Running head: CRYPTOGRAPHIC CONTROLS RECOMMENDATION 1

Cryptographic Recommendation Controls for Placebo, Inc.

Group 1: Emmanuel Asare, Frank Ahan, Anthony Ibhawaegbele

Professional and Continuing Education, University of San Diego

CSOL 510: Applied Cryptography

Final Project

Prof. Josh Gopen

October 26, 2020

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 2

Table of Contents

Executive Summary ............................................................................................................ 3

Cryptographic Recommendation Controls for Placebo, Inc. ............................................. 4

Security Goals ..................................................................................................................... 5

Regulation Laws and Compliance Requirements ............................................................... 5

Required Security Policies .................................................................................................. 6

Chief Cyber Security Threats.............................................................................................. 7

Chief Cyber Security Risks in Our Opinion ....................................................................... 8

Recommended Cryptographic Controls .............................................................................. 9

Assumptions...................................................................................................................... 14

Other Influential Factors ................................................................................................... 14

Conclusion ........................................................................................................................ 14

References ......................................................................................................................... 16

Glossary of Cyber Security Terms .................................................................................... 17

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 3

Executive Summary

Cryptographic controls are employed by organizations to achieve the different information

security objectives: confidentiality, identification/authentication, integrity, and non-repudiation.

These information security objectives are important safeguards to help organizations maintain

industry standard security policies as well compliance with regulation laws or policies. The

purpose of this paper is to recommend cryptographic controls for the standardized information

security operations of the Placebo, Inc. health insurance company. This will enable the company

secure access to its private corporate and human resources data, while working (in compliance)

with the Protected Health Information (PHI) regulated by the U.S. Health Insurance Portability

and Accountability Act (HIPAA).

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 4

Cryptographic Recommendation Controls for Placebo, Inc.

The Placebo, Inc. health insurance company business transactions revolve around three

(customers, employees, and providers) parties. The company workers or employees are

categorized into local and virtual (remote) workers. The local workers perform their duties on-site

while the remote or virtual workers perform theirs remotely. The network architecture for the

Placebo, Inc. provides for three types of users: customers (people who buys health insurance from

the company), providers (medical professionals and their staff providing services to the company

customers), and workers (the company employees who perform their duties either locally or

remotely).The above enumerated users who access the Placebo, Inc. systems need to be subjected

to access control to help guarantee the cryptographic services of confidentiality,

identification/authentication, integrity, and non-repudiation. According to (Barker, 2020), “the use

of cryptographic mechanisms is one of the strongest ways to provide security services for

communications, data storage, and other applications.” Applying cryptographic controls correctly

is critical in promoting information security and as such industry standards such as the National

Institute of Standards and Technology (NIST) and the PHI regulated by the HIPAA will be adhered

to by the Placebo, Inc. based on the highlighted recommendations in this document. The following

sessions in this document will be addressing the aim of this paper: identify the security goals of

the Placebo, Inc. heath insurance company, determine the company’s regulation laws and

compliance requirements, identify the company’s security policies, identify the chief cyber

security threats and risks faced by the company, explain the recommended cryptographic controls

for the company’s network components, identify all assumptions about company’s network,

explain other factors (risks and tradeoffs), and relevant conclusion.

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 5

Security Goals

The following are the core security goals or objectives of the Placebo, Inc. company:

i. Protection of data in transit and data at rest using industry standard

cryptographic controls or mechanisms (cryptographic algorithms,

encryption, digital signatures, key size, key recovery, cryptoperiod, among

others).

ii. User authentication, privacy/confidentiality assurance, data encryption, data

integrity, and non-repudiation.

iii. Network security

iv. Access control

v. Data backup

vi. Compliance with relevant regulation laws.

vii. Service availability.

Regulation Laws and Compliance Requirements

The Placebo, Inc. health insurance will be regulated by the HIPAA and as such will

be required to be HIPAA compliant. The HIPAA regulation requires the privacy and

confidentiality of customers data as well as compliance by health insurance companies

such as the Placebo, Inc. In addition, access to health records must be restricted only to

those mandated to access them as specified under the HIPAA privacy and confidentiality

laws. In this case:

i. The Placebo, Inc. customers have the right to decide who can access their health

records (HHS.gov, n.d.).

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 6

ii. All the workforce members of the Placebo, Inc must be trained on its privacy

policies and procedures, as necessary and appropriate for them to perform their

duties (HHS.gov, n.d.).

iii. The customers of the Placebo, Inc. reserve the right to obtain a copy of their

protected healthcare information as well as review it (HHS.gov, n.d.).

iv. The Placebo, Inc. customers have the right to restrict the use and disclosure of

their information (HHS.gov, n.d.).

v. The Placebo, Inc. customers reserve the right to have the use and disclosure of

their information accounted for (HHS.gov, n.d.).

Required Security Policies

The following security policies will be required for enforcement by the Placebo, Inc.

health insurance including its network components:

i. All Placebo, Inc. system users (customers, providers, and workers) must be

authenticated to access the databases containing subscribers’ data.

ii. An encrypted connection (e.g. HTTPS) should be employed to secure all logins to

the subscription and appropriately authenticated.

iii. Confidentiality of all data, both Placebo, Inc and subscriber data should me

maintained through discretionary and mandatory access controls.

iv. Data in transit and data at rest must be secured using strong (approved)

cryptographic controls (e.g. encryption) in compliance with industry standards.

v. Regular backup of company data to enable data recovery and retention in the

event of a disaster recovery or business continuity event.

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 7

vi. Encryption of all backups and backups storage should be done in physically and

logically secure location.

vii. Encryption of corporate Local Area Network (LAN) and wireless networks using

approved industry standards.

viii. Personally Identifiable Information (PII) or subscriber (customer) data should not

be stored on equipment not owned or managed by the Placebo, Inc. company.

ix. Physical security of any electronic media and paper containing subscriber data.

x. Remote access to Placebo, Inc networks should only be granted to authorized

users and must use two-factor authentication (TFA).

xi. Immediate removal of external access to Placebo, Inc databases upon notification

that user (employee) no longer have affiliations with the company.

xii. Perform periodic review of users’ access and access rights to make certain that

they are appropriate for the users’ role.

xiii. Access to web servers through unencrypted protocols should be denied or

prevented.

xiv. Firewalls, intrusion detection system (IDS)/intrusion prevention system (IPS),

routers, and access control lists should be used to monitor network traffic for

connections to/from the internet or other external network to ensure only properly

established connections are allowed into the Placebo, Inc. networks.

Chief Cyber Security Threats

The chief cyber security threats against the Placebo, Inc. and against its network

components include the following:

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 8

i. Data theft, data modification or alteration, unauthorized data disclosure, and loss

of confidentiality.

ii. Unauthorized Access: an unauthorized user can get access into the network of the

Placebo, Inc company. This is referred to as cracking (Study.com, n.d.).

iii. Man-in-the Middle (MITM) Attack: intruders can eavesdrop on or intercept data in

transit or data exchanges between two or more parties.

iv. Malware: a malicious code or program can be inserted into the Placebo, Inc

system with the intention of compromising the confidentiality, integrity, or

availability of the company’s data.

v. Cyber Espionage: Advanced Persistent Threat (APT) groups can spy on or steal

the company’s data for their economic, political, or financial gain.

vi. Distributed Denial of Service (DDoS) Attack: The Placebo, Inc network could be

overwhelmed by fake traffic employed by cyber attackers.

vii. Internet of Things (IoT) attack surface: multiple devices connected to the Placebo,

Inc internal network via wireless access point (WAP) can increase the potential

attack surface.

viii. Possible lawsuits and trust concerns: the Placebo, Inc, as a result of network

compromise, could face possible lawsuits and loss of trustworthiness from the

customers due to possible data theft, data disclosure, data modification (or

alteration), loss of customers’ confidentiality, etc.

Chief Cyber Security Risks in Our Opinion

The chief cyber security risks in our opinion are listed below:

i. Data theft, unauthorized data disclosure/loss of confidentiality, data compromise

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 9

ii. Malware

iii. DDOS/business shutdown

iv. Lawsuits/fines

v. Lack of trust

vi. Unauthorized network access

Recommended Cryptographic Controls

The recommended cryptographic controls for the Placebo, Inc network components,

along with those recommended (or approved) by NIST include the following:

i. Customers: Identification and authentication are required to provide assurance of

data integrity and the data source (Barker, 2020). Two-factor authentication is

required to access company network. Digital signatures are the recommended

cryptographic controls by NIST to provide identity authentication, integrity

authentication, source authentication, and support for non-repudiation (Barker,

2020).

ii. Providers: Identification and authentication are required to provide for data

integrity and data source assurance (Barker, 2020). Two-factor authentication is

required to access company network. Digital signatures are the recommended

cryptographic controls by NIST to support for non-repudiation, provide identity

authentication, integrity authentication, and source authentication (Barker, 2020).

iii. Remote Workers: Identification and authentication are required to provide for

data integrity and data source assurance (Barker, 2020). Two-factor authentication

is required to access company network. Digital signatures are the recommended

cryptographic controls by NIST to support for non-repudiation, provide identity

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 10

authentication, integrity authentication, and source authentication (Barker, 2020).

Also, Virtual Private Network (VPN) connection is required to connect remotely to

the Placebo, Inc network. The Transport Layer Security- TLS v1.2 is the strongly

recommended cryptographic protocol by NIST for securing communications over

the network (LUXSCI, 2020).

iv. Off-Site Backup: Access to the off-site backup requires identification and

authentication. Identification and authentication are required to provide for data

integrity and data source assurance (Barker, 2020). Digital signatures are the

recommended cryptographic controls by NIST to support for non-repudiation,

provide identity authentication, integrity authentication, and source authentication

(Barker, 2020). NIST recommends that key information be stored on backups or

archived to allow for key recovery (should the key information be lost) during the

key’s cryptoperiod (Barker & Barker, 2019). Encryption of backup data with

approved standard is strongly recommended.

v. Outer Firewall: Access control (identification and authentication) mechanisms

can be employed such that the firewall is able to determine authenticated users as

wells as who has rights or privileges to access specific files or data. In other words,

settings such as the users within the inner firewall can access and modify specific

files while those at the outer firewall are not permitted to have data modification

privilege, can be made here.

vi. Web Servers: Identification and authentication are required to provide for data

integrity and data source assurance (Barker, 2020). To access the web servers, the

Placebo, Inc system users need to be identified and authenticated. The use of digital
CRYPTOGRAPHIC CONTROLS RECOMMENDATION 11

signatures as recommended by NIST will ensure support for non-repudiation and

provide identity authentication, integrity authentication, and source authentication

(Barker, 2020). The approved digital signatures algorithms are Rivest, Shamir, and

Adleman (RSA): 2048, 3072, 7680, 15360 bits, Elliptic Curve Digital Signature

Algorithm (ECDSA): 256, 384, and 512 bits (Barker, 2020). Encryption is the

commonly used cryptographic control to ensure data confidentiality and integrity.

The Placebo, Inc data in transit and data at rest require encryption. The NIST

approved encryption algorithms (with key sizes, key life span) include: (i)

Symmetric Algorithm- AES: 128, 192, or 256 bits (Barker, 2020), (ii) Asymmetric

(public-key) Algorithm- Rivest, Shamir, and Adleman (RSA): 2048, 3072, 7680,

and 15360 bits (Barker, 2020), and (iii) Cryptographic Hash Algorithm- SHA-1,

SHA-224, SHA-256, SHA-384, and SHA-512: 160, 224, 256, 384, and 512 bits

(Barker, 2020).

vii. Virtual Private Network (VPN): Transport Layer Security- TLS v1.2 is the

strongly recommended cryptographic protocol by NIST for securing

communications over the network (LUXSCI, 2020).

viii. Inner Firewall: Access control (identification and authentication) mechanisms can

be employed such that the firewall is able to determine authenticated users as wells

as who has rights or privileges to access specific files or data. In other words,

settings such as the users within the inner firewall can access and modify specific

files while those at the outer firewall are not permitted to have data modification

privilege, can be made here.

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 12

ix. User and Private Data: Encryption, the widely used cryptographic control, is

required to ensure data confidentiality and integrity. The Placebo, Inc data in transit

and data at rest require encryption. The NIST approved encryption algorithms (with

key sizes, key life span) include: (i) Symmetric Algorithm- AES: 128, 192, or 256

bits (Barker, 2020), (ii) Asymmetric (public-key) Algorithm- Rivest, Shamir, and

Adleman (RSA): 2048, 3072, 7680, and 15360 bits (Barker, 2020), and (iii)

Cryptographic Hash Algorithm- SHA-1, SHA-224, SHA-256, SHA-384, and SHA-

512: 160, 224, 256, 384, and 512 bits (Barker, 2020). Also, access to company data

requires identification and authentication mechanisms. The use of digital signatures

as recommended by NIST will ensure support for non-repudiation and provide

identity authentication, integrity authentication, and source authentication (Barker,

2020). The approved digital signatures algorithms are Rivest, Shamir, and Adleman

(RSA): 2048, 3072, 7680, 15360 bits, Elliptic Curve Digital Signature Algorithm

(ECDSA): 256, 384, and 512 bits (Barker, 2020).

x. Corporate LAN: Transport Layer Security- TLS v1.2 is the strongly recommended

cryptographic protocol by NIST for securing communications over the network

(LUXSCI, 2020). Also, access to company data via corporate local area network

(LAN) requires identification and authentication with the use of digital signatures

approved by NIST.

xi. Wireless Access Point (WAP): Transport Layer Security- TLS v1.2 is the strongly

recommended cryptographic protocol by NIST for securing communications over

the network (LUXSCI, 2020). Also, access to company data via WAP requires
CRYPTOGRAPHIC CONTROLS RECOMMENDATION 13

identification and authentication with the use of digital signatures approved by

NIST.

xii. Corporate Data: Encryption is the widely used cryptographic control to ensure

data confidentiality and integrity. The Placebo, Inc data in transit and data at rest

require encryption. The NIST approved encryption algorithms (with key sizes, key

life span) include: (i) Symmetric Algorithm- AES: 128, 192, or 256 bits (Barker,

2020). The NIST recommended cryptoperiods (key life span) for private signature

key and symmetric authentication key is a maximum of about one to three years

and no more than two years respectively (Barker, 2020). (ii) Asymmetric (public-

key) Algorithm- Rivest, Shamir, and Adleman (RSA) - 2048, 3072, 7680, and

15360 bits, and Edwards-Curve Digital Signature Algorithm (EdDSA) - 256 bits

(Barker, 2020). The NIST recommended cryptoperiods for “public signature -

verification key and public authentication key is within the private signature key’s

originator usage period and no more than one or two years” (Barker, 2020). (iii)

Cryptographic Hash Algorithm: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-

512 with 160, 224, 256, 384, and 512 bits (Barker, 2020). In addition, access to

company data requires identification and authentication mechanisms. The use of

digital signatures as recommended by NIST will ensure support for non-repudiation

and provide identity authentication, integrity authentication, and source

authentication (Barker, 2020). The approved digital signatures algorithms are

Rivest, Shamir, and Adleman (RSA) - 2048, 3072, 7680, 15360 bits, Elliptic Curve

Digital Signature Algorithm (ECDSA) - 256, 384, and 512 bits and Edwards-Curve

Digital Signature Algorithm (EdDSA) - 256 bits (Barker, 2020).

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 14

Assumptions

The following assumptions are made about the Placebo, Inc network:

i. The firewalls (inner and outer) are secured and employ IDS/IPS capabilities and

all hardware are secured.

ii. All users (customers, provider, and workers) of the Placebo, Inc network are not

trusted, and as such all access points are authenticated.

iii. Access to the offsite backup by the company vendors and agents requires scan in

and out.

iv. The provider is security conscious and HIPAA compliant.

Other Influential Factors

i. Cost: Any risk of data loss, data compromise, or unauthorized data disclosure can

potentially outweigh the cost of implementing the cryptographic controls.

ii. Trust: The trustworthiness of the company will be enhanced because of the

implementation of the security mechanisms that especially provide data integrity

and data confidentiality assurance.

Conclusion

Today, organizations, including Placebo, Inc are faced with numerous data security threats

that directly impact the data confidentiality, integrity, authenticity, and availability. Some of these

threats are unintentional (e.g. human errors), while others are intentional i.e. they are perpetrated

by threat actors with malicious intents, such as data theft, unauthorized network access,

eavesdropping, data communication interception, data modification, unauthorized data disclosure,

ransomware attacks, DDoS attacks, and so on. Cryptographic controls are essential security

mechanisms employed to provide the cryptographic services of confidentiality, integrity,

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 15

identification and authentication, and non-repudiation (Barker, 2020). By leveraging the

cryptographic controls recommended in this paper, the Placebo, Inc health insurance company

would be equipped with the capabilities necessary to mitigate against the chief cyber security

threats and risks enumerated above and provide for the assurance of the cryptographic services,

while meeting (or in compliance with) the industry’s cyber security standards as specified by the

relevant regulators (e.g. HIPAA and NIST) of the industry.

CRYPTOGRAPHIC CONTROLS RECOMMENDATION 16

References

Barker, E. (2020). Recommendation for Key Management: Part1 – General. Retrieved from

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf

Barker, E., & Barker, W. (2019). Recommendation for Key Management: Part2 – Best Practices

for Key Management Organizations. Retrieved from

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt2r1.pdf

HHS.gov. (n.d.). Summary of the HIPAA Privacy Rule. Retrieved from

https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

LUXSCI. (2020, January 2). What Level of SSL or TLS is Required for HIPAA Compliance?

Retrieved from https://luxsci.com/blog/level-ssl-tls-required-hipaa.html

Study.com. (n.d.). System Security: Firewalls, Encryption, Passwords & Biometrics. Retrieved
from https://study.com/academy/lesson/systems-security-firewalls-encryption-passwords-

biometrics.html
CRYPTOGRAPHIC CONTROLS RECOMMENDATION 17

Glossary of Cyber Security Terms

Access Control Restricts resource access to only authorized entities.

AES Advanced Encryption Standard
APT Advanced Persistent Threat
Assurance Security or protection guarantee
Asymmetric Algorithm A cryptographic algorithm that uses two related keys: a public key
and a private key.
Authentication The confirmation that a person is the one claimed.
Availability The property that data or information is accessible and usable upon
demand by an authorized person
Backup Storing data files in a secure location that is readily and easily
accessible.
Bits Basic units of information in computing and digital
communications.
Confidentiality The property that data or information is not made available or
disclosed to unauthorized persons or processes.
Cryptographic Algorithm A well-defined computational procedure that takes variable inputs,
including a cryptographic key, and produces an output.
Cryptographic Controls Control mechanisms for achieving confidentiality, integrity,
authentication, and non-repudiation.
Cryptoperiod The time span during which a specific key is authorized for use or
in which the keys for a given system or application may remain in
effect.
Cyber Espionage The use of computer networks to gain unauthorized and illegal
access to confidential information held typically by a government
or other organization.
Cyber Security The activity or process, ability or capability, or state whereby
information and communications systems and the information
contained therein are protected from and/or defended against
damage, unauthorized use or modification, or exploitation.
Data-at-rest Data in computer storage
CRYPTOGRAPHIC CONTROLS RECOMMENDATION 18

Data-in-transit Data traversing the network

Data Disclosure Revealing data content
Data Modification Altering or changing the original data content.
DDoS Distributed Denial of Service
Digital Signatures The result of a cryptographic transformation of data that, when
properly implemented, provides a mechanism for verifying origin
authentication, data integrity and signatory non-repudiation.
ECDSA Elliptic Curve Digital Signature Algorithm
EdDSA Edwards-Curve Digital Signature Algorithm
Encryption The process of changing plaintext into ciphertext using a
cryptographic algorithm and key.
Firewall A hardware/software device or a software program that limits
network traffic according to a set of rules of what access is and is
not allowed or authorized.
Hash Function A function that maps a bit string of arbitrary length to a fixed
length bit string.
Identification Ability to uniquely verify the identity of a system user.
IDS Intrusion Prevention System
Integrity The property that data or information have not been altered or
destroyed in an unauthorized manner.
IPS Intrusion Detection System
Key Recovery Mechanisms and processes that allow authorized entities to retrieve
or reconstruct the key from key backups or archives.
Key Size The size of a key in bits; used interchangeably with “Key length.”
LAN Local Area Network
Network Security A set of rules and configurations designed to protect the integrity,
confidentiality and accessibility of computer networks and data
using both software and hardware technologies.
NIST National Institute of Standard and Technology
Non-Repudiation A service that is used to provide assurance of the integrity and
origin of data in such a way that the integrity and origin can be
CRYPTOGRAPHIC CONTROLS RECOMMENDATION 19

verified and validated by a third party as having originated from a

specific entity in possession of the private key (i.e., the signatory).
PII Personally Identifiable Information
Privacy The assurance that the confidentiality of, and access to, certain
information about an entity is protected.
Private Key A cryptographic key that is used with an asymmetric (public key)
cryptographic algorithm.
Public Key A cryptographic key that is used with an asymmetric (public key)
cryptographic algorithm and is associated with a private key.
Risk The likelihood that a particular threat will exploit a particular
vulnerability, with the associated consequences.
RSA Rivest, Shamir, and Adleman
SHA Secure Hash Algorithm
Symmetric Algorithm A cryptographic algorithm that uses the same secret key for an
operation and its complement (e.g., encryption and decryption).
Threat Anything that can potentially cause or do harm to an information.
TLS Transport Layer Protocol
Trustworthiness The attribute of a person or enterprise that provides confidence to
others of the qualifications, capabilities, and reliability of that
entity to perform specific tasks and fulfill assigned responsibilities.
TFA Two-Factor Authentication (an extra layer of protection used to
ensure the security of online accounts beyond just a username and
password).
VPN Virtual Private Network
WAP Wireless Access Point