NCJ Number
              114157
          Journal
  Security Management Volume: 32 Issue: 10 Dated: (October 1988) Pages: 39-43
Date Published
  1988
Length
              5 pages
          Annotation
              A properly constructed cryptographic security system can provide effective protection against computer-related crimes.
          Abstract
              Encryption converts data to an unintelligible form, a cipher. Encryption and decryption usually are accomplished by means of a mathematical algorithm controlled by a key. Ciphers may be symmetric or asymetric, using the same or different keys for the encryption and decryption processes. A technique called message authentication ensures that data cannot be altered without detection through the use of a cryptographic check sum appended to the end of each message or data record. Message authentication also requires a secret key. In addition, cryptographic systems use a dynamic password for user or terminal identification. Before gaining access, the user must respond correctly to a noncompetitive challenge while using a unique secret key and a personal identification number.  Because the protection afforded by encryptographic security systems is no greater that the protection given to the keys controlling the process, special key management procedures are required. Keys must be randomly and unpredictably generated, a strict key hierarchy should be observed, keys should be stored securely, procedures are needed for key distribution and deletion, and keys should be changed regularly. Ideally, the security system should be developed with the computer system, and the relative advantages of hardware or software implementation of the encryption algorithm, in-line or peripheral implementation, and the various key management schemes should be considered.
          