The requirement
of information security within an
organization has under gone two major changes in the last several decades.
Before the widespread use of data processing equipment, the security of
information felt to be valuable to an organization was provided primarily by
physical and administrative means. An example of the former is the use of rugged
filing cabinets with a combination lock for storing sensitive documents. An
example of the latter is personnel screening procedures used during the hiring
process.
With the
introduction of computer, the need for automated tools for protecting files and
other information stored on the computer became evident. This is especially the
case for a shared system, such as a time-sharing system, and the need is even
more acute for system that can be accessed over public telephone network, data
network, or the Internet. The generic name for the collection of the tools
designed to protect data and to thwart hackers is computer security.
The second major
change that affected security is the introduction of distributed system and the
use of network and communication facilities for carrying data between terminal
user and computer and between computer and computer. Network security measure
are needed to protect data during their transmission. In fact, the term network security is somewhat
misleading, because virtually all
business, government, and academic organization interconnect their data
processing equipment with a collection of interconnected networks. Such a
collection is often referred to as an internet, and the term internet security is used.
There are no
clear boundaries between these two forms of security. For example, one of the
most publicized types of attack on information system is the computer virus. A
virus may be introduced into a system physically when it arrives on a diskette
and is subsequently loaded onto a computer. Viruses may also arrive over an
internet. In either case, once the virus is resident on a computer security
tools are needed to detect and recover from the virus
Cryptography is the study of
mathematical techniques related to aspects of information security, such as
confidentially or privacy ,data integrity and entity authentication.
Cryptography is not only means of providing information security, but rather
one set of techniques. Confidentially means keeping information secret from all
but those who authorized to see it. Data integrity means ensuring information
has not been altered by unauthorized or unknown means. Entity authentication
means corroboration of the identify of an entity.
There
are some characteristics of
cryptographic algorithm. They are level security, performance , and ease of
implementation. Level security defined by an upper bound on the among of work
necessary to defeat the objective. Performance refers to the efficiency of an
algorithm in a particular mode of an operation. Ease of implementation refers
to the difficulty of realizing the algorithm in practical implementation.
There are
several aspects of security. They
are security service, security mechanism, and security attack. Security service
means a service that enhances the security of the data processing system and
information transfers of an organization.
Security mechanism means that is designed to detect, prevent, or recover
from a security attacks. Security attack means any action that compromises the
security of information owned by an organization.
Encryption means the process of converting from plaintext
to ciphertext. A key is a piece of information , usually a number that allows a
receiver. Another key also allows a receiver to decode messages sent to him or
her. There are some types of encryption. They are classical techniques, modern
techniques, and public-key encryption. In Classical techniques there are
substitution techniques and transposition techniques. In substitution
techniques there are Caesar cipher, monoalphabetic cipher and polyalphabetic
cipher. In Modern techniques there are block cipher , stream cipher and DES
algorithm. In Public-key encryption the RSA algorithm is there.
Cryptography
has provided us with Digital Signatures
that resemble in functionality the hand-written signature and Digital Certificates that related to an
ID -card or some other official documents. There are some application of cryptography. They are secure communication,
identification, secret sharing, electronic commerce, key recovery and remote
access.
Modern cryptography provides essential
techniques for securing information and protecting data.
0 comments:
Post a Comment