Locksmith of virtual space

``Though e-commerce and transactions on the Net are vulnerable to attacks, digital signature is more secure than authentication on paper.''

Breaking secrets is as intriguing as making them but often, the latter is more challenging.

Unshackling the knots, is at times a wild goose chase which Mr. B. Robert Raja enjoys. Seventeen years in Government service and high-profile assignments have made this Chennai-based digital security professional a much-in-demand man. As digital life becomes a reality,every transaction on the Net, in the coming days, will need help from people like him. ``Security on the Net is crucial as digital data is infinitely reproducible and infinitely alterable,'' he tells T. S. Shankar.

MR. ROBERT RAJA belongs to the digital world, but his tool is ancient. It is a discipline called cryptology, which binds both the art of hiding information from eaves-dropping and eaves- dropping despite hiding. The former is called cryptography and the latter, cryptoanalysis.

Starting with simple passwords, that allow users to log on to websites or mail servers, to Internet transactions involving millions of dollars, cryptography is one of the key technologies of the IT world. If security and trust are the core of any business transaction, it is true in an e-commerce environment too.

According to Mr. Raja, who ambled in to the world of cipher and decipher as an officer of the Indian Revenue Service, digital security has four functions: identification/authentication (to establish the identity of the person one is dealing with), confidentiality (to ensure that the contents of a message are not disclosed to third parties), integrity (to prove that the contents of a message are not altered) and non-repudiation (to assure that the sender of a message cannot disown it later). The success of e-commerce would depend on how effectively these four are handled.

Though e-commerce and transactions on the Net are vulnerable to attacks, according to Mr. Raja, digital signature, is more secure than authentication on paper. In the physical world, one cannot rule out the possibility of altering the content even after attesting it, but in digital world, once one ``signs'' it, not even a comma can be changed. But how does one achieve this? Security in e-communication is achieved by scrambling the contents of a message using a pre-determined method which involves mathematical algorithms and a secret key. This produces an encrypted version of the message which can be decrypted only by applying the secret key in an inverse manner.

This, according to Mr. Raja, can be achieved by public key cryptography. Two keys, one for encryption and the other for decryption, will be provided to each user by an authority who has the ability to recognise and confirm the identity of the user. The user keeps one of the keys secret (the private key) and the authority would keep the other key (public key) in a public directory and certify that the public key belongs to the user.

The sender has to encrypt the message with the recipient's public key, which is available from the directory. But once encrypted, it can be decrypted using only the recipient's private key. Similarly if a sender sends a message with his/her private key, the recipient can access it only with the sender's public key. The recipient can thus prove that the message was indeed ``signed digitally'' by the sender.

Though Mr. Raja, whose best known work was in handling Harshad Mehta's accounts, which IT officials term as a very tough job, he tries to play it down. Instead, he vouches for the complexity of man-made secrets. ``Even today, the most unbreakable secrets are man-made.''

Send this article to Friends by E-Mail

Section  : Features
Previous : Paper trail to nowhere
Next     : Tales from Tonga