Page 79 - DCAP306_DCAP511_E-COMMERCE_AND_E-BUSINESS
P. 79
E-Commerce and E-Business
The strength of the information encrypted depends on the length of the secret key. A secret key is
formed by making different combinations of the characters present in the information. The encryption
strength increases if you increase the key length. However, it is very difficult to process the key if it is
too lengthy and also the cost involved in employing such a technique requires more resources.
Figure 6.1 depicts a symmetric cryptosystems. The sender enters the information to be communicated at
the sending end. The information is encrypted using a secret key and sent over the communication
network. When the transmitted information reaches the receiving end, it is decrypted and delivered to
the receiver. Hence, the receiver gets the original information transmitted by the sender. The
information is not modified or deleted when communicated over the network as the information is
secured and requires time and cost to decode by any other source that tries to attack the system.
Figure 6.1: Symmetric Cryptosystem
Source: Bajaj. K., Nag. D. (1999). E-Commerce Security Issues. New Delhi: Tata McGraw-Hill Publishing Company
Limited. Page 202.
In a typical DES cryptosystem using block cipher mode, the information is
encrypted in 64-bit blocks using a 56-bit key. The information bits are broken
down into blocks and a permutation of these information bits are carried out.
Then, the obtained result is processed using the 56-bit key. The original
information is then extracted at the receiving end.
Symmetric cryptosystems provide information integrity and authentication by generating a checksum
from the transmitted information. The checksum is transmitted along with the original information. The
receiver will know any modifications made to the information as the modified checksum will not match
with the original checksum.
Did you know? In 1986, an integrity checksum named Message Authentication Code (MAC) was
generated using DES for the usage in banking and financial sectors.
6.2.2 Asymmetric Cryptosystems
Asymmetric cryptosystems use a pair of keys - private and public keys for establishing a secure
communication between two users. Both the keys are related to one another. The owner of the
information owns the private key. The algorithm designed to generate the private and public keys
involves the use of one key to encrypt the information and the other key to decrypt the information on
the receiving side.
Figure 6.2 depicts asymmetric cryptosystems algorithm 1. Consider user1 sends confidential
information to user2. User1 does this by encrypting information using user2’s public key (user2PUK).
After the information is delivered to user2, it is decrypted using user2’s private key (user2PRK). This
technique ensures information confidentiality as the private key is protected by user2 and any third
party cannot access the private key. An attacker will not be able to decode the encrypted information
without the knowledge of user2’s private key.
72 LOVELY PROFESSIONAL UNIVERSITY
