|the-south-asian.com NOVEMBER 2001|
|about us contact us data bank past issues the craft shop the print gallery|
NOVEMBER 2001 Contents
Page 6 of 6
Security and Trust in Internet Banking
Banking Network Security is evolving gradually to enable cost reductions in B2B Corporate Transactions. Some say that the PKI is simply a Glorified Messaging System not a silver bullet .
PKI is Complex & labor intensive , Both to understand and Implement. However recently companies are coming out with out of the box solutions .
The Potential of Internet Banking and E- Government for South Asian Countries .
These application systems are urgently needed as Manual Government procedures for everyday life and business are becoming slow and outdated. Critical Business functions related Forms can be put on Computer networks and be readily accessible by the public. The Government policies & procedures should be put into DataBase with easy access.
For E- Government to grow using the Internet in South Asia, one needs to work out the issues of Internet security. One way is to implement IPsec in Hardware and thereby achieve parity with PKI , although it is expensive.
Tax Collection & Banking
This area should be automated and put on the Internet as it will provide the Government with more bang for the buck. The returns on investment will justify the investment .
The Central Board of Revenue is essentially a Bank, requiring the same Controls and Security Policies as a Commercial Bank.
The same applies to the Central Banks of South Asian Countries.
These issues could best be worked out through the cross- border Internet type organizations
similar to the Electronic Frontier Nation in the USA.
The most important issue that needs to be worked out is a collection of bodies that can constitute as the Trusted Third Parties which can issue the Certificates of Authority in order that PKI can be implemented .
For the Tax Departments and the Vehicle Tax departments, Excise tax , etc there exists a major need to strengthen the legal framework of these groups.
Ultimately all PKI & Internet security issues are directly related to the Legal System and Laws .There is an urgent need to put in place Security laws related to the issues of B2B Commerce and Transactions fraud and settlement of Business claims , etc .
Lawyers should be educated in Internet Security issues and Internet Commerce experts need to get into Legal & Policy issues surrounding PKI
It is imperative for Internet Commerce to grow in South Asia, that companies start to hold classes that explain to Professionals, Bankers , Businesses, students, bureaucrats why the issue of security in Internet Commerce is vital to the economic growth of South Asian countries.
TECHNOLOGY ISSUES IN SECURITY :
Professors Diffie & Hellman at Stanford university in 1976 invented the concept of Public Key Encryption. The idea of the previous historical problem of encryption was that if you lost the encryption key, security was compromised.
In the Diffie-Hellman model, there was a public key that was known to all ; the private keys were generated from the public key transformation using an algorithm whose mathematical property made it difficult to be deciphered. This was Asymmetric Cryptography.
Symmetric Cryptography on which the various German ENIGMA machines [ Navy , army , air force ] were based , got cracked because the enciphering and decrypting keys were the same. In this way Alan Turing and his mathematicians at Bletchley Park, Hut 9 in 1940 cracked the German codes. The Enigma was a machine looking like a double typewriter key board . The key that was pressed, fed into a series of 3 rotors that were transforming the input into encrypted output character .
RSA ,- Rivest, Shamir & Adelman were the inventors .
Some call it " Really Slow Algorithm" . It is about 10,000 times computer intensive as Symmetric Cryptography . RSA is based on the concept of Factoring [ breaking up into primes ] .
Factoring large Prime numbers takes exponential time. Therefore breaking the encryption is very difficult especially if it is changed every day.
Factoring a number means finding its prime factors. For example,
10 = 2*5
60 = 2*2*3*5
Some cryptographic algorithms rely on the difficulty of factoring large numbers.
Other encryption systems:
PGP, Pretty Good Privacy , developed by Phil Zimmerman at MIT uses 128-bit key encryption algorithm , based on RSA .
DES [ NIST – NSA ] Data Encryption standard 1985 .
SET – Secure Electronic Transactions Protocol - IBM solution.
The solution to slow RSA and Fast DES is to use DES to encrypt the message bulk , and RSA to distribute DES keys which are only 56- bits long.
SSL – Netscape’s Browser based Secure Sockets Layer Protocol – Client – Server Encryption.
IPsec- Internet Protocol security is essentially the same as PKI architecture – Cisco and most companies [ see below ] have IPsec solutions. It will become standard in networks in the future .
Because the Internet evolved as a open system security was not addressed rigorously.
Hardware Encryption Chips [ security Integrated Chips -IC ] companies .
This is the most secure option of generating Encryption Keys. Because encryption using the RSA - Public - Private key model requires processing power , hardware based encryption will become the standard. Browsers [ client machines] and Servers and Firewalls will all be embedded with these chips.
Two Market Segments – IPsec [ the same as PKI ] for Servers & SSL for clients.
Low speed IPsec<100 Mbps - Residential Gateway chips - Low speed IPsec<100 Mbps .Companies focused here are Broadcom, Cetilllium, Ishoni Networks, Texas Instruments & Virata . SafeNet has core –licensing Intellectual property and will benefit most.
"Cylink" devices are used by DOD, Citibank , US Postal service
Others are Hifn, Chrysalis-ITS, Motorola, Safenet, Securelink,
High Speed IPsec > I Giga bps.
"Hifn" is the first company in this space and dominates the market. Its chips from the HIPP family offer full duplex T3 and OC-3 speeds. Devices are slightly slower than Broadcom’s but extensive software suite simplify OEM’s design task.
Broadcom BCM 95840 contains a gigabit IPSec processor, public-key processor and a dual Ethernet transceiver.
"Corrent" offers 2 products. Packet Armor for Ipsec for OC-48 full duplex and OC-192 half duplex
Socket Armor for SSL stream encryption engine for OC-3.
The Market consolidation will accommodate two to three major players as embedded security functionality will become a must-have for every major semi-conductor vendor .
SSL accelerator chips:
Less pressured than the IPsec market. This is a standalone coprocessor opportunity for the next 5 years. Most PC’s will come fitted with these in the future .
Digital signatures :
Asymmetric (or public key) cryptography involves two related keys, one of which only the owner knows (the 'private key') and the other which anyone can know (the 'public key'). The advantages this technology has provided are that only one party needs to know the private key; and that knowledge of the public key by a third party does not compromise security.
A digital signature is a 'message digest' (created by processing the message contents using a special algorithm) encrypted using the sender's private key. The recipient can, by re-creating the message digest from the message that they receive, using the sender's public key to decrypt the digital signature, and comparing the two results, satisfy themselves not only that the contents of the message received must be the same as that which was sent (data integrity), but also that the message can only have been sent by the purported sender (sender authentication), and that the sender cannot credibly deny that they sent it (non-repudiation).
Digital signatures are subject to a form of 'spoofing' by creation of a bogus public key that purports to be that of a particular person, but is not. In order to address that risk, 'certification authorities' (CAs) are envisaged, that will certify that a public key is that of a particular person.
Copyright © 2000 - 2001 [the-south-asian.com]. Intellectual Property. All rights reserved.