Web-commerce has grown into one of the fastest-growing area of industry in the past two years. Billions of dollars have passed hands in the process and each entrepreneur wants a slice of the dough. To make this possible, data encryption plays a very central role in ensuring customers that paying for anything online is secure.
E-commerce relies on encryption to secure data transmission by controlling data access and protect information on the internet and in the end improve consumer confidence. Encryption is the encoding of data using an algorithm such that it is incomprehensible to anyone in the event that the data transmission is intercepted, unless the key is known to enable file decryption. By implementing encryption, integrity is maintained while digital authentication is enforced, thus, allowing both customers and sellers to verify the identity of the other party, a concept fundamental to secure online credit card transactions. The reliability of an e-commerce website may be negatively impacted if theft of customer information occurs, especially risky since 90% of all online payments are dealt by credit cards.
4. Important of Encryption
Cryptography is a method of mathematically encoding used to transform messages in to an unreadable format in an effort to maintain confidentiality of data. Cryptography comprises a family of technologies that include the following:
Encryption transforms data into some unreadable form to ensure privacy.
Decryption is reverse of encryption; it transforms encrypted data back into original, intelligible form.
Authentication identifies an entity such as an individual, a machine on the network or an organization.
Digital signatures blind a document to the possessor of a particular key and are the digital equivalent of paper signatures. Signature verification is the inverse of a digital signature; it verifies that a particular signature is valid.
In order to enable secure online transaction, data encryption plays four important functions:
Digital authentication which allows both the customers and the merchant to be sure that they are dealing with whom, the other party claims to be. These is absolutely necessary before sending credit card details to the seller and also allow sellers to verify that the customer is the real owner of the credit card being used.
Integrity ensures that the messages received re not changed during transmission by any third party.
Non-repudiation prevents customers or merchants denying they ever received or sent a particular message or order.
In the event that information is intercepted, encryption ensures privacy that prevents third parties from reading and or using the information to their own advantage.
Two methods of encryption network traffic on the web are SSL and S-HTTP. Secure Socket Layer (SSL) and its successor Transport Layer security (TLS) enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session. Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data flowing over the internet, but it is limited to individual messages, whereas SSL and TLS are designed to establish a secure connection between two computers.
The capability to generate secure sessions is built into Internet client browser software and servers, and occurs automatically with little user intervention. The client and the server negotiate what key and what level of security to use. Once a secure session is established between the client and the server, all messages in that session are encrypted.
There are two alternative methods of encryption: symmetric key encryption and public key encryption. In symmetric key encryption, the sender and the receiver establish a secure Internet session by creating a single encryption key and sending it to the receiver so both the sender and receiver share the same key. The strength of the encryption key is measured by its nit length. Today a typical key will be 128 bits long (a string of 128 binary digits).
The problem with all symmetric encryption schemes is that the key itself must be shared somehow among the senders and receivers, which exposes the key to outsiders who might just be able to intercept and decrypt the key, A more secure form of encryption called public key encryption uses two keys: one shared (or public) and one totally private, as shown in Figure. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key. To send and receive messages, communicators first create separate pairs of private and public keys. The public key is kept in a directory and the private key must be kept secret. The sender encrypts a message with the recipientaa‚¬a„?s public key. On receiving the message the recipient uses his or her private key to decrypt it.
Digital signatures and digital certificates further help with authentication.
Most corporations implement multiple forms of security by using hardware solutions such as routers and firewalls. These devices protect essential data by keeping external threats out of the network. Unfortunately, burglars will employ numerous attacks, specifically targeted at your information. When attackers find a way to enter your first line of defense, data encryption steps up and helps to ensure that your secrets can’t be viewed.
Encryption has changed significantly over the years, going from a military solution to widespread public use. Whether it’s hardware or software-based, this method is fast, easy to use and most important, secure. Here some of the key benefits this solution offers:
Power: The best in data encryption is based on global standards, able to mitigate potential corruption without flaw. Many solutions are large enough to ensure that an entire organization is in full compliance with security policies. Data encryption allows a corporation to achieve military-level security with easy and affordable solutions.
Flexibility: Data encryption can protect your sensitive information whether it’s stored on a desktop or laptop computer, a PDA, removable storage media, an email server or even the corporate network. This allows you to securely access important data from the office, on the road or at home. If the device is lost or stolen, the information will be protected by the data encryption mechanism.
Transparency: It wouldn’t be a good idea to employ any security measure that negatively impacts your business. An efficient data encryption solution enables your business to flow at a normal pace, silently securing crucial data in the background. Some of the best options are those running effectively without the user even being aware.
There are many benefits of data encryption as this solution provides solid protection in the event of a security breach. Not only does it offer peace of mind, it also frees up resources normally used by your perimeter defenses. Every security measure you set in place is important yet inefficient if confidential data itself is not protected.
Encryption is often oversold as the solution to all security problems or to threats that it does not address. Unfortunately, encryption offers no such protection. Encryption does nothing to protect against many common methods of attack including those that exploit bad default settings or vulnerabilities in network protocols or software — even encryption software. In general, methods other than encryption are needed to keep out intruders. Secure Computing Corporation’s Sidewinder system defuses the forty-two “bombs” (security vulnerabilities) in Cheswick and Bellovin’s book, Firewalls and Network Security (Addison Wesley, 1994), without making use of any encryption.