|
Business
Current phase in encryption controversies
RECENT TERRORIST attack on America has brought to focus the potential of deploying certain technologies such as encryption, steganography and the like on the Net for harmful activities and has rekindled some old arguments centred on controlling encryption tools. This week's column takes a look at some of the current discussions on this subject.
Encryption
As mentioned in this column earlier the best way to secure your messages is to encrypt them. By encrypting a message you manipulate your original text so that it can be read only by providing a key that unlocks the encryption and makes the text readable. The encryption technology that has been rated highly reliable is the public key encryption system. Here you will have two keys _ private and public. The user of the system distributes the public key to his/her clients/friends so that they can encrypt the messages intended to the user (the owner of the public key) using the public key. The message encrypted this way can only be decrypted by the corresponding private key of the user. As the user is the only person who has access to his/her private key nobody else can read the messages encrypted this way. The famous free software Pretty Good Privacy _PGP _ written by Philip Zimmerman is an excellent example of an encryption tool of this kind _ more details on this program is available at the end of this piece.
Positives and negatives
As this technology provides a highly reliable encryption mechanism that is quite difficult to crack, it should be positive news for persons who value privacy. Apart from its obvious role in upholding and furthering the human rights initiatives, the strong encryption technology that helps you conduct secured transactions will naturally augment the commercial transactions over the Net.
But, as any technology invented by humans, this one also has its own share of negatives. One major argument against the free wide circulation of this technology is that it can be used by antisocial elements and political terrorists to safely correspond and co-ordinate their nefarious activities against the legally established systems. One solution put forward by the U.S. Government officials to control this aspect was to insert a `backdoor' key mechanism into the encryption tool so that the official machinery can intercept any suspected encrypted messages through this backdoor. Though there were several discussions on this subject some years ago, they died down and the arguments in favour of leaving the encryption technology intact ultimately prevailed. This link will provide you more ideas on this debate: adl.org/Terror/focus/16_focus_a4.html
Recent terrorist attacks on U.S. critical centres and the reported stories suggesting the terrorists having used the encryption technology have again brought back the arguments that support the need for controlling the encryption tools and stipulating the encryption system vendors to plant a backdoor element for government officials to decrypt the encrypted message. As the encryption technology has already spread across the globe and its potential has gone quite far from its initial limited capabilities, it would be difficult to exercise such controls. Besides many security conscious persons and e-commerce specialists oppose moves of this kind as it may make the Net transactions less secure and may ultimately endanger the Net's e-commerce services.
Inserting a backdoor key is like locking your house with most modern lock and hiding the key of the house's backdoor in a place so that you can enter the house in case of an emergency. This may work for a while but over time it will come to others' notice if they know that you have some mechanism to sidestep your normal security system. This means, unknowingly you are making the environment more congenial for trespassers to enter the house. The proposed backdoor mechanism is almost similar to this situation and hackers will try to capture this backdoor key. If you want more about the subject, check out the following links: news.zdnet.co.uk/story/0,,t269-s2096149,00.html; news.zdnet.co.uk/ story/0,,t269-s2095274,00.html; and searchsecurity.techtarget.com /original Content/0,289142,sid14_gci776044,00. html.
Another technology that is being suspected to be used by the terrorists is the steganography. Readers of this column must be familiar with this technology that helps you hide information on picture files and sound files. A person who views the picture file with a secret message will only see the normal picture without any distortion and he/she will be totally ignorant of the secret data lying in the file. The intended recipient can view the data using some steganographic tool. Reports appearing in some on-line magazines suggest that the people who masterminded the recent operation used this technology to communicate with other members of the gang.' For more information check out the links: wired.com/news/politics/0,1283,46747,00.html; and usatoday.com/life/cyber/tech/2001-02-05-binladen-side.htm. But the reports are not yet proved conclusively. As reported in the on-line magazine USATODAY _ usatoday.com/life/cyber/tech/2001/10/17/bin-laden-site.htm#more _ computer scientists doing research on this subject have not yet been able to get any evidence on this subject so far.
PGP software
As mentioned in the beginning, the PGP software helps you send encrypted e-mail messages and encrypt the files stored in your machine. The software can be downloaded from the site at: pgpi.org. In this site you can also read an article by Philip Zimmerman written after the recent terrorists attack. During installation of the program it automatically installs plug-ins into the mail clients installed in your machine. The plug-ins help you use the PGP features such as sending encrypted messages directly from the mail client's interface. The plug-ins are available for popular mail clients such as Eudora and Outlook.
First you need to generate a key pair and to do that, right-click at the tray icon, access the PGPkeys button and from the Window that pops up, go to the `Keys' menu and then select 'New keys' and follow the instructions of the key generation wizard.
After creating the key pair, if you are linked to the Net, you can transfer your public key to a key server so that others can access your public key easily and start sending encrypted messages. If you want to send an encrypted message to a friend you need to possess his/her public key and he needs yours. More details on the program can be had from its help facility.
J. Murali
(The author can be contacted at:
murali27@satyam.net.in)
Send this article to Friends by
E-Mail
Business
|
