Running head: EFFECTS OF ARTIFICIAL INTELLIGENCE ON PRIVACY AND SECURITY 1
EFFECTS OF ARTIFICIAL INTELLIGENCE ON PRIVACY AND SECURITY 25
Final Literature Review Submission
Effects of Artificial Intelligence (Public Key Encryption) on Privacy and Security in E-Commerce in the State of Mississippi
Professor: Dr. Charles Lively
University of the Cumberlands
Sharanya Unnam
Introduction
Privacy and security of data for customers is a challenge for major businesses on their e-commerce platforms across the United States and the world at large. According to French (2012), businesses face more threats for security and safety of data than they face from all the other unethical issues on the internet such as intellectual property theft and challenges in accessibility costs for information in information technology. The challenge of security on the internet is a threat for online shoppers, majority of which are customers for the businesses that run e-commerce platforms in Mississippi and other states in the United States.
With the ongoing challenges on e-commerce users, measures to ensure their data is secure are highly desirable among the customers in the United States. According to Menard, Gatlin, & Warkentin (2014), some of the measures that have been suggested to ensure security and safety of customer information on the internet include asking the customers to keep their data private, asking them to have stronger passwords, and asking the customers to ensure that they do not click on links that may be suspicious. However, all these measures have proven insufficient especially due to the human weaknesses that mean these customers do not have the ability to accurately know when a link is a threat and when it is not.
Artificial intelligence has proven critical in managing some of the online threats for businesses including threats of system hacking and accuracy in sorting inventory on the internet (Armstrong & Jayaratna, 2002). The accuracy with AI tracks and maintains order in business including transaction tracking makes it effective to use it in management of security and safety on the internet. Research into the use of AI in management of customer safety and security in e-commerce business in Mississippi is therefore a justified study, which will help to advance efforts to keep customers safe while they use the internet. The Artificial Intelligence technique specifically chosen as part of study is Public Key Encryption (PKE).
Public Key Encryption (PKE) is a form of technology that uses both a public key and a private key to secure data (Hu, Li, Liu, Yang, Guo, & Zhang, 2018). The public key is known to all users while the private key provides unique access for each user and cannot be accessed unless through the user. Comp ...
Rapple "Scholarly Communications and the Sustainable Development Goals"
Running head EFFECTS OF ARTIFICIAL INTELLIGENCE ON PRIVACY AND SE.docx
1. Running head: EFFECTS OF ARTIFICIAL INTELLIGENCE
ON PRIVACY AND SECURITY 1
EFFECTS OF ARTIFICIAL INTELLIGENCE ON PRIVACY
AND SECURITY 25
Final Literature Review
Submission
Effects of Artificial Intelligence (Public Key Encryption) on
Privacy and Security in E-Commerce in the State of Mississippi
Professor: Dr. Charles
Lively
University of the
Cumberlands
Sharanya Unnam
Introduction
Privacy and security of data for customers is a challenge for
major businesses on their e-commerce platforms across the
United States and the world at large. According to French
(2012), businesses face more threats for security and safety of
data than they face from all the other unethical issues on the
internet such as intellectual property theft and challenges in
accessibility costs for information in information technology.
2. The challenge of security on the internet is a threat for online
shoppers, majority of which are customers for the businesses
that run e-commerce platforms in Mississippi and other states in
the United States.
With the ongoing challenges on e-commerce users, measures to
ensure their data is secure are highly desirable among the
customers in the United States. According to Menard, Gatlin, &
Warkentin (2014), some of the measures that have been
suggested to ensure security and safety of customer information
on the internet include asking the customers to keep their data
private, asking them to have stronger passwords, and asking the
customers to ensure that they do not click on links that may be
suspicious. However, all these measures have proven
insufficient especially due to the human weaknesses that mean
these customers do not have the ability to accurately know when
a link is a threat and when it is not.
Artificial intelligence has proven critical in managing some of
the online threats for businesses including threats of system
hacking and accuracy in sorting inventory on the internet
(Armstrong & Jayaratna, 2002). The accuracy with AI tracks
and maintains order in business including transaction tracking
makes it effective to use it in management of security and safety
on the internet. Research into the use of AI in management of
customer safety and security in e-commerce business in
Mississippi is therefore a justified study, which will help to
advance efforts to keep customers safe while they use the
internet. The Artificial Intelligence technique specifically
chosen as part of study is Public Key Encryption (PKE).
Public Key Encryption (PKE) is a form of technology that uses
both a public key and a private key to secure data (Hu, Li, Liu,
Yang, Guo, & Zhang, 2018). The public key is known to all
users while the private key provides unique access for each user
and cannot be accessed unless through the user. Companies in
different sectors such as connection, web services, telephony,
and cryptocurrencies have tested the use of PKE in their
businesses to great effect. Customers are able to keep their own
3. data private and the encryption can therefore not be cracked by
cyber criminals and hackers.
The relationship between the private key and the public key is a
complex numerical correlation derived from complex sums,
multiples, and products of the numbers on the public key done
through artificial intelligence systems (Alawatugoda, 2017). An
example is a public Wi-Fi system where everyone knows the
public key but one must have a private password to use the Wi-
Fi package. Another example of a PKE is an internal ERP
system in a business.
The essence and possibility of using public key encryption, an
artificial intelligence technique to keep the data of customers
for ecommerce businesses safe and secure is a good prospect.
Hence the interest in finding out the effectiveness with which it
can be used in ecommerce businesses considered to review
various articles. Research Questions
a) What are the data privacy and security challenges facing e-
commerce businesses in Mississippi?
b) What is Public Key Encryption and how does it contribute to
data privacy and security in e-commerce transactions for
businesses in Mississippi?
c) What strategies can businesses use in incorporating artificial
intelligence (Public Key Encryption) in e-commerce
transactions?
d) What are the challenges of using PKE in business and the
types of PKE that can be used?
Data for this research will be collected from secondary sources.
There has been extensive research on the use of different AI
features to improve the privacy and security of data on the
internet. However, application of public key encryption as an
element of artificial intelligence in e-commerce has not been
widely researched hence the novelty of the research will be in
finding ways and strategies of incorporating public key
encryption as an important element in data privacy and
protection in e-commerce businesses in Mississippi.
Reviewing sixteen literature journals, articles, and books helped
4. in developing the literature review for this research. The
articles are categorized in to following categories which
answers the research questions as well.
Review of Literature
Public key encryption as a form of Artificial Intelligence in e-
commerce has been widely used in many countries and sectors.
There has been application in security, personal identification,
and transactional integrity. This chapter analyzes the research
and literature that has been undertaken by other researchers in
order to create a context for the research. Sixteen secondary
sources are analyzed in this section in order to understand the
views that different people held on public key encryption as a
form of security in business as well as understand the strategies
that can be used to incorporate it in ecommerce in Mississippi.
This chapter also analyzes the potential challenges that can be
faced while implementing PKE in ecommerce by drawing
experience from the challenges that have been faced when PKE
was adopted in other sectors across the world. Ultimately.
This chapter helps in creation of a good overview of PKE in
business in order to determine whether it is a good element of
AI to implement in business when the ecommerce businesses
wanted to improve the security of data on the internet. The main
themes of information used in this literature review includes
challenges of privacy and security for businesses in Mississippi,
application of PKE in businesses in Mississippi, strategies in
incorporation of AI in business, Data privacy issues of using
PKE in business, Challenges faced in using PKE in business,
and examples of businesses that have used PKE in their data
privacy and security. Data Privacy and Security Challenges for
Businesses in Mississippi
Globally, businesses are moving online. Such that transactions
and all customer engagements are taking place on digital
platforms. However, this move presents data privacy and
security challenges to businesses. According to (Prasad &
Rohokale, 2019), ecommerce businesses are confronted with
5. numerous challenges with regards to the private information
within their databases and safety of their platforms, making
ecommerce sometimes a bit difficult.
Maintaining privacy of both the business and the customers in
ecommerce has become a challenge to most businesses in
Mississippi. In all instances of business transaction, privacy is
very important as the parties involved usually have sensitive
information that upon landing on the wrong hands, could
damage one’s wellness. For the business, it would be exposing
their financial status that would otherwise be better unknown.
For the consumer, it would exposing their purchasing habits, or
even financial status. Online platforms do not guarantee of
privacy to the business and the customers, as malicious online
users could manipulate the system and access this private
information. Though the business practices comprehensive
privacy practices such as collecting, managing and using data
from their site appropriately, sometimes the customers blame
these enterprises for using their data inappropriately in case of
exposure.
Security in ecommerce is a challenge, as hackers have become
prevalent over the years, (Satterlee, 2001). Following the
commerce migration to digital platforms, malicious online users
have made it their business to attack systems for financial
gains. These individuals forcefully access an institutions digital
space, either holding the business hostage through asking for
ransom in exchange for their privacy, or stealing through
transferring finances. It is the obligation of a business to create
strong defenses.
However, hackers are well acquainted with security of online
system such that they know even the smallest links that they can
manipulate to gain access to ecommerce enterprises. This aspect
leaves the business struggling financially, with an already
ruined reputation that scares away the already existing
customers, together with prospect consumers. Business ought to
be conducted in a safe space that ensures peaceful co-existence
between the business and the customers.
6. According to Wang, Mu, Chen, & Zhang (2016), the major data
privacy issue for businesses in Mississippi is the prevalence of
ethical hacking and attempts by people to gather information for
commercial purposes. Mississippi is one of the states in the
United States with the highest number of data privacy cases
(Wang et al., 2016). This means that data access illegally poses
a major challenge for businesses that have data belonging to
customers or other stakeholders.
However, Sun et al. (2018) notes that over 32% of the cases of
malicious data access in Mississippi in 2015 arose from
commercialization of personal data. The author notes that some
of the people access personal data to commercialize it because
corporations buy the data and use it for marketing and
promotion purposes. Commercialization of data therefore forms
a major challenge that the businesses face with data privacy.
Prevalence of data mining services at the cheap also challenges
data privacy for businesses.
Gopikrishnan & Priakanth (2016) note that services like Nmap
that can help hackers in knowing how to access customer
services from business sites are available for free, which
encourages the hackers and people who want to access such
data. Lastly, Gopikrishnan & Priakanth (2016) note that
businesses cannot control the behavior of individual employees,
which makes it hard to control the access of internal
information by external parties. The author further notes that
about 25% of hacks into internal business systems in companies
in the US in 2015 arose from either former or current employees
of these companies.
E-commerce involves the continuous and conduction of business
through online platforms. E-commerce has eased the process of
conducting companies doing it a popular service. Although the
system is highly efficient, it is not alien to challenges and
shortcomings (Majumdar et al., 2017). The failure to resolve the
issues threatens the ability of the platform to remain useful in
the lives of customers. Most users of online platforms are
terrified of unauthorized access to their data, leaving them
7. vulnerable and their secrets of trade compromised. There is a
tendency to refuse the reuse of personal information or its sale.
The maintenance of the viability of e-commerce depends
entirely on the security of systems. Data privacy issues are part
of the security concerns when it comes to client data protection,
as shown by the following examples.
a) Intellectual property re-selling
E-Commerce businesses have the right to freely resale the
intellectual property rights of clients. Most of the clients are
unaware of this clause leading to the rise of the fear that their
personal information might get compromised in the reselling
process.
b) Web activity correctness
Most of the e-commerce providers’ lack the capability r means
to monitor the consequences of malicious web activity.
c) Buyer’ striking
The practice gets enforced by social engineering, where
shoppers get tricked into attaining the maximum benefits found
in the underlying attacking rate. Through this method, attackers
get the clients' crucial information and use them against the
victim in online activities. Some of the ways they get data is by
asking the user about his favorite book as a challenge question
in account authentication at login. In the event one of the sites
is tricked, the login id is copied and used, ending up in the
shutting down of the website.
d) Snooping the buyer’s computer
Due to network vulnerabilities, many users are unaware of given
the countless minutes they spend or get connected to the
internet. The attackers mainly get credentials on the clients'
trends, especially in online shopping. Software and hardware
vendors also do not pay enough attention to give adequate
directives on security concerns of system devices in use. The
environment makes snooping a walk in the park.
e) Network sniffing
This practice refers to the close monitoring of data between
server hosts and shopper’s computer. The attackers mainly
8. collect data on the customer r in most cases, steal information
like credit card numbers, buying patterns, or personal interests.
Public Key Encryption and its Role in Data Privacy and
Security
The asymmetric nature of public Key encryption makes more
secure, (Salomaa, 2013). The use of two keys makes it difficult
for any malicious or wrong person, to access people’s
information. There are two key; public and private. Public
known to all people, while private key remains a secret to the
user. The good thing is that for private key, one does not need
to share this encryption with any other person. As long as the
encryption key is not known by the public, security is
guaranteed. Meaning that system’s security heavily lies on the
user’s discretion with their private key. This way, only the right
people get to access the appropriate information. Therefore not
compromising with the security of the system.
Decrypting a Public Key Encryption is almost impossible,
making it appropriate for security purposes in ecommerce
transactions in Mississippi. Public Key Encryption can only be
decrypted when there is a combination of mathematical related
private key and the public key so as to crack encryption layers
to establish a secure connection, (Salomaa, 2013). In this case,
transactions are secure within a platform using a public key
encryption, as both unauthorized access and hacking are made
an almost impossible task that even if executed, could take ages
to achieve. This means that messages are not tempered with
when sent form either side of the transaction, and that privacy is
achieved.
According to Xavier & Chandrasekar (2015), public key
encryption is one of the most reliable ways of keeping data
secure because of the near-impossible task that hackers have to
generate the connection between private keys and public keys.
As a result, the basic function of PKE is keeping the hackers out
and preventing them from gaining access into the internal
systems, which is the main strategy that they use to infiltrate
9. hence corrupt or misuse the private information for different
users like the customers for ecommerce businesses and other
businesses.
The only way through which the hackers can gain access is
through chosen cipher text attacks (CCAs), which means that
someone accessed the private key from the owner of the private
key (Xavier & Chandrasekar, 2015). Such attacks then become
hard to stop because the hackers have genuine access to the
system making it hard to lock them out. Aside from that, PKE is
effective and sufficient.
In data privacy and security, it keeps the hackers away and uses
artificial intelligence to profile attackers whenever they attack
and lock them out of access to the system. According to Xavier
& Chandrasekar (2015), 59% of the PKE systems that showed
attacks had proven strong enough to protect user data until they
were attacked through CCAs.
PKE also helps to ensure that hackers have a hard time
navigating to exact locations of data with some systems having
multiple levels of PKE protections. PKE also privatizes public
information by ensuring only people with authorization can
access it thus making it hard for the data to be misused. This
means that even in the same organization, some people may not
access the data despite being able to access all other elements of
the business (Wang et al., 2016).
The public key system is famous for the transmission of
information via the internet. The keys are incredibly secure and
quite simple to utilize. The problematic aspect of public keys is
the requirement to know the recipient's public key to encrypt a
message for them, making it vital to have a global registry of
public keys. In e-commerce, the most used and secure public-
key encryption gets known as Secure Sockets Layer (SSL). The
use of public-key encryption in e-commerce with adequate
management can have astounding results (Canetti et al. 2003).
The system in business-to-business operations leads to massive
gains.
Through vital public encryptions, companies can mutually
10. access internal company infrastructures, while realty
streamlining transaction processes between business partners,
digital certificates offered by the system safeguard information
sent between banks during transmissions. The public key
encryption creates a secure online platform for e-commerce
stakeholders around the world. Technical aspects only limit
vital public encryptions, and in this case, it shifts security risks
to certificate authorities. The public key encryption is safe in
that even the government does not have access, thus giving e-
commerce stakeholders an advantage in the economic marketing
scene. Strategies in Incorporating Artificial Intelligence (PKE)
in Business
To efficiently use public key encryption in an ecommerce
system would involve more than just establishing this type of
encryption system. Once the system has been established, there
is need to keep it operational and effectual. This means having
contingency plans to prevent attacks from succeeding and
penetrating the defenses set in place. According to (The Open
University, 2017), there are numerous cyber-attacks, with only
30% of attacked organizations reporting on these incidences.
This is a very significant number to ignore.
One of the measure or strategy to make this type of encryption
even more effective, is with encryption of emails, signatures for
non-repudiation and other files to be transferred, (Watson,
2019). This adds up on the layers of security involved in the
defense of the system at hand. In this case, file on transit is
encrypted such that to access its contents, one needs an
encryption key. For that reason, apart from the private key, one
would need to go an extra mile so as to access the file on
transit. Signatures in public cryptography are digital, and are
created to ensure authenticity of the source of a message in the
online space. To avoid receiving harmful files that can temper
with one’s security, authentication using digital signatures is
used to ensure that the file came from a legit and expected
source.
11. Another measure that reinforces the effectiveness of public key
encryption is through revoking of keys, (Watson, 2019).
Security can be breached once a private key has been
compromised. A compromise of a private key occurs when the
key has been stolen, or even no longer in use. This calls for a
revocation of the corresponding public key. This process makes
sure that there is no space for malicious people to encrypt
messages. This is followed by the creation of another pair of
private and public key for this individual. In this situation too,
is the signing of key to gain trust, where an individual assigns
their pair of public key to their email address. Even if another
person forms another public key encryption, security would not
be breached, as there would be no access to the actual email
address.
Wang et al. (2016) notes that incorporating PKE as part of the
AI system for data safety and security starts with a need for
data security and safety which should be followed by
development of the right implementation strategy for the PKE
system. The best strategy is database-based implementation.
According to Kasamatsu, Matsuda, Emura, Attrapadung,
Hanaoka, & Imai (2016), cryptocurrency businesses employ this
strategy where the PKE system deployed depends on the type of
database owned by the business especially the different levels
of customers and potential data held by the business. The
implementation therefore helps in determination of different
access levels and the rights of different users and parties to the
system.
Another strategy is the user-based strategy. Kasamatsu et al.
(2016) includes a strategy in PKE implementation where the
type of data that the users of the encryption system will use is
evaluated to determine whether to implement a PKE system and
the type of PKE to implement. The author opines that majority
of businesses using this strategy expose themselves to CCAs
because some of the users may access information that they do
not need.
Another strategy is business-wide adoption. According to
12. Chaudhry, Farash, Naqvi, & Sher (2016), some businesses adopt
Artificial Intelligence across the business in order to create data
protection systems for the entire business. Experts therefore
develop a needs analysis for the entire business and develop the
system for everyone thus creating central and universal data
protection and access. Unless different user levels are created,
it poses similar challenges as the user-based strategy.
Lastly, the industry-based strategy is the rarest strategy in
implementation of the PKE framework in businesses because it
means that a business implements artificial Intelligence as it has
been implemented across the industry. According to Li et al.
(2016), industry-wide PKE is dangerous because CCAs in one
company in the industry exposes the rest of the players in the
industry to a chain of attacks. Chain attacks have not been
witnessed because there has been no recently known case where
the entire industry used one system.
According to Vanneschi, L., Horn, D. M., Castelli, M., &
Popovič, A, (2018), Retargeting potential customers is another
critical strategy to be considered.The innovation gets aimed at
resolving the issue of non-followed up target leads in sales
teams. It helps prevent the inevitable fall of interested clients
through the crack ending up in reduced sales. Intelligence can
get used in the enhancement of sales cycles while managing
consumer data. The incorporation of facial recognition in the
capture of shoplifters is also a viable use of the software. Real
experiences are captured through facial recognition by
businesses to gauge the venture’s acceptance rate and
performance.
Data Privacy Effects of Using Artificial Intelligence (PKE) in
Business
According to Dolendro & Manglem (2018), implementation of
PKE systems in start-up businesses in India reduced the cases of
attacks on the databases of these companies by 72% in 2015.
The clear significance is the reduction on the number of attacks
that are successful against the data that these businesses keep.
The same concept has been suggested in businesses in the
13. United States especially in areas where the attacks have been
more prevalent. Mississippi is one of the states that would
benefit due to prevalence of cybercrime attacks.
PKE creates a system where the internal culture of the business
dictates the safety of the private and confidential data from the
users including customers for businesses like ecommerce
businesses. Jean Raphael et al. (2017) suggests that ecommerce
businesses would have better systems and trust from the
customers with PKE because of strong customer assurance
especially on data protection.
PKE also creates a system of accountability in business.
Everyone knows that they have to report the ongoing situations
with data to someone because of the access levels that are
encouraged and created under standard use of the PKE
structures and policies. According to Kiayias, Zacharias, &
Zhang (2017), accountability has been proven to significantly
increase the strength of data protection and fraud prevention
measures and systems because the business can create a system
where no user is isolated. Hackers and cyber criminals utilize
isolation as a main tool to launch attacks as users can easily
click on links or do something that gives them a gateway. Types
of PKE and Challenges Faced by Businesses that have used
Artificial Intelligence (PKE)
Challenges Faced by Businesses Using PKE
Public Key Encryption (PKE) works very well in business and is
one of the most effective ways to secure data for a business.
However, the main challenge is that PKE works with complex
and recurrent mathematical formulae and compilations in order
to generate and use the PKE framework. As a result of this
complication, the first challenge faced when using PKE is
speed.
Though Public Key Encryption provides enough security, it
poses a lot of challenges to its users. The first challenge is very
common and widespread, which is forgetting passwords,
(Mollin, 2002). This type of encryption requires users to
14. remember their private key all the time, if they are to access the
system. These encryption keys are usually pass words. Now
days, there are many platforms that require passwords. Keeping
up with all these passwords through days is quite a challenge.
Upon forgetting, the retrieval process is sometimes hectic and
time consuming, leading to delays in case of emergencies. This
presents the issue of accessing the system when an individual
forgets their password.
Another challenge is brought about by the advancement in
technology. The fact that it is secure as of now, does not slip
through the hands of more advanced hackers. With
sophistication, one can hack through this system therefore
compromising with their security and privacy measures. In
cases of advanced hacking, valuable resources are lost in the
process.
According to Abro et al. (2019), systems that use PKE have to
compile the information in the security codes and undertake
complex arithmetic solutions in order to generate the key that is
used in encryption. The system of data protection encrypts and
decrypts data at the same time. Both processes are not only
complex but also slow. Performing both tasks at the same time
is not easy thus it slows down the system. Systems with PKE
are therefore slow both in response and execution of tasks.
Many companies that have used PKE have also reported
certification challenges that created suspicion especially on the
client side. According to Tri et al. (2019), companies that use
PKE often have their own third party suppliers of the PKE that
digitally sign the public key and turn it into a digital certificate
that is used by the business. Many businesses that use PKE as a
form of data security express concerns that the data can be
compromised by the third party. For example, when a business
is sending data to the company attorney, the fact that the
security and encryption of the attorney’s laptop is undertaken
by a third party means that there is a third eye that sees the
information. Such can compromise the integrity of the data
secured by the business and cause leakage of sensitive customer
15. and employee data.
Another challenge that has been widely reported by businesses
is direct compromise where businesses are using lower cost
packages. Kerr (2019) notes that there are two main ways that
one can compromise a PKE system which include identification
of a gap and hole in the encryption system and guessing the
correct key. Where users have not subscribed to the premium
PKE frameworks, there have been reports that they have keys
that hackers can easily guess and compromise their systems.
The main problem with direct compromise is that it is almost
undetectable and a business can continue operating without
noticing that its data has been compromised. Institution of
relevant measures to combat this type of data breach is also
challenged by the fact that such compromises are often internal.
A system of notification for such attacks has so far not been
explored despite the obvious nature of the solutions it would
introduce.
According to Kerr (2019), PKE offers a false sense of total
security to business that use it. While PKE is absolutely
effective, the system only protects that business from the
functions it was meant to protect. For example, if the PKE
system is meant to protect external intrusion through certain
protocols that is the level of protection it will offer. Companies
become careless because of a sense of security that the PKE
offers. Some of the employees leave their laptops logged into
the server and internal hackers can gain access to server and
compromise the security of customer data. Users also expose the
details they use to access the PKE and make the work of the
hackers easier as they already have an entry method to the PKE
protocol.
Lastly, there is a major problem with the users that forget their
passwords and access details. Iacono et al. (2019) notes that in
an attempt by the PKE third party companies to increase the
privacy of the data shared on their servers, some of the
businesses opt against storing the user passwords on any server
and giving the total control of security to the users. Experts
16. argue that this approach is beneficial to the businesses because
it creates better efficiency for the businesses in data security.
It also introduces end-to-end encryption in data security that is
believed to be one of the most reliable ways of securing data
and communication. However, the major problem arises from
the users forgetting passwords. Some businesses have lost a
large portion of customer data because a user forgot the
password he or she used to access an encryption system. An
example of a platform that uses this type of encryption is
mega.nz.
According to Prasad, B. (2003) false sense of security is another
challenge associated with data privacy and security.
Cryptography systems get only designed for a specific purpose,
thus protect what they are intended to protect. Given the event
that one leaves a computer with access to the server open, the
system is liable to get compromised, and the attacker might
download sensitive data and steal them. It is to be noted that
public key encryption does not protect in these circumstances
Common Types of Encryptions used by businesses for Public
Key Encryption (PKE)
Encryption as an element of a company’s security strategy
works to meet the needs of the business and not in isolation. As
a result, there is need for the company to select the encryption
that will support rather than hinder the operations of the
business. There are three main types of public encryption
methods common in PKE that ecommerce businesses can choose
from as they have been implemented in other businesses across
the world. The first type of encryption is the symmetric
encryption.
According to Iacono et al. (2019), the symmetric key encryption
method of PKE is a method that uses the same key for
encryption and decryption of data. The system is relatively
simpler and faster compared to other forms of encryption as a
result. There is no time lag and latency when using the
symmetric PKE method to encrypt data. With the sender and
17. receiver of the data basically using the same key, it is only safe
in situations where the sender and receiver can share the key
without the risk of interception. For example, the key can only
be shared in face to face communication while each user should
be incredibly careful with how they store the key.
The second form of encryption is called the asymmetric
encryption method. Butun et al. (2019) defines this method as
the original form of PKE where the sender and receiver use
different system generated keys to encrypt and decrypt the data
they receive. This form of PKE is safer than the symmetric PKE
because of the security that one data access does not necessarily
mean that the entire system is compromised.
Businesses that use a lot of data have found this form of
encryption effective because different users with different user
levels have different keys. Having access to one key does not
mean the entire system is compromised and other users can
know when the key is compromised. It also has an end-to-end
encryption that is effective in prevention of unnecessary third
party access to elements of communication within the business.
The third form of encryption that has been recently introduced
for businesses that handle real time customer data is hashing.
According to Hyla & Pejaś (2019), hashing includes
replacement of a package of details with a string of arithmetic
and mathematical values based on a combination of
mathematical calculations. It works the same as an asymmetric
encryption method but gives mathematical values in place of the
key.
Modern PKE systems have adopted this form of encryption
because not only is it safe but it also gives the hackers no place
to start when guessing the public or private keys. It is also
based on a variety of computations that are practically
impossible to piece together. However, because of the number
of transactions processed, this type of encryption is slow and
affects the performance of organizational systems.
When selecting the type of encryption to use, a business
considers the type of encryption standard used in the
18. encryption. There are three main standards that are used
interchangeably among all the types of encryptions. RSA
encryption standard is the main standard used in encryption.
The RSA (Rivest–Shamir–Adleman) is a complex algorithm
which is simplified at encryption but complex at decryption,
which means that anyone can encrypt but only those with
specific knowledge can decrypt.
The Triple Data Encryption Standard (DES) can also be used
where a 56-bit key encryption protocol is used to
mathematically encrypt and decrypt data. It is symmetrical and
simple hence not preferred for sensitive data. The Advanced
Encryption Standard (AES) is also common with governments
and use 256-bit keys that are considered impossible to crack
unless they are internally compromised. It is the encryption
system used by the government in the United States. According
to Hyla & Pejaś (2019), stronger encryption protocols are
necessary for businesses that are data intensive. As a result, a
business should choose the encryption method that can
accommodate a standard that befits the amount of information
processed and used internally and externally in the business.
According to Bellare, M., Boldyreva, A., Desai, A., &
Pointcheval, D (2001). ElGamal Cryptosystem another
technology based on PKE that can be considered. In addition to
RSA, there has been a proposal for other models of artificial
intelligence cryptosystems. These are dependent on various
sophisticated categories of the distinct arithmetic issues.
ElGamal cryptosystem, popularly known as Elliptic Curve
Variant, is primarily dependent on distinct arithmetic issue.
This concept gains the advantage basically from the
understanding that the distinct arithmetic wouldn’t be available
within pragmatic time duration for a defined numeric value,
although the inverse operation of the power can be calculated
efficaciously.
Bellare’s et al (2001) research shares thatconceptElliptic Curve
Cryptography (ECC) can be defined as suite of cryptologic
instruments and concords. And this safety dependent on unique
19. categories of the distinct arithmetic issue. It will not employ
numbers modulo p. The dependency of ECC is on modules of
numeric values which are aligned with computational objects
called elliptic curves. There are regulations for how to calculate
multiples of these numeric values, in a similar fashion as in
numbers modulo p.
ECC comprises various categories of multitude cryptologic
programs which are basically developed to accommodate
modular numeric values such as ElGamal encryption and Digital
Signature Algorithm. There is a strong trust statement that
distinct arithmetic issue is way tougher when put in to points on
an elliptic curve. This motivates to movement from numeric
values modulo p to points on an elliptic curve.
Apart from this an achievement of safety measure would be
possible by employing shorter keys if we resort to elliptic curve
dependent variations. The shorter keys would develop major
advantages that comprises of easier key control and efficacious
calculation. These advantages allure in adopting elliptic-curve
dependent variations of cryptologic program for systems which
need calculation systems but do not have enough.
There is one type of public key encryption appropriate for the
ecommerce in Mississippi, (Martinelli & Preneel, 2010). This is
the certificate less encryption. This is a type of public key
encryption whose establishment combines the advantages of
traditional based public key and identity centered encryption.
This type of encryption transmits messages confidentially
between the two ends of the sender and the receiver without
using the secret keys.
It employs the use of digital signatures to ensure authenticity is
achieved. So that files received come from the expected source,
and not from a malicious source. In this encryption, the sender
uses an identity based encryption. This depends on the digital
identifier of the receiver. It therefore eliminates the need for a
digital certificate. This system reduces many formalities, yet
maintaining the security measures needed.
Summary
20. Artificial Intelligence therefore has the ability to create a good
system that can protect and preserve the integrity of customer
data across the ecommerce businesses in Mississippi. This
literature has helped in understanding PKE, an artificial
intelligence concept as one of the strategies in ensuring
protection of private information through multilevel encryption.
It is crucial because it creates a way for the users to protect and
control access to the information. However, key questions
include the accuracy and efficiency with which it can be
incorporated in purely ecommerce businesses especially in
Mississippi.
References
Abro, A., Deng, Z., & Kamran, A. M. (2019). A lightweight
elliptic-elgamal-based authentication scheme for secure device-
to-device communication. Future Internet, 11(5)
doi:http://dx.doi.org/10.3390/fi11050108
Alawatugoda, J. (2017). Generic construction of an eCK-secure
key exchange protocol in the standard model. International
Journal of Information Security, 16(5), 541-557.
doi:http://dx.doi.org/10.1007/s10207-016-0346-9
Armstrong, H., & Jayaratna, N. (2002). Internet security
management: A joint postgraduate curriculum design. Journal of
Information Systems Education, 13(3), 249-258.
Bellare, M., Boldyreva, A., Desai, A., & Pointcheval, D. (2001,
December). Key-privacy in public-key encryption.
In International Conference on the Theory and Application of
Cryptology and Information Security (pp. 566-582). Springer,
Berlin, Heidelberg.
Butun, I., Pereira, N., & Gidlund, M. (2019). Security risk
analysis of LoRaWAN and future directions. Future
Internet, 11(1) doi:http://dx.doi.org/10.3390/fi11010003
Canetti, R., Halevi, S., & Katz, J. (2003, May). A forward-
secure public-key encryption scheme. In International
Conference on the Theory and Applications of Cryptographic
Techniques (pp. 255-271). Springer, Berlin, Heidelberg.
Chaudhry, S. A., Farash, M. S., Naqvi, H., & Sher, M. (2016).
21. A secure and efficient authenticated encryption for electronic
payment systems using elliptic curve cryptography. Electronic
Commerce Research, 16(1), 113-139.
doi:http://dx.doi.org/10.1007/s10660-015-9192-5
Dolendro, S. L., & Manglem, S. K. (2018). A robust image
encryption scheme based on chaotic system and elliptic curve
over finite field. Multimedia Tools and Applications, 77(7),
8629-8652. doi:http://dx.doi.org/10.1007/s11042-017-4755-1
French, A. M., PhD. (2012). A case study on E-banking security
- when security becomes too sophisticated for the user to access
their information. Journal of Internet Banking and
Commerce, 17(2), 1-14.
Gopikrishnan, S., & Priakanth, P. (2016). HSDA: Hybrid
communication for secure data aggregation in wireless sensor
network. Wireless Networks, 22(3), 1061-1078.
doi:http://dx.doi.org/10.1007/s11276-015-1122-x
Hu, C., Li, Z., Liu, P., Yang, R., Guo, S., & Zhang, H. (2018).
Verifiable public-key encryption with keyword search secure
against continual memory attacks. Mobile Networks and
Applications, , 1-11. doi:http://dx.doi.org/10.1007/s11036-018-
1101-4
Hyla, T., & Pejaś, J. (2019). eHealth integrity model based on
permissioned blockchain. Future Internet, 11(3)
doi:http://dx.doi.org/10.3390/fi11030076
Iacono, L. L., Nguyen, H. V., & Gorski, P. L. (2019). On the
need for a general REST-security framework. Future
Internet, 11(3) doi:http://dx.doi.org/10.3390/fi11030056
Jarecki, S., & Tsudik, G. (2009). Public key cryptography, PKC
2009 (p. 360). Berlin: Springer.
Jean Raphael, N. S., Zhang, P., & Lin, Y. (2017). Security
enhancement for data migration in the cloud. Future
Internet, 9(3), 23. doi:http://dx.doi.org/10.3390/fi9030023
Kasamatsu, K., Matsuda, T., Emura, K., Attrapadung, N.,
Hanaoka, G., & Imai, H. (2016). Time-specific encryption from
forward-secure encryption: Generic and direct
constructions. International Journal of Information
22. Security, 15(5), 549-571. doi:http://dx.doi.org/10.1007/s10207-
015-0304-y
Kiayias, A., Zacharias, T., & Zhang, B. (2017). Auditing for
privacy in threshold PKE e-voting. Information and Computer
Security, 25(1), 100-116. doi:http://dx.doi.org/10.1108/ICS-07-
2016-0056
Kerr, O. S. (2019). Compelled decryption and the privilege
against self-incrimination. Texas Law Review, 97(4), 767-799.
Li, F., Zheng, Z., & Jin, C. (2016). Identity-based deniable
authenticated encryption and its application to e-mail
system. Telecommunication Systems, 62(4), 625-639.
doi:http://dx.doi.org/10.1007/s11235-015-0099-1
Majumdar, M., Yang, S., & Sakthivel, S. (2017). U.S. Patent
Application No. 15/438,518.
Martinelli, F., & Preneel, B. (2010). Public key infrastructures,
services and applications (p. 1).
Berlin: Springer.
Menard, P., Gatlin, R., & Warkentin, M. (2014). THREAT
PROTECTION AND CONVENIENCE: ANTECEDENTS OF
CLOUD-BASED DATA BACKUP. The Journal of Computer
Information Systems, 55(1), 83-91.
Mollin, R. (2002). RSA and Public-Key Cryptography (p. 71).
London: CRC Press.
Prasad, B. (2003). Intelligent Techniques for E-commerce. J.
Electron. Commerce Res., 4(2), 65-71.
Prasad, R., & Rohokale, V. (2019). Cyber Security (pp. 174 -
186). Cham: Springer.
Satterlee, B. (2001). E-Commerce: A Knowledge Base.
Amsterdam: iUniverse.
Salomaa, A. (2013). Public key cryptography (2nd ed., p. 71).
Turku: Springer Science &
Business Media.
Sun, M., Ge, C., Fang, L., & Wang, J. (2018). A proxy
broadcast re-encryption for cloud data
sharing. Multimedia Tools and Applications, 77(9), 10455-
10469. doi:http://dx.doi.org/10.1007/s11042-017-4448-9
23. The Open University. (2017). Introduction to cyber security:
stay safe online. Burlington: The
Open University.
Tri, H. V., Fuhrmann, W., Fischer-Hellmann, K., & Furnell, S.
(2019). Identity-as-a-service: An adaptive security
infrastructure and privacy-preserving user identity for the cloud
environment. Future Internet, 11(5)
doi:http://dx.doi.org/10.3390/fi11050116
Vanneschi, L., Horn, D. M., Castelli, M., & Popovič, A. (2018).
An artificial intelligence system for predicting customer default
in e-commerce. Expert Systems with Applications, 104, 1-21.
Wang, X., Mu, Y., Chen, R., & Zhang, X. (2016). Secure
channel free ID-based searchable encryption for peer-to-peer
group. Journal of Computer Science and Technology, 31(5),
1012-1027. doi:http://dx.doi.org/10.1007/s11390-016-1676-9
Watson, J. (2019). What is public key cryptography, how does it
work and what are its uses?.
Retrieved 5 December 2019, from
https://www.comparitech.com/blog/vpn-privacy/what-is-public-
key-cryptography/
Xavier, N., & Chandrasekar, V. (2015). Cloud computing data
security for personal health record by using attribute based
encryption. International Journal of Information, Business and
Management, 7(1), 209-214.