PUBLIC KEY ENCRYPTION ANDDATA SAFETY IN THE INFORMATION AGE

By Nancy Larson and Your Name

The Information Age

The current era in history has been dubbed “The Information Age.” Sharing information quickly and electronically is the starting point of this moniker. An ever increasing amount of information is available wirelessly through computer systems. Books are stored on Google’s servers. Wikipedia allows everyone who registers to update the information. Educational institutions post research and grades online. Corporations and organizations advertise on websites to advertise and inform. Medical groups maintain records electronically. Access to information is critical for our progress. Restricting access on a “need to know” basis is also critical.

The History of the Internet

What is now referred to as “the Internet” began as a defense department project to ensure continuous communication for the military in the event of a nuclear war. The contract to construct the network was awarded in 1968 and the network was physically constructed in 1969 with only four hosts.[1] This network could not yet be called a public source.

Throughout the next twenty years the network grew in range and was increased in speed. In 1981 the National Science Foundation developed CSNET to allow research institutions to communicate through 50 Kbps lines. The system of naming domains was established by the University of Wisconsin and the TCP/IP protocols were put in place in 1983. By the mid-80s, the demand for service on the network increased and T-1 lines were implemented. Demand continued to increase and the development of the next generation of lines (to be called T-3 lines) began immediately. These lines (at 45 Mbps) were available by 1990. Through the 1980s and 90s, the internet transitioned from a military and research communication tool to a public communication tool.[2]

By the mid-1990s, companies were finding ways to market through the internet. Microsoft’s Windows 98 provided a source of standardized internet access to a large number of consumers, both business and individuals. Other software companies followed suit. E-commerce was going strong, led by companies such as Amazon. The former military network was now used by a majority of the public in the United States.[3] E-commerce brought the need for sharing private information securely from a public site. Payment was usually made by credit card, so the number must be sent through the internet. The use of electronic records, accessible from multiple locations, has required a secure system which can transfer larger packets of information securely. These records are used in many fields, including education, banking and medicine. How are these records protected?

Protecting Data

Transferring data is possible because computers handle all information numerically. The letters of the alphabet are matched to numbers in a code referred to as ASCII.(See the table in Appendix A.) Each letter and number symbol is represented by a number. The computer does not use “E”. It uses 069. For “e” the computer uses 101. The complete table is in the appendix. Since all data is represented by numbers, performing calculations on the numbers hides the data. The technique that is most commonly used for this is called public key encryption.

Founders of Public Key Encryption

A trio of mathematical researchers proposed an asymmetric cypher in mathematical literature in 1976.[4] These researchers were WhitfieldDiffie, MartinHellman, and RalphMerkle and the asymmetrical cypher became known as public key encryption. The paper published at that time provided a means of encryption, but the cypher to the encryption (the means to return the coded data to the original) would have to be transferred to the recipient of the communication. The transfer of the information that would break a code was a weak point in the encryption technique. Intercepting the cypher would allow the breaking of the code. But the paper published by Diffie, Hellman and Merkle proposed that an asymmetric function would solve this problem. There was only one drawback; no one knew of an asymmetrical function.

A group of researchers for MIT, that were located in East Africa, were determined to make the asymmetric function a reality. RonaldRivest, AdiShamir, and LeonardAdleman tried ideas and discarded them for over a year. LeonardAdleman was the mathematician of the group. Rivest and Shamir were creative thinkers. They made a good team. Rivest and Shamir proposed ideas. Adleman found the fallacy in their proposals. Little time was wasted on ideas that would not work. In April 1977 Rivest proposed a solution that Adleman could not refute. [5]

In August, 1977, MartinGardner announced RSA public key encryption in the Games column of Scientific American. (Gardner) The underlying premise of public key encryption is that the person receiving the information will choose two large prime numbers. (Prime numbers are those that can be evenly divided only be itself and one.) These two prime numbers are the private key. The product of these two primes, resulting from multiplication of the two prime numbers, is the public key. [6]

Data Safety

Are credit card numbers safe with a basic set of calculations like this? Are medical records secure? All the hacker would have to do is find one prime number that is a factor of the public key, and the second number will reveal itself, too. Luckily, it isn’t as easy as that. Martin Gardner, in the article that first announced public key encryption, challenged his readers to decode a cyphertext using a public key of 129 digits that he printed in the article.[7] Eighteen years later a group of 600 volunteers was able to break the encryption by factoring the public key. The group split the job into parts and used the computers and supercomputers in a parallel effort to succeed. One other point must be considered. The public key in this example was 129 digits. Many are 300 digits in length, vastly complicating the factoring. (Singh) Public key encryption makes other forms of hacking more appealing than breaking the key for encryption.

Locating the Public Key

Everyone who has purchased products online has used public key encryption. The computer user doesn’t need to enter the number. The public key is sent to the computer sending information by the computer that will receive the information. For the user it is invisible. The visible signals that encryption is in place are a padlock at the bottom left of the browser window and/or a web address that starts indicating a secure site.

The public key can be regenerated as often as it is needed. How often that occurs is determined by a company’s security protocols. Based on prime numbers, the encryption has a large number of possibilities. The number of prime numbers is at this time limited, but the total number of prime numbers has been proven to be infinite. If, or when, a better method of finding prime numbers is developed, the flexibility of public key encryption will increase.

Usernames and Passwords

Internal company websites, intranets, and emails often require a specific login, usually requiring a unique username and password for each individual. These websites will also use public key encryption when these passwords are transmitted. The double layer of encryption provides more security for the protection of proprietary information, personnel information and other information that the corporation wishes to protect. These types of security measures are also used for controlling access to medical and school records.

The choice of password also influences the level of security. Some corporations are now requiring sixteen characters in the passwords with upper and lower case letters and numbers included in every password. Some security software will check the password for recognizable words, names and phrases. These weaken the password and are rejected by the security software. Randomly generated passwords are harder to break. However, passwords that are randomly generated are usually more difficult to remember. When the password is hard to remember, people are inclined to write it down, or save it on their computer. This reduces security. Choosing the length and security of passwords is a balancing act.

The Future of Security

The security issue will need to be constantly updated as the criminals become more adept at decoding or stealing the information to break current security measures. Public key encryption will be a strong part of network security for a long time in the future. The ability to access data from multiple locations provides more accurate medical records for the benefit of both doctors and patients, provides parents and students the opportunity to monitor grades throughout the school year and provides online banking and financial services at any hour of the day. This is the expected standard in the twenty-first century.

Appendix A

Table 1: ASCII Codes

Sample ASCII codes
ASCII value / Character / ASCII value / Character / ASCII value / Character
048 / 0 / 075 / K / 102 / f
049 / 1 / 076 / L / 103 / g
050 / 2 / 077 / M / 104 / h
051 / 3 / 078 / N / 105 / i
052 / 4 / 079 / O / 106 / j
053 / 5 / 080 / P / 107 / k
054 / 6 / 081 / Q / 108 / l
055 / 7 / 082 / R / 109 / m
056 / 8 / 083 / S / 110 / n
057 / 9 / 084 / T / 111 / o
058 / : / 085 / U / 112 / p
059 / ; / 086 / V / 113 / q
060 / 087 / W / 114 / r
061 / = / 088 / X / 115 / s
062 / 089 / Y / 116 / t
063 / ? / 090 / Z / 117 / u
064 / @ / 091 / [ / 118 / v
065 / A / 092 / \ / 119 / w
066 / B / 093 / ] / 120 / x
067 / C / 094 / ^ / 121 / y
068 / D / 095 / _ / 122 / z
069 / E / 096
070 / F / 097 / a
071 / G / 098 / b
072 / H / 099 / c
073 / I / 100 / d
074 / J / 101 / e
Prime Numbers
2 / 3 / 5 / 7 / 11
13 / 17 / 19 / 23 / 29
31 / 37 / 41 / 43 / 47
53 / 59 / 61 / 67 / 71
73 / 79 / 83 / 89 / 97
101 / 103 / 107 / 109 / 113
127 / 131 / 137 / 139 / 149
151 / 157 / 163 / 167 / 173
179 / 181 / 191 / 193 / 197
199 / 211 / 223 / 227 / 229
233 / 239 / 241 / 251 / 257
263 / 269 / 271 / 277 / 281
283 / 293 / 307 / 311 / 313
317 / 331 / 337 / 347 / 349
353 / 359 / 367 / 373 / 379
383 / 389 / 397 / 401 / 409
419 / 421 / 431 / 433 / 439
443 / 449 / 457 / 461 / 463
467 / 479 / 487 / 491 / 499
503 / 509 / 521 / 523 / 541

[1] History of the Internet2010. 27 March 2010. <

[2]Zakon, Robert. Hobbes' Internet Timeline. 1 January 2010. 25 March 2011 <

[3]Howe, Walt. A Brief History of the Internet. March 24, 2010. Retrieved March 27, 2011.<

[4]Singh, Simon. The Code Book. New York: Random House, 1999.

[5]Singh, Simon. The Code Book. New York: Random House, 1999.

[6] Singh.

[7]Gardner, Martin. "A new kind of cypher that would take millions of years to break." Scientific America August 1977: 120-124.