Part I – Cryptography and Data Security

Role of Cryptography in Securing Data

Cryptography plays a key role in securing any company’s online data. Encryption is the most widely used method to implement cryptography on the companies’ data as it secures the data while simultaneously allowing it to be transferred to others. It is very difficult for an outsider to break into an encrypted file and access the sensitive information. Encryption acts as a crucial component of security for protecting the cloud storage data as it is vulnerable to being attacked by outsiders, for concealing the operating systems, and for keeping security on emails which are the most common method of communication in business.

Purpose of Symmetric and Asymmetric Encryptions

In
symmetric encryption, the message is encrypted by the application of a secret
key which can be in the form of a number, a word, or an alphanumeric string.
The key is applied to the message (also known as plaintext) by the sender, and
as long as the recipient has the key, they can decrypt the encrypted message
(also known as cipher-text). Confidentiality is achieved by this method of
encryption. If the symmetric key is changed in every session of communication
the key is known as a session key that is valid for one session only and this
provides improved confidentiality. This is a traditional method of encryption,
using it becomes frantic when secure communication is needed by a number of
employees in an organization as everyone will have a number of keys to
communicate with different individuals. Secure key distribution among all the
members is another problem in using symmetric encryption.

In
order to resolve these issues, Asymmetric encryption should be used in this
organization. Each member has two keys namely public and private key. Public
keys are used to encrypt and decrypt messages which are to be shared among all
the members of the organization. Private keys are for to secure a private
communication taking place between two persons. In this way, the all public and
private communication inside premises is secured using these authentication
methods and the files shared with these messages as attachments are also
secured.

• Advanced Encryption Standard (AES) Algorithm: This algorithm is trusted as a standard by most government organizations as it is tremendously efficient in protecting the data of 128-bit. However, it is also used for data of 192 and 256 bits.
• Message Authentication Code (MAC) Algorithm: This is also known as a tag, it is small information used for authenticating a message which means it confirms the authenticity of the message by checking that the received message has been sent by the authenticated sender of it. The MAC value helps in protecting a message’s data authenticity and its integrity, by allowing the concerned persons to detect if the content of the message has been changed.

Digital Signatures

Digital signatures are commonly used for verifying the authenticity of digital documents and messages. It ensures the recipient that the received message has come from a known sender and the integrity of the message has not been altered during its transmission process. Since all the paper documents in the organization are now replaced with the electronic documents, digital signatures can be considered as an alternative to ink signatures and stamps of authenticity. Application of digital signatures offers authentication, integrity, and most importantly non-repudiation, i.e. one cannot deny their signature later if they have signed the document. Hence, digital signatures should be considered as one of the security measures while planning data security in this organization.

These
features can improve the transparency and security among the businesses through
communications. These are basically comprised of 3 algorithms namely key
generation algorithm, signing algorithm, and a signature verifying algorithm. It
is very easy to create digital signatures, one can just open the electronic
document that needs to be signed in an electronic signature tool such as
Docusign or Microsoft office tools. Further steps differ as per the tool and
document and these steps are instructed to the user as he opens the document in
the tool. Users just have to follow the instructions and verify their identity
in order to add their digital signatures on the document. When
messages are sent after being digitally signed, the hash value ensures that no
changes have been made in the document. All of this handled automatically
handled by a software tool, which shows warning if a decrypted hash value produces
an altered output. The encrypted value of the hash is added to the bottom or as
an attachment in the email.

Part II – Cryptographic Keys and User Authentication

   A user authentication system can be recommended to provide strict authenticity for users to access the company’s resources. In this system, an identity is stated by the users who then applies an authenticator such as a password or a security key or combination of both of these in order to validate their identity. The security key presented by the user to verify their identity must be unique so that it authenticates only one particular user. The keys should be made in such a way that they are easy to remember by the user but cannot be stolen, copied, or forged. The process of revoking the previous key and issuing a new key should be easy. It should be impossible for the users to transfer their security keys to another user. The system should be protected against any attacker during the transit of data. Asymmetric encryption methods can be used as one of the user authentication methods to validate this system.

Since
the information secured through cryptographic keys depends directly on the key
strength, key mechanisms and protocols effectiveness, and afforded protection.
It is important to have a proper key management system in order to ensure
proper distribution of keys. The user authentication should be made in such a
way that it offers key protection against any modification. Private keys should
be protected against any type of unauthorized disclosure.

System Recommended for Employees to Get Discounts on Fruit Juice and Nut Bar

The
system recommended for the employees to make proper use of ijuice.com and
nutbar.com is that when the employees click on the link given on the employee
benefits page, a login or signup page should appear. If the employee is new to
the system, they employee must make an account on the product website by
signing up using their authentic credentials and their confidential employee ID
along with a username or password that would be the key they use to access
their account. As the user logs into the website, a session is created, and by
the received login information of the user, special discount coupons unique to
the employee is available to be added to their accounts so that they can use
the coupon when they purchase any specific coupon applicable item. Once the
user logs out from their account, the session is terminated, and the
information about the session remains safe with the servers of ijuice.com and
nutbar.com.

Part III – Secure Cloud Computing for Handling the Company’s Data

Implementation

 John will want to implement most of the data used and stored for the company in a virtual cloud system. This will provide a certain effective measurement of security, efficiency, transfer methods, time saving and cost reductions.

The
first step in implementing cloud based storage is the replacement of physical
infrastructures with virtual infrastructures. A software layer generates a
virtual instance of the hardware as the controlling software point and is much
easier to manage, interactive with, share and make changes too. The second
step, includes the decision making process of what cloud storage system would
be best suited for the company. A common cloud service is ‘Google Drive’
‘Oricle’ or IBM. These cloud services offer a greater visability into the usage
and cost of virtual infrastructure as well as assisting in tracking and
assessing shared computer resource usage accuracy. The third step of
implementing cloud is realizing in companies where most of the work data flow
demands server regularity without the interference of attacks and that’s where
cloud security comes in.

Blowfish,
AES (Advanced Encryption Standard), and RSA (Rivest-Shamir-Adleman) are some of
the most commonly used cloud computing algorithms to provide efficient security
to cloud platforms. AES encryption algorithms were described previously, but
RSA encryption relies upon the computational difficulty of processing large
integer values. The strength of this encryption is left up to the key size
which are usually 1024- or 2048-bits in length, which is huge and is why it
would be a great choice to implement upon cloud infrastructure storage
security.

Risks

• Denial
  of Service (DoS) Attacks: These attacks prevents the
  users from accessing the services by flooding the systems or networks with traffic
  to make the resources work on unnecessary data or inevitably crash which then
  prevents the user from accessing their data . Such attacks have more
  computational power in cloud computing.
• Malware
  Injection Attack: These attacks inject harmful
  software to the victim’s data in the cloud and takes control of it. The results
  of successful injection can be very disastrous, it can even allow the
  propagation of computer worms which then can potentially use the company’s data
  distribution methods as a platform to spread the attack to individuals or
  groups who authentically interact with the company’s data.
• Side
  Channel Attack: These attacks place a virtual machine with
  the victim’s virtual machine in order to target cryptographic implementation of
  the systems instead of using any theoretical weaknesses of the algorithms or
  any other force. Cache attack, timing attack, power – monitoring attack,
  electromagnetic attack, acoustic cryptanalysis, differential fault analysis,
  data reminisce, and software-initiated fault attacks are different forms of
  side channel attacks.

Countermeasures

• The data stored in the cloud
  must be zipped up with either a password or AES encryption and the keys must
  not be shared with anyone.
• Login authentication should
  not be simple in terms of guess work and rather should implement multifactor
  authentication.
• A CCSP (Certified Cloud
  Security Professional) should be hired to manage the cloud after installation.
• Data integrity must be
  verified by implementing data encryption and decryption over the wire.

It
is advisable to use cloud computing for the operational purposes in order to
reduce the hardware infrastructure cost and maintain efficient management of
databases and confidential data if all the vulnerabilities are taken care of by
using proper countermeasures.

Part
IV – Business and Blockchain Integration

Blockchain
technology has created a backbone for a new kind of internet. A blockchains
store information across a network of computers making them not just
decentralized but distributed which means no single individual or company owns
a system but everyone can use it and help run it. It can be looked at in three
different ways: technical, legal, and business (Nair & Sebastian,
2017). As per technical aspect, it could be seen as a backend database
which has a distributed ledger. As per business aspect, it is an exchange
network that can be used by peers for transferring value. This mechanism
validates a transaction and may validate it from a legal point of view. There
is no requirement of any middlemen to make a transaction valid.

In
order to ensure proper functioning of blockchains at such a corporate level, a
consensus algorithm is required which must be secure, functional, and
efficient. “Proof of work”, “Proof of Authority”, and “Proof of stake” are some
of the consensus algorithm which are considered as potential for blockchain
integration. However, the use of a “Proof of Work” algorithm has already been
started for blockchains in Bitcoins. Blockchains can enhance the security in
three different forms which are: blockage of identity thefts, prevention from
denial of service attacks, and prevention of data tampering.

Advantages

• It allows people to sell or
  buy anything they like to and or from anybody in the world, without letting any
  other party to interfere and impose rules upon them.
• Every consumer can choose
  their identity in transactions, such can remain anonymous, public, or private
  as per their choice.
• Approach used in blockchains
  for storing DNS entries could increase security by eliminating the single
  target that can be attacked by the hackers. This will not cause the entire
  system to be compromised by the attack.
• Blockchain will also eliminate
  the network fees on DNS reads and will only charge for new entries and updates,
  of course depending upon the DNS provider that John chooses to go with.

Drawbacks

• Financial services will be
  impacted as blockchain is defined as everything that a bank does.
• Government services as one can
  choose to buy or sell anything to anyone without any geographical boundaries. No
  one will go to government departments for completing the formalities.
• Blockchains will require a lot
  of computational power as compared to centralized database processes. Blockchain
  provides the ability for every node in the network to process the request
  independently.
• Existing currencies are
  regulated and created by the national governments, but blockchain and a product
  of blockchain such as Bitcoin will face hurdles in being adopted by the already
  existing financial institutions if the regulation status of the governments
  remain unsettled.

References

Stallings, W., &
Tahiliani, M. P. (2014). Cryptography and network security: principles
and practice (Vol. 6). London: Pearson.

Jonsson, J., Moriarty,
K., Kaliski, B., & Rusch, A. (2016). PKCS# 1: RSA Cryptography
Specifications Version 2.2.

Salomaa, A.
(2013). Public-key cryptography. Springer Science & Business
Media.

Hernandez, K. (2017).
Blockchain for Development–Hope or Hype?.

Nair, G. R., &
Sebastian, S. (2017). BlockChain Technology Centralised Ledger to Distributed
Ledger.

Rittinghouse, J. W.,
& Ransome, J. F. (2016). Cloud computing: implementation, management,
and security. CRC press.

Stojmenovic, I. (2014,
November). Fog computing: A cloud to the ground support for smart things and
machine-to-machine networks. In Telecommunication Networks and
Applications Conference (ATNAC), 2014 Australasian (pp. 117-122).
IEEE.