[ad_1]

Project 4 Resources

The deliverables for this project are as follows:

  1. Create a single report in Word document format. This report should be about 10 pages long, double-spaced, with citations in APA format. Page count does not include diagrams or tables. The report must cover the following:
    • network security and threat table
    • Common Access Card deployment strategy
    • email security strategy

You are an enterprise security architect for a company in a semiconductor manufacturing industry where maintaining competitive advantage and protecting intellectual property is vital. You’re in charge of security operations and strategic security planning. Your responsibilities include devising the security protocols for identification, access, and authorization management.

You recently implemented cryptography algorithms to protect the information organization. Leadership is pleased with your efforts and would like you to take protection methods even further. They’ve asked you to study cyberattacks against different cryptography mechanisms and deploy access control programs to prevent those types of attacks.

“We’d like you to create plans for future security technology deployments,” says one senior manager, “and provide documentation so that others can carry out the deployments.” A director chimes in: “But you should also devise a method for ensuring the identification, integrity, and nonrepudiation of information in transit at rest and in use within the organization.”

As the enterprise security architect, you are responsible for providing the following deliverables:

Create a network security vulnerability and threat table in which you outline the security architecture of the organization, the cryptographic means of protecting the assets of the organizations, the types of known attacks against those protections, and means to ward off the attacks. This document will help you manage the current configuration of the security architecture.

Create a Common Access Card, CAC deployment strategy, in which you describe the CAC implementation and deployment and encryption methodology for information security professionals.

Create an email security strategy in which you provide the public key/private key hashing methodology to determine the best key management system for your organization. These documents will provide a security overview for the leadership in your company.

Cryptography

Encryption uses cryptographic algorithms to obfuscate data. These complex algorithms transform data from human-readable plaintext into encrypted cipher text. Encryption uses the principles of substitution and permutation to ensure that data is transformed in a nondeterministic manner by allowing the user to select the password or a key to encrypt a message. The recipient must know the key in order to decrypt the message, translating it back into the human-readable plaintext.

There are six steps that will lead you through this project. After beginning with the workplace scenario, continue to Step 1: IT Systems Architecture.

The deliverables for this project are as follows:

  1. Create a single report in Word document format. This report should be about 10 pages long, double-spaced, with citations in APA format. Page count does not include diagrams or tables. The report must cover the following:
    • network security and threat table
    • Common Access Card deployment strategy
    • email security strategy
  2. In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab ( I will provide the lab document).

Step 1. IT Systems Architecture

You are a senior-level employee, and you must tailor your deliverables to suit your audience: the leadership of the organization. You may choose to use a fictitious organization, or model your organization on an existing organization. Remember that your deliverables should include proper citations.

Leadership is not familiar with the architecture of the IT systems, nor are they familiar with the types of threats that are likely or the security mechanisms in place to ward off those threats. You will provide this information in tabular format and call it the Network Security and Vulnerability Threat Table. Refer to this threat table template for guidance on creating this document.

Before you begin, select the links below to review some material on information security. These resources will help you complete the network security and vulnerability threat table.

LAN Security

Local area networks (LANs) consist of a number of devices that are connected to each other and can share resources. According to the National Institute of Standards and Technology, LANs can encounter several cyberthreats, including unauthorized access, disclosure of data, disruption of functions, spoofing, etc. (NIST, 1994). Therefore, security measures must be undertaken to ensure that the confidentiality, integrity, and availability of shared data is maintained. These measures may include identification and authentication, access control, nonrepudiation, and logging and monitoring.

Another guideline document from NIST focuses on wireless LANs (WLANs), describing them as “groups of wireless networking devices within a limited geographic area, such as an office building, that are capable of exchanging data through radio communications” (Souppaya & Scarfone, 2012).

WLANs are popular because they allow better access and enhanced mobility, compared with wired LANs, but they also encounter attacks. These attacks can be broadly classified as passive attacks, such as unauthorized access to data, and active attacks, such as denial of service. Regular security scans, firewall installation, and use of threat monitoring and cleaning software can be beneficial in securing the sensitive data, network architecture, and physical components of WLANs.

References

National Institute of Standards and Technology, US Department of Commerce. (1994). Guideline for the analysis local area network security: Federal Information Processing Standards Publication 191. http://www.nist.gov/itl/upload/fips191.pdf

Souppaya, M., & Scarfone, K. (2012). Computer security: Guidelines for securing wireless local area networks (WLANs): Recommendations of the National Institute of Standards and Technology: Special Publication 800-153. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf

Availability

The confidentiality, integrity, and availability (CIA) triad is a popular security model for systems and data. While confidentiality refers to ensuring that there is no unauthorized access, integrity is the assurance that data is accurate and unaltered. The third element, availability, refers to data accessibility for authorized users at all times.

Information is useful only when it is available at the right time. The availability of information depends on the functioning of the systems that store, protect, and allow or deny access to information. Availability of data, information, servers, and sites can be affected by security attacks and intrusions, so appropriate measures should be undertaken to prevent and mitigate losses. These include performing regular backups, creating disaster recovery plans, updating software and hardware, ensuring access to adequate bandwidth, and installing security systems and firewalls.

References

National Institute of Standards and Technology. (2004). Standards for security categorization of federal information and information systems. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

Now you’re ready to create your table. Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely:

  • LAN security
  • identity management
  • physical security
  • personal security
  • availability
  • privacy

Next, review the different types of cyberattacks described in the following resource: cyberattacks. As you’re reading take note of which attacks are most likely to affect your organization. Then list the security defenses you employ in your organization to mitigate these types of attacks. Include this information in your Network Security and Vulnerability Threat Table.

Step 2. Plan of Protection.

I will Provide the lab document.

This hands-on lab will introduce you to Microsoft BitLocker drive encryption as a full-featured drive encryption tool to protect user computers from data exfiltration and other attacks. Given the alarming rate of high-profile breaches, using BitLocker to protect sensitive data is something to which you, the government agencies, and the commercial and private organizations should give serious consideration.

You will develop a disk encryption report, in addition to the project-specific requirements such as common access card deployment and email security strategy. Then incorporate your findings into the project deliverables and compile your project report for submission. Additionally, you will have to provide the leadership of your organization with your plan for data protection.

Step 3. Data Hiding Technologies

You will describe to your organization the various cryptographic means of protecting its assets. Select the links below to review encryption techniques and encryption technologies, then provide your organization with a brief overview of each.

Encryption Technologies

Encryption technologies are the methods used to encrypt and decrypt messages to ensure that they are only accessible to authorized users. They are widely used in businesses and organizations to securely transmit and store data.

Encryption technologies are implemented using algorithms that apply keys to convert simple messages into ciphertexts before sending them. The ciphertexts are then decrypted (i.e., converted back into original messages) by the receivers.

While there are several encryption algorithms available, they can be broadly classified into two categories, symmetric and asymmetric. Symmetric encryption technologies use the same key for both encryption and decryption, whereas asymmetric (or public-key) encryption technologies use two separate keys, public and private, for encryption and decryption.

Shift/Caesar Cipher

The Caesar cipher is a monoalphabetic (single alphabet) cipher that uses the same substitution across the entire message. This cipher was first used by Julius Caesar around 58 BCE to keep his enemies from being able to comprehend his military commands should the commands have fallen into their hands (Khan Academy, 2016).

The Caesar cipher is a substitution cipher; parts of the plaintext message are substituted for something else based on the cipher rules. Inverse substitution results in the deciphering of the hidden message (Practical Cryptography, n.d.).

Each letter in the message is mapped directly to another letter. Because of the simplicity of this cipher, frequency analysis (looking at the frequency with which a letter occurs in the encrypted text) can be used to crack the cipher (Braingle, 2014).

The Caesar cipher is also referred to as a shift cipher because messages are encrypted as a result of the shifting of the letters an identified number of spaces to the right and the starting of the alphabet from there, with the letters wrapping to the beginning of the alphabet until the letter Z is reached.

The position in which the shifted alphabet corresponds to the unshifted alphabet defines the cipher (Department of Mathematics, Cornell University, 2008). The number of positions by which the alphabet is shifted is referred to as the key; the key is a number between 1 and 26. Because of the simplicity of this encryption/decryption process, this cipher is considered to be very easy to crack, as there are fairly few combinations that need to be tried for an individual to determine how to decipher the message.

References

Braingle. (2014). Codes and ciphers: Frequency analysis. http://www.braingle.com/brainteasers/codes/frequencyanalysis.php

Department of Mathematics, Cornell University. (2008, summer). Lecture 1: Shift ciphers. http://www.math.cornell.edu/~mec/Summer2008/lundell/lecture1.html

Khan Academy. (2016). The Caesar cipher. https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/caesar-cipher

Practical Cryptography. (n.d.). Caesar cipher. http://practicalcryptography.com/ciphers/caesar-cipher/

Polyalphabetic Cipher

Polyalphabetic ciphers are ciphers that are based on more than one alphabet and that switch between the alphabets in a systematic way, as opposed to using fixed substitution or the same alphabet for every occurrence of the letter (known as monoalphabetic cipher) (Math Explorers’ Club, 2004). Two common examples of polyalphabetic ciphers are Playfair and Vigenère.

Under the Playfair method, pairs of letters are encrypted; a letter may be encrypted using different alphabets because encryption depends on its paired letter.

The Vigenère method uses a separate text string that is converted to numeric values that determine the number of shifts for each letter. This form of cipher was created by Giovan Battista Bellaso in 1553, but was misattributed to Blaise de Vigenère in 1586. It is similar to the Trithemius cipher but uses a keyword in its encryption strategy. This keyword (or key phrase) is repeated until it is the same length as the plaintext message, and is referred to as the keystream and used to determine the ciphertext (Rodriguez-Clark, 2013).

In 1585, Vigenère created what is known as the autokey system, where a key starts the choice of alphabet, but it is the message that determines the alphabets to use for later parts of the message (Savard, 2012).

Although both these methods are more secure than Caesar cipher (a monoalphabetic cipher method), the Vigenère method is more secure than Playfair and is used for encrypting sensitive information.

Leon Battista Alberti invented the first known polyalphabetic cipher, known as the Alberti cipher, around 1467. He started by using a mixed alphabet to encrypt plaintext but changed to a different mixed alphabet at random points, indicated by capital letters in the ciphertext.

Another example of a polyalphabetic cipher is the Trithemius cipher created by Johannes Trithemius in the fifteenth century. This cipher requires the sender to change the ciphertext alphabet after each letter is encrypted. This type of cipher is referred to as a progressive key cipher.

References

Khan Academy. (2016). Polyalphabetic cipher. https://www.khanacademy.org/computing/computer- science/cryptography/crypt/v/polyalphabetic-cipher

Math Explorers’ Club. (2014). Polyalphabetic substitution ciphers. Cornell Department of Mathematics. https://www.math.cornell.edu/~mec/2003- 2004/cryptography/polyalpha/polyalpha.html

Rodriguez-Clark, D. (2013). Polyalphabetic substitution ciphers. Crypto Corner. http://crypto.interactive-maths.com/polyalphabetic-substitution-ciphers.html

Savard, J. (2012). Polyalphabetic substitution. http://www.quadibloc.com/crypto/pp010303.htm

One-Time Pad Cipher/Vernam Cipher/Perfect Cipher

The one-time pad (OTP), or Vernam cipher, created near the end of the nineteenth century, was the strongest form of encryption at the time and was shown to be unbreakable. This is why it became known as the perfect cipher. It uses keys with randomly generated letters to replace letters in messages. Each letter can be replaced with 26 possible options (alphabet), and the length of the encrypted message remains the same as the original message.

OTP is used for highly secure applications but requires extensive resources for the generation of random keys to ensure no repetition. Since the length of the message exponentially affects the number of randomly generated key possibilities for the OTP cipher, it is computationally impossible to decrypt OTP messages using brute force (Khan Academy, 2016).

For the code to be deciphered, a copy of the one-time pad is required to reverse the encryption. As its name implies, the one-time pad is used only once and then destroyed (Braingle, 2014). The following rules must be followed to ensure that the one-time pad encryption is unbreakable (Rijmenants, 2004):

  • The key must be as long as the message or data encrypted.
  • The key must be randomly generated.
  • Both the key and plaintext must be digits, letters, or binary.
  • The key must be used only once and then destroyed by the sender and receiver.
  • Only two copies of the key must exist—one for the sender and one for the receiver.

The key used in this cipher is often referred to as a secret key due to the importance of the contents of the key being protected and not revealed. The invention of public-key cryptology resulted from the inability of individuals to securely control secret keys on the internet (Rouse, 2016).

References

Braingle. (2014). Codes and ciphers: One-time pad. http://www.braingle.com/brainteasers/codes/onetimepad.php

Khan Academy. (2016). The one-time pad. https://www.khanacademy.org/computing/computer- science/cryptography/crypt/v/one-time-pad

Rijmenants, D. (2004). One-time pad. http://users.telenet.be/d.rijmenants/en/onetimepad.htm

Rouse, M. (2016). One-time pad. TechTarget. http://searchsecurity.techtarget.com/definition/one-time-pad

Block Ciphers

The block cipher encryption method breaks messages into blocks (groups of bits) and then encrypts the blocks using symmetric keys. The resulting encrypted blocks have the same length (number of bits) as the corresponding original blocks. According to Morris Dworkin of the National Institute of Standards and Technology (NIST), block ciphers are a “family of functions and their inverse functions that is parameterized by cryptographic keys; the functions map bit strings of a fixed length to bit strings of the same length” (Dworkin, 2001).

The size of the block (or length of bit strings) can vary, but it is common to choose a multiple of 8, such as 64 or 128 bits. If the original message is not a multiple of the block size, padding is done through the addition of extra information to achieve the desired length. Implementation models of block cipher include the Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES).

References

Dworkin, M. (2001). Computer security: Recommendation for block cipher modes of operation: Special Publication 800-38A. National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

Triple DES

Triple Data Encryption Standard (Triple DES) is a block cipher implementation that organizes data into 64-bit blocks using the DES keys (of 56 bits each) three times.

According to Elaine Barker (2016) of the National Institute of Standards and Technology (NIST):

TDEA encrypts and decrypts data in 64-bit blocks, using three 56-bit keys. Two variations of TDEA have been defined: two-key TDEA (2TDEA), in which the first and third keys are identical, and three-key TDEA, in which the three keys are all different (i.e., distinct). (p. 24)

Triple DES is based on the older Data Encryption Standard (DES), which was created in the 1970s. However, the increased computational power available in modern systems resulted in brute-force attacks on DES encryption, which applied a 56-bit key only once. So, DES was modified into Triple DES encryption, which provided greater security.

References

Barker, E. (2016). Computer Security: Recommendation for key management (Special Publication 800-57, Part 1, Revision 4). National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

Rivest–Shamir–Adleman (RSA) Encryption

RSA is an asymmetric or public-key encryption algorithm that is named after its authors, Ron Rivest, Adi Shamir, and Leonard Adleman.

The algorithm uses two keys, a public key and a private key. The public key can be distributed and is used to encrypt the message. The message can only be decrypted by using the private key, which is not shared with anyone.

The RSA algorithm has been approved by the National Institute of Standards and Technology (NIST) “in [FIPS186] for digital signatures and in [SP800-56B] for key establishment” (Barker, 2016).

RSA is implemented by starting with two prime numbers and finding their product (called modulus) and the exponents for public and private keys. Further details about RSA key pairs and generation have been documented by NIST in Barker, Chen, and Moody (2014).

References

Barker, E. (2016). Computer Security: Recommendation for key management, Part 1: General (Special Publication 800-57, Part 1, Revision 4). National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

Barker, E., Chen, L., & Moody, D. (2014). Recommendation for pair-wise key establishment schemes using integer factorization cryptography (NIST Special Publication 800-56B, Revision 1)National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is a widely adopted block cipher method that breaks the messages into 128-bit blocks and applies keys of different lengths for encryption. AES was established by the National Institute of Standards and Technology (NIST) in 2001 to overcome the problems with Data Encryption Standard (DES). According to Elaine Barker of NIST (2016):

AES encrypts and decrypts data in 128-bit blocks, using 128-, 192- or 256-bit keys. The nomenclature for AES for the different key sizes is AES-x, where x is the key size (e.g., AES-256). (p. 23)

Detailed specifications of AES algorithm have been specified in Federal Information Processing Standards Publications (FIPS PUB) 197 (NIST, 2001).

References

Barker, E. (2016). Computer Security: Recommendation for key management (NIST Special Publication 800-57, Part 1, Revision 4). National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

National Institute of Standards and Technology, US Department of Commerce. (2001). Announcing the advanced encryption standard (AES) (Federal Information Processing Standards Publication 197). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Symmetric Encryption

Symmetric encryption algorithms use the same key for encrypting and decrypting a message; the sender and receiver both have access to the key. According to the National Institute of Standards and Technology (NIST), “symmetric-key algorithms (sometimes known as secret-key algorithms) transform data in a way that is fundamentally difficult to undo without knowledge of a secret key. The key is ‘symmetric’ because the same key is used for a cryptographic operation and its inverse (e.g., encryption and decryption)” (Barker, 2016).

Key distribution in symmetric encryption poses some security threats. It is important to ensure that the key is not “disclosed to entities that are not authorized access to the data protected by that algorithm and key” (Barker, 2016).

Secret key cryptography algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), Global System for Mobile Communications (GSM), and General Packet Radio Service (GPRS) (Kessler, 2016).

References

Texture Block Coding

Texture block coding is an information-hiding technique that uses a low bit-rate spatial algorithm for encrypting media files. The coding technique is implemented through the copying of a block from a random texture region for use in another region with similar texture. The decoding process is performed through the application of autocorrelation, shifting, and thresholding functions.

Although texture block coding is reasonably resistant to filtering, compression, and rotation, it is difficult to apply because the coding process requires manual inspection. However, the technique’s robustness and its ease of decoding make it suitable for steganography or watermarking applications.

 

Barker, E. (2016). Computer security: Recommendation for key management (Special Publication 800-57, Part 1). National Institute of Standards and Technology. US Department of Commerce. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

Kessler, G. C. (2016). An overview of cryptography. http://www.garykessler.net/library/crypto.html#purpose

Data Hiding Technologies

Information Hiding

Information hiding is a technique that is used to prevent unauthorized access or claims and securely store data. The technique is particularly useful for images and videos and is implemented by concealing or embedding information using algorithms. Information-hiding algorithms can be classified on the basis of the amount of data hidden or embedded (low bit rate or high bit rate) and the domain used for embedding (spatial domain or transform domain).

Low bit rate methods, such as digital watermarking, embed small amounts of data in images/videos, whereas high bit rate methods embed large amounts of data. Both these methods can be applied in two domains: spatial domain (implemented by changing the pixels) and transform domain (implemented by changing the frequency).

Digital Watermarking

Digital watermarking is an information-hiding method used to identify and secure copyright information for images or videos. It is implemented through the embedding of invisible bits, which are resistant to compression and filtering, into media files (in digital formats).

According to an article published in the Journal of Applied Research and Technology, digital watermarking is “the process of embedding or hiding digital information called watermark into a multimedia product, and then the embedded data can later be extracted or detected from the watermarked product, for protecting digital content copyright and ensuring tamper-resistance, which is indiscernible and hard to remove by unauthorized persons” (Tao et al., 2014).

Digital watermarking can be applied in two domains: spatial domain (changing the pixels) and transform domain (changing the frequency). The watermarked files are prone to several types of attacks, including removal attacks (to remove watermarks), geometric attacks (to distort watermarks), and cryptographic attacks (to find secret watermarking keys) (Tao et al., 2014).

References

Tao, H., Chongmin, L., Zain, J. M., & Abdalla, A. N. (2014). Robust image watermarking theories and techniques: A review. Journal of Applied Research and Technology, 12(1). http://www.elsevier.es/en-revista-journal-applied-research-technology-jart-81-articulo-robust-image-watermarking-theories-techniques-S1665642314716128?redirectNew=true

Masking and Filtering

Masking and filtering steganography techniques are used to hide information in images so that the information is visible only to the sender and the intended receiver(s). The techniques are used for 24-bit-per-pixel color and grayscale images, and are implemented through marking (in a manner similar to watermarking).

Masking and filtering is considered more suitable for lossy JPEG images than least significant bit (LSB) insertion (another information-hiding technique), as those techniques have less degradation and are more resistant to modifications such as compression, cropping, and rotation, as well as other types of processing.

Step 4: Create the Network Security Vulnerability and Threat Table

Using the information you’ve gathered from the previous steps, prepare the network security vulnerability and threat table, in which you outline the following:

  • security architecture of the organization
  • the cryptographic means of protecting the assets of the organization
  • the types of known attacks against those types of protections
  • means to ward off the attacks

Create your Network Security Vulnerability and Threat Table and include it in your submission to the organization. Refer to this threat table template for guidance on creating this document.

Step 5: Access Control Based on Smart Card Strategies

Smart cards use encryption chips to identify the user’s identity, role, and sometimes use the user’s personal identifiable information (PII).

Two examples of smart cards are the federal government’s use of Common Access Cards (CACs), and the financial sector’s use of encryption chips in credit cards.

You have completed your threat table, and you’ve decided that you want to modernize the access control methods for your organization. To that end, read the following resources to gather some background information on access control and the various encryption schemas associated with a CAC:

Access Control

Access control is the process by which permissions are granted for given resources. Access control can be physical (e.g., locked doors accessed using various control methods) or logical (e.g., electronic keys or credentials). There are several access control models, to include:

  • Role-based access control: Access is granted based on individual roles.
  • Mandatory access control: Access is granted by comparing data sensitivity levels with user sensitivity access permissions.
  • Attribute-based access control: Access is granted based on assigned attributes.
  • Discretionary access control: Access is granted based on the identity and/or group membership of the user.

The access control model used is determined based on the needs of the organization. To determine the best model, a risk assessment should be performed to determine what threats might be applicable. This information is then used to assess which model can best protect against the threats.

Common Access Card (CAC)

The Common Access Card (CAC) is a Department of Defense (DoD) card used for authentication and access. According to the Defense Human Resource Activity (DHRA, n.d.):

The CAC, a “smart” card about the size of a credit card, is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to DoD computer networks and systems.

The CAC has a single integrated circuit chip (ICC) for the storage of data such as digital fingerprints and photos, Personal Identity Verification (PIV) certificate, agency and organizational affiliation (DHRA, n.d.). In addition, CACs enable the use of public key infrastructure (PKI) certificates, which enable the encryption and decryption of emails, the signing of digital documents, and the establishment of secure connections.

References

Defense Human Resource Activity (DHRA). (n.d.). Common access card (CAC). http://www.cac.mil/common-access-card/

Defense Human Resource Activity (DHRA). (n.d.). Common access card (CAC) security. http://www.cac.mil/common-access-card/cac-security/

You plan to deploy CAC to the company and you are tasked with devising that CAC deployment strategy, which includes the cryptographic solutions used with the CAC.

In the Common Access Card Deployment Strategy final deliverable, describe how identity management would be a part of your overall security program and your CAC deployment plan:

Create your Common Access Card Deployment Strategy and include it in your submission to the organization.

The Email Security Strategy

After completing the CAC, your next step is to build the Secure Email Strategy for the organization. You will present this tool to your leadership.

Provide an overview of the types of public-private key pairing, and show how this provides authentication and nonrepudiation. You will also add hashing and describe how this added security benefit ensures the integrity of messaging.

Begin preparing your strategy by reviewing the following resources that will aid you in becoming well informed on encryption technologies for email:

Public Key Infrastructure (PKI)

Public key infrastructure (PKI) is the management environment (consisting of hardware, software, standards, policies, and procedures) for public keys. It is used to transmit data securely and authenticate identity of users. According to the National Institute of Standards and Technology (NIST):

A public key infrastructure (PKI) binds public keys to entities, enables other entities to verify public key bindings, and provides the services needed for ongoing management of keys in a distributed system (Kuhn et al., 2001).

The four main components of PKIs are certificate authorities (CAs) to confirm the identities of the senders and receivers; registration authorities (RAs), which are used by CAs to register or issue certificates; repositories, or databases of certificates; and archives, or databases of information to determine the authentication of old documents (Kuhn et al., 2001).

References

Kuhn, D. R., Hu, V. C., Polk, W. T., & Chang, S.. (2001). Introduction to public key technology and the federal PKI infrastructure (Special Publication 800-32). National Institute of Standards and Technology, US Department of Commerce. http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf

iOS Encryption

Apple’s operating system, iOS, combines hardware, software, and services to provide high security on its devices. iOS uses an AES 256-bit crypto engine and a random number generator (RNG) for file encryption.

In addition, the following encryption and data protection features are described in the iOS Security white paper published by Apple Inc. (2016):

  • file data protection to protect the data stored in the device’s memory
  • multiple lengths passcodes for unlocking and getting access to other functionalities
  • data protection classes to determine levels of protections for different files
  • keychain data protection (implemented using the SQLite database) to securely store keys and log-in tokens
  • access to passwords saved by Safari by interacting with keychain items
  • keybags to store keys for users, devices, backup, escrow, and iCloud

References

Apple Inc. (2016). iOS security. https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Then start developing your strategy.  Define these strong encryption technologies as general principles in secure email:

Pretty Good Policy (PGP algorithm)

  • GNU Privacy Guard (GPG)
  • public key infrastructure (PKI)
  • digital signature
  • mobile device encryption (e.g., iOS encryption and Android encryption)

In your report, also consider how the use of smart card readers tied to computer systems might be beneficial in the future enhancements to system and data access protection. This may help you define long-term solutions for your leadership.

Leadership does not know the costs and technical complexity of these email encryption strategies. To further their understanding, compare the complexities of each in relation to the security benefits, and then make a recommendation and a deployment plan.

The deliverables for this project are as follows:

  1. Create a single report in Word document format. This report should be about 10 pages long, double-spaced, with citations in APA format. Page count does not include diagrams or tables. The report must cover the following:
    • network security and threat table
    • Common Access Card deployment strategy
    • email security strategy

 

 

[ad_2]

Testimonials

CST 610 Proj 4
We have updated our contact contact information. Text Us Or WhatsApp Us+1-(309) 295-6991