of any modern technology or program. Any projects involve the transfer of confidential data both for internal use by companies and for external developments. Currently, I work as an IT project manager and lead a team that develops various products and programs for clients’ needs. I know that an IT project manager must operate significant amounts of information, ensure its confidentiality, and correct use to meet the needs of clients. For this reason, it is essential for me to know the features of cryptography algorithms as an IT project manager to ensure the security of customer information and develop the most secure and convenient product.

A project manager is a professional who provides communication between clients and the team that creates the product. My main tasks as a project manager include the definition and set of tasks, control over their implementation, documentation, and constant communication with the client. For this reason, I constantly transmit, create, and manage a significant amount of documents and confidential information, which must be protected from unauthorized persons. Often this information has commercial value, so its leakage can cause losses to customers and legal consequences for performers. Consequently, one of my concerns as a project manager is knowing secure communication channels and ensuring that they are used correctly.

For this reason, I must be able to assess the security risks and weaknesses of communication channels to prevent their use by intruders. For example, Alali et al. (2018) present a Fuzzy Inference Model for assessing security risks and highlight that the most common threats areas are DoS (and DDoS), malware, web-site defamation, spam, and e-mail phishing attacks. A correct risk assessment by a manager and taking measures to prevent them, for example, training the team and clients using special encryption programs for e-mail and secure communication systems will help keep client information safe. Thus, my other responsibility is to find and prevent all possible causes of information leakage and ensure that all my team members and clients know how to use different pieces of software and web-sites developed for internal communication.

Moreover, this knowledge of data security risk assessment contributes to the correct determination of the client’s needs and the setting of tasks for the team. For example, gadgets connected to smartphones over wireless communication require different security protocols and encryption algorithms than payment systems for online shops. Hence, I, as the project manager, must understand the differences to attract the necessary professionals to the project. In addition, as Haney et al. (2017) note, 90% of organizations turn to cryptographic standards to develop cryptographic implications and often also apply them for product design and testing.

Therefore, knowledge of these standards is necessary for a project manager to monitor team members’ work and report progress to clients. At the same time, knowledge of cryptography is vital for me to explain the features of the product in simple words, since specialists most often use terminology that is unclear and confusing to ordinary users (Haney et al., 2017). Thus, an understanding of the basic data protection processes is necessary for a projector manager to set the tasks for the team correctly.

Another important aspect for a project manager is understanding the basic algorithms and models of data encryption and their differences to find the most suitable option for the client. Patil et al. (2016), in their study, compare the main algorithms of symmetric and asymmetric encryption and demonstrate that they have significant differences affecting the functioning of products. For example, while asymmetric algorithms are considered more secure due to the presence of a private, confidential key, they require more operative memory and more time to encrypt data (Patil et al., 2016).

At the same time, the symmetric AES algorithm requires the highest bandwidth for transmission, which is also difficult and more expensive for some products (Patil et al., 2016). Therefore, this cryptographic algorithm may not be available for some programs due to their limited functionality or the cost of a project. Hence, my knowledge of these differences will help me reduce the number of consultations by specialists and the project planning process, which will decrease the time for its implementation. In this way, customers and the team will be more satisfied with the collaboration due to the reduction of unnecessary discussions.

In conclusion, this review demonstrates that knowledge of basic theories and concepts of cryptography is a necessary skill for me as an IT project manager. The ability to assess security risks allows me to ensure the confidentiality of customer data by providing secure transmission and storage channels. In addition, this skill helps to identify the necessary aspects for inclusion in the development of product safety systems. At the same time, knowing the differences between the main encryption algorithms allows a manager to determine the most suitable option for clients, set tasks for the team, and shorten the period for discussing requirements. Therefore, I will be able direct a team more efficiently and provides high-quality customer service.

References

Alali, M., Almogren, A., Hassan, M. M., Rassan, I. A. L., & Bhuiyan, M. Z. (2018). Improving risk assessment model of cyber security using fuzzy logic inference system. Computers & Security, 74, 323–339. Web.

Haney, J. M., Garfinkel, S. L., & Theofanos, M. F. (2017). Organizational practices in cryptographic development and testing. 2017 IEEE Conference on Communications and Network Security (CNS). IEEE. Web.

Patil, P., Narayankar, P., Narayan D.G., & Meena S.M. (2016). A comprehensive evaluation of cryptographic algorithms: DES, 3DES, AES, RSA and Blowfish. Procedia Computer Science, 78, 617–624. Web.

DES

Data Encryption Standard is basically a symmetric-key algorithm used in the encryption of data of electronic nature. The algorithm was developed in the 1970s by IBM as an improvement of the earlier version by Horst Fesitel. The modified version was approved by the National Bureau of Standards in consultation with the National Security Agency (Kumar and Srivastava 38). The original DES was improved through strengthening against differential cryptanalysis.

DES is a block cipher that transforms a fixed-length plaintext into a cipher text bit string using a key to customize the process to enable protected decryption by individuals with knowledge on the key used in encryption. Usage of DES can only be done safely in the mode of operation. The algorithm is exposed to a brute-force approach attach. However, the level of exposure is minimal since the intruder must know a series of specified chosen plaintexts (Kumar and Srivastava 39).

DES has certification weaknesses and exposed to other attacks such as linear cryptanalysis, differential cryptanalysis, and Davies’ attack. DES is relatively insecure due to its 56-bit size, which is small. In fact, the Electronic Frontier Foundation in collaboration with the distributed.net managed to break the DES key in less than 24 hours in 1999 (Kumar and Srivastava 40).

Moreover, a series of analytical results have demonstrated theoretical weaknesses in DES cipher. DES was used as a federal standard for unclassified data (Kumar and Srivastava 39). It usage has spanned more than 30 years with the latest version called the Triple DES being approved for sensitive information by the government up to the year 2030 (Kumar and Srivastava 40).

Triple DES

Triple DES was first published in 1998 as an improvement of DES. The cipher components include block sizes of 64 bits and key sizes of 112, 168 or 56 bits (Barker 9). The structure of Triple DES is Fesitel network and has 48 DES-equivalent rounds. This algorithm provides three keying options with a key length of 160 bits (Barker 15). The three layers make Triple DES secure and more stable. However, it can only provide an effective security of 112 bits. Triple DES is generally exposed to known-plaintext and chosen-plaintext attacks. Triple DES is used in the electronic payment sector to promulgate and develop standards such as EMV. For instance, Microsoft Outlook 2007, Microsoft Configuration Manager 2012, and Microsoft OneNote use this algorithm to password guard system data and user content (Barker 12).

RIJNDAEL/AES

AES is a specification used in the encryption of electronic data. The algorithm was adopted in the US in 2001 by the National Institute of Standards and Technology. It is basically a sub-set of the Rijndael cipher developed by two cryptographers called Joan Daemen and Vincent Rijmen in 1998 (Mahaveerakannan and Gnana 31). The algorithm has been accepted by the government of the US and other parts of the world.

AES comes in different packages. It is derived from square and has NSA, NESSIE, AES winner, and CRYPTREC certifications. The key sizes are 128, 192, and 256 bits. Its block sizes are 128 bits. The algorithm has substitution-permutation structure network and has 10, 12, and 14 rounds, which are dependent on the key size. AES is exposed to side-channel attacks (Taha 9). However, the 10 to 14 rounds make AES less vulnerable. AES is used by the US government for non-classified documents protection (Mahaveerakannan and Gnana 31).

MARS

Created in 1991 by Jerome Friedman, MARS is a non-parametric technique for regression and often seen as a linear model extension capable of automatically modeling nonlinearities between variables. Model building using MARS occurs in forward and backward pass phases (Chaudhari et al. 441). This makes it easy to use and enable a user to integrate multiple variables at any time. MARS is also very flexible compared to other linear regression models. However, the user is limited in the number of variables to use in the forward pass phase. Moreover, it only permits one of two interaction degrees. The algorithm is used in regression analysis (Chaudhari et al. 443).

RC5

RC5 is a simple cipher of symmetrical-key block nature created in 1994 by Ronald Rivest. Its successors are Akelarre and RC6. RC5’s key sizes are from 0 to 2040 bits while the block sizes are 32, 64, and 128 bits. The structure of RC5 is Fesitel-like network and has 1 to 255 rounds (Ramos 9). This makes the algorithm relatively stronger since encryption involves many rounds, depending on the level of needed security (Mahaveerakannan and Gnana 38). However, the 12-round RC5 is vulnerable to differential attacks when 2⁴⁴ is used as the chosen plaintexts.

RC6

First published in 1998, RC6 was designed and developed by Matt Robshaw, Ron Rivest, Yiqun Lisa Yin, and Ray Sidney. This algorithm is derived from RC5 and has AES finalist certification. The cipher key sizes are 128, 192, and 256 bits while its block sizes are 128 bits (Taha 31). RC6 has 20 rounds and functions on type 2 Feistel network. RC6 is used in NSA implants (Taha 31). For instance, in 2016, the Equation Group revealed several codes used in network security that uses RC6 for communication confidentiality. The multilayer in each round makes this cipher strong and relatively stable (Mahaveerakannan and Gnana 27). However, RC6 is also exposed to differential attacks as its predecessor.

Serpent

First published in 1998, Serpent is a symmetric cipher designed and developed by Lars Kudsen, Eli Biham, and Ross Anderson. Serpent is derived from Square and has AES finalist certification. Its key sizes are 128, 192, or 256 bits while block sizes are 128 bits. The structure of Serpent is substitution-permutation network and comes with 32 rounds (Mahaveerakannan and Gnana 51). The numerous public attack trials have not succeeded to penetrate the full-32 rounds cipher. Trial attacks in 2011 only managed to break 11 rounds. This makes this cipher secure and relatively predictable. However, an effective XSL attack might weaken Serpent (Graves and Graves 23). This cipher is available for public use since there are no encumbrances with regards to user restrictions.

Blowfish

Blowfish is also a symmetric-key block cipher that was designed and created by Bruce Schneier in 1993. This cipher is known to provide a stable encryption in software. Since its creation, there has never been am effective cryptanalysis. Blowfish is multi-purpose algorithm that improves on the challenges of DES (Mahaveerakannan and Gnana 13). Since it is unpatented, the cipher is available for use across the globe in the public domain. Its successor is Twofish.

Blowfish’s key sizes are from 32 to 448 bits and block sizes are 64 bits. The cipher has 16 rounds and functions on Feistel network. This makes the cipher difficult to penetrate. However, the first four rounds of Blowfish are vulnerable to differential attack of second order (Wang et al. 1272). Moreover, the 64-bit size makes this cipher susceptible to birthday attacks, especially in HTTPS context.

Twofish

Also designed and created by Bruce Schneier in 1998, Twofish is a symmetric-key block cipher derived from Square, SAFER, and Blowfish. This cipher is related to Threefish and has AES finalist certification. Its key sizes are 128, 192 or 256 bits while block sizes are 128 bits. Twofish has sixteen rounds and structured in Feistel network, which makes its secure as the multilayer keys are difficult to penetrate (Wang et al. 1271). Its distinctive features have made this cipher a complex key schedule to integrate the Maximum Distance Separable matrix. Twofish is available in public domain. This cipher is exposed to impossible differential attack, which is capable of breaking the first six rounds.

Threefish

Threefish was first published in 2008 and developed by Bruce Schneier, Jesse Walker, Doug Whiting and others. This cipher is related to Blowfish and Twofish. Its key sizes are 256, 512, and 1024 bits and block sizes are 72 bits. Threefish has a speed of 6.1 cpb on core 2. This cipher has a mix function and permutation steps change position of texts according to preset constant pattern. This makes Threefish secure. However, it is exposed to rebound attack, which affects its Skein hash function as established in 2010 (Graves and Graves 24). Moreover, Threefish is susceptible to bommerang attack, especially for its 32-round version.

IDEA

First published in 1991 and designed by James Massey and Xuejia Lai, IDEA is a symmetric-key block cipher created as a replacement of DES. The design was sponsored by the Hasler Foundation and is currently available freely for non-commercial usage. This cipher has been used in the BassOmatic, Pretty Good Privacy and is available optional Open PGP algorithm standard. IDEA’s successors are MESH, MMB, IDEA NXT, and Akelarre.

Its key and block sizes are 128 bits and 64 bits, respectively. IDEA has 8.5 rounds and Lai-Massey scheme structure (Graves and Graves 61). The differential cryptanalysis by its designers revealed that IDEA is immune algebraic or linear weaknesses. A trial in 2013 to recover the key revealed that IDEA is vulnerable to computational complexity attack with the use of narrow bicliques. Moreover, IDEA’s simple key structure makes it to generate weak encryption.

CAST-128

First published in 1996, CAST-128 was designed by Stafford Tavares and Carlisle Adams as a symmetric-key block cipher. It has been used in different products as the primary default cipher in PGP and GPG. CAST-128 successor is CAST-256 and has 12 or 16 rounds (Lobo and Lakshman 16). The key and block sizes are 40 to 128 bits and 64 bits, respectively. This makes the algorithm secure and easy to integrate. However, it is susceptible to differential and Brute-force attacks.

CAST-256

First published in 1998, CAST-256 is a symmetric-key block cipher as a replacement of AES. However, it did not make it to the final list of preferred algorithms. It is derived from CAST-128 and has 48 rounds (Graves and Graves 62). CAST-256 structure is generalized type 1 Feistel network and has key sizes of 128, 160, 192, 224, and 256 bits. Its block sizes are 128 bits (Lobo and Lakshman 13). The many rounds make this cipher safe and secure. However, it is known to be vulnerable to zero-correlation cryptanalysis using a secret key.

Camellia

First published in 2000, Camellia is derived from E2 and MISTY1. This cipher was designed by Mitsubishi Electronic in collaboration with NTT and has NESSIE and CRYPTREC certifications. The cipher is used for hardware and software implementations ranging from low-cost to high-speed smart cards and network systems. Camellia is integrated in the Transport Layer Security to offer communication security in computer networks (Graves and Graves 78).

This cipher has Feistel network structure with key and block sizes of 128, 192 or 256 bits and 128 bits, respectively. Camellia has 18 or 24 rounds. This cipher is considered safe, modern, and infeasible to penetrate even by Brute-force attack (Zhang et al. 14). At present, there has never been a successful attack on this cipher. Camellia is used by the Japanese CRYPTREC project, the EU’s NESSIE and the IEC/ISO (Fouda et al. 586).

DEAL

DEAL is a symmetric-key block cipher designed by Lars Knudsen and published in 1998. This cipher is derived from DES and related to Ladder-Des. Its key and block sizes are 128, 192, or 256 bits and 128 bits, respectively (Graves and Graves 35). DEAL has 6 or 8 rounds with Nested Feistel network. The cipher many rounds makes it safer. However, it is exposed to Brute-force and differential attacks, especially in low keys (Wang et al. 28).

LOK197

Designed by Lawrie Brown, Jennifer Seberry, and Josef Pieprzyk, LOK197 is a symmetric-key block cipher created in 2001. This cipher is relatively safe and has multiple usages in securing electronic data (Zhang et al. 14). However, it is exposed to Brute-force and differential attacks, especially in low keys. However, the multiple layers in each round make the cipher relatively secure (Su et al. 244). The encryption algorithm has low reliability, thus, limiting its usage in software and hardware support.

DFC

Decorrelated Fast Cipher (DFC) is also a symmetric-key block published in 1998 by a conglomerate of researchers drawn from France Telecom, CNRS, and Ecole Normale Superieure. DFC is related to COCONUT98 and has 8 rounds. Its key and block sizes are 128, 192, or 256 bits and 128 bits, respectively (Graves and Graves 13). The cipher is exposed to timing, differential and linear at tacks due to its low native capabilities in low key (Lobo and Lakshman 45). However, in high key, DFC is secure and allows for many cipher parameter choices using modified keys schedules to phase out weak keys.

MAGENTA

First published in 1998, MAGENTA is a symmetric-key block cipher designed by Klaus Huber and Michael Jacobson. It has 6 or 8 rounds with key and block sizes of 128, 192, or 356 bits and 128 bits, respectively. MAGENTA’s structure is Feistel network (Albers and Mazur 45). This cipher is used for general encryption and support of network telecommunication apps. However, it is slower in low key and exposed to differential attacks. However, MAGENTA is relatively secure or immune under specific protocols.

E2

E2 cipher is a 12 rounds symmetric-key block that was published in 1998 and designed by NTT (Lobo and Lakshman 21). Its successor is Camellia and has key and block sizes of 128, 192, or 256 bits and 128 bits, respectively. Unlike some ciphers, E2 has an output and input transformations that use modular multiplication, thus, multiple usages (Zhang et al. 14). However, its round function is limited to S-box and XORs lookups. Most of E2 component have been integrated in Camellia.

CRYPTON

Designed by Chae Hoon Lim and first published in 1998, CRYPTON is a symmetric-key block cipher created to replace AES. This cipher is relatively efficient, especially in hardware implementations (Albers and Mazur 19). For instance, Future Systems Incorporation has successfully used this cipher in their hardwares. CRYPTON has four steps in its round transformation consisting of column-wise, byte-wise, column-to-row, and final-key. This cipher uses 12 rounds and has substitution-permutation network. It is derived from Square. CRYPTON has key and block sizes of 128, 192, or 256 bits and 128 bits, respectively (Lobo and Lakshman 45). However, this cipher is weak in low key and exposed to Brute-force and differential attacks.

Statistical Test

NIST Tests

This is a statistical package with fifteen tests developed to check the randomness of binary sequences that are produced either by software or hardware-based pseudorandom or cryptographic generators (Albers and Mazur 19). All the tests are focused on different varieties of non-randomness that might exist within a sequence. First implemented in 1987, NIST tests have facilitated the development of rich transcription in addition to documenting the past and present state (Lobo and Lakshman 31). NIST tests have evolved throughout the years in domains that different but complimentary in nature (Chai et al. 203).

Among the notable tests are frequency (monobit) test, frequency test within a block, run test, test for the longest run of ones in a block, binary matrix rank test, discrete fourier transform (special) test, non-overlapping template matching test, overlapping template matching test, Maurer’s universal statistical test, linear complexity test, serial test, approximate entropy test, cumulative sums (Cusums) test, random excursions test, and random excursions variant test (Zhang et al. 14).

The order of running these tests may vary from time to time depending on the output and intention (Lobo and Lakshman 49). However, it is generally suggested that the frequency test should be first since it is capable of providing basic evidence on existence or nonexistence of randomness within a sequence. In the event that this test fails, it is almost certain that all other test will fail (Albers and Mazur 19).

Diehard Tests

First published in 1995, diehard tests consist of several statistical tests used to measure the random number generator quality. These tests were created by George Marsaglia over the years (Wang et al. 1273). There are sixteen tests, which include birthday spacings, overlapping permutations, ranks of matrices, monkey tests, count the 1s, parking lot test, minimum distance test, random spheres test, squeeze test, overlapping sums test, runs test, craps test, binary rank test, bitstream test, tests DNA, OQSO, and OPSO, and 3D sphere test among others (Albers and Mazur 19). Most of these tests return a p-value, which has to be uniform on coordinates [0, 1], especially if and only if the input variable has independent bits that are random in nature (Niu et al. 9).

These p-values are derived by p=F(X). In this case, F connotes the assumed distribution within the sample variable X. In application, the assumed F is often an asymptotic estimation. This means that there are incidences when p-values are close to 0 or 1(Zhang et al. 14). These tests are used to benchmark and test random number generators. For instance, running all the tests might be instrumental in creating a user-controlled report.

The results may then be used in formatting the test power and multiplier in default number sequences. In their binary mode, the diehard tests are instrumental in causing the output ran to be transcribed in raw binary and not as formatted ascii (Lobo and Lakshman 41). Moreover, the output flag in diehard tests permits the selection of fields for inclusion in the final output. This means that each flag may be entered as an independent binary number capable of turning a specific header or output field by flag name. In addition, these tests are significant in resolving ambiguity. For instance, a diehard test with weak or undesirable results would pinpoint a problem in the inputs (Wang et al. 1272).

In order to avoid this, a series of diehard test could be used to examine infrequent weak returns since the p-value is uniformly distributed. Therefore, running several tests would confirm if the undesirable results are reproducible or just an extreme value that could be ignored (Liu et al. 112). In the end, these tests will eliminate any preexisting bias influenced by personal judgment of assuming a small and unlikely default threshold of failure.

ENT Tests

Developed over the last three decades, ent is a program created to rest the sequences of bytes within a file and create a report from the results of these tests. The ent program is important in evaluation of pseudorandom generator of numbers for compression algorithm and statistical sampling and encryption applications (Lobo and Lakshman 45). The program performs a series of tests on input to produce output following a standardized output stream (Zhang et al. 14).

The values calculated are derived through entropy, Chi-square test, arithmetic mean, Monte Carlo value for Pi, and serial correlation coefficient using options b, c, f, t, and u (Mehler and Romary 58). The entropy is used to examine the density of information at random intervals in order to permit or disallow compression of a file. Since Chi-square test is highly sensitive to errors, it use “indicates how frequently a truly random sequence would exceed the value calculated, which is interpreted as the degree to which the sequence tested is suspected of being non-random” (Wang et al. 1272).

The arithmetic mean indicates degree of high or low values for consistency. Lastly, the serial correlation coefficient “measures the extent to which each byte in the file depends upon the previous byte” (Zhang et al. 1058). However, in the event that an infile is not specified, the ent program derives its input function from the standardized input (Lobo and Lakshman 49).

TestU01 Tests

TestU01 is basically a software library created in ANSI C language. The library offers a series of utilities for random number generators and empirical testing of randomness. Among the notable TestU01 tests are Small Crush (consisting of other ten tests), Crush (consisting of ninety six tests), and Big Test (consisting of one sixty tests).The development of TestU01 span to more than five decades with the initiatives Donald Knuth in 1969 (Lobo and Lakshman 45).

These tests were improved by George Marsagalia in 1996 with his proposed 15 tests. Features of TestU01 consist of four modules in the form of implementing RNGs, specific statistical tests, batteries of tests, and entire RNGs family tests. However, the use and applicability of the TestU01 is limited to 32-bit inputs, which are then interpreted as p-values within the range of (0,1). As a result, it is sensitive to direct and indirect flaws, “in the most-significant bits than the least significant bits” (Ye et al. 421).

Works Cited

Albers, Michael, and Mary Mazur, editors. Content and Complexity: Information Design in Technical Communication. Routledge, 2014.

Barker, Elaine. NIST Special Publication 800-57: Recommendations for Key Management Part 1: General. National Institute of Standards and Technology, 2017.

Chai, Xiyan, et al. “A Novel Chaos-Based Image Encryption Algorithm Using DNA Sequence Operations.” Optics Lasers in Engineering, vol. 88, 2017, pp. 197– 213.

Chaudhari, Sampni, et al. “A Survey of Methods of Cryptography and Data Encryption.” Imperial Journal of Interdisciplinary Research (IJIR), vol. 3, no. 11, 2017, pp. 440-444.

Fouda, Armand et al. “A Fast Chaotic Block Cipher for Image Encryption.” Communications in Nonlinear Science and Numerical Simulation, vol. 19, no. 3, 2014, pp. 578–588.

Graves, Heather, and Roger Graves. A Strategic Guide to Technical Communication – Second Edition (US). 2rd ed., Broadview Press, 2014.

Kumar, Sanjay, and Sandeep Srivastava. “Image Encryption Using Simplified DAATA Encryption Standard (S-DES).” International Journal of Computer Applications (0975-887), vol. 104, no. 2, 2014, pp. 38-42.

Liu, Yuang et al. “Cryptanalyzing a RGB Image Encryption Algorithm Based on DNA Encoding and Chaos Map,” Optics and Laser Technology, vol. 60, 2014, pp. 111–115.

Lobo, Lancy, and UmeshLakshman. CCIE Security v4.0 Quick Reference: Cisc CCIE Secu v4.0 Qui ePub_3. 3rd ed., Cisco Press, 2014.

Mahaveerakannan, Renganathan, and Suresh Gnana. Customized RSA Public Key Cryptosystem Using Digital Signature of Secure Data Transfer Natural Number Algorithm. Center for Programming, 2014.

Mehler, Alexander, and Laurent Romary, editors. Handbook of Technical Communication. Walter de Gruyter, 2014.

Niu, Yuan, et al. “Image Encryption Algorithm Based on Hyperchaotic Maps and Nucleotide Sequences Database.” Computational Intelligence and Neuroscience, vol. 5, no. 3, 2017, pp. 1-9.

Ramos, Jose. “Futures Action Model for Policy Wind Tunneling”. Action Foresight. 2017. Web.

Su, Wang et al. “Security Evaluation of Bilateral-Diffusion Based Image Encryption Algorithm.” Nonlinear Dynamics, vol. 77, no. 1-2, 2014, pp. 243–246.

Taha Mahmoud M. Reda, editor. International Congress on Polymers in Concrete (ICPIC 2018): Polymers for Resilient and Sustainable Concrete Infrastructure. Springer, 2018.

Wang, Wei et al. “A Novel Encryption Algorithm Based on DWT and Multichaos Mapping.” Journal of Sensors, vol. 4, no. 7, 2014, pp. 17-34.

Wang, Yuan, et al. “A Novel Image Encryption Scheme Based on 2-D Logistic Map and Sequence Operations,” Nonlinear Dynamics. An International Journal of Nonlinear Dynamics and Chaos in Engineering Systems, vol. 82, no. 3, 2015, pp. 1269–1280.

Ye, Gyuang. “A Block Image Encryption Algorithm Based on Wave Transmission And Chaotic Systems.” Nonlinear Dynamics, vol. 75, no. 3, 2014, pp. 417–427.

Zhang, Xhiuan et al. “Fluorescence Resonance Energy Transfer-Based Photonic Circuits Using Single-Stranded Tile Self-Assembly and DNA Strand Displacement.” Journal of Nanoscience and Nanotechnology, vol. 17, no. 2, 2017, pp. 1053–1060.

Zhang, Xuncai et al. “Chaotic Image Encryption Algorithm Based on Bit Permutation and Dynamic DNA Encoding.” Computational Intelligence and Neuroscience, vol. 6, no. 12, 2014, pp. 12-18.