Figure 5: The digital certificate system.
or passwords. Either of these could result in a breach of the system. The
digital certificate system provides a secure method of acquiring a public key. The public key given from a digital certificate source (a third-party certificate server) is basically an encrypted version of the key. The
issuers of digital certificates are often referred to as certificate authorities. Figure 5 illustrates the process [ 1].
Here the sender receives a certificate, an encrypted public key,
from the certificate source. The receiver gets a copy of the sender’s
public key and requests a copy of the certificate. The receiver obtains
the encryption key from the certificate source that was used for the
sender’s certificate. The receiver then decrypts the certificate with
the key and thereby obtains the sender’s public key. The receiver also
checks the digital signature to verify authenticity [ 1].
The concepts of asymmetric-key methods provide for services such
as secure sockets layer (SSL). SSL is a protocol that ensures authentication, message integrity, and confidentiality for Internet-based transactions in e-commerce [ 1]. Web browsers support the protocol, and
when the web address begins with https (http-secure) as opposed to
http, SSL is invoked. A closed padlock icon may appear on the browser.
SSL works at the transport layer and supports application layer protocols above it such as HTTP and FTP [ 1, 4]. The web browser encrypts
the data, using either 40 or 128-bit encryption [ 6]. SSL technology
employs a certificate method to ensure authenticity of the communicating parties. For the utmost security, a trusted vendor should be the
source of the certificate. While SSL certificates may be generated by
any online commercial entity, it is safer to utilize those provided by
validated third-party vendors, or certificate authorities [ 6].
Information Security in the Future:
Truly Unbreakable Systems?
Currently implemented computing and communication
systems utilize binary methods and manipulations that are
based upon prime numbers, modular arithmetic, and the
factorization of very large numbers. Computation in this
paradigm is carried out via discrete, two-state techniques.
While this has served and continues to serve us well in current systems, there are more powerful and promising models on the horizon. One of the more well-known of these is
termed quantum computing and its derivative technology,
Quantum cryptography is based on Heisenberg’s theory
of uncertainty, which is derived from the principles of
quantum physics. Quantum physics is concerned with elementary particles on an extremely small scale, and how the
behavior of such particles tends to "buck" the classical principles of physics. Matter, for example, can be broken down
to the atomic level, and further into
subatomic particles. Light, the basis
for quantum computing and cryptography, may be broken down to a
basal element called the photon.
Photons, and other extremely small-scale particles, exhibit some interesting characteristics. Among these
are the uncertainties of state [ 8].
Quantum cryptography could be
thought of as an object-oriented method of encryption at a basal and
physical level. An object, such as a photon of light, possesses a set of
attributes such as polarization or intensity, and these may be altered
and manipulated. Quantum cryptography methods seek to capitalize
upon those attributes that have a certain property: they cannot be
observed without being changed. This represents the basis of quantum technology. Optical quantum cryptography seeks to use the photon’s attribute of polarization to generate a random encryption key.
Varying polarization states can create a stream of data that can be digitized. An attribute such as this is of great value in encryption because
any eavesdropper will never see the data as it originally existed.
Furthermore, intrusion detection is intrinsic to the system [ 8].
Let us consider a simple example of a generic photon-based scheme,
as illustrated in Figure 6. A sender, utilizing a highly-precise laser
device, emits photons of varying and random polarizations to a receiving device. The photon stream sent represents the key. Once the key is
agreed upon by the receiver and sender, there is system-assured secrecy
of the key. Assume that the polarization attribute of each photon of light
is known in the sender-receiver domain. The polarization of a photon,
once “viewed” or measured, is irreversibly changed according to quantum behavior. So, since the receiver can compare the states of the photons on transmission and reception, those that have been altered can be
rejected for inclusion in the key on a photon-by-photon basis.
The encryption key, once established as secret, can be used for
encrypting data for secure communications with certainty that the
messages are indeed secret and impenetrable [ 8].
A quantum cryptography system based on photons would require
full optical lines for connection between the sending and receiving
laser device nodes. For longer-haul distances, optical repeaters would
need to be introduced into the system, and this presents a hurdle.
Figure 6: A quantum cryptography key system.