Cryptography 1

ATTACK EXAMPLE
Act of human error Accidental deletion of database record by

Compromise to intellectual property
Trespass
A deliberate act of exposure
A deliberate act of sabotage or vandalism to a
employee
Piracy
Unauthorized access of data collection
Blackmail for information disclosure
Destruction of computer system

Computer system
A deliberate act of theft Illegal certification of equipment or

information
Deliberate software attack Viruses, worms, denial of service, packet
Forces of Nature Fire, floods, volcanic eruption, thunder, and

lightening
Quality of Service deviation from the Service Power failure

provider
Technical or hardware failure
Software failure or error
Technological obsolete or outdated
IT system Architecture
The computer fails to boot
Software fails to start
Software version outdated

1.1. Security components in the organization to counter threats that may or may not occur

1.1.1. LAN Security

LAN (Local Area Network) is the connection of computers within a defined organization's

defined location for communication purposes. Since the organization is using LAN for

communication, there is sharing of data that needs to be protected against Intrusions such as TCP

hijacking, packet sniffing, denial of service, and much more that are likely to compromise the

organization operations. This can be done by Installing a firewall to filter all information from
Cryptography 2

the network entering the organization LAN network, Authenticating, using WPA and WPA2

encryption methods, and filtering traffic in a trusted network area.

1.1.2. Identity Management (Authentication) 

This is the Verification of what the user or machine claims to be by what it has or stores. This

can be achieved by using Biometrics identifications of the user, use of secure passwords, or even

use of recognition such as Iris, Voice, or face. Attackers may attempt to compromise the security

of the organization by Brute force attack or even by dictionary attack

1.1.3. Physical Security.

Physical security involves installing security to the computer system to the organization; There

are various Physical Security can be put in place example include: Locking up sensitive room or

area, Setting up a surveillance camera in a sensitive area, Protect portables such as laptops and

UPS can be secure that they only operate when connected to the Company LAN, disable the

drives and the USB ports to restrict employees from transferring company Sensitive data and

Deploy physical security such as guards or police officers in sensitive places. Physical security

may hinder deliberate theft that may occur in the organization 

1.1.4. Personal Security. 

Personal security is also an essential aspect to consider among the organization's employees for

them to execute security measures effectively. They should take into consideration not to interact

with strangers with attack intentions, not to share confidential information with strangers, and

even taking into account what they feed. A personal attack is likely to occur such that an

employee may get kidnapped by unknown persons.

1.1.5. Availability.
Cryptography 3

The company IT system availability may be compromised by attackers through denial of service

to the organization's client. By this, the system is made unusable or unavailable to its users. The

best way to counter this is to implement an Intrusion detection system (IDS) to monitor the

network activities and alert the admins when there is any malicious activity that is likely to

occur.

1.1.6 Privacy.

The organization should have a sound measure of which information should be made available to

third parties and which data should be kept confidential from unauthorized users and attackers

who may like to access the organization's sensitive information for their advantage to

compromise the organization. Privacy can be achieved by encrypting data such that only trusted

users of given information can decrypt the data.

1.2 Security Mechanisms to mitigate the organization's possible attacks.

1. Authentication users 

2. Steganography in sensitive information during transmission.

3. Firewall Security in the LAN network

4. Implementing an Intrusion detection system in the LAN network.

5. Implementing Digital Signatures in the organization information

6. Data Encryption.
Cryptography 4

7. Surveillance Camera.

8. Deploying physical security.

Steganography

Steganography entails hiding sensitive or secret information inside ordinary data, which is not

applicable, this confidential information will only be known which the person who has an idea of

what the typical data has, average network user will only see the ordinary data such as picture

file but has no idea what it carries. The main concerns of steganography are concealing and

deceiving. The messaged is hidden with the various platforms and kept secret from regular users

fooled by the data being transmitted d is composed of. There are multiple types of

steganography, such as 

1. Image steganography

2. Audio steganography

3. Image steganography.

The image steganography uses an image to hide sensitive information. The regular users will

only see a picture of a given type but have no idea what it carries. Audio steganography uses

audio files to hide sensitive information such that users can be deceived that this is just an audio

file. Video steganography uses video files to hide sensitive data to trick the other network users.

It is essential to consider that attacker sometimes uses the e-steganography techniques to attack

organization by sending enticing files such a lovely picture advert which when clicked executes

and installs a virus into the organization network or computers. Therefore, the organization

should educate employees not to visit unsafe websites or click some popping adverts with the

organization computers.
Cryptography 5

Common Access Card (CAC)

A Common Access Card (CAC) is a smart card that serves as a standard identification for United

States Active Duty Uniform Defense Personnel, including the National Guard and Selected

Reserve, civilian employees of the United States Coast Guard (USCG), civilian employees of the

Department of Defense (DoD) and other DoD and USCG contractor personnel. The card is used

for physical access into buildings and other controlled spaces, as well as access to government

defense computer systems and networks, and satisfies the requirement for two-factor

authentication.

CAC employs two-factor authentication: the physical card and the card owner’s personal
identification number (PIN). These two features allow rapid authentication and a security boost
in terms of physical security and logic.

CAC can use any of the following technologies:

 Bar code
 Integrated circuit chip (ICC)
 Magnetic strip
 RFID technology
 Visual identification

Digital Signature.

 A digital signature enables the organization to verify the author, date, and time of the signature,

also authenticate the message. The digital signature meant the note is genuine from the sender,

and the employee cannot deny his actions. The digital signature aims at the authenticity of the

message, integrity, and non-Repudiation. 

Cryptography 6

Authentication, like the standard signatures, if Employee B cannot authenticate that is message

comes from employ A with its valid digital signature. The message will not be considered, and

acting on such a message will be regarded as a mistake.

Non-Repudiation is an employee A of the organization sends a message to employee is, and it

contains its valid digital signature; Employee A cannot later deny his action of signing.

Integrity, once Employ A has signed the message, marks the final action of the news, and any

modification to the notice will invalidate the signature.

Firewall Security.

This is the barrier between the Local Area Network and The internet; it helps minimize the

organization's security risk and maintain the confidentiality of the organization's private

information by ensuring no leaking of organization confidential information. It manages the

network travel in and out of the organization LAN.

Hashing 

Hashing provides a method to prove that the message sent and received is similar and no

modification took place by comparing the received message after unlashing and the initial letter

before hashing

Data Encryption.

Alam, in his article of Performance and Efficiency Analysis of Different Block Cipher

Algorithms of Symmetric Key Cryptography, point out that data encryption involves encoding

information or data into a human non-readable format such that the data cannot be read to

understanding by the typical human observation until and decryption algorithm is run on the
Cryptography 7

data. Encryption uses an encryption algorithm to convert plain text into ciphertext. There are two

types of encryption algorithms:

1. Symmetric encryption

2. Asymmetric encryption

The symmetric encryption uses one Key for both the encryption and decryption process; for

example, if BOB says Hello to Alice, the "hello" plain text will be passed to the Encryption

algorithm with a secret key to get cipher text (Apoorva, 2013). When Alice receives this test, he

uses the same Key used in encryption to decrypt the cipher text.

The Asymmetric encryption, Bob will encrypt the "hello" text with the Alice public Key, which

is known and not kept secret, but when Alice receives this cipher text, she will use her private

Key to decrypt the encrypted text.

Caesar cipher

It is the old method of data encryption that involves the substitution method of letters; for

instance, if a shift of 2 is done in the alphabetic letter, it means A will be replaced by C, B

replaced by D, etc. A simple "Hello" text will be encrypted to "Igmmr."

Polyalphabetic cipher

It is a substitution cipher based on multiple substitutions i.e., the plain text is encrypted to a

different cipher each time

One-time pad cipher/ Perfect cipher.

Cryptography 8

One time pad cipher has a unique characteristic such as it is unbreakable, cannot be broken to

success, the Key used has the same length has the message encrypted and guessing such a

lengthy key is tedious, The Key is used once and never be reused after encryption. 

RSA 

Apoorva Points out that RSA is an asymmetric encryption algorithm that is considered to be the

most secure, was discovered by Rivets, Shamir, and Adelman hence the name.

It follows the following procedure for encryption to decryption.

The first step is a selection of two prime number 

1. p and q to compute n such that n= p*q.

The choosing a number e such that e is 

1. Greater than 1 but less than p-1 and q-1. This is a must satisfy a condition for e. 

2. The pair of n and e forms the public Key, i.e., public vital equals ed.

3. The private key is computed (ed) = mod (p-1)(q-1)

4. To encrypt the data, we use the formula C (ciphertext) =Pe mod n

To decrypt the data, we apply the formula P(Plain 

1. text)= Cd mod n.

The block cipher

The block cipher takes a block of plain text and generates identical ciphertext. The choice of the

block text does not affect the strength of the cipher text but the length of the encryption key used.

Network Vulnerability:

Organization security architecture 

According to Elminaam, Organization security architecture is the general term used to define the

overall system required to protect its IT Infrastructure. The architecture usually comprises the
Cryptography 9

process and procedure used to prevent. Mitigate and investigate different threats. The

organization security architecture includes three main components

1. People 

2. Tools 

3. Processes 

The main task in the organization security architecture include

1. Security protocols which outline the rules to prevention, mitigation, and prevention of the

threats

2. Account creation and management give a guide concerning user account creation and

management of the existing user account.

3. Security roles and responsibility for every person who uses the system.

4. Auditing the security architecture, since this is an evolving process, there is a need to

audit the architecture's planned objective to see if the architecture is achieving the

intended purpose.

Cryptographic means of protecting an organization's assets.

Authentication: This is the act of verifying the user identity, i.e., what the user 

Confidentiality: ensuring data secrecy and privacy while at rest and transmission.

Cryptography 10

Integrity: This ensures that the data does not during the time it leaves the source at arrive the

destination address.

Types of Known attacks 

Finding a way into the network

This is the intrusion into a network to access organizations' information against the organization's

security measures. The use of firewalls can prevent it 

Exploiting software bugs, buffer overflows.

This is the sending and executing viruses and worms to the organization's computer assets. Can

be managed by installing Intrusion Detection Systems

TCP hijacking

If an attacker learns the associated TCP state for the connection, then the relationship can be

hijacked! An attacker can insert malicious data into the TCP stream, and the recipient will

believe it came from the source can be managed using IPsec.

Packet sniffing

It can be managed by the use of Encryption, such as a secure socket layer.

Email security strategies

Email is a form of communication to many people and organization and therefore need to be

protected against the following threats and attacks: Message confidentiality, Message Message
Cryptography 11

blocked delivery, Message content and origin modification, Message content and origin forgery

by outsider or recipient, Denial of message transmission, Message interception and subsequent.

Integrity for email security is as important as confidentiality. The hash function provides

integrity in the digital signature called message integrity check (MIC). By using the RSA

encryption technique with a long-bit key, we can offer end-to-end solid security for email.

Confidentiality, sender chooses symmetric encryption algorithm key. Use this key to encrypt the

entire Message to be sent, including FROM: TO: subject: etc. then the message sender prepends

the plaintext header. The sender encrypts the message key using the recipient's public key for

critical management and attaches that with the massage.

Petty Good privacy 

Thakur Points out that PGP operates with the principle of "ring of trust" to solve the key

distribution issue. User can give their public key to another, or they can take from a server. At

the bottom of the Message, many people include their PGP public keys. In this, one person can

give the second person's key to the third, fourth, fifth, and so on.

It starts by creating a random session Key; this random session key is used to encrypt the

Message

The session key is then encrypted using the public key; a hash function for message integrity is

then generated. The hash function is then signed and encrypted using the sender’s private key.

The session key, hash and the encrypted message are then attached together and then sent to the

recipient.

References
Cryptography 12

Alma, M. I., & Khan, M. R.: Performance and Efficiency Analysis of Different Block Cipher

Algorithms of Symmetric Key Cryptography. International Journal of Advanced Research in

Computer Science and Software Engineering, Vol. 3, No. 10, (2013).

Apoorva, Y. K.: Comparative Study of Different Symmetric Key Cryptography Algorithms.

International Journal of Application or Innovation in Engineering and Management, Vol. 2, No.

7, 204-6, (2013).

Elminaam, D. S. A., Kader, H. M. A., & Hadhoud, M. M.: Performance Evaluation of

Symmetric Encryption Algorithms. IJCSNS International Journal of Computer Science and

Network Security, Vol. 8, No. 12, 280-286. (2008).

Thakur, J., & Kumar, N.: DES, AES and Blowfish: Symmetric Key Cryptography Algorithms

Simulation-Based Performance Analysis. International journal of emerging technology and

advanced engineering, Vol. 1, No. 2, 6-12, (2011).