Factors to consider in creating algorithms

Factors to consider in creating algorithms

Encryption and Authentication are two things that are essential for Information Security. Any security mechanism is based upon a certain algorithm. However, some of these algorithms are vulnerable to certain attacks and can be broken easily by knowledgeable crackers. Fortunately, with the aid of newer technologies and a strong logical sense, one can devise a new algorithm that can withstand security attacks and provide a more secure alternative.

Nature of Data. In creating algorithms, one should first consider what kind of data are you protecting, if it is just securing a small and less private data, some of the existing algorithms can be used, but if you are protecting a bigger, more sensitive and confidential data, newer and proof-based algorithms must be used.

Key. This helps a person or computer figure out the one possibility on a given algorithm. The type of key to be used is also essential in generating algorithms. One must consider the key size - it pertains to the length of the key to be used. A larger key size means better security but at a cost of reduced performance. A smaller key, on the other hand is easier to figure out.  One must also consider the variability of the key. Is the key a mixture of characters or symbols?, or a combination of both? The variability refers also if the key was all through out the same or randomly generated.

Category of encryption system. There are two types of encryption systems, one is Symmetric-key, and the other is Asymmetric-key or Public key. Symmetric algorithms encrypt and decrypt with the same key. Main advantages of symmetric algorithms are its security and high speed. Asymmetric algorithms encrypt and decrypt with different keys. Data is encrypted with a public key, and decrypted with a private key. Asymmetric algorithms (also known as public-key algorithms) need at least a 3,000-bit key to achieve the same level of security of a 128-bit symmetric algorithm. Asymmetric algorithms are incredibly slow and it is impractical to use them to encrypt large amounts of data. However, symmetric algorithms are about 1,000 times faster than asymmetric ones^1.

Speed. Finally, speed here refers to the length of time in encrypting data. The strength of encryption however, is indirectly proportional to speed, and speed is necessary in data transmission. Stronger algorithms are slower to encrypt as compared to less efficient ones. One must consider that in order to create algorithms, there should be a logical or mathematical basis. Lengthy computations create better encryption but take some time to finish. Communication requires fast transmission of data, but when security measures are conducted, data are transmitted slower as encrypting the data follows. 

__________________________

¹ http://www.cryptoforge.com/security.htm

Is Hacking a Computer Crime?

June 9, 2010

       This question is very controversial for there are ethical implications of the act itself. It had also been a favorite topic between bloggers and members of forums. Now, the question if the act was ethical depends upon how it was done. The question if the act was legal depends if it is authorized or not. The question if the act is a criminal activity depends if it is under the provision of a law.

HACKING IN THE PHILIPPINES

        This issue has also reached our shorelines and on the past few months, we have heard over the news that government websites are hacked by an unknown group of hackers that attempted to alter or destroy the data housed in these websites. It was also heard that there is a huge possibility of an electronic “Hello Garci” that can happen in the election. Another issue was if the PCOS machine can be hacked, and potential results can be manipulated according to one’s will. These issues alarmed several agencies and groups which are really concerned about the integrity of the elections. The good thing is, there is a provision in the law that guards integrity of all information stored in the internet, likewise the Republic Act 8792 or the E-Commerce Law. It was signed by former president Joseph E. Estrada on June 14, 2000. It took effect last June 19, 2000.

ABOUT HACKING AND CRIME

        From my point of view, Hacking is a double-edged sword, which is beneficial in some way, but is hazardously dangerous as well. First, we must define some terms. As the e-commerce law defined hacking, “it refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents.” Crime on the other hand, is a specific act committed in violation of the law. As we analyze these two terms, Hacking can be considered as a crime if and only if, first, it is under the law and second, it is done without the consent of the owner. So, the bottom line is: Hacking without the consent of the owner is considered as a crime.

WHAT WAITS FOR LOSERS?

In the end, what waits for violators of the law is also stated in RA 8792; “ shall be punished by a minimum fine of One Hundred Thousand pesos (P 100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years.” In short, crime pays, big time.

GOOD INTENTIONS = CRIME?

However, there are certain circumstances that even if the intentions of the hacker was good, in fact he did not alter anything or delete any important information, but he was not given permission by the owner or any person in charge to do so; Then, the act was still a crime. This was the scenario I browsed in one forum. (http://msforums.ph) 

"THE END DOES NOT JUSTIFY THE MEANS"

Yes, what he did was ethical. In addition, he was willing to offer his services to the company. However, if we analyze carefully what is stated in the E-commerce law, if hacking was done without permission or without legal consent, it is considered a violation of the law and appropriate legal actions should be taken. On the lighter side, if the owner dismisses the claims or waives what just happened, the violator will not be punished.

FINALE

One sad thing here is, not all people knew this law and authorities often ignore it. In addition, this law is not strictly imposed in the Philippines, and many violators go unpunished.

I just hope that eventually, the Philippine Government will be more than willing in implementing more laws against these computer crimes as we embrace more of newer technologies around us.