WWW: Beyond the Basics

18. WWW Security

18.5. Summary

The purpose of this chapter is to present one approach to security in the World Wide Web. It starts with a list of challenges for protecting information. Cryptography can be used to overcome these challenges. There is a set of cryptographic protocols and algorithms that can be used. An example of how to use them to ensure secure electronic transactions over the Internet is the Secure Sockets Layer Protocol. It has been implemented in the major WWW browsers. This chapter describes SSL and gives an example of how it is used to buy books from a WWW bookstore.

From a technical point of view, cryptography is the solution to many of the security challenges that are present in the Internet. The technology is there for most of the problems. However, there are several issues that have obstructed the widespread use of cryptography in the Internet. First of all, cryptography, as a science, faces a difficult problem. Most of the algorithms cannot be proven secure. For this reason, there is suspicion around many of the cryptographic algorithms. For example, recently, (October 1996), a one-way hash algorithm considered strong (MD5) has been shown to have weaknesses (see SSL, 1996). Another aspect is related to the intellectual property associated with the algorithms. Most of them are patented and only big companies bought the license for using them. Finally, cryptography can be used to harm society. Governments are concerned that encryption will make law enforcement and national security goals more difficult to achieve.

The current trend in the society indicates that cryptography is gaining importance and there is a tendency to move toward a broad use of encryption in Internet and World Wide Web.

[PREV] [NEXT] [UP] [HOME][VT CS]

Copyright © 1996 Calin Groza, All Rights Reserved

Calin Groza <cgroza@cs.vt.edu>
Last modified: Dec. 16 12:00 1996