Background Study
Encryption is critical in ensuring that virtual security for users and administrators is ensured. In a retail store of the case study model, client information integrity is paramount. With a client base of 5,000 subscribers and downloads of confidential monthly payments, the need for a secure and high-level security level cryptography is paramount. In this paper, a report of the necessity encryption methods adoption by the electronic store is presented. Also, the paper offers the solution of the public key encryption supported by illustrative diagrams for the negotiation stage. As the chief of information technology at the electronics store, the option of a public key encryption is recommended as the best option to ensure the security of the store’s client subscription system.
Importance of Encryption
Encrypting data is advisable, especially when dealing with vast client information (Chatterjee & Sarkar, 2011). This protection and security approach is essential where financials and payment data is involved. For example, the store deals in client subscription data whereby they download payment statements from the company’s website. The information could be used by malicious fraudsters to steal credit card information and access clients’ bank accounts (virtual or physical). Digital piracy is also another risk that could face the electronic store; hence, the need to ensure the system security and intellectual property privacy.
Subscriber’s Safety and Comfort
The subscribers feel safe and comfortable using the store’s online services cementing the market share and customer loyalty. In the process, high-value revenue returns are achieved. For this, a broad selection of several encryption approaches, systems and designs exist for such purposes. For the electronic store with 5,000 subscribers, the type of encryption that would be most appropriate would be of industrial strength level. The algorithm must secure the users’ privacy, but still simple enough for ease of application and clients’ usability.
User Encryption Cipher
(Fischlin, Buchmann & Manulis, 2012).
The encryption method that the store would use follows the fundamental idea of information exchange privacy. Commonly known as ‘Alice’ and ‘Bob’ cipher notion, in this cipher, there are secure connections maintained by the key in the website, browser, and the users. In practice, it follows that if ‘Alice’ does send ‘Bob’ an encrypted file, ‘Bob’ has no option to use any other cipher other than that used by ‘Alice'. Consequently, ‘Bob’ will use the same cipher as ‘Alice’ to successfully decrypt the message. If and when ‘Bob’ uses another cipher to reply, ‘Alice’ will not be able to decrypt the message; hence, no decoding of intended communication.
Reliability of Business Systems Assurance
Having such a strong and reliable encryption system ensures reliable user and web systems interaction. The store can therefore, be assured that their subscription user system will be secured and safe, if the cipher encryption model is used appropriately. If the key is maintained a secret or shared only amongst the authorized staff of the store, the algorithm can be made public with no risks whatsoever (Martin, 2008).
The public key cryptography would be best suited for the store to be used by the administrators and subscribers. In the model, a pair of shared keys can be used with the public key being open to sharing with other people. In the case of the store, the administrators of the store’s websites, applications and systems can maintain the private key, but share the corresponding key to subscribers. The administrators, in this case, will be ‘Alice’ the message originator, and subscribers will be ‘Bob’. Each subscriber can be given their private key, which ensures exclusivity in statements downloads; hence, assured security. Anyone can be provided with the public encryption key, which they can use to encrypt and use messages.
Clients’ Exclusive Access Advantage
The clients of the store with subscriptions will however, maintain the exclusivity of accessing and reading the messages regarding their financial status, payments, credit balances and other financial related data. Potential lawsuit cases against privacy infringement are therefore avoided saving the business millions in damages reparations. It would be very difficult for any hacker to be able to access this information, unless the owner gives them the encryption key. In that case, the clients of the business will be protected from any data leak via malicious network attacks such as phishing, DOS or malware.
What is noteworthy, however, is that the encryption is not a safeguard against interception by these means. The network attacks might prevail, but the content of the intercepted message will not be accessible to the interceptor. The encryption, therefore, renders the interception of messages and network attacks attempts unusable. For example, the interceptor might successfully intercept and download statements report belonging to the store. However, the interceptor will not be able to decipher the data content of the report download without the private key held by the authorized user. In such a case, the content might appear in an unreadable code format. The reason is that the original plain text, which would have been easily readable by an interceptor, has been encrypted using an algorithm. The encryption key is usually pseudo random, which aids in the technical part of the generation.
Another vital thing about the encryption is that, although it is theoretically possible to decrypt it without a key, the logistics are very complex. In practice, one would require heavy resources and a lot of computational resources to achieve decryption. The level of skills, resources, and computational logistics, in the end, might outweigh the value of the targeted decryption content. Finally, the business gets repeat customer’s orders and protects its brand’s reputation as a secure and data-integrity friendly entity.
References
Chatterjee, S., & Sarkar, P. (2011). Identity-based encryption. New York: Springer.
Fischlin, M., Buchmann, J., & Manulis, M. (2012). Public key cryptography-- PKC 2012. Berlin: Springer.
Martin, L. (2008). Introduction to identity-based encryption. Boston: Artech House.
