Conclusion
Home Up

 

Summary of Cryptography

The purpose of this section is to present how cryptography can be used to implement security in the Web. It starts with a list of challenges for protecting information, continues with the presentation of the basic cryptographic algorithms and protocols, presents the Secure Sockets Layer protocol, and concludes with an example of how cryptography is used in a commercial transaction on the Internet.

From a technical point of view, cryptography is the solution to many of the security challenges that are present in the Internet. The technology exists to solve most of the problems. However, there are several issues that have obstructed the widespread use of cryptography in the Internet. First of all, cryptography, as a science, faces a difficult problem. Most of the algorithms cannot be proven secure. For this reason, there is suspicion around many of the cryptographic algorithms. Another aspect is related to the intellectual property associated with the algorithms. Most algorithms are patented, and only some companies have licensed them for use.

Finally, cryptography can be used to harm society. Governments are concerned that encryption will make law enforcement and national security goals more difficult to achieve. For example, terrorists could communicate information over the Internet using encryption that law enforcement agencies could not decrypt. Therefore some governments, such as the U.S., have regulated the export of software containing encryption algorithms. This is a topic of debate, pitting governments against the right to free speech. For example, U.S. export regulations can prevent the publication of cryptographic research. In one court case, in March 1996, Phil Karn filed suite over whether he could export some source code from [SCHN96]. A District Court ruled that "export controls on encryption software are constitutional under the First Amendment" to the U.S. Constitution [DOJ97].

However, the following year a different District Court made an opposite ruling in a different case. Daniel Bernstein, while a Ph.D. candidate at the University of California, was told by the U.S. government that he had to register as an arms dealer under the International Traffic in Arms Regulation in order to publish a cryptographic program. Bernstein sued. In August 1997 the Federal District Court in San Francisco ruled that export restrictions on encryption are "an unconstitutional prior restraint in violation of the First Amendment" [EFFa, EFFb]. According to the Justice department, the larger issue of exporting cryptographic algorithms remains unresolved.

The current trend in society indicates that cryptography is gaining importance. One day cryptography may be widely used throughout the Internet: for electronic mail, for sending documents that are sold over the Web, and even perhaps for all network communication between routers or switches in the Internet. The use and debate on cryptography promises to be prominent for many more years.

Rich Aliano <raliano@shrike.depaul.edu>

 
Home    Digital Certificates    Firewalls    Cryptography    SSL    JAVA