Cryptography and the Internet

Cryptography provides the most promising avenue for security on the Internet. What is it and how does it work?

When discussing electronic commerce on the Internet, usually the first concerns that come to mind are its lack of security, reliability, and accountability. The ability to encrypt data (cryptography) is one of the essential tools in the quest for secure communications on the Internet.

Encrypted security tools are used to ensure the privacy, integrity and authenticity of messages, files, transactions, and data traffic. Cryptography is frequently used in electronic mail (e-mail) and financial transactions. Different groups of people have dedicated themselves to promoting privacy in these areas. Some, like banks and software companies such as Netscape, are spending millions on software development to design unbreakable systems. Some civil libertarians like the cyberpunks@toad.com.

The aforementioned security concerns regarding electronic commerce are shared by both consumers and suppliers alike since, today, the greatest use of commerce across the Internet is consumer-to-business as opposed to business-to-business. Strong network security is extremely hard to implement and requires eternal, almost obsessive vigilance to maintain. However, there are many companies that do conduct business over the Internet. These companies see the Internet as a means of providing a global presence at very low costs.

There are many forms of encryptions tools used by the Internet community today. Most businesses employ a form of public key encryption to affix a digital signature to messages, to encrypt messages, and to initiate encrypted sessions that will be carried out with private key encryption. Public key encryption uses four keys, or mathematically generated numbers, to encode and decode information. Both the sender and the recipient have a unique public key and private key. Public keys can be freely distributed; private keys should not be shared with anyone.

Here's how it works. The sender encodes the message using his or her own private key and the recipient's public key. When the message arrives, the recipient decodes it using the sender's public key, and a private key. By decoding the message with those two keys, the recipient confirms the identity of the sender, and the sender is assured the message can only be deciphered by the intended recipient.

Other forms of cryptography and some of the related tools used are listed below. These are:

E-mail Encryption
- Pretty Good Privacy (PGP)
- Privacy Enhanced Main (PEM)
Voice Encryption
- PGPFone
- Nautilus
Disk or File System Encryption
- Secure File System (SFS)
- CryptDisk

For further information on cryptography and its many forms, a list of some terrific sites has been provided. Within each one of these, there are additional links for you to access.

Cryptography: The Study of Encryption
Using RSA Public Key Cryptography for Internet Security
Return to top of page
Back to "Security on the Internet" home page.
Back to "Getting Started on the WWW".

This page was designed and developed in partial fulfillment of the requirements for Baruch College, Graduate Course "Networks and Telecommunications" -- CIS 9350. The information provided in these pages is accurate and up to date (as of December 1995) to the best of our knowledge and abilities. The page was designed and created for educational purposes only. Any opinions represented on this page are from the students' perspective as they researched the opinions of the faculty or the Baruch College School of Business.
Security Project Members.

Please send comments about this page to Veronica Aquavella at q41bb@cunyvm.cuny.edu.

Last modified 16 Dec 95