Thursday, June 28, 2012
ibm tgmc: project promotion video
Wednesday, June 27, 2012
Encryption: Security Sentry or Threat
Encryption: Security Sentry or Threat
Ghanshyam Verma, Mohit Choudhary
Computer Technology Dept.
KITS ramtek (Nagpur-441106)
KITS ramtek (Nagpur-441106)
ghanshyam.verma@ovi.com,
mailmohitc@yahoo.in 
(paper presented at XI ANNUAL ISTE STUDENTs' CONVENTION' 2011, Maharastra-Goa Section)
Abstract— The paper “Encryption: Security Sentry or Threat” aims at
presenting the definition, introduction, overview, implementation, generic
issues related with implementation and compares the benefits of encryption with
the misuse and prices involved in the process. The paper also covers a detailed
survey of methods adopted for encryption and a case study on few widely used
encryption algorithms. The paper also looks into encryption methods adopted by
some major organisations and flaws presents in some of these algorithms. The
paper contains a detailed overview of misuse concerned with encryption by
individuals and by organisations; and overview of the value of understanding
international encryption regulation.
This abstract contains a brief layout of
actual paper and highlights the associated keywords.
Encryption is the process of transforming
information (referred to as plaintext) using an algorithm to make it unreadable
to anyone except those possessing special knowledge referred to as a key.
Decryption implicitly refers to reverse process i.e. it is used to make encrypted
information readable again.
Encryption has long been used by
militaries and governments to facilitate secret communication. Encryption is
now commonly used in protecting information within many kinds of civilian
systems. The CSI (Computer Security Institute) reported that in 2007, 71% of
companies surveyed utilized encryption for some of their data in transit, and
53% utilized encryption for some of their data in storage. 
Traditionally, several methods can be
used to encrypt data streams. Encryption methods can be SYMMETRIC in which
encryption and decryption keys are the same, or ASYMMETRIC (aka 'Public Key')
in which encryption and decryption keys differ.
The Data Encryption Standard (DES) is a
block cipher that uses shared secret encryption. It was selected by the
National Bureau of Standards as an official Federal Information Processing
Standard (FIPS).
Encryption technology offers both
substantial benefits (by protecting the confidentiality, authenticity, and
integrity of business and personal information) and substantial risks (by
making it easier for criminals and terrorists to conceal communications
regarding illegal behaviour). While most countries recognize the benefits of
encryption, the associated risks have led many governments to impose controls
on the import, use, and export of encryption software, hardware and technical
information.
Transparent data encryption (TDE) is a
key-based access control system. Even if the encrypted data is retrieved, it
cannot be understood until authorized decryption occurs, which is automatic for
users authorized to access the table. This paper contains a study on TDE with
reference to oracle DB systems.
The paper contains an account of
encryption methods used by criminals and terrorists and how they use it to hide
crimes in cyberspace, along with several examples of such attacks and acts. It
also contains counter measures as suggested by various international and
national agencies.
Last but not the least it contains a
brief account on understanding the international regulations on encryption by
the organisations.
Keywords— encryption, decryption, key, signature, algorithm, plaintext,
cipher, cipertext, security, weakness, strength, statistics, symmetry,
asymmetry, PGP, RSA, EFS, request generator, ‘multi-phase’ S Table, DES, FIPS,
AES, brute force, NSA, index of coincidence, authentication, transparent data
encryption, DMH, beast, non-repudiation, strategy, regulations.
I. Encryption- an Introduction
Encryption is the process of
transforming information (referred to as plaintext) using
an algorithm (called a cipher) to make it unreadable to anyone
except those possessing special knowledge, usually referred to as a key.
The result of the process is encrypted information (in cryptography,
referred to as cipher-text). In many contexts, the
word encryption also implicitly refers to the reverse
process, decryption (e.g. “software for encryption” can typically
also perform decryption), to make the encrypted information readable again
(i.e. to make it unencrypted).
Encryption has long been used by
militaries and governments to facilitate secret communication. Encryption is
now commonly used in protecting information within many kinds of civilian
systems. For example, the Computer Security Institute reported that
in 2007, 71% of companies surveyed utilized encryption for some of their data
in transit, and 53% utilized encryption for some of their data in storage. Encryption
can be used to protect data "at rest", such as files
on computers and storage devices (e.g. USB flash drives). In
recent years there have been numerous reports of confidential data such as
customers' personal records being exposed through loss or theft of laptops or
backup drives. Encrypting such files at rest helps protect them should physical
security measures fail. Digital rights management systems which
prevent unauthorized use or reproduction of copyrighted material and protect
software against reverse engineering (see also copy protection)
are another somewhat different example of using encryption on data at rest.
Encryption is also used to protect data
in transit, for example data being transferred via networks (e.g.
the Internet, e-commerce), mobile telephones, wireless
microphones, wireless intercom systems, Bluetooth devices
and bank automatic teller machines. There have been numerous reports of
data in transit being intercepted in recent years. Encrypting data in
transit also helps to secure it as it is often difficult to physically secure
all access to networks.
Encryption, by itself, can protect the
confidentiality of messages, but other techniques are still needed to protect
the integrity and authenticity of a message; for example, verification of
a message authentication code (MAC) or a digital signature.
II. Encryption – a brief history
The earliest known use of cryptography
is found in non-standard hieroglyphs carved into monuments from Egypt’s Old
Kingdom (say 4500 years ago). These are not thought to be serious attempts at
secret communications, however, but rather to have been attempts at mystery,
intrigue, or even amusement for literate onlookers. These are examples of still
another use of cryptography, or of something that looks (impressively if
misleadingly) like it. Later, Hebrew scholars made use of simple Substitution
ciphers (such as the Atbash cipher) beginning perhaps around 500 to 600 BCE.
Cryptography has a long tradition in religious writing likely to offend the
dominant culture or political authorities. Perhaps the most famous is the
‘Number of the Beast’ from the book of Revelations in the Christian New Testament.
‘666’ is almost certainly a cryptographic (i.e., encrypted) way of concealing a
dangerous reference: many scholars believe it’s a concealed reference to the
Roman Empire, or the Emperor Nero. (and so to Roman policies of persecution of
Christians) that would have been understood by the initiated (who ‘had the
codebook’), and yet be safe (or at least somewhat deniable and so less
dangerous) if it came to the attention of the authorities.  In Europe during and after the Renaissance,
citizens of the various Italian states, including the Papacy, were responsible
for substantial improvements in cryptographic practice (e.g. polyalphabetic
ciphers invented by Leon Alberti ca 1465). And in the Arab world, religiously
motivated textual analysis of the Koran led to the invention of the frequency
analysis technique for breaking monoalphahetic substitution cyphers sometime
around 1000 CE.
Mathematical cryptography leapt ahead
(also secretly) after World War I. Marian Rejewski, in Poland, attacked and
‘broke’ the early German Army Enigma system (an electromechanical rotor cipher
machine) using theoretical matheniatics in 1932. The break continued up to ’39,
when changes in the way the German Armys Enigma machines were used required
more resources than the Poles could deploy. His work was extended by Alan
Turing, Gordon Welchman and others at Bletchley Park beginning in 1939, leading
to sustained breaks into several others of the Enigma variants and the assorted
networks for which they were used. US Navy cryptographers (with cooperation
from British and Dutch cryptographers after 1940) broke into several Japanese
Navy crypto systems. The break into one of them famously led to the US victory
in the Battle of Midway. An US Army group the SIS, managed to break the highest
security Japanese diplomatic cipher system (an electromechanical ‘stepping
switch’ machine called Purple by the Americans) even before WW-II began.
By World War II mechanical and
electromechanical cryptographic cipher machines were in wide use, but they were
impractical manual systems. Great advances were made in both practical and
mathematical cryptography in this period, all in secrecy.
The era of modem cryptography really
begins with Claude Shannon, arguably the father of mathematical cryptography.
In 1949 he published the paper Communication l’heory of Secrecy Systems in the
Bell System Technical Journal, and a little later the book Mathematical Theory
of Communication with Warren Weaver.
1969 saw two major public (i.e.. non-secret)
advances. First was the DES (Data Encryption Standard) submitted by IBM, at the
invitation of the National Bureau of Standards (now NIST), in an effort to
develop secure electronic communication facilities for businesses such as banks
and other large financial organizations.
In recent years public disclosure of
secret documents held by the UK government has shown that asymmetric key
cryptography, D-H key exchange, and the best known of the public key / private
key algorithms (i.e., what is usually called the RSA algorithm), all seem to
have been developed at a UK intelligence agency before the public announcement
by Diffie and Hellman in ‘76. GCI-IQ has released documents claiming that they
had developed public key cryptography before the publication of Diffie and
Hellman’s paper. Various classified papers were written at GCHQ during the 1960s
and 1970s which eventually led to schemes essentially identical to RSA
encryption and to Diffie-Hellman key exchange in 1973 and 1974. Some of these
have now been published, and the inventors (James Ellis, Clifford Cocks, and
Malcolm Williamson) have made public (some of) their work and stuff.
III. Some encryption methods
Traditionally, several methods can be
used to encrypt data streams, all of which can easily be implemented through
software, but not so easily decrypted when either the original or its encrypted
data stream are unavailable. (When both source and encrypted data are
available, code-breaking becomes much simpler, though it is not necessarily
easy). The best encryption methods have little effect on system performance,
and may contain other benefits (such as data compression) built in. For e.g. the
well-known 'PKZIP®' utility offers both compression and data encryption in this
manner. 
Encryption methods can
be SYMMETRIC in which encryption and decryption keys are the same,
or ASYMMETRIC (aka 'Public Key') in which encryption and decryption
keys differ. 'Public Key' methods must be asymmetric, to the extent that the
decryption key CANNOT be easily derived from the encryption key. Symmetric
keys, however, usually encrypt more efficiently, so they lend themselves to
encrypting large amounts of data.
Asymmetric encryption is often limited
to ONLY encrypting symmetric key and other information that is needed in order
to decrypt a data stream, and the remainder of the encrypted data uses the
symmetric key method for performance reasons. This does not in any way diminish
the security nor the ability to use a public key to encrypt the data, since the
symmetric key method is likely to be even MORE secure than the asymmetric
method.
Further for symmetric key ciphers,
there are basically two types: BLOCK CIPHERS, in which a fixed length block is
encrypted, and STREAM CIPHERS, in which the data is encrypted one 'data unit'
(typically 1 byte) at a time, in the same order it was received in.
Fortunately, the simplest of all of the
symmetric key 'stream cipher' methods is the TRANSLATION TABLE (or 'S table'),
which should easily meet the performance requirements of even the most
performance-intensive application that requires data to be encrypted. In a
translation table, each 'chunk' of data (usually 1 byte) is used as an offset
within one or more arrays, and the resulting 'translated' value is then written
into the output stream. While translation tables are very simple and fast, the
down side is that once the translation table is known, the code is broken.
Further, such a method is relatively straightforward for code breakers to
decipher - such code methods have been used for years, even before the advent
of the computer. Still, for general "unreadability" of encoded data,
without adverse effects on performance, the 'translation table' method lends
itself well.
One very important feature of a good
encryption scheme is the ability to specify a 'key' or 'password' of some kind,
and have the encryption method alter itself such that each 'key' or 'password'
produces a unique encrypted output, one that also requires a unique 'key' or
'password' to decrypt. This can either be a symmetric or asymmetric key. The
popular 'PGP' public key encryption, and the 'RSA' encryption that it's based
on, uses an 'asymmetrical' key, allowing you to share the 'public' encryption
key with everyone, while keeping the 'private' decryption key safe. The
encryption key is significantly different from the decryption key, such that
attempting to derive the private key from the public key involves too many
hours of computing time to be practical. It would NOT be impossible, just
highly unlikely, which is 'pretty good'.
Let’s look into some of the famous
encryption algorithms for a better understanding of the encryption.  
A. RSA
In 1977, shortly after the idea of a
public key system was proposed, three mathematicians, Ron Rivest, Adi Shamir
and Len Adleman gave a concrete example of how such a method could be
implemented. To honour them, the method was referred to as the RSA Scheme. The
system uses a private and a public key. To start two large prime numbers are
selected and then multiplied together; n=p*q. 
If we let f(n) = (p-1) (q-1), and
e>1 such that GCD(e, f(n))=1. Here e will have a fairly large probability of
being co-prime to f(n), if n is large enough and e will be part of the
encryption key. If we solve the Linear Diophantine equation; ed congruent 1 (mod
f(n)), for d. The pair of integers (e, n)are the public key and (d, n) form the
private key. Encryption of M can be accomplished by the following expression;
Me = qn + C where 0<= C < n. Decryption would be the inverse of the
encryption and could be expressed as; Cd congruent R (mod n) where 0<= R
< n. RSA is the most popular method for public key encryption and digital
signatures today.
B. DES/3DES
The Data Encryption Standard (DES) was
developed and endorsed by the U.S. government in 1977 as an official standard
and forms the basis not only for the Automatic Teller Machines (ATM) PIN
authentication but a variant is also utilized in UNIX password encryption. DES
is a block cipher with 64-bit block size that uses 56-bit keys. Due to recent
advances in computer technology, some experts no longer consider DES secure
against all attacks; since then Triple-DES (3DES) has emerged as a stronger
method. Using standard DES encryption, Triple-DES encrypts data three times and
uses a different key for at least one of the three passes giving it a
cumulative key size of 112-168 bits.
C. BLOWFISH
Blowfish is a symmetric block cipher
just like DES or IDEA. It takes a variable-length key, from 32 to 448 bits,
making it ideal for both domestic and exportable use. Bruce Schneier designed
Blowfish in 1993 as a fast, free alternative to the then existing encryption
algorithms. Since then Blowfish has been analyzed considerably, and is gaining
acceptance as a strong encryption algorithm.
D. IDEA
International Data Encryption Algorithm
(IDEA) is an algorithm that was developed by Dr. X. Lai and Prof. J. Massey in
Switzerland in the early 1990s to replace the DES standard. It uses the same
key for encryption and decryption, like DES operating on 8 bytes at a time.
Unlike DES though it uses a 128 bit key. This key length makes it impossible to
break by simply trying every key, and no other means of attack is known. It is
a fast algorithm, and has also been implemented in hardware chipsets, making it
even faster.
E. SEAL
Rogaway and Coppersmith designed the
Software-optimized Encryption Algorithm (SEAL) in 1993. It is a Stream-Cipher,
i.e., data to be encrypted is continuously encrypted. Stream Ciphers are much
faster than block ciphers (Blowfish, IDEA, DES) but have a longer
initialization phase during which a large set of tables is done using the
Secure Hash Algorithm. SEAL uses a 160 bit key for encryption and is considered
very safe.
F. RC4
RC4 is a cipher invented by Ron Rivest,
co-inventor of the RSA Scheme. It is used in a number of commercial systems
like Lotus Notes and Netscape. It is a cipher with a key size of up to 2048
bits (256 bytes), which on the brief examination given it over the past year or
so seems to be a relatively fast and strong cipher. It creates a stream of
random bytes and 'XORing' those bytes with the text. It is useful in situations
in which a new key can be chosen for each message.
IV. A detailed study of encryption method used in oracle db
This study was made to get a clear
insight into encryption methodology. Oracle Database uses authentication,
authorization, and auditing mechanisms to secure data in the database, but not
in the operating system data files where data is stored. To protect these data
files, Oracle Database provides transparent data encryption.
Transparent data encryption is a
key-based access control system. Even if the encrypted data is retrieved, it
cannot be understood until authorized decryption occurs, which is automatic for
users authorized to access the table.
When a table contains encrypted columns,
a single key is used regardless of the number of encrypted columns. This key is
called the column encryption key. The column encryption keys for all tables,
containing encrypted columns, are encrypted with the database server master
encryption key and stored in a dictionary table in the database. No keys are
stored in the clear.
As shown in Figure below, the
master encryption key is stored in an external security module that is outside
the database and accessible only to the security administrator. For this
external security module, Oracle uses an Oracle wallet as described in this
chapter. Storing the master encryption key in this way prevents its
unauthorized use.
|  | 
| Fig. 1. Showing basic modules of Transparent Data Encryption as used in ORACLE® DB. | 
A Overview of the Transparent Data Encryption as used in Oracle DB
To enable transparent data encryption,
you must have the ALTER SYSTEM privilege and a valid password to the
Oracle wallet. If an Oracle wallet does not exist, then a new one is created
using the password specified in the SQL command.
To create a new master key and begin
using transparent data encryption, issue the following command:
ALTER SYSTEM SET ENCRYPTION KEY
IDENTIFIED BY password
Enclose the password in
double quotation marks (" "). This command generates the database
server master encryption key, which the server uses to encrypt the column
encryption key for each table. No table columns in the database can be
encrypted until the master key of the server has been set.
The master encryption key remains
accessible to the database until the database instance is shutdown. To load the
master encryption key after the database is restarted, use the following
command:
ALTER SYSTEM SET ENCRYPTION WALLET OPEN
IDENTIFIED BY password
Enclose the password in double
quotation marks (" "). To create a new table with encrypted columns,
use the CREATE TABLE command in the following form:
CREATE TABLE table_name ( column_name
column_type ENCRYPT,....);
The ENCRYPT keyword against a
column specifies that the column should be encrypted.
If an existing table has columns that
require encryption, then use the ALTER TABLE command in the following
form:
ALTER TABLE table_name MODIFY (
column_name column_type ENCRYPT,...);
The ENCRYPT keyword against a
column specifies that the column should be encrypted.
To disable access to all encrypted
columns in the database, use the following command:
ALTER SYSTEM SET ENCRYPTION WALLET
CLOSE
The preceding
command disables access to the master key in the wallet and prevents access to
data in the encrypted columns. You need to open the wallet again, using
the 
ALTER SYSTEM
SET WALLET OPEN IDENTIFIED BY password 
to re-enable
access to the master encryption key.
V. Self tutorials to design private encrypter
Based on our understanding of various
algorithms, methodologies and processes we may conclude that designing and implementing
an encrypter is extremely easy. All one need is to have is some basic
programming skills and a sound knowledge to work with different databases.
There are many online tutorials and web-pages available that provides encrypter
designing techniques. In fact many such sites provide ready to use codes to
built and implement private encrypter. 
We encountered few such method of building ciphers online. Here is an
example, we found on following address: [http://hackguide4u.blogspot.com/2011/01/how-to-make-crypter.html].
The stated example showed development of an encrypter using an existing RC4
module on VB6 platform. 
The above example shows how simple it
is to make a private encrypter for the individuals say script kiddies. Such
technologies in wrong hands can be fatal to cyber security. Let’s have a walk
through some of the major cyber thefts and misconducts.
VI. encryption: Demonic face
Despite being a revolutionary blessing
the encryption has been long used by individuals and organisations for personal
benefits/ spreading cyber terror/ hiding crime evidences. As sometimes happens,
what at first glance seems  to  be 
a  great idea   can 
actually  do  more 
harm  than  good.
Encryption is being used as a tool for
hiding information in a variety of crimes, including fraud and other financial
crimes, theft of proprietary information, computer crime, drugs, child
pornography, terrorism, murder, and economic and military espionage. We have
not heard about many cases where criminals exploited weak encryption systems to
their advantage, for example, to steal proprietary information. However, a
British blackmailer intercepted encrypted transactions transmitted by a bank in
the U.K. After breaking the code, he successfully extorted 350,000 from the
bank and several customers by threatening to reveal the information to the
Inland Revenue.
Here are few cases involving
encryption:
Aum
Shinri Kyo (Supreme Truth): On March 20, 1995, the
Aum Supreme Truth cult dropped bags of sarin nerve gas in the Tokyo subway,
killing 12 people and injuring 6,000 more [Kaplan & Marshall 96]. They had
developed a variety of weapons of mass destruction, both chemical (sarin, VX,
mustard gas, cyanide) and biological (botulism, anthrax, Q fever). They were
attempting to develop a nuclear capability and a "death ray" that
could destroy all life. Shoko Asahara and his followers used murder,
kidnapings, extortion, torture, poison, electric shocks, drugs, imprisonment,
and wiretaps to acquire assets, control defections, and attack their enemies.
Among the tens of thousands of members were some of Japan's brightest
scientists and doctors. The cult had stored their records on computers,
encrypted with RSA. Authorities were able to decrypt the files after finding
the key on a floppy disk. The encrypted files contained evidence that was
crucial to the investigation, including plans and intentions to deploy weapons
of mass destruction in Japan and the United States.
New
York Subway Bomber: In 1995, John Lucich was
assigned to the Manhattan District Attorney's Office to assist with the
investigation of the New York subway bomber, Mr. Leary. Mr. Leary was
eventually found guilty and sentenced to 94 years in jail for setting off fire
bombs in the New York subway system. He had applied his own form of encryption
to numerous files on his computer, and Mr. Lucich was given the computers for
analysis. After failing to break the encryption themselves, the files were sent
to outside encryption experts. These efforts also failed. Eventually, the
encryption was broken by a federal agency. The files contained child
pornography and personal information, which was not particularly useful to the
case. However, investigators retrieved other evidence from the computer that
was used at trial.
Multi-site
gambling enterprise: A significant gambling
enterprise operated multiple sites linked by a computer system, with drop-offs
and pick-ups spanning three California counties. The head of the enterprise
managed his records with a commercial accounting program, using a codeword to
encrypt the files. The software manufacturer refused to assist law enforcement
in breaking the code. However, the police were able to crack the codeword by
exploiting weaknesses in the system. The encrypted files contained the daily
take on the bets, pay-offs, persons involved, amounts due and paid or owed, and
so forth. After breaking the code, they printed the results of four years of
bookmaking, which resulted in a plea of guilty to the original charges and a
sizeable payment of back taxes, both state and federal.
Aldrich
Ames spy case: Ames was a CIA agent eventually
convicted of espionage against the United States. He had encrypted his computer
files using standard commercial off-the-shelf software. The investigator
handling the computer evidence was able to decrypt the files using software
supplied by Access Data Corporation [Thompson 97]. Failure to recover the
encrypted data would have weakened the case.
Kevin
Poulson: Kevin Poulson was a skilled hacker who
rigged radio giveaways, "winning" Porsches, trips to Hawaii, and tens
of thousands of dollars in computer cash. He also burglarized telephone
switching offices and hacked his way into the telephone network in order to
determine who was being wiretapped and to install his own. In his book about
Poulson's crime spree, Jonathan Littman reported that Poulson had encrypted
files documenting everything from the wiretaps he had discovered to the
dossiers he had compiled about his enemies [Littman 97]. The files were said to
have been encrypted several times using the "Defense Encryption
Standard" [sic]. According to Littman, a Department of Energy
supercomputer was used to find the key, a task which took several months at an
estimated cost of hundreds of thousands of dollars. The result yielded nearly
ten thousand pages of evidence.
As in examples above, encryption has
been used of in better stated misused across the timeline. Yet, encryption has
become an in-separable part of our cyber life. We have discussed the benefits
associated with encryption in upcoming section.
VII. encryption: angelic face
Encryption plays a vital role in data
safety. It has been a trusted companion for the following reasons:
Companies often possess data files on
employees which are confidential, such as medical records, salary records, etc.
Employees will feel safer knowing that these files are encrypted and are not
accessible to casual inspection by data entry clerks.
Individuals may share working space
with others, of whose honor they are not entirely sure, and may wish to make
certain that in their absence no-one will find anything by snooping about in
their hard disk.
 A company may wish to transfer sensitive
business information between sites such as branch offices. Or it may wish to
send confidential information (for example, a negotiating position, operating
procedures or proprietary data) to an agent in the field (perhaps abroad). If
the information is encrypted before transmission then one does not have to
worry about it being intercepted since if this happens the encrypted data is
incomprehensible (without the encryption key).
A company may have information that a
competitor would like to see, such as information concerning legal or financial
problems, results of research, who the customers are and what they are buying,
information revealing violations of government regulations, secret formulas or
details of manufacturing processes, plans for future expansion or for the development
of new products.
A person or company may wish to
transport to a distant location a computer which contains sensitive information
without being concerned that if the computer is examined en route (e.g. by
foreign customs agents) then the information will be revealed.
Two individuals may wish to correspond
by email on matters that they wish to keep private and be sure that no-one else
is reading their mail.
From above example, it is clear
encryption is used in two general cases:
(a) When information, once encrypted,
is simply to be stored on-site (and invulnerable to unauthorized access) until
there is a need to access that information.
(b) When information is to be
transmitted somewhere and it is encrypted so that if it is intercepted before
reaching its intended destination the interceptor will not find anything they
can make sense of.
VIII. debate- is encryption sentry or threat?
A major ongoing debate related to
terrorism and the Internet is the question of encryption. On the one hand,
encryption protects individual and corporate privacy and is a fundamental
building block of electronic commerce. On the other hand, police and
intelligence agencies oppose denying the government access to electronic
information because terrorists and other criminals can use encryption
technology to conduct illegal activities while avoiding government monitoring.
World Trade Center bombing mastermind, Ramzi Ahmed Yousef, for example,
utilized encryption technology in his foiled plot to blow up 11 U.S. airliners
in the Far East.
Writing in The Journal of
Information Policy, Attorney General Janet Reno said, "The potential harm
to public safety and national security from the widespread distribution of
encryption is already apparent. We have begun to encounter encryption in
criminal cases. More and more frequently, criminals are encrypting data on
their computers.... Terrorists in New York City were plotting to bomb the
United Nations Building, the Lincoln and Holland Tunnels, and the main federal
building. Court-ordered electronic surveillance enabled the FBI to disrupt the
plot, and the evidence obtained was used to convict the conspirators.... We
must work quickly, and together, to develop global solutions that will promote
privacy and commerce, yet protect us all."
IX. conclusion
“‘Ban cryptography! Yes. Let’s also ban
pencils, pens and paper, since criminals can use them to draw plan of the joint
they are cashing or even, god forbid, create one time pads to pass un-crack
able codes to each other. Ban open spaces since criminals could use them to
converse with each other out of earshot of the police. Let’s ban flags since
they could be used to pass secret messages in semaphore. In fact let’s just ban
all form of verbal and non-verbal communication — let’s see those criminals
make plans now!” – Anonymous.
Anonymously said, still concludes and
describes the debate very clearly. We cannot let go of a technology just
because it could be put to misuse. 
References
[1]       
       http://www3.edgrnet.net/dcowley/doc.html
[2]           http://citeseer.nj.nec.com/340126.html
[3]           http://www.adl.org/terror/focus/16_focus_a4.asp
[4]           http://www.hermetic.ch/crypto/intro.htm
[5]           http://en.wikipedia.org/wiki/Encryption
[6]           http://www.mrp3.com/encrypt.html 
[7]           http://cryptome.org/hiding-db.htm 
[8]           http://personal.law.miami.edu/~froomkin/articles/herald.html
[9]           http://docs.oracle.com/cd/B28359_01/~/asotrans.htm
[10]         http://www.cs.georgetown.edu/~denning/crypto/cases.htm
Subscribe to:
Comments (Atom)
 
