Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Information security
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Cryptography == {{Main|Cryptography}} Information security uses [[cryptography]] to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called [[encryption]].<ref>{{Citation|last=Easttom|first=William|title=Elliptic Curve Cryptography|url=http://dx.doi.org/10.1007/978-3-030-63115-4_11|work=Modern Cryptography|year=2021|pages=245β256|place=Cham|publisher=Springer International Publishing|doi=10.1007/978-3-030-63115-4_11|isbn=978-3-030-63114-7|s2cid=234106555|access-date=2021-06-01}}</ref> Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user who possesses the [[Key (cryptography)|cryptographic key]], through the process of decryption.<ref>{{Cite thesis|date=2014-03-01|title=From Someone Who Has Been There: Information Seeking in Mentoring|url=http://dx.doi.org/10.9776/14322|journal=IConference 2014 Proceedings|publisher=iSchools|doi=10.9776/14322|hdl=1903/14292|isbn=978-0-9884900-1-7|last1=Follman|first1=Rebecca|type=Thesis|hdl-access=free}}</ref> Cryptography is used in information security to protect information from unauthorized or accidental disclosure while the [[information]] is in transit (either electronically or physically) and while information is in storage.<ref name="AndressTheBasics14" /> Cryptography provides information security with other useful applications as well, including improved authentication methods, message digests, digital signatures, [[non-repudiation]], and encrypted network communications.<ref>{{Citation|last=Weiss|first=Jason|title=Message Digests, Message Authentication Codes, and Digital Signatures|date=2004|url=http://dx.doi.org/10.1016/b978-012742751-5/50012-8|work=Java Cryptography Extensions|pages=101β118|publisher=Elsevier|doi=10.1016/b978-012742751-5/50012-8|isbn=978-0-12-742751-5|access-date=2021-06-05}}</ref> Older, less secure applications such as [[Telnet]] and [[File Transfer Protocol]] (FTP) are slowly being replaced with more secure applications such as [[Secure Shell]] (SSH) that use encrypted network communications.<ref name=URK_1>{{cite web| title=Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol| author=Bider, D.| url=https://www.rfc-editor.org/rfc/pdfrfc/rfc8332.txt.pdf| publisher=The RFC Series| date=March 2018| access-date=30 November 2023| doi=10.17487/RFC8332}}</ref> Wireless communications can be encrypted using protocols such as [[Wi-Fi Protected Access|WPA/WPA2]] or the older (and less secure) [[Wired Equivalent Privacy|WEP]]. Wired communications (such as [[ITU-T|ITUβT]] [[G.hn]]) are secured using [[Advanced Encryption Standard|AES]] for encryption and [[X.1035]] for authentication and key exchange.<ref>{{Cite book|last1=Noh|first1=Jaewon|last2=Kim|first2=Jeehyeong|last3=Kwon|first3=Giwon|last4=Cho|first4=Sunghyun|title=2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia) |chapter=Secure key exchange scheme for WPA/WPA2-PSK using public key cryptography |date=October 2016|chapter-url=http://dx.doi.org/10.1109/icce-asia.2016.7804782|pages=1β4|publisher=IEEE|doi=10.1109/icce-asia.2016.7804782|isbn=978-1-5090-2743-9|s2cid=10595698}}</ref> Software applications such as [[GnuPG]] or [[Pretty Good Privacy|PGP]] can be used to encrypt data files and email.<ref>{{Cite journal|last=Van Buren|first=Roy F.|date=May 1990|title=How you can use the data encryption standard to encrypt your files and data bases|url=http://dx.doi.org/10.1145/101126.101130|journal=ACM SIGSAC Review|volume=8|issue=2|pages=33β39|doi=10.1145/101126.101130|issn=0277-920X}}</ref> Cryptography can introduce security problems when it is not implemented correctly.<ref>{{Citation|last=Bonneau|first=Joseph|title=Why Buy when You Can Rent? |date=2016|url=http://dx.doi.org/10.1007/978-3-662-53357-4_2|work=Financial Cryptography and Data Security|series=Lecture Notes in Computer Science|volume=9604|pages=19β26|place=Berlin, Heidelberg|publisher=Springer Berlin Heidelberg|doi=10.1007/978-3-662-53357-4_2|isbn=978-3-662-53356-7|s2cid=18122687 |access-date=2021-06-05}}</ref> Cryptographic solutions need to be implemented using industry-accepted solutions that have undergone rigorous peer review by independent experts in cryptography.<ref>{{Citation|last1=Coleman|first1=Heather|title=What GIS Experts and Policy Professionals Need to Know about Using Marxan in Multiobjective Planning Processes|date=2015-08-01|url=http://dx.doi.org/10.17128/9781589483651_2|work=Ocean Solutions, Earth Solutions|publisher=Esri Press|isbn=978-1-58948-365-1|access-date=2021-06-05|last2=Andron|first2=Jeff|doi=10.17128/9781589483651_2}}</ref> The [[Key size|length and strength]] of the encryption key is also an important consideration.<ref name="Key Encryption Key">{{Citation|chapter=Key Encryption Key|doi=10.1007/0-387-23483-7_220 |title=Encyclopedia of Cryptography and Security |date=2005 |last1=Landrock |first1=Peter |pages=326β327 |isbn=978-0-387-23473-1 }}</ref> A key that is [[Weak key|weak]] or too short will produce [[weak encryption]].<ref name="Key Encryption Key"/> The keys used for encryption and decryption must be protected with the same degree of rigor as any other confidential information.<ref>{{Citation|last1=Giri|first1=Debasis|date=2010|url=http://dx.doi.org/10.1007/978-3-642-13365-7_9|pages=86β96|place=Berlin, Heidelberg|publisher=Springer Berlin Heidelberg|isbn=978-3-642-13364-0|access-date=2021-06-05|last2=Barua|first2=Prithayan|last3=Srivastava|first3=P. D.|last4=Jana|first4=Biswapati|title=Information Security and Assurance |chapter=A Cryptosystem for Encryption and Decryption of Long Confidential Messages |series=Communications in Computer and Information Science |volume=76|doi=10.1007/978-3-642-13365-7_9|bibcode=2010isa..conf...86G}}</ref> They must be protected from unauthorized disclosure and destruction, and they must be available when needed.{{Citation needed| reason=link no longer works|date=November 2023}} [[Public key infrastructure]] (PKI) solutions address many of the problems that surround [[key management]].<ref name="AndressTheBasics14" />
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Information security
(section)
Add topic
