Information Technology Reference
In-Depth Information
From a theoretical computer science perspective, encryption belongs
to the NP-Complete class of problems, which basically means that one
can potentially decrypt a string in “polynomial-time” by guessing an
answer. If one tried to use the brute-force guessing logic (trying all
permutations of guesses), it would probably take hundreds of years on
the fastest machines available today. But then, the corollary is also true,
that we may break it in the first few attempts if we used a combination
of guesses and a “smart” algorithm based on pruning options in a Breadth
First or Depth First approach. Although this means that there is no
guarantee to security through encryption, it does add a certain confidence
level and comfort feeling within us.
Encryption is a vast topic and we would not like to enter into the
technical details. Still, it keeps rearing its head in business environments
where a demand is often made that “all sensitive data be encrypted.” This
meets with understandable resistance because many technologies cannot
handle it well, especially on-the-fly. There is also a price to pay in terms
of performance and computing resources.
Simon Singh has given a very good history of Encryp-
tion and Cryptography in
. He mentions
that before encryption, there was steganography,
where it was enough to hide the message itself. The
process used was cumbersome and not very effective.
“To convey his instructions securely, Histaiaeus shaved
the head of his messenger, wrote the message on his
scalp, and then waited for the hair to regrow. This was
clearly a period of history that tolerated a certain lack
The Code Book
of urgency.”
Access Control
This deals with checking access privilege (needed or not), allowing just
enough privilege to data to accomplish a task (need to know basis), and
verifying if the action performed on the data is limited and permissible.
In fact, access control algorithms can be made sufficiently intelligent to
learn the access patterns of various users, and go beyond the static
parameters. Whenever any activity outside the norm occurs, access can
be granted but the activity can be logged for future verification.
 
Search WWH ::




Custom Search