CHAPTER 7 Encryption Controls

Overview

Encryption is one of the core operational technologies used in information security. In its essential form, it helps provide confidentiality of information. Through innovative application, encryption can also confirm the integrity of information and the identity of the sender. Every commercial transaction performed over the Internet uses encryption to maintain information security. Encryption ensures that financial information such as credit card numbers sent over the Internet are not stolen during transit. In many cases, encryption is not only appropriate but also required by federal law. Encryption is therefore an essential part of the modern commercial infrastructure. In this chapter, we introduce the fundamentals of encryption technologies. We also discuss the operational challenges in implementing encryption and solutions that have been developed to address these challenges. At the end of this chapter, you should know:

• The three types of encryption commonly used and their most appropriate uses
• The standard, practical implementation of encryption technologies used in information exchange
• The alternate use of encryption technologies to verify identities in the form of certificates
• The infrastructure (PKI) that has been developed to make encryption convenient and practical

Introduction

What do we expect when we send information over the Internet? We certainly want the information to reach the receiver.¹ However, is that enough? What if ...