Biomedical Engineering Reference
In-Depth Information
PKE allows two sequencing laboratories—in
Figure 3-12
, one in a biotech firm in San Francisco (left)
and one in a research facility in Cambridge (right)—to securely exchange data. Assuming a
researcher in San Francisco wants to send a message to the lab in Cambridge, he first acquires the
public key (26) of the facility in Cambridge and, using his private key, generates a session key (2).
That is, the private key for the lab in San Francisco is 8, the lab's public key is 16, and the key for
this particular session with the lab in Cambridge is 2. A subsequent communication with the lab in
Cambridge might use a session key of 4, 7, or some other random number. Similarly, the private key
for the lab in Cambridge is 6 and the public key is 26. The session key is 2, identical to the session
key used by the lab in San Francisco.
To decrypt a message from the lab in San Francisco, the lab in Cambridge uses its private key (6)
and the public key (16) from the lab in San Francisco to generate a session key (2) that is identical to
the key used by lab in San Francisco to encrypt the message. Note that only their respective owners
know the value of the private keys and that the public keys are generally available. The session key
is a function of the other lab's public key. For clarity, not shown is the public key infrastructure,
which provides authentication of the public and private keys.
A more secure symmetrical encryption approach, and one used by most governments and
corporations to send secure communications over networks, is to use a multi-digit key. The greater
the key length, the more difficult and time-consuming it is to crack. The goal is to create a key that is
long enough to either deter someone from attempting to hack the code, or one that requires so much
computer time to decrypt that the encrypted message is of no value by that time.
Process
More important than the specific encryption algorithm or user-authentication technology used is the
process of implementing a security strategy. For example, the best firewall, proxy server, and user-
authentication system is valueless if a researcher has a habit of losing his secure ID card. Similarly, a
wireless hub capable of supporting the latest security standards is vulnerable to attack if the person
who configures the hub doesn't take the time to enable the security features. Similarly, a researcher
who leaves her username and passwords on a Post-It Note stuck to her monitor provides a security
hole for everyone from the janitorial staff to a visitor who happens to walk past her office.
