The remarkable growth of the Internet has thrilled businesses and consumers alike with its promise of changing the way we live and work. It’s easy to buy and sell goods all over the world from a desktop, laptop or mobile device. But privacy and security are major concerns on the Internet, especially when you’re using it to send sensitive information between parties.
There’s a whole lot of information that we don’t want other people to see, such as:
- Credit-card information
- Social Security numbers
- Private correspondence
- Personal details
- Sensitive company information
- Bank-account information
Information security is provided on computers and over the Internet by a variety of methods. But the most popular forms of security all rely on encryption, the process of encoding information in such a way that only the person (or computer) with the key can decode it.
The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally.
Concerns about security and the relatively slow operation of DES in software motivated researchers to propose a variety of alternative block cipher designs, which started to appear in the late 1980s and early 1990s.
The Rijndael encryption algorithm was adopted by the US Government as standard symmetric-key encryption, or Advanced Encryption Standard (AES). AES was announced by National Institute of Standards and Technology (NIST) on November 26, 2001 after a 5-year standardization process.
Many encryption algorithms exist but the two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so.
How Encryption Secures Communication on the Web
For many years, the SSL (Secure Sockets Layer) protocol has been securing web transactions using encryption between your web browser and a web server, protecting you from anybody that might be snooping on the network in the middle.
Here’s a simple explanation of the process:
- It begins when the browser requests a secure page (usually https://)
- The web server then sends its public key with its certificate.
- The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid, and that the certificate is related to the site contacted.
- The browser then uses the public key to encrypt a random symmetric encryption key, and sends it to the server with the encrypted URL required. as well as other encrypted http data.
- The web server decrypts the symmetric encryption key using its private key, and uses the browser’s symmetric key to decrypt its URL and http data.
- The web server sends back the requested html document and http data encrypted with the browser’s symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.
Security and privacy will always be a concern for those of us who utilize the Internet, because there will always be a battle between developers who are engaged in improving security and privacy, and hackers who are seeking to undermine it.
Is cyber security a concern for your business? Then give us a call today to schedule some time with one of our security experts.