2013
A presentation submitted at
The Privatization & Liberalization of Services Versus Integration Best practices Conference and Launching CIEL Website www.ciel.com.lb
By: Dr Salah A. Rustum
President
CIEL Lebanon &
Information Technology &
Internet Association - Lebanon.
Ever since the Phoenicians invented the Alphabet and people started communicating with each other – the confidentiality of the message was always given a priority and the carrier was always selected from a Trustworthy Group and or a surrounding.
Nowadays 3000 years later, with the Internet communication escalating so rapidly and exponentially, the confidentiality of the message is still being given priority and the Carrier is still being sought from a Trustworthy Provider particularly that the Internet is an open platform to all its users.
Trust, however has remained a desired common factor for all those who are communicating and or trading electronically. Yet without TRUST business can not reap the Internet’s colossal efficiencies and consequently can not create new markets and explore other attractive possibilities around the globe.
Trust is in fact central to any commercial transaction, and trading partners do not only require confidentiality of their communication, but entail that it was well received unaltered and can not and may not be refuted.
This Trust prerequisite has become the key factor to our technology, and it is well demonstrated by the very shy attitude of many of the officials round the World in adopting and enhancing Internet activities regardless of its venue. Partly due to the fear that the Internet as such is unprotected, and in some other aspects, it is the fear to change, but in most cases, it is the prevailing ignorance that haunts free souls and eager societies from learning and deprives them from every advancement.
Yet, Trust has not failed in any way or the other. It has actually built bridges amongst different people, cultivated minds of youngsters, put arms at rest and created a sense of responsibility towards each other.
Trust on the Net is our objective today because the Internet has become our second nature, and because one of the Internet’s offshoots the e-commerce stands to be the most important change in the business world in the last 100 years, indelibly making the shift from an industrialized to a knowledge based society, and because we want to excel and catch-up with the leading technologies and become an integral part of this developed World, we should take the following objectives into consideration as the promise of success brought by e-commerce is fast growing.
- Stay on top of the competition; the Internet pipeline is so fast, its mind–boggling.
- Seize the moment, and do not wait any longer to start your web projects, as the web requires immediate action.
- Over build for traffic you do not expect.
- Make sure that your site sustains your advertising strategy in terms of your reach and frequency objectives, and that it is synch within the context of your overall business strategy.
- Make sure that your site is as secure as possible and that it meets your clients’ expectations and make them feel at ease.
- Compensate your clients for using your self-service web facilities by issuing them with electronic signature certificates for identification, authentication, non-repudiation and confidentiality objectives.
- Assist your clients and show them how they can take advantage of your new facilities.
- If you are considering selling on the web, make sure you have a good marketing plan to promote your site.
However, Trust on the Net has taken a different approach to resolve this outstanding issue and it is practically contained in User Authentication where proof of identity has become an essential component of any security system. It is the only way to differentiate authorized users from intruders. User authentication to the network is a necessity for any enterprise that seeks protection to its information assets and knowing who has access to its network.
This leads us to Digital Certificates. One of the earliest uses of digital certificate technology was Privacy Enhanced Mail, the predecessor to S/MIME [Secure Multiple Internet Mail Extensions], a widely used specification that brought a higher level of security to e-mail through encryption and digital signature-based authentication. Since its introduction, the use of digital certificates referred to also as the Electronic Signature
has continued to grow steadily and is considered now the spine of the Electronic Communications.
Digital Certificates are essential components of a public key infrastructure [PKI], which can be generally defined as a security system that consists of protocols, services and standards that support applications of public key cryptography.
Public Key Cryptography is used to validate messages that have been digitally signed. Such messages can be simple e-mail or part of a protocol for establishing a secure communications session. The Sender of the message is to be authenticated digitally signs the message using a private key. The signature can be validated using the sender’s corresponding public key, which is automatically sent along with the message or retrieved, from a certificate repository.
The association between the sender’s identity and the sender’s public key can be authenticated through a digital certificate issued by a Trusted Certification Authority (CA). The CA certificate is issued in advance to all parties and as the sender’s public key has been validated, it can be used to authenticate the digital signature of the message itself. And in view of the fact that the Certification Authority certificate is already available to both the sender and receiver, this method can be used to authenticate messages in either direction without reference to the Certification Authority.
Lastly, the issue of the confidentiality factor on the Net has been resolved and well protected by encrypting the electronic message or document. In fact encryption is used to protect against eavesdropping. It actually renders information private by making it unreadable to all except those who have the key required to decrypt the data. It does not matter whether an intruder or a hacker intercepts the document over the Internet; the data contained therein still can not be read. This technology can be used throughout the enterprise network, including within the enterprise [intranet] between enterprises [extranet] or over the public Internet to carry private data in a virtual private network [VPN].
The degree of protection afforded by encryption depends upon the strength of the encryption algorithm which in turn defined by the key size commencing with a 40 bits key increasing to 168 3DES – triple data encryption standard system and nowadays it has reached a 2048 bits.
A recent brute-force attack was able to try 245 billion keys per second resulting in breaking a 56 bits key in 81 hours. However, with a 112-bit key and the ability to try
245 billion keys per second, it would take an average of 336 trillion years to discover the key.
For a fact, the Boston Globe & others made a recent study that indicated explicitly that businesses that do not use the Internet for daily communication will suffer in the market place within the next 3-5 years at the latest. In fact business representatives can meet a trading partner on the Internet, create instant trust in each other’s identity and then initiate a business transaction dramatically streamlining their business processes. The trading partners have eliminated considerable transaction costs and off-loaded the complexity of forming traditional business trust relationships. This bodes well for prosperity among businesses whether locally or around the Globe.
In conclusion, it is urged and recommended that every effort should not be spared to go on the Internet and reap its colossal efficiencies in an effort to transform our enterprises into paperless organizations and reduce over heads by a good 20-30%. Make benefit of what the Electronic Signature offers the User. Confidentiality, Integrity, Authentication and Non-Repudiation has created Trust on the Net, and consequently amongst trading partners and individuals. The Electronic Digital Signature is an emerging standard that is enabling the Internet to become a main stream business tool and toppling Internet trading barriers – the attributes interoperability, global scope, simplicity and high trust constitute a tremendous economic engine.
Go for it now, use the Internet and transform your organizations. With this accomplished we would have set the wheels in motion to accompany Technology in its journey towards the future.
Beirut, August 14th, 2013
All Rights Reserved
| Your Name : * | |
| Your Email : * | |
| Friend's Email : * | |
| Friend's Email : (2)* | |
| Friend's Email : (3)* | |
| Message : | |
