Summarize the article in 50 words_

docx

School

Moi Institute of Technology, Rongo *

*We aren’t endorsed by this school

Course

4210

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

9

Uploaded by CountCheetahPerson1506

Report
Your task: You have been asked to give a presentation to the Chief Technology Officer's (CTO's) staff for their monthly "brown bag" luncheons. The subject of this session is: Use and Misuse of Encryption. Background: Cryptographic algorithms provide the underlying tools to most security protocols used to implement encryption in enterprises and critical infrastructures. The choice of which type of algorithm to implement depends on the goal that you are trying to accomplish, e.g. ensuring data privacy or ensuring integrity of software or data. Cryptographic algorithms fall into two main categories: symmetric key and asymmetric key cryptography. In the first part of your briefing to CTO Staff, please identify and discuss the strengths and weaknesses of - symmetric key cryptography - asymmetric key cryptography For each type of cryptographic algorithm, you should provide an example of where this type of cryptography would be used within the software and services that the enterprise depends upon and the type of resource to be protected (e.g. passwords stored in hashed format). In the second part of your briefing, identify and discuss at least three ways in which attackers and/or criminals use encryption and cryptography to further their goals and objectives. These could include using encrypted chat to avoid wiretaps or surveillance or using encryption to deny legitimate users access to data or systems (e.g. ransomware). If countermeasures are available, describe and discuss them.
Format: This week, the format for your deliverable (posting) will be "Talking Points." Talking points are presented in outline format and contain the content that you would put on slides in a slide deck. Your outline should include 5 to 7 major points ("slide titles") followed by 3 to 5 supporting points for each (bullet points for each slide). Remember to put enough information into the talking points that your peer reviewers can understand what you intend to cover in each section of your briefing. Remember to introduce the topic at the beginning, present your analysis, and then close your briefing with an appropriate summary. Include a list of sources (3 or more) which attendees could refer to if they wish to fact check your work.
Slide 1: Introduction Importance of encryption in ensuring data security Overview of symmetric and asymmetric key cryptography Example of where they can both be used within the software and services that the enterprise depends upon Data security is a critical concern for organizations, and encryption plays a vital role in ensuring the confidentiality and integrity of sensitive information. Encryption involves converting data into an unreadable form using mathematical algorithms, which can only be deciphered with the appropriate decryption key. This protects data from unauthorized access or tampering, both in transit and at rest. There are two main types of encryption: symmetric key cryptography and asymmetric key cryptography. Symmetric key cryptography uses a single key for both encryption and decryption. It is fast and efficient, making it suitable for encrypting and decrypting large amounts of data. Symmetric encryption is commonly used in software and services that require secure communication, such as HTTPS encryption for secure website transactions or encrypting stored data like password hashing to protect user credentials. On the other hand, asymmetric key cryptography uses a pair of keys: a public key for encryption and a private key for decryption. It provides secure key exchange without requiring a prior shared secret. Asymmetric encryption is commonly used in software and services for secure email communication, where the sender uses the recipient's public key to encrypt the message, and the recipient uses their private key to decrypt it.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Slide 2: Symmetric Key Cryptography Strengths: Fast and efficient for encrypting and decrypting large amounts of data Suitable for bulk encryption and high-speed communication Example: Encryption of data during transit, such as HTTPS encryption for secure website communication Weaknesses: Requires a secure method of key exchange Limited scalability for large networks or multiple users Example: Encryption of stored data, like password hashing to protect user credentials Symmetric key cryptography is a type of encryption that utilizes a single key for both encryption and decryption processes. One of its main strengths is its speed and efficiency when encrypting and decrypting large amounts of data. This makes it well-suited for scenarios that require bulk encryption and high-speed communication. For instance, when secure website communication is needed, symmetric key cryptography is employed. An example of this is HTTPS encryption, which ensures that data transmitted between a user's web browser and a website's server is encrypted and protected from unauthorized access. However, symmetric key cryptography also has its weaknesses. One such weakness is the requirement for a secure method of key exchange. The key used for encryption and decryption must be securely shared between the parties involved, as any compromise during the exchange could lead to the encryption being easily broken. Additionally, symmetric key cryptography has limited scalability when it comes to large networks or multiple users. This means that managing
individual keys for each user or device becomes challenging. As a result, symmetric encryption is commonly used for encrypting stored data, such as password hashing, where the focus is on protecting user credentials. Slide 3: Asymmetric Key Cryptography Strengths: Offers secure key exchange without requiring a prior shared secret Supports digital signatures for verifying message integrity and authenticity Example: Secure email communication using PGP (Pretty Good Privacy) Weaknesses: Computationally intensive and slower than symmetric encryption Requires additional computational resources and larger key sizes Example: Digital certificates used in SSL/TLS to establish secure connections Asymmetric key cryptography, also known as public-key cryptography, is a type of encryption that uses a pair of keys: a public key for encryption and a private key for decryption. One of its main strengths is its ability to provide secure key exchange without requiring a prior shared secret. This eliminates the need for secure key distribution, making it more convenient for secure communication setups. Additionally, asymmetric key cryptography supports digital signatures, which are used to verify the integrity and authenticity of messages. This ensures that a message has not been tampered with and that it originated from the claimed sender. A practical example of
asymmetric encryption is secure email communication using PGP (Pretty Good Privacy), where the recipient's public key is used to encrypt the message, and only the recipient possessing the corresponding private key can decrypt it. However, asymmetric key cryptography has certain weaknesses. Firstly, it is computationally intensive and slower compared to symmetric encryption. The asymmetric algorithms involve complex mathematical operations, resulting in slower encryption and decryption processes. Secondly, it requires additional computational resources and larger key sizes compared to symmetric encryption. This means that more processing power and memory are needed to perform the encryption and decryption operations. An example of this is the use of digital certificates in SSL/TLS protocols to establish secure connections between web browsers and servers, where asymmetric encryption is used for secure key exchange and authentication. Slide 4: Misuse of Encryption - Attackers' Tactics Encrypted Communication for Illicit Purposes Criminals using encrypted chat platforms to avoid detection and surveillance Difficulties for law enforcement agencies in monitoring and intercepting communication Ransomware Attacks Attackers encrypting victim's data and demanding ransom for decryption Impact on individuals and organizations, causing financial and operational disruptions Steganography Hiding sensitive information within seemingly harmless files using encryption techniques Enables covert communication and data exfiltration without detection
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Encrypted Communication for Illicit Purposes: Attackers leverage encrypted chat platforms to evade detection and surveillance by law enforcement agencies. These platforms provide a secure environment for criminals to communicate and plan illegal activities, making it challenging for authorities to monitor and intercept their conversations. This poses a significant hurdle in investigating and preventing criminal acts. Ransomware Attacks: In ransomware attacks, attackers encrypt victims' data, rendering it inaccessible until a ransom is paid for the decryption key. This type of attack can have severe consequences for individuals and organizations. It not only results in financial losses due to ransom payments but also disrupts operations, leading to potential data loss, downtime, and reputational damage. Steganography: Steganography involves hiding sensitive information within seemingly harmless files using encryption techniques. Attackers can embed confidential data within images, audio files, or other digital media to facilitate covert communication and data exfiltration without detection. This method allows them to bypass traditional security measures and remain undetected, posing a significant challenge for cybersecurity teams. These misuse tactics of encryption enable attackers to operate covertly, avoiding detection and maximizing their impact. Understanding these tactics is crucial for CTOs to develop effective security strategies and countermeasures to safeguard their organizations' systems and data. Slide 5: Countermeasures
Increased Monitoring and Analysis Employing advanced analytics to identify suspicious encrypted communication Enhancing network monitoring capabilities to detect and respond to potential threats Stronger Encryption Standards Encouraging the adoption of robust encryption algorithms and key lengths Regularly updating encryption protocols to withstand evolving attack techniques Public-Private Partnerships Increased Monitoring and Analysis: Collaboration between technology companies, law enforcement, and government agencies Sharing threat intelligence and developing strategies to combat encryption-based crimes To address the challenges posed by encrypted communication, organizations should employ advanced analytics tools that can analyze encrypted data. By monitoring network traffic and analyzing patterns, organizations can identify suspicious encrypted communication and potential threats. Enhancing network monitoring capabilities will help detect and respond promptly to security incidents, ensuring that any malicious activities are detected and addressed in a timely manner. Stronger Encryption Standards: It is crucial to encourage the adoption of robust encryption algorithms and longer key lengths. By using stronger encryption standards, organizations can increase the difficulty for attackers to decrypt sensitive information. Regularly updating encryption protocols is also essential to stay ahead of evolving attack techniques. This includes adopting new encryption algorithms and practices that are resistant to emerging threats and vulnerabilities. Public-Private Partnerships:
Collaboration between technology companies, law enforcement agencies, and government entities is vital to combat encryption-based crimes. By establishing public-private partnerships, organizations can share threat intelligence, exchange best practices, and develop effective strategies to address encryption-related challenges. This collaboration allows for a collective effort in identifying and mitigating threats, leveraging the expertise and resources of various stakeholders to enhance overall security. Implementing these countermeasures will enable organizations to effectively monitor and respond to suspicious encrypted communication, adopt stronger encryption standards, and benefit from the collective knowledge and resources available through public-private partnerships. This multi-faceted approach will enhance data security and resilience against encryption-based threats. Sources: Network Security Essentials: Applications and Standards by William Stallings Cryptography and Network Security: Principles and Practice by William Stallings National Institute of Standards and Technology (NIST) Special Publication 800-175B: Guideline for Using Cryptographic Standards
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

ttcyftxycf (59)-9.pdf
Environmental Sustainability Fair.docx
Task 1.docx
Discussion 1 of 1.docx
Sophia-Principle-Finance-Milestone (133).jpg
_wgu_c838_ (50).pdf
C838 (23).pdf
How to Use Analog application Programming for conducting digital investigations.docx
Week 7 - BusinessCase Project - Final.docx
Integrated Product Support .docx
Screenshot 2023-10-15 at 5.33.38 PM.png
7050_Week 3 Short Paper.docx