Tuesday, May 5, 2020
Cryptography for Technology and Internet Services- myassignmenthelp
Question: Discuss about theCryptography for Technology and Internet Based Services. Answer: Introduction With the modernisation of technology and Internet-based services, the risk of cybercrimes has grown significantly. People, companies, and government are under constant threat of cyber-attacks. Cybercriminals attack over the personal and sensitive data such as personal information, banking details, and national security secrets. Hackers use the popularity of social media websites and instant messaging application to collect the data of people and organisations. Most corporations and governments use various methods of security to protect their data from hackers, such as antivirus, firewalls, and data-in-motion. Cryptography is another method of protecting data from hackers, cryptography in a Greek word which means secret writing. Cryptography is a method of coding and decoding messages and data while transferring them, which protect the data from cloning by a hacker. If a corporation encrypts their data while transferring, then the receiver will require a password or secret key to open such data. With the growth of cyber-attacks, the relevancy of proper security mechanism is required for protection of data. The organisation can use cryptography to protect their data from hackers, but there are several problems in using cryptography. This essay will focus on analysing the benefits of cryptography from protecting the data from cybercriminals. The essay will discuss the requirement of cryptography and problems faced by organisations while using it as a security mechanism. Further, the essay will evaluate the role of cryptography in the future of data security. Role of Cryptography in Cyber Security The popularity of social media and internet-based services has grown rapidly in past decade, billions of people use them daily to communicate, share and create new content. According to Vacca (2012), many of the modern corporations are conducting their business through online portals. Organisations use the internet and cloud-based services to store data online which can be easily accessible through various networks. On-line services provide various benefits to companies such as essay accessibility, faster transfer, communications through different channels and ease in payment. The government of various nations uses online services to store national secrets and perform other activities. The popularity of internet-based services raised the risk of cyber-attacks, hackers attack over the data of corporations and government to gain their secret information which shows the requirement of a proper safety mechanism (Ling Masao 2011). In 2016, more than 3.1 billion records leaked by the cybercriminals, most of these breaches include data from organisation such as MySpace, Minecraft, Tumblr, Wendys Co. and Payroll. According to Morgan (2016), as compared to 2015, the number of cyber-attacks has grown 40 percent in 2016. Many individuals, corporations, and government face risk of cyber-attack and breach of data from cybercriminals. The amount spent by worldwide organisations over cybersecurity-related hardware has risen from US$62.2 billion in 2015 to US$73.7 billion in 2016; these numbers are expected to grow more than US$90 billion in 2018 (Kharif 2017). Cybercriminals attack over the personal data of individuals such as social security number, banking information and other private details to siphon money out of their accounts. Cybercriminals collect sensitive data of government such as public data, government secrets or even nuclear codes, which can be dangerous for national security, proving the relevancy a secu rity mechanism. Cryptography is a method of converting the data into gibberish which can only be understood by the person who has the secret key. According to Stallings Tahiliani (2014), the requirement of cryptography has gained in the modern world but the use of Cryptography become popular during the World War I and II. To avoid leaking their conversations and secrets to enemy soldiers, the army uses secret codes to communicate and share important information between each other. The person receiving the message must require having the secret codes to understand the secret message. In World War II, armies started using modern machinery to encrypt and decrypt their data for securing the information, such as German Lorenz cipher, Enigma, Fish and Short Weather Cipher. In the modern age, computers are getting smarter each day. It has become easier for hackers to easily gain the information of people, corporations, and governments; therefore, the requirement of encryption of data has risen significant ly. Many organisations and online services are already using cryptography to protect their data from cybercriminals (Joyner 2012). Julius Cease, a Roman politician, did not trust his messengers when he communicates important information to his generals, therefore, he changes all the alphabets with the third letter for example, he changes all A letter in his message with letter D and every B with an E and so on. By changing the alphabets like this, only the general who knew the shift by 3 rule was able to decrypt the message, cryptography works the same way. If any data can be read and understood by anyone without the requirement of any key is called plaintext or cleartext. As per Katz Lindell (2014), by hiding the substance or meaning of a plaintext by changing or converting the data is called encryption. The data which is encrypted turn the information into gibberish which is known as ciphertext. By encrypting any data, any person can ensure that such data can only be read by the person who has secret key or password. The process of converting a ciphertext into plaintext is called decryption of data. As per Forouzan Mukhopadhyay (2011), there are two primary reasons which show the requirement of information security in modern corporations. The first reason is the popularity of computers which completely changes the process of data storage. Traditionally, organisations store data in physical files and documents where the sensitive data can be secured by locking in the cabinets. But, with the introduction of computers, the requirement of automated devices for data protection has become mandatory. The second key reason, which increases the requirement of information security, is the introduction of distributed systems and the implementation of network and communication services. Organisations use network facilities to transfer and communicate the data between different terminal users. While communicating or transferring the data, network security is to require protecting the data from leaking. Cryptography uses logic and complex mathematics principles to encrypt any data, corporati ons, and individuals can transfer the data without worrying of leakage or cloning (Al-Hazaimeh 2013). There is three common type of cryptography used by organisations which includes a secret key, public key, and hash functions. Koblitz (2012) provided that in Secret-key cryptography, both the sender and receiver of the message have a secret key which can be used by them to decrypt the message. This method is effective if the communication is conducted between few people, in case of large networks, organisations cannot implement this strategy securely. In Public key cryptography, the key for encryption and decryption are different from one another and the key work in pairs. If the sender and receiver of such messages do not have a public key, then they can freely distribute the private key. In this method, various digital signatures are used such as RSA, digital signature algorithm, and various other standards. In Hash functions, a mathematical algorithm is used by the parties for permanent encryption of data. This is used by operating systems for document protection and encrypting th e passwords. In this method, various other security measures are used such as digital signature, secure hash algorithm, message digest, and RIPEMD (Kaur Kaur 2012). The benefits of using cryptography by organisation and governments include protection of data and services from leaking or cloning by cybercriminals. As per Lydersen et al. (2010), organisations can encrypt the information of their services for securing the transactions, for example, every single call made by users, every ATM card transaction, credit card usage or message send by people are encrypted by companies. Without a systematic encryption, the security of online and electronic transactions cannot be achieved by the corporations. The primary benefit of cryptography is complete data protection from breach or cloning by cybercriminals. By implementing correct encryption solutions, a corporation can protect the data even after the breach of their security framework. There are several ways through which hackers can collect the data of an organisation, but through encryption, accessing the data became considerably difficult for cybercriminals. As per Kahate (2013), another benefit of cryptography is that it provides security through multiple devices for users. The popularity of smartphones and computer has risen significantly in past few decades; more than 2.32 billion people use smartphones in 2017. Due to their popularity, smartphones are preferred target for cybercriminals. Smartphones contain sensitive and personal information of its user which can be used by hackers to gain an unfair advantage. Many corporations face difficulty in maintaining the security of data while storing and transmitting the information through these devices. Carlet (2010) provided that by encrypting the data, a corporation can ensure the security of their information in various devices. With the popularity of the internet and network-based services, transmitting data securely through these channels has been difficult for the organisation. The security of data became most vulnerable during the transmission procedure which makes it the perfect ti me for cybercriminals to attack. Cryptography ensures the security of data when it is being transmitted through various channels. Files or information that is shared or uploaded by individuals or organisations over cloud systems can be protected through cryptography. Cryptography is used by governments of various nations due to its various benefits; it assists government and corporations in maintaining the integrity of data while transmitting it through different channels. As per Jonsson et al. (2016), although data theft is one of the key problems, many hackers knowingly alter the data for conducting fraud. Cryptography ensures that the cybercriminals are not able to alter or tamper with the important data. Due to the high risk of data theft, IT corporations are required to fulfill certain compliances for ensuring the data security. Cryptography is one of the safest methods of transferring or storing the data which help the organisation in complying with various requirements such as FIPS, HIPAA, FISMA and Gramm-Leach Bliley (Ramsey Shankar 2017). Basis data protection is one of the most crucial requirements for every corporation and cryptography provides such security to companies. Encryption is one of the best methods of protecting the data of corporations, for example, it provides security from leakage and cloning, secure the data across all devices, provide security while transmitting, ensure integrity and fulfillment of compliance. There are several benefits of using cryptography for security but there are numerous disadvantages as well. For example, a legitimate receiver may find it difficult to access the data at a particular time if such data is authentic, digitally signed and strongly encrypted by the sender. According to Buchmann (2013), the basis of encryption depends upon the secret key if the corporation's losses such key or if cybercriminals gain access to such key than they can easily gain access to such data. In case of individuals, many people forgot their passwords which make it impossible for them to gain access to their data. The security of encryption is almost always vulnerable to brute force attack that is a method of finding the key for encrypting by the hackers. Another disadvantage of cryptography is that it does not provide security against the vulnerabilities and risks that arise due to poor design of systems. As per Van Dijk Juels (2010), one encryption system cannot apply to all systems, corporations are required to analyse their system and use encryption according to their requirements. Cryptography also requires a high expenditure of money and time, encrypting and decrypting a data every time can waste the time of corporations and the software of encryption and decryption is also expensive. It also requires the cooperation of two individuals for an encryption to work properly. Both parties must have access to secret key and mistake of one company can cause damage to both organisations data (Van Tilborg Jajodia 2014). Encryption cannot guarantee that complete data will be protected from leakage or cloning while communicating or transferring it between two sources. Every organisation requires analysing their requirement and adopts an encryption strategy according to such requirements. According to Kranakis (2013), one of the primary mistakes that corporations made is considering that encryption as a solution to every online security threat. Encryption can protect the data of organisations but it is not a single solution for every security requirements. For example, encryption can protect the data while it is in transit, but other than that cybercriminals can use various other methods to gain unauthorised access to corporations data. Another example is that if the secret key for decrypting the data is compromised or the hackers create a similar key to decrypt the data then encryption cannot protect the data of organisation. In modern times, the Data Encryption Standard (DES) is globally acceptable by corporations with few expectations. As per Maurer Renner (2011), most of the governments communications, banking facilities, satellite communications and computer systems are based upon DES for security. In the future, the requirement and usage of cryptography will be increased due to the requirement of informations security. Cryptography has been around for centuries and it has been updated through time. As per the future threats, the technology of cryptography will adapt according to it. For example, Quantum Cryptography is the future of encryption which ensures the security of data. Instead of storing data in binary form, that is 1 and 0; the quantum computer will store the data in quantum bits or qubits. According to Bennett Brassard (2014), to encrypt such data which will be magnitude faster than todays standard, the requirement of Quantum Cryptography will increase. Quantum encryption will protect t he data of future computers from cyber threats and hackers and it will be faster than todays encryption procedure. Conclusion In conclusion, the risk of cyber-attacks and data breaches has grown significantly in past decade which shows the requirement of information security. Cryptography can be considered as the cornerstone of information security which protects data through encryption, after encryption only the person with the secret key can access such information. Modern organisations, government, and individuals are protecting their data from cyber criminals by using cryptography. There are several benefits of cryptography such as data protection, secure transaction, data integrity and security over multiple devices. There are some drawbacks of cryptography as well, such as poor planning can lead to unsuccessful encryption, it is a time and cost expensive procedure and it is ineffective if the secret key is compromised. Therefore, companies are requiring analysing their requirement to implement an effective encryption system. The drawbacks of cryptography can be overcome by proper implementation of enc ryption procedure. In the future, the relevancy of cryptography will be increased as per the advancement in technology, such as Quantum Cryptography. Therefore, cryptography can be considered as cornerstone which can solve various problems of information security. References Al-Hazaimeh, O. M. A. (2013). A new approach for complex encrypting and decrypting data.International Journal of Computer Networks Communications,5(2), 95. Bennett, C. H., Brassard, G. (2014). Quantum cryptography: Public key distribution and coin tossing.Theoretical computer science,560, 7-11. Buchmann, J. (2013).Introduction to cryptography. Springer Science Business Media. Carlet, C. (2010). Boolean functions for cryptography and error correcting codes.Boolean models and methods in mathematics, computer science, and engineering,2, 257-397. Forouzan, B. A., Mukhopadhyay, D. (2011).Cryptography And Network Security (Sie). McGraw-Hill Education. Jonsson, J., Moriarty, K., Kaliski, B., Rusch, A. (2016). PKCS# 1: RSA Cryptography Specifications Version 2.2. Joyner, D. (Ed.). (2012).Coding theory and cryptography: from Enigma and Geheimschreiber to quantum theory. Springer Science Business Media. Kahate, A. (2013).Cryptography and network security. Tata McGraw-Hill Education. Katz, J., Lindell, Y. (2014).Introduction to modern cryptography. CRC press. Kaur, R., Kaur, A. (2012, September). Digital signature. InComputing Sciences (ICCS), 2012 International Conference on(pp. 295-301). IEEE. Kharif, O. (2017). 2016 Was a Record Year for Data Breaches. Bloomberg Technology. Retrieved from https://www.bloomberg.com/news/articles/2017-01-19/data-breaches-hit-record-in-2016-as-dnc-wendy-s-co-hacked Koblitz, N. (2012).Algebraic aspects of cryptography(Vol. 3). Springer Science Business Media. Kranakis, E. (2013).Primality and cryptography. Springer-Verlag. Ling, A. P. A., Masao, M. (2011). Grid Information Security Functional Requirement-Fulfilling Information Security of a Smart Grid System.arXiv preprint arXiv:1108.0267. Lydersen, L., Wiechers, C., Wittmann, C., Elser, D., Skaar, J., Makarov, V. (2010). Hacking commercial quantum cryptography systems by tailored bright illumination.Nature photonics,4(10), 686-689. Maurer, U., Renner, R. (2011). Abstract cryptography. InIn Innovations in Computer Science. Morgan, L. (2016). List of data breaches and cyber-attacks in 2016 3.1 billion records leaked. IT Governance. Retrieved from https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2016-1-6-billion-records-leaked/ Ramsey, S., Shankar, A. (2017). HIPAA and FISMA: Computing with Regulated Data (A CCoE Webinar Presentation). Stallings, W., Tahiliani, M. P. (2014).Cryptography and network security: principles and practice(Vol. 6). London: Pearson. Vacca, J. R. (2012).Computer and information security handbook. Newnes. Van Dijk, M., Juels, A. (2010). On the impossibility of cryptography alone for privacy-preserving cloud computing.HotSec,10, 1-8. Van Tilborg, H. C., Jajodia, S. (Eds.). (2014).Encyclopedia of cryptography and security. Springer Science Business Media.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.