ICTNWK502 - Implement Secure Encryption Technologies Assignment Answer

ICTNWK502 – Implement Secure Encryption Technologies Assignment Answer

1.1 Richard starts work on the assignment by assessing the digital signatures of the company. Explain what Richard should be looking for.

Ans. Richard should be looking for the valid evidence about Starlite company’s existence, from where it originated, about its beginning duration, recognition and digital status of the company, as digital signature is mathematical strategy for confirming the originality of digital records. The company provides a unique digital identity to its clients to access the data.

Digital Algorithm produces two kinds of key i.e., public and private which are interconnected. The person who signs with digital signature has access to the coded data of the company. The Trust Service Providers (TSP) allots the digital certificates to ensure that the security is maintained while signing documents. Public key Infrastructure (PKI) contains the rules and regulations and authoritative systems. Digital signatures provide the legal securities and safety to cyber security standards (Alblwi, & Shujaee, 2017).

1.2 i-Sense is safety and security company that deploys wireless sensor solutions. 

What are the important implications of asymmetric key algorithms that Craig needs to know?

Ans. A Wireless Sensor Network (WSN) is possessed of self-governing devices known as sensor nodes that contain low calculated power, restricted data transmission and power restrain. Asymmetric cryptography is a process which uses the private and public keys to code and decode a message and protect it from falsehood. Asymmetric encryptions make the use of mathematical key pairs for coding and decoding a public and private key.

The secret key i.e., the private key has access to only the initiator of the key. The senders can send the encrypted messages through a public key and the recipient can decrypt the message by using their private key, and if the sender sends the encrypted message by using their private key then the messages get decrypt by using the sender’s public key. This process occurs by default and users don’t need to make changes for locking and unlocking the messages. Asymmetric cryptography can also be implied to systems in which encryption and decryption of the message is required like-

In Encrypted emails a public key is used to encrypt a message and private key for decrypting it.

1.3 Zack is completing his post-graduate degree in cyber-security from Queensland University. What are the key points regarding symmetric key algorithm that Zack should include in his presentation?

Ans. 3 key points which the Zack has to be considered are –

  1. Key exhaustion – in the symmetric encryption there is every use of key ‘leaks’ some kind of information which the attacker can reconstruct the key. To prevent with these behaviour the key hierarchy should be use to make sure that the master or the key encryption key should not be over used. 
  2. Key management at a large scale – when there is involvement of the keys, the management operating cost is modest and can be handled through manual or human activity (Shang, et. al., 2016)

(Note: Q 1.4 – 1.6 continue this scenario)

1.4 Zack knows that despite having reached the end of its useful life, data encryption standard. Identify some useful concepts for Zack regarding data encryption standard DES.

Ans. Zack should be aware of the useful concept that is being used in the Data Encryption Standard (DES) are-

  1. it works by the usage of same key for encrypt and decrypt a message. 
  2. DES is majorly use where the use of security is high. 
  3. there is several numbers of keys in the DES used and the length of key determined by the number of keys used in that. DES uses a 64-bit key but the eight of those keys are used for the equality checks, effectively limiting the keys to 56-bits (Valent, et. al., 2017).  

1.5 Zack has not used triple data encryption in his tool to keep it faster. This question might be raised by industry experts. How Zack might approach this issue?

Ans. Zack hasn’t used the triple data encryption in his presentation and instead of that he uses the single key. He can manipulate it by using the triple data encryption as in that the first key is used for encrypt the plain text. The key two used to encrypt the data which is been decrypt by key one. The key three is use to encrypt the data which is been decrypt by key two.

1.6 Zack’s future plan is to add Blowfish as an available cryptography algorithm. What might be the benefits to his new tool with this action?

Ans. benefits of the blowfish as a cryptographic algorithm are –

The major benefit or advantage of the blowfish is in the password-hashing method which is used in t he OpenBSD as the algorithm that’s derived from the blowfish. The blowfish makes the use of the slow key schedule and also the blowfish doesn’t contain any type of patents that’s why it is free to use for anyone and has contributed their data security in the cryptographic software (Wang, & Kissel, 2015)

1.7 Jane is the ICT head of Virtualworld, an animation design firm. What information might Jane need for this evaluation?

Cyber security is a way of protecting our computer system from various malicious attacks, worms, Trojan horse which can lead to theft, damage to software, damage to data in our systems or networks or creating problems in the comfortable services we are getting from them. Some of the cyber security types are passwords, defender, firewalls, locks, antivirus, but encryption is the most efficient method of cyber security for securing our data from malicious attacks. 

WORKING OF ENCRYPTION?

Encryption is the process of changing the data into a specific form of code which can only be then accessed by the person who created that encryption or the one he shared the decryption code with. It is an interesting piece of technology which makes data unreadable by unknown parties. Such that it keeps the hackers, spies at a distance from stealing that data with the help of various viruses and root kit Example: whatsapp end-to-end encryption (Ratnadewi, et. al., 2018, January).

ENCRYPTION HELPS IN

  •   Signing the documents digitally.
  •   Protecting the data from the breach.
  •   Conversation over the internet.
  •   Protect sensitive information including customer information, records etc.

It has two forms: a symmetric key and an asymmetric key. For sharing small data sets from one person to another, a symmetric key is used which has one key to both encode and decode the data. On the contrary, an asymmetric key has two keys linked to one another in which one is private for decryption and one is public for encryption by anyone.

TIPS FOR THE ENCRYPTION 

  •   It is easier for hackers and cyber criminals to enter wireless devices thus compromising the data, so it is essential to encrypt them.
  •   With the increased use of biometrics, encryption is essential.

Risk involved in the exploitation of data by cyber criminals is quite high in the present advanced world, thus the use of encryption is the most important thing to be kept in mind even if you don’t have much to lose.

1.8 What are the possible options for encryption and how should Mary decide her best option?

Mary can have various options for encrypting files and send it to Jack.

Platform based options – Example Crypto, Monium, OnionShare etc, or some document management like Docusign can also be used. Platform based options usually require to have accounts on these platforms, some of them are free. The documents pass through these platforms and copies can be retained by the platform

Application based options – such as 7-Zip / Encrypto / Winzip etc. where the contents can be encrypted by AES (Advanced Encryption systems) with a decently lengthy password.

The passwords could communicate between the sender and receiver through other devices. It is also advised to password protect content such as excel/word pdf etc. before encrypting the content in a 7-ZIP archive.

7-Zip is a very handy and free tool does not require sending the encrypted information though any particular platform, no additional accounts are required and one is free to choose the sending medium.

Since Application based method is straight, easy, secure and its only one night before the final presentation – this option would save time, Mary could go with this option.

1.9 What access control options should Sam enable?

Ans.  The access control which Sam enables is –

  1. First he has to open settings 
  2. click network and internet
  3. on the left, click on the WI-FI or Ethernet 
  4. identifies the related setting section on the right side and then click on the change advanced sharing settings. 
  5. develop the network profile currently assigned to your network. 
  6. in the Network discovers section, select “Turn on network discovery”. 
  7. click save changes 
  8. close the settings window 

1.10 What are the benefits of using digital signatures on manufactured chips?

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. It is just like a virtual fingerprint that is extremely unique to a person and is used to identify signers and secure data in digital documents.

Digital signature encryption automatically ensures that the data which is associated with the signed document is secure. It ensures origin, integrity, and non-repudiation, which means the signer, cannot claim they did not sign the document. They have proven they have signed it, their identity has been verified, and now the document is enforceable by law. Also, Nobody other than that person can claim that they have signed the document, that’s what the benefit of digital signature. 

Once the document is signed, it belongs to you. In the above case, the Programmable chips after the theft was sold in fake products. If those will be digitally signed, even after the theft nobody can sell them in fake products because they are encrypted by the company’s Signature. So, a person wishes to sell, will have to sell those by the name of company only. Neither anyone can sell this in fake products no one can claim that it belongs to them.

Ultimately, the motive is sorted. The chips are protected and no matter in which ever condition they are, there are a belonging of the company.

1.11 Yara is a doctoral student working on next generation communication. Explain the key points that she needs to consider.

Ans. The key points which should be consider are-

  1. Address design for data exchange 
  2. Routing 
  3. Address planning
  4. Data formats for data exchange 

1.12 Explain why MD5 is no longer recommended for use.

Ans. The MDS is no longer of use as it’s had the major drawbacks that is the size of the Cipher text which is more than the size of the plain text which arise a major challenge in the path of the encryption techniques. Sometimes if the person forgets about the password, then it’s hard to recover the password easily. Also, in the MDS the 64-bit ciphers are open to any type of attacks when large amount of data is encrypted under certain software (Smith, et. al., 2015).  

1.13 Explain some differences between PGP and GnuPG.

Ans. GPG OR GnuPG stands for GNU privacy guard. GPG is a different implementation of the open PGP standard and a strong option to the SYMATEC’S official PGP software. GPG is defining by RFC 4880 (the official name for the Open PGP standard). The GPG Project offers the tools to allow users to interface with a GUI or command line to combine encryption with emails and operating systems like Linux. GPG can open and decrypt files encrypted by PGP or Open PGP, meaning it works well with other stuffs. PGP is a proprietary answer owned by Symantec, and GPG is an open source standard. 

1.14 Outline some ways a replay attack might be prevented.

Ans.  Ways that can be help in preventing the replay attacks are that by tagging every encrypted document with a session ID or the component number. This is done as to make the combinations of solutions which don’t use anything and also it is not interdependent on one another. So, if there is no interdependency there are no vulnerabilities. Another way to prevent it by sending signature on all the packets i.e. if the attacker can capture the packets, save them, modify them and send it again to the destination, then if the machine is not on the network that time, then they can impersonate the machine easily (Shang, et. al., 2016)

1.15 Explain how a ‘man-in-the-middle’ threat works.

Man -in-the-middle threat is a kind of cybercrime where the attacker intercepts the information and data from the victim with the help of poor Wi-Fi connections or by inserting malicious software or malware in victim’s system. There has to be three parties involved. Where one is the victim, second one would be the institution with which the victim is trying to connect or communicate and third one would be the attacker or the man-in-the-middle. This particular criminal is called man-in-the-middle because it comes in between the communication of a person with another (any entity or institution) and impersonates itself as the entity with which the victim is trying to communicate. By doing this the attacker can get all the important data and information that can be highly important. That is why it is being said that one should not use the free Wi-Fi given at various public places or your Wi-Fi network need to be highly protected and secured in order to be safe from man-in-middle-attack. Phishing is also a kind of man-in-middle-attack. Where mostly your bank information is hijacked and that could be very dangerous (AbdElminaam, 2018).

So to avoid being a victim of this type of cyber-attack, the first thing which one should do is to avoid connecting to the public Wi-Fi connections. This it is a major step. Then make sure your home Wi-Fi is properly secured. While visiting any website for which you may have received any link through email, first check the URL of such website, it must be ‘HTTPS’. These sites are secured and authentic. A trusted internet security solution can also be installed in your device as precautionary measure.

Although the measures to avoid this threat are very easy but if not taken then the consequences could be hazardous. It’s better to take precaution rather than running for cure.

1.16 Conduct some research and explain why a TCP/IP security control at a higher layer cannot provide protection for lower layers,

Ans.  The data have to passed from the upper layers to the lower layers with each layer of the information has been added. The upper layer has the high layer of the security in compare with the lower layer. That’s why the security control which is been provided for the upper layer cannot provide protection for the lower layer. Also, the functions which is been processed by the lower layer, of which the upper layer is not aware of. As due to it has the number of security flaws in the protocols, there have been increases in the chance of attacks based on the flaws like spoofing attacks, source address spoofing etc (Alblwi, & Shujaee, 2017)

1.17 Explain why Full-Disk Encryption makes sense for laptops.

In today’s world when digital devices are part and parcel of our lives, it becomes of paramount importance to have full proof security arrangement to protect our files and folders from any unauthorized access. Laptops and mobiles are prone to be stolen or they fall into such hands that can have dire consequences. Individual professionals, healthcare firms and many other businesses especially of medium and small size have sensitive information like bank account details, health particulars, passwords, photos and other important stuff stored in the laptops.

Many instances are there in which theft of device has caused huge financial and other losses. So, Full disk Encryption seems to be the best option especially for frequently used devices like laptops. Full disk encryption makes the data of hard drive unreadable and also locks applications and the operating system through some mechanisms like algorithms (Wang, & Kissel, 2015).

This protects the content from any type of unauthorized access:

One needs “encryption key” to start working.

Even if you lost your working laptop, FDE shields all the files from being accessed.

Without encryption, even password protection is futile as thieves can boot this and your sensitive data becomes at risk.

Some trusted encryption software’s are as follow:

  1. Microsoft Bit Locker
  2. Check Point
  3. Apple File Fault
  4. Symantec

In Full disk encryption, encryption key can be provided in different manner like:

  • Any USB drive which bears’s the required key.
  • A passphrase/password
  • by using biometric method such as finger print
  • OTP

If applying any password, it should be strong so as to keep the data secure in case of any mishap penning. It should be complex. Simple Password/passphrase is easily accessed and not capable of protecting the data. It is advisable to have the encryption as a combination of at least two of the above suggested ways for full proof security measures.

  • One drawback is that FDE protects the data in case of physical transfer of laptops to some other’s hands. It cannot protect while we are on network.
  • Also, devices in unprotected mode can be accessed by other user then he/she can see the stored content.
  • USB drive if used, have to be kept protected.
  • For a file sent by email, manual encryption is necessary.
  • There are complains of system working slow.

Whatever be the merits and demerits, FULL DISK ENCRYPTION is a much-needed feature to have a secured professional life

1.18 Explain the benefits of WPA 2 over WEP.

Ans. The WPA2 protocol follows the large amount of IEEE 802i standards and also in capable of delivering high level of security in compare with the WEP. As for maintaining a good security over the organization, it is necessary to have a good security solution. The WPA 2 offers a good security in compare with the WEP. The WPA has to install over the reasonable software upgrade to the WIFI certified infrastructure running WEP, offers the customers radio cards which have their WPA drivers installed (Radivilova & Hassan, 2017)

References – 

AbdElminaam, D. S. (2018). Improving the security of cloud computing by building new hybrid cryptography algorithms. International Journal of Electronics and Information Engineering8(1), 40-48.

Alblwi, S., & Shujaee, K. (2017). A survey on wireless security protocol WPA2. In Proceedings of the International Conference on Security and Management (SAM) (pp. 12-17). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).

Barker, E., & Mouha, N. (2017). Recommendation for the triple data encryption algorithm (TDEA) block cipher (No. NIST Special Publication (SP) 800-67 Rev. 2 (Draft)). National Institute of Standards and Technology.

Belguith, S., Jemai, A., & Attia, R. (2015, May). Enhancing data security in cloud computing using a lightweight cryptographic algorithm. In The Eleventh International Conference on Autonomic and Autonomous Systems.

Bhanot, R., & Hans, R. (2015). A review and comparative analysis of various encryption algorithms. International Journal of Security and Its Applications9(4), 289-306.

Böck, H. (2015). A look at the PGP ecosystem through the key server data. IACR Cryptol. ePrint Arch.2015, 262.

Radivilova, T., & Hassan, H. A. (2017, September). Test for penetration in Wi-Fi network: Attacks on WPA2-PSK and WPA2-enterprise. In 2017 International Conference on Information and Telecommunication Technologies and Radio Electronics (UkrMiCo) (pp. 1-4). IEEE.

Ratnadewi, R. P., Adhie, Y. H., Ahmar, A. S., & Setiawan, M. I. (2018, January). Implementation cryptography data encryption standard (DES) and triple data encryption standard (3DES) method in communication system based near field communication (NFC). In J. Phys. Conf. Ser (Vol. 954, No. 1, p. 12009).

Saranya, V., & Kavitha, K. (2017). A modified blowfish algorithm for improving the cloud security. Elsiyum J4(3), 1-6.

Shang, W., Yu, Y., Droms, R., & Zhang, L. (2016). Challenges in IoT networking via TCP/IP architecture. Technical Report NDN-0038. NDN Project.

Smith, D. F., Wiliem, A., & Lovell, B. C. (2015). Face recognition on consumer devices: Reflections on replay attacks. IEEE Transactions on Information Forensics and Security10(4), 736-745.

Valent, P., Orazi, A., Steensma, D. P., Ebert, B. L., Haase, D., Malcovati, L., … & Giagounidis, A. (2017). Proposed minimal diagnostic criteria for myelodysplastic syndromes (MDS) and potential pre-MDS conditions. Oncotarget8(43), 73483.

Wang, J., & Kissel, Z. A. (2015). Introduction to network security: theory and practice. John Wiley & Sons.