Encryption for Media on the Internet

History of Encryption

Encryption has been used by people in all situations such as in corporate, military and personal information. The history of encryption goes way back to when languages were first used. In battles and wars, the most important thing was secrecy of planned maneuvers. Aside, from military purposes, people who want to hide important information from the public have used encryption.

The oldest records of encryption or ciphers go back to more than four thousands years. The first ciphers date back to the early Egyptian times, when hieroglyphics were carved in stone. Ancient Babylonians also used intaglio (a collage of images) to differentiate traders.

In ancient Greek days Spartan generals wrote their messages on a narrow strip of parchment wrapped around a thin cylinder. When the parchment was unwound, the message appeared as a nonsense sequence of letters and could only be read by wrapping the parchment around another cylinder of the same size. During the fifth century BC, messages were sent tattooed onto the scalp of trusted slaves. With the hair grown back, there was no indication that a message was being carried at all. This sort of method continued to be used until as recently as WWI, when agents were sent across enemy lines with messages written onto their skin in invisible ink.

A more developed and systematic cipher was Julius Caesar’s method of substituting alphabets by a certain rule. More sophisticated methods have since been developed since the 18th century. While the old methods substituted or transposed words, new ones totally change the data from text to other formats such as hiding the message within a musical score. During the Second World War, American armies used Navajo soldiers to translate orders back and forth.

Today, digital encryption converts text to binary data and a key, which is crucial for encryption, has been developed and is much more complex. In the early 1970's, the Data Encryption Standard algorithm (DES) was introduced and it uses a 56-bit key to encrypt and decrypt information. DES splits each message into blocks and then encodes each block one at a time. DES was adopted as an approved algorithm for US Federal use but is no longer considered adequately secure because a 56-bit key can be broken by trying every possible key or “brute force” in a relatively short time. The exact time depends on the speed of the computer that was used to try all the keys.

Hacking a DES encryption, as with any encryption method, depends on the hacker already knowing one of two things: the algorithm that was used or the key to unlock it. Without either of these, hacking DES is virtually impossible.

DES has since been superseded by the Advanced Encryption Standard (AES), using the Rijndael algorithm. AES operates with 128-, 192- or 256-bit keys. These are considered long enough to be safe for the foreseeable future as they would take millions of years to break using the fastest computers that are presently available. Recent encryptions have up to 256 bits of special keys, which makes even a supercomputer slow in trying all the possible combinations. This certainly ensures the security of data.

Encryption Key

A key is a long sequence of bits used for encryption/decryption algorithms. Such as the following 40-bit key below:

01001010 01100001 10001110 10011100 01110101

The encryption algorithm converts the original message mathematically based on the key to create an encrypted message. The decryption algorithm then restores an encrypted message to its original form.

Encryption on the Internet

The Secure Sockets Layer (SSL) is used for secure transactions like ecommerce and banking using a key for encryption and a different key for decryption. Because SSL encryption depends so heavily on keys, the effectiveness or strength of SSL encryption depends on the key length (number of bits in a key). To decode an SSL communication, one only needs the correct decoding key.

In cryptography, a common decoding technique is brute force decryption using a computer to try every possible key combination one by one. Two-bit encryption, for example, involves four possible key values.

Compared to 40-bit encryption, 128-bit encryption offers 88 additional bits of key length, which provides 309,485,009,821,345,068,724,781,056 possible combinations required for a brute-force crack.

Security experts estimate that cracking an 128-bit encryption will require the computer resources of NASA and plenty of time.

Image Encryption

Image encryption is the most secure solution for storing images on a web server. Encrypted images cannot be displayed without first being decrypted. Otherwise, they cannot be displayed, making any images stored on a server not only secure from unauthorized linking by the public, but they are also secure from web hosting staff and your web master.

First developed by ArtistScope in 1998, Secure Image is the only solution that will display encrypted images on a web page that can be viewed in all web browsers.

Encrypted images created by ArtistScope copy protection software can only be displayed from the owner's website because they are domain locked. The key code for decryption is embedded into the image and when loaded, the security applet or viewer object checks the key code against the URL that is displaying the website. If the encrypted image's key code does not match the website, the image is not displayed.

Encrypted images stored on your site are safe from staff and your web host. They are also safe from retrieval from browser cache (temporary internet files) because the image in cache is the encrypted version and not one that has been decrypted. Only ArtistScope's security applet can decrypt the image and it does that only while displaying it on an authorized website. The encrypted image is view only.

ArtistScope ensures that only licensed users can use the full version of their image encryption programs by custom compiling each program or order. License codes are not distributed. Instead, the key codes are embedded into the compiled software, ensuring that the technology is not distributed to hackers.

Today the most secure image protection is provided by CopySafe Web Protection for hosted web sites, and the ArtistScope Site Protection System (ASPS) for dedicated/virtual servers.

HTML Encryption for Web Pages

Encryption and decryption are common techniques in cryptography and the scientific discipline behind secure communications. There have been some JavaScript solutions for encoding and encrypting the HTML on web pages but the protection that they offered was grossly over-rated and they could be easily exploited.

SSL can provide a secure socket layer to prevent data extraction in transit, but the end destination is still a user's web browser where data can be retrieved from the browser cache or computer memory. In fact any web browser can be used. Theoretically, to properly protect web page information and prevent data leakage, one needs a secure tunnel between sender and receiver with the means of preventing access to unauthorized users. But once received that data needs to remain secure and the ideal is a "for your eyes only scenario" where the data cannot be copied and shared.

The advantages of using encrypted web pages

The main advantage of using web page encryption is that the web page can check which web browser is being used to prevent its data from being scraped by data miners and scrapers. Online ads are big business and ad revenue depends on content that people are searching for. Some data miners manage hundreds of web sites populating their content from everybody else's web site.

Another advantage is that one can protect their livelihood by preventing their competitors from plagiarizing information intended for in-house use or paying customers.

The disadvantages of using encryption on web pages

Everyone's first concern is usually about download time and how much longer it will take for the page to be decrypted as it downloads than a normal web page would. Unless a web server is critically overloaded the decryption process only takes milliseconds so that should not be an issue. However the reason for a noticeable delay with delivering encrypted web pages will be due to the fact that modern web browsers can display web pages as they are downloading. But with encrypted content, usually the download needs to be completed before it can be decrypted.

Another disadvantage to some may be that protected content cannot be search engine (SEO) friendly. Nor should it be because to do so would expose it to exploit and why bother protecting it in the first place? For search engines "doorway pages" can be provided that offer a preview but not the full information that you need to protect.

Decrypting web pages

To deliver encrypted web pages, they need to be decrypted on the fly, since the page is being created from data records and templates. Therefore, a two-way hash is required (for encryption and then decryption), which cuts out most of the super secure encryption algorithms that are available today because they are mostly one-way hash. To decrypt the database record representing the web page a password or key is required.

Web page encryption key

A key is a long sequence of bits used for encryption/decryption algorithms. The encryption algorithm converts the original message mathematically, based on the key to create the encrypted message. The decryption algorithm restores an encrypted message to its original form.

The security of web page encryption

An encrypted web page is only as good as the method used to encrypt it, and only secure if the decryption key is not easily obtained through either guess work or by downloading the key from the web part. So the encryption key needs to be as complex as possible to protect from simple guess work and persistently generated attacks.

But it does not matter how complex the decryption key is if the key is easily obtained. For this reason, any HTML encryption process based upon or using JavaScript or other code that can be downloaded as part of a web page, can never be considered secure. JavaScript encryption is popular because it does not require anything more than a website and a normal HTML web page. Even if the JavaScript uses complex algorithms it is not secure because the decryption key is in the HTML of the web page. If it were compiled, it can be undone because the visitor has all the components, including the key. If a page is using JavaScript "encoding", then it is too easy to undo. Simply search for one of the many online resources that are providing a free service to anyone who can copy and paste.

Improving web page encryption security

ArtistScope web protection solutions do not rely on JavaScript for encryption or decryption techniques. Instead ArtistScope uses private-key algorithms that are not part of the web page and cannot be extracted. The decryption keys are only known to the web server and the viewing software.

Over the years ArtistScope has developed many web protection solutions that were never ideal mainly because they were dependent on popular web browsers that were designed to exploit web media. Our CopySafe images, PDF and video, but unless the HTML is also protected, data and links to unprotected media can easily be downloaded via the hyperlinks found in the html.

To be able to properly secure the HTML on web pages, ArtistScope had to develop a new browser specially designed from the ground up with copy protection in mind. The ArtisBrowser makes the ArtistScope Site Protection System (ASPS) possible by decoding and protecting ASPS web pages while on display. When SSL is used the web page's data is even safe from packet sniffers. When used with either ASPS, CopySafe PDF, CopySafe Video or CopySafe Web, the ArtisBrowser switches into "protection mode" with options for protecting HTML and all media displayed on the page from all copy including PrintScreen and screen capture. The HTML cannot be retrieved from browser cache or computer memory, providing the most secure copy protection on the planet for Internet data.