Define each of the following security terms and give an example of how it is used.

a) secret key cryptography
b) public key cryptography
c) digital signature
d) digital certificate
e) hash function
f) SSL
g) Kerberos
h) firewall

---

a) Secret-key cryptography uses a secret symmetric key to encrypt and decrypt a message. Secret keys are delivered
by a courier or key distribution center, encrypted using public-key cryptography and sent electronically. Secret-key cryp-
tography is used to keep communication sessions secure. For each new communication session, new secret keys are gen-
erated.
b) Public-key cryptography is an asymmetric encryption method. It uses two inversely-related keys to encrypt and
decrypt a message. For example, if a sender encrypts a message using the receiver's public key, only the receiver can decrypt
the message using the inversely-related private key. Public-key cryptography is often used to securely exchange secret sym-
metric keys for a communication session.
c) A digital signature, the electronic equivalent of a written signature, authenticates the sender's identity. To create a
digital signature, the sender runs the original plaintext message through a hash function to get a hash value for the message
(also known as a message digest). The sender then uses a unique private-key to encrypt the message digest. This creates a
digital signature because the keys are unique and only the owner of that specific key could have encrypted the message.
Digital signatures can now be used to legally sign contracts online, which will have an enormous impact on e-commerce.
d) A digital certificate is issued by a certificate authority. It includes information such as company name, public-key,

certificate number, expiration date, URL and the certificate authority's signature. Digital certificates are used by e-busi-
nesses as proof that the company is who they claim to be. For example, it is possible for a third party to establish a Web
site and masquerade as a legitimate company in order to collect private information such as credit card numbers. Companies
can post digital certificates from trusted certification authorities as proof of identity.
e) A hash function is a mathematical formula. It could be as simple as adding up all the 1s and 0s in a message, though
it is usually more complex. Hash functions are used in encryption, such as in a digital signature.
f) Secure Sockets Layer is a security protocol developed by Netscape. It is currently the most popular protocol used
by e-commerce Web sites. SSL is a non-proprietary protocol used to secure communication on the Internet and the Web.
It is built into many Web browsers and numerous other software products. It operates between the Internet's TCP/IP com-
munications protocol and the application software.
g) Kerberos is a freely available, open-source protocol developed at MIT. It employs symmetric secret-key cryptog-
raphy to authenticate users in a network and maintain the integrity and privacy of network communications. Unlike a fire-
wall, a Kerberos system can also be used to protect company networks from internal attacks.
h) A firewall protects a local area network (LAN) from intruders outside the network. For example, most companies
have internal networks that allow employees to share files and access company information. Each local area network is con-
nected to the Internet through a gateway which usually includes a firewall.