Cryptography and Network Security Applications

Cryptography and Network Security Applications Part I Cryptography and Data Security Role of Cryptography in Securing Data Cryptography plays a key role in securing any company’s online data. Encryption is the most widely used method to implement cryptography on the companies’ data as it secures the data while simultaneously allowing it to be transferred to others. It is very difficult for an outsider to break into an encrypted file and access the sensitive information. Encryption acts as a crucial component of security for protecting the cloud storage data as it is vulnerable to being attacked by outsiders, for concealing the operating systems, and for keeping security on emails which are the most common method of communication in business. Purpose of Symmetric and Asymmetric Encryptions In symmetric encryption, the message is encrypted by the application of a secret key which can be in the form of a number, a word, or an alphanumeric string. The key is applied to the message (also known as plaintext) by the sender, and as long as the recipient has the key, they can decrypt the encrypted message (also known as cipher-text). Confidentiality is achieved by this method of encryption. If the symmetric key is changed in every session of communication the key is known as a session key that is valid for one session only and this provides improved confidentiality. This is a traditional method of encryption, using it becomes frantic when secure communication is needed by a number of employees in an organization as everyone will have a number of keys to communicate with different individuals. Secure key distribution among all the members is another problem in using symmetric encryption. In order to resolve these issues, Asymmetric encryption should be used in this organization. Each member has two keys namely public and private key. Public keys are used to encrypt and decrypt messages which are to be shared among all the members of the organization. Private keys are for to secure a private communication taking place between two persons. In this way, the all public and private communication inside premises is secured using these authentication methods and the files shared with these messages as attachments are also secured. Advanced Encryption Standard (AES) Algorithm: This algorithm is trusted as a standard by most government organizations as it is tremendously efficient in protecting the data of 128-bit. However, it is also used for data of 192 and 256 bits.Message Authentication Code  (MAC) Algorithm: This is also known as a tag, it is small information used for  authenticating a message which means it confirms the authenticity of the message by checking that the received message has been sent by the authenticated sender of it. The MAC value helps in protecting a messages  data authenticity and its integrity, by allowing the concerned persons to detect if the content of the message has been changed. Digital Signatures Digital signatures are commonly used for verifying the authenticity of digital documents and messages. It ensures the recipient that the received message has come from a known sender and the integrity of the message has not been altered during its transmission process. Since all the paper documents in the organization are now replaced with the electronic documents, digital signatures can be considered as an alternative to ink signatures and stamps of authenticity. Application of digital signatures offers authentication, integrity, and most importantly non-repudiation, i.e. one cannot deny their signature later if they have signed the document. Hence, digital signatures should be considered as one of the security measures while planning data security in this organization. These features can improve the transparency and security among the businesses through communications. These are basically comprised of 3 algorithms namely key generation algorithm, signing algorithm, and a signature verifying algorithm. It is very easy to create digital signatures, one can just open the electronic document that needs to be signed in an electronic signature tool such as Docusign or Microsoft office tools. Further steps differ as per the tool and document and these steps are instructed to the user as he opens the document in the tool. Users just have to follow the instructions and verify their identity in order to add their digital signatures on the document. When messages are sent after being digitally signed, the hash value ensures that no changes have been made in the document. All of this handled automatically handled by a software tool, which shows warning if a decrypted hash value produces an altered output. The encrypted value of the hash is added to the bottom or as an attachment in the email. Part II Cryptographic Keys and User Authentication   Ã‚  Ã‚  A user authentication system can be recommended to provide strict authenticity for users to access the companys resources. In this system, an identity is stated by the users who then applies an authenticator such as a password or a security key or combination of both of these in order to validate their identity. The security key presented by the user to verify their identity must be unique so that it authenticates only one particular user. The keys should be made in such a way that they are easy to remember by the user but cannot be stolen, copied, or forged. The process of revoking the previous key and issuing a new key should be easy. It should be impossible for the users to transfer their security keys to another user. The system should be protected against any attacker during the transit of data. Asymmetric encryption methods can be used as one of the user authentication methods to validate this system. Since the information secured through cryptographic keys depends directly on the key strength, key mechanisms and protocols effectiveness, and afforded protection. It is important to have a proper key management system in order to ensure proper distribution of keys. The user authentication should be made in such a way that it offers key protection against any modification. Private keys should be protected against any type of unauthorized disclosure. System Recommended for Employees to Get Discounts on Fruit Juice and Nut Bar The system recommended for the employees to make proper use of ijuice.com and nutbar.com is that when the employees click on the link given on the employee benefits page, a login or signup page should appear. If the employee is new to the system, they employee must make an account on the product website by signing up using their authentic credentials and their confidential employee ID along with a username or password that would be the key they use to access their account. As the user logs into the website, a session is created, and by the received login information of the user, special discount coupons unique to the employee is available to be added to their accounts so that they can use the coupon when they purchase any specific coupon applicable item. Once the user logs out from their account, the session is terminated, and the information about the session remains safe with the servers of ijuice.com and nutbar.com. Part III Secure Cloud Computing for Handling the Companys Data Implementation   John will want to implement most of the data used and stored for the company in a virtual cloud system. This will provide a certain effective measurement of security, efficiency, transfer methods, time saving and cost reductions. The first step in implementing cloud based storage is the replacement of physical infrastructures with virtual infrastructures. A software layer generates a virtual instance of the hardware as the controlling software point and is much easier to manage, interactive with, share and make changes too.  The second step, includes the decision making process of what cloud storage system would be best suited for the company. A common cloud service is ‘Google Drive’ ‘Oricle’ or IBM. These cloud services offer a greater visability into the usage and cost of virtual infrastructure as well as assisting in tracking and assessing shared computer resource usage accuracy. The third step of implementing cloud is realizing in companies where most of the work data flow demands server regularity without the interference of attacks and that’s where cloud security comes in. Blowfish, AES (Advanced Encryption Standard), and RSA (Rivest-Shamir-Adleman) are some of the most commonly used cloud computing algorithms to provide efficient security to cloud platforms. AES encryption algorithms were described previously, but RSA encryption relies upon the computational difficulty of processing large integer values. The strength of this encryption is left up to the key size which are usually 1024- or 2048-bits in length, which is huge and is why it would be a great choice to implement upon cloud infrastructure storage security. Risks Denial of Service (DoS) Attacks: These attacks prevents the users from accessing the services by flooding the systems or networks with traffic to make the resources work on unnecessary data or inevitably crash which then prevents the user from accessing their data . Such attacks have more computational power in cloud computing.Malware Injection Attack: These attacks inject harmful software to the victims data in the cloud and takes control of it. The results of successful injection can be very disastrous, it can even allow the propagation of computer worms which then can potentially use the company’s data distribution methods as a platform to spread the attack to individuals or groups who authentically interact with the company’s data.Side Channel Attack: These attacks place a virtual machine with the victim’s virtual machine in order to target cryptographic implementation of the systems instead of using any theoretical weaknesses of the algorithms or any other force. Cache attack, timing attack, power – monitoring attack, electromagnetic attack, acoustic cryptanalysis, differential fault analysis, data reminisce, and software-initiated fault attacks are different forms of side channel attacks. Countermeasures The data stored in the cloud must be zipped up with either a password or AES encryption and the keys must not be shared with anyone.Login authentication should not be simple in terms of guess work and rather should implement multifactor authentication.A CCSP (Certified Cloud Security Professional) should be hired to manage the cloud after installation.Data integrity must be verified by implementing data encryption and decryption over the wire. It is advisable to use cloud computing for the operational purposes in order to reduce the hardware infrastructure cost and maintain efficient management of databases and confidential data if all the vulnerabilities are taken care of by using proper countermeasures. Part IV Business and Blockchain Integration Blockchain technology has created a backbone for a new kind of internet. A blockchains store information across a network of computers making them not just decentralized but distributed which means no single individual or company owns a system but everyone can use it and help run it. It can be looked at in three different ways: technical, legal, and business (Nair & Sebastian, 2017).  As per technical aspect, it could be seen as a backend database which has a distributed ledger. As per business aspect, it is an exchange network that can be used by peers for transferring value. This mechanism validates a transaction and may validate it from a legal point of view. There is no requirement of any middlemen to make a transaction valid. In order to ensure proper functioning of blockchains at such a corporate level, a consensus algorithm is required which must be secure, functional, and efficient. â€Å"Proof of work†, â€Å"Proof of Authority†, and â€Å"Proof of stake† are some of the consensus algorithm which are considered as potential for blockchain integration. However, the use of a â€Å"Proof of Work† algorithm has already been started for blockchains in Bitcoins. Blockchains can enhance the security in three different forms which are: blockage of identity thefts, prevention from denial of service attacks, and prevention of data tampering. Advantages It allows people to sell or buy anything they like to and or from anybody in the world, without letting any other party to interfere and impose rules upon them.Every consumer can choose their identity in transactions, such can remain anonymous, public, or private as per their choice.Approach used in blockchains for storing DNS entries could increase security by eliminating the single target that can be attacked by the hackers. This will not cause the entire system to be compromised by the attack.Blockchain will also eliminate the network fees on DNS reads and will only charge for new entries and updates, of course depending upon the DNS provider that John chooses to go with. Drawbacks Financial services will be impacted as blockchain is defined as everything that a bank does.Government services as one can choose to buy or sell anything to anyone without any geographical boundaries. No one will go to government departments for completing the formalities.Blockchains will require a lot of computational power as compared to centralized database processes. Blockchain provides the ability for every node in the network to process the request independently.Existing currencies are regulated and created by the national governments, but blockchain and a product of blockchain such as Bitcoin will face hurdles in being adopted by the already existing financial institutions if the regulation status of the governments remain unsettled. References Stallings, W., & Tahiliani, M. P. (2014).  Cryptography and network security: principles and practice  (Vol. 6). London: Pearson. Jonsson, J., Moriarty, K., Kaliski, B., & Rusch, A. (2016). PKCS# 1: RSA Cryptography Specifications Version 2.2. Salomaa, A. (2013).  Public-key cryptography. Springer Science & Business Media. Hernandez, K. (2017). Blockchain for Development–Hope or Hype?. Nair, G. R., & Sebastian, S. (2017). BlockChain Technology Centralised Ledger to Distributed Ledger. Rittinghouse, J. W., & Ransome, J. F. (2016).  Cloud computing: implementation, management, and security. CRC press. Stojmenovic, I. (2014, November). Fog computing: A cloud to the ground support for smart things and machine-to-machine networks. In  Telecommunication Networks and Applications Conference (ATNAC), 2014 Australasian  (pp. 117-122). IEEE.