Encryption

Encryption serves as a preventive control to safeguard confidentiality and privacy for data during transmission and storage. Encryption transforms plaintext into an unreadable format (ciphertext) using an algorithm and a key. The recipient can decrypt this data using a corresponding key, restoring it to its original form. Key elements of encryption include:

• Key Length: Longer keys provide stronger encryption. A minimum of 128-bit encryption is recommended for sensitive data.

• Encryption Algorithms: Effective encryption requires robust algorithms.

• Key Management: Secure management of encryption keys is essential to prevent unauthorized access.

Types of Encryption

• Symmetric-Key Encryption: Both sender and receiver use the same key to encrypt and decrypt messages. While this method is fast and suitable for large datasets, it faces challenges in secure key distribution and management due to the shared key requirement.

• Asymmetric-Key Encryption: This method uses a public and private key pair. Each user has a public key for encryption and a private key for decryption, eliminating the need for both parties to have the same key, which simplifies key distribution and enhances security. Asymmetric encryption is slower and better suited for smaller data exchanges but is valuable for secure communication of session keys in e-business settings​​.

Authentication

Authentication is the process of verifying the identity of a user, device, or system, ensuring data originates from a legitimate source. Authentication is particularly vital in e-business to prevent repudiation (denying the authenticity of a transaction). In practice, asymmetric-key encryption is often used for authentication in electronic transactions:

• Challenge-Response Authentication: To authenticate a receiver (e.g., User B), the sender (User A) sends a challenge message encrypted with User B’s private key. If User A can decrypt the message using User B’s public key, it verifies that User B is authentic.

Hybrid Approach for E-Business

For e-business, firms often use a combination of both encryption types:

• Mutual Authentication: The asymmetric-key method is used initially for mutual authentication between sender and receiver.

• Session Key Generation: A symmetric key (session key) is generated for each session, as it allows faster data transmission.

• Session Key Transmission: The session key is securely transmitted using asymmetric-key encryption, enhancing both security and performance in ongoing data transmission​​.

Digital Signatures

A digital signature further secures electronic transactions by ensuring data integrity and authenticating the document’s creator. This process includes hashing (generating a message digest) and encrypting the digest with the sender’s private key, enabling the receiver to verify the integrity and authenticity of the message​​.