Professional Documents
Culture Documents
Cybercrime 4
Cybercrime 4
Dissertation Manuscript
IE
EV
PR
Dissertation Manuscript
W
Submitted to Northcentral University
DOCTOR OF PHILOSOPHY
By
PR
June 2019
ii
ProQuest Number: 22588569
All rights reserved
INFORMATION TO ALL USERS
The quality of this reproduction is dependent upon the quality of the copy submitted.
In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
W
IE
EV
ProQuest 22588569
Published by ProQuest LLC (2019 ). Copyright of the Dissertation is held by the Author.
All rights reserved.
PR
This work is protected against unauthorized copying under Title 17, United States Code
Microform Edition © ProQuest LLC.
ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
DocuSign Envelope ID: 29555367-210C-4048-9A51-B6318D921F19
Approval Page
A Phenomenological Investigation into the Lived Experiences and Challenges Faced by
the Department of Homeland Security Information Personnel in Detecting and
Obstructing the Widely Available Encryption Technologies.
By
PAUL MONDAY ONYEMEKEIHIA
W
Dissertation Chair: INSERT
Gabriele NAME
Suboch Degree Held Date
IE Ph.D. 07/26/2019 | 05:12:37 MST
INSERT
Committee Member: Marie NAME Degree Held
Bakari Date
Abstract
Department of Homeland Security information personnel feared they might not be able to
study explored the challenges posed by the widely available encryption technologies to the
information security personnel at the DHS. It also explored the lived experiences and challenges
encryption technologies. The theory of asymmetric conflict was applied to facilitate the study’s
objective and to gain the knowledge of encryption challenges required. Research questions used
W
were organized to focus on the lived experiences and the challenges perceived by the
IE
participants. The literature review provided some historical context into the evolution of
encryption and the modern day use of the technology. The qualitative method and a
EV
transcendental phenomenological design were used to obtain rich, thick descriptions of the
participants’ lived experiences. Participant recruitment was performed through LinkedIn to find
potential participants. Purposive sampling was used to identify the 13 participants who
PR
participated in the research study. Open-ended questions and a semi-structured interview were
used to collect data through in-depth one-on-one Skype and telephone interviews. The verbatim
interview was transcribed and analyzed with Moustakas’(1994) phenomenology approach to data
The research findings revealed that the widely available encryption is vital for securing
sensitive information, but remains inaccessible to DHS and other third-party investigators. The
challenges found to influence the DHS inaccessible status include privacy laws, policy, lack of
iii
training, and research. Findings also highlighted the importance of more congressional efforts to
find common ground between privacy, security, and public safety. Participants elaborated ways
to improve open discussion between technology companies, DHS, and lawmakers. Participants
also viewed training and educational research as a valuable tool for enhancing DHS investigation
skills and efforts. The data gathered and analyzed contributed to the researcher’s knowledge and
understanding of the growing DHS encryption issues. The applied implication of this research is
to support DHS, the technology community, lawmakers, and future researcher. The finding of
this study contributed to the body of existing encryption technology literature. Finally, further
research is required to assist in striking a balance between privacy, security, and public safety.
W
IE
EV
PR
iv
Dedication
I wish to dedicate this study to God the Father, God the Son, and God the Holy Spirit, for the
extraordinary insights, understanding, and inspiration given to me during this doctoral journey. I
wish to dedicate this study to our Blessed Virgin Mary, Arch Angel Gabriel, and my Guidant
Angel for their prayers and love. I want to also dedicate this study to my loving wife and best
friend, Clementina, my daughters, Amaka and Chimamanda, for their endless patience,
unwavering encouragement, and tireless supports given to me, that made me to be a caring
father, enlightened scholar, and a better man. I am eternally grateful to you all. Thank you.
W
IE
EV
PR
v
Acknowledgment
I wish to acknowledge and thank all those who helped me during my doctoral studies:
• First, I want to thank God for His guidance and the strength given me to complete this
doctoral journey.
• My wife, Clementina, for her love, incredible patience, and support, for helping me to
focus on the end goal. I truly could not have been able to accomplish this degree without
W
I wish to thank Dr. Gabriele Suboch, my dissertation chair, for her valuable mentoring
and insightful feedback and most importantly, for always taking my multiple phone calls,
IE
emails, and text messages during this dissertation period. Her kind spirit and passion
• I want to thank my dissertation chair, Dr. David Ojo, for providing valuable thoughts and
• My father, mother, brothers and sisters, my uncle Mr. Pius Onyemekeihia and friends for
• I want to thank Dr. Anowai, Mr. Donavan Green and Mr. Ugochukwu Nwakoro for their
• I want to appreciate my church family and priest of the BSSCH, for their prayers
• Finally, to all my colleagues and friends for their friendship, help, and patience, during
vi
Disclaimer
The views presented in this study are those of the researcher or the research participants and do
not represent the views of the Department of Homeland Security information personnel’s or any
W
IE
EV
PR
vii
Table of Contents
Chapter 1: Introduction ................................................................................................................... 1
Background ................................................................................................................................2
Problem Statement ................................................................................................................... 3
Purpose of the Study ................................................................................................................. 4
Theoretical/Conceptual Framework.......................................................................................... 7
Nature of the Study ................................................................................................................. 10
Research Questions ................................................................................................................. 10
Significance of the Study ........................................................................................................ 11
Definitions of Key Terms ....................................................................................................... 11
Summary ................................................................................................................................. 14
Chapter 2: Literature Review ........................................................................................................ 15
Documentation ........................................................................................................................ 16
Description of an Encryption .................................................................................................. 17
History of Encryption ............................................................................................................. 18
Types of Encryption ................................................................................................................ 22
W
Encryption Algorithm ............................................................................................................. 25
Application of Encryption Technology .................................................................................. 28
Terrorist Organization and use of the Internet ........................................................................ 36
IE
What Led Terrorist Organizations to the Use of Encryption Technology? ............................ 37
Impact of widely Available Encryption on DHS digital inverstigation. ................................. 42
Battle over Encryption, Privacy, and Security ........................................................................ 43
EV
Theoretical/Conceptual Framework........................................................................................ 48
Asymmetric Conflict Theory .................................................................................................. 51
Asymmetric Conflict Theory of Cyber Warfare ..................................................................... 59
Application of Asymmetric conflict theory ............................................................................ 64
PR
W
IE
EV
PR
ix
List of Tables
W
IE
EV
PR
x
List of Figures
Table 1. Symmetric encryption using the similar secret key to encrypt and decrypt ...................22
Table 2. Asymmetric encryption using the private key and public the key to encrypt and
decrypt………………………………………..........................................................................24
Table 3. Data analysis flowchart………………………................................................................90
W
IE
EV
PR
xi
1
Chapter 1: Introduction
The Department of Homeland Security (DHS) is an integral part of the U.S. government
that was formed following September 11, 2001 terrorist attacks. The DHS was integrated along
with 22 agencies to strengthen cooperation and coordination between the local, the state, the
federal government to ensure general public safety and security (Mabee, 2007; Kemp, 2012).
Constantly under scrutiny to prevent any form of terrorist attack, security breach, or safety
loopholes, the mission, responsibilities, and jurisdiction of DHS are far reaching. DHS has been
tested by countless terrorist attempts on the U.S. homeland, border incursions, illegal trafficking,
and natural disasters the likes of Hurricane Katrina, some of these threats adapted rapidly to
W
every technique employed by the security organizations. Terrorists also seek to cause destruction
IE
and casualties by any weapon available to include weapons of mass destruction (Ackerman &
Jacome, 2018; Glick, 2015). While the establishment of the DHS has prevented many subsequent
EV
terrorist attacks, it has been argued, however, that the widely available encryption technologies
are complicating life for the Department of Homeland Security information personnel (Manpearl,
The inability of DHS information personnel to detect and obstruct the widely available
encryption technologies has created a unique situation in which terrorists could potentially share
information and launch both physical and cyberattacks against the United States. Terrorists and
criminals are using encryption technologies to hide their plans, recruit followers, encourage
espionage, and perform cyber and terrorist attacks, all with the aim of attacking the U.S.
Many recent security breaches or lapses can also be traced to the impact of encryption
technology access that necessitated the need for DHS to focus on security and safety issues. This
2
inability of DHS information security personnel to decrypt encrypted data has become an
ongoing debate among experts, who think something must be done (Zittrain et al., 2016). This
study explored the challenges posed by the widely available encryption technologies to DHS
information security personnel and to understand their lived experiences and the way they
Background
The main reason for network monitoring is to detect and obstruct network attacks. In
1960, International Business Machine (IBM) developed an algorithm that was based on ciphers
(Preneel, 2014). The algorithm was an early warning sensor, with a capability of detecting
W
suspicious activity on computer networks. IBM handed the algorithm to the National Bureau of
IE
Standards (NBS) in 1968 to protect government classified and unclassified electronic data over
the networks (Abidi et al., 2016). In 1976, the National Security Agency (NSA) modified the
EV
algorithm that was later chosen as the American Data Encryption Standard (DES). The National
Bureau of Standards and NSA combined to strengthen the encryption against differential
cryptanalysis and then weakened it against brute-force network attacks. Indeed, this encryption
PR
was effective against 20 years of network attacks (Hellman, 2017; Landau, 2015).
In 1991, the notably free worldwide encryption standard known as “Pretty Good Privacy”
(PGP) was designed and released by Phil Zimmermann in response to the FBI threat to demand
access to the clear text communications of the American people. After the 9/11 terrorist attack,
the U.S. Government created the Department of Homeland Security. Since then, the DHS has
been striving to keep up with network attacks. Many terrorists now use these new tactics to
remain undetected by taking advantage of the widely available encryption technologies (Angwin,
2015).
3
Scholars have found that terrorist group are using the widely available encryption
technology to hide their plans, recruit followers, encourage espionage, and perform cyber and
terrorist attacks to disband information on various ways to strike the United States (Booth &
Rodgers, 2018; Mylan Traylor, 2017). Many hackers now use the Internet as a medium to direct
attacks against the U.S. government. There is constantly the risk that some of these attacks could
evade control systems, which poses a significant threat to critical U.S. infrastructures and to the
security of the nation and the mission of the DHS. For example, the recent December 2, 2015
terrorist attempted bombing and mass shooting attack that wounded 22 people and killed 14
persons at the Inland of San Bernardino, California and the Paris November 13, 2015, terrorist
W
explosives attack that killed 130 people and injured hundreds were a result of the security lapses
IE
over the last decade that resulted in the murder of countless victims could be traced to the impact
of widely available encryption technology (Erich, 2016; Jacobsen, 2017; Sinai, 2018).
EV
These increasing changes in the use of the widely available encryption security concerns
have been limiting investigation and transparency and making collective findings of primary and
official sources of communication challenging for the DHS. Therefore, when there were valuable
PR
data sources to help understand these concerns, access to encrypted communication was denied.
The DHS Annual Fusion Center Assessments is responsible for the sure dataset (Makin &
Problem Statement
The problem addressed by this was to explore the challenges posed by the widely
available encryption technologies to the information security personnel at the DHS. This
problem was identified due to the growing number of terrorist network intrusions, criminal’s
4
encrypted communications of data at rest, in transit, and cyberattacks against the United States.
Due to this ever-increasing amount of physical and cyberattacks through the use of the widely
available encryption, DHS information security personnel now race to identify, detect, and
obstruct potential threats to the networks and systems designed to protect both residents and non-
residents of the United States. The encryption technology platform allows terrorist groups to
encode data so that only approved personnel with vital information from the creation can access
the data (Atwood, 2015; Finklea, 2016; Manpearl, 2017; McCarthy, 2016; Mylan Traylor, 2017;
Penney, & Gibbs, 2017; Schulze, 2017). The inability of DHS information security personnel to
unlock or access the data stored in digital devices creates a unique opportunity for terrorists to
W
hide and pursue their primary target without being detected or obstructed. We know that there is
IE
an increasing number of network attacks through widely available encryption technology; what
we do not know is the process with which DHS information security personnel identify these
EV
challenges when they encounter difficulties in identifying, decoding, and obstruction of
Indeed, the exploration of these experiences of DHS information security personnel has
PR
contributed to the research, while learning, identifying, and describing the significance of the
participants’ participation. The negative outcome of not conducting this study will include the
risk of failing to identify potential weaknesses of DHS as they relate to the terrorist use of
The purpose addressed by this transcendental phenomenological study was to explore the
lived experiences of the DHS information personnel in identifying, detecting, and obstructing the
5
widely available encryption technologies. Also, the study explores the challenges faced by the
DHS information personnel in identifying, obstructing, and detecting widely available encryption
participants and the meaning linked with their experiences. With to the significant exploitation of
encryption by terrorist groups, this phenomenological study helped bridge the gap in knowledge
by exploring and understanding the lived experiences of the DHS information security personnel
and how the terrorists’ use of encryption has shaped their investigation.
In this qualitative research, the focus was to obtain the descriptions of experience from
W
the participants’ accounts through interviews. During careful data collection and analysis, the
IE
researcher attempted to make sense of, or interpret the phenomenon regarding the meanings
participants, bring to the study. The researcher also used Moustakas’ transcendental
EV
phenomenology, one of the philosophical bases of the human science tradition. Moustakas
(1994) explained that Husserl’s phenomenology is transcendental. This model highlights the
subjectivity and discovery of essences and the meaning of the lived experience. The model also
PR
provided a systematic and disciplined method for the derivation of knowledge. Moustakas (1994)
described the seven general processes of the phenomenological method, including epoche,
epoche, the researcher begins to change the natural self, putting aside biases and preconceived
and images of the experiences, just as one sees it. Here, the purpose is to reduce descriptions into
clustering of themes, and textural description of the experience. Imaginative variation targets
meanings and depends on intuition as a way of integrating structures into essences. In this stage
critical reflection, themes, and structures of the experience are developed. Lastly, the synthesis of
textures and structures stage is where the researcher immerses in the data until they are
thoroughly created. This research procedure captured the essences of DHS information security
personnel as they pertain to detecting and obstructing the widely available encryptions for this
study.
Following NCU IRB approval, the researcher used the online LinkedIn platform to
recruit potential participants. The platform is a rich professional networking site that hosts
W
millions of users. The platform was used to view users, recruit, or search for potential candidates,
IE
by posting or sharing content among diverse audiences, and for finding intelligent, articulate and
representative participants’ who were in the vast field of this project. The LinkedIn platform
EV
features are free to all users, with options to pay for marketing-related services. For example,
many researchers have used LinkedIn, Facebook, and Twitter to recruit participants for human
behavioral interventions. The aim of using the online LinkedIn platform was to attract potential
PR
participants. The researcher targeted population includes the working graduate degreed police
officers, digital forensics officers, electronic crime task force officers, computer crime
technology experts, IT, and information security analyst freely on LinkedIn social media. After
the online recruiting content was posted, interested potential participants responded, and
purposeful sampling was used to select the research participants. A total of 13 participants signed
and returned the consent form and participated in the study. The consent form included
confidentiality assurances and contact information for my dissertation chair. The interview guild
7
was emailed to the potential participant via Northcentral University email before arranging a
time that would be convenient for a one-on-one Skype interview. The interview lasted no more
than 30–45 minutes. The participants were notified that the researcher would like to use a voice
recorder to record responses, and they could participate if they do not wish to be recorded. The
data collection method of this study was online, anonymous, and open-ended Skype interviews.
The recorded data files were transcribed using the MAXQDA application for analysis of the
information. The recorded data were analyzed to identify themes. The recording and the
transcription of the data were made secure by encrypting the data on the researcher’s computers
with a password.
W
The information obtained from the participants provided insights and understanding into
IE
the lived experiences and challenges faced by DHS information personnel. Indeed, the result of
this research study should add to the scientific understanding of the phenomenon and provide
EV
prospective researchers with the details of the issues that were directly associated with the
terrorist encrypted data communication, identification, detection, and obstruction. The essence
and meanings derived from this study will contribute to the existing research and may lead to
PR
future research.
Theoretical Framework
The asymmetric conflict theory by Stepanova (2011) holds that the resource of two
belligerents differs in nature, interact, and struggle with an effort to exploit each other's specific
weaknesses. Indeed, asymmetric warfare against adversaries is the ability to act, organize, and
think differently from the other players to increase the personal advantages to exploit the
opponent’s weaknesses or gain elevated independence of action. From this viewpoint, a security
threat is better addressed from a military perspective. Implicitly, the theory assumes that conflict
8
usually involves unconventional strategies and tactics where the weaker belligerent tries to apply
Multiple asymmetric strategies have been used with the intent to disrupt U.S. military
capabilities and national security, to disable and paralyze communications, computer networks,
transportation, industrial enterprises, power systems, and to cause chaos in the U.S. homeland
(Allen, 2015). For instance, the growing amount of information warfare, the use of low-tech,
intrusions, and cyberattacks against the United States, are all currently advertising through the
use of widely available encryption technologies (Corn, 2017; Sinai, 2017). As a result of this
W
cyber warfare, information security personnel at the DHS and organizational security leaders are
IE
fighting an escalating and asymmetric war against adversaries intending to penetrate, organize an
attack, or disrupt network services hosted online while advertising on widely available
EV
encryption name Pretty Good Privacy (PGP) and Mujahideen Secrets encryption that is a
Quite recently, terrorist asymmetries in remote attacks are now known to move at record
PR
speed, sometimes moving faster than defenders can react to, with the unleashing of zero-days
(Urquhart & McAuley, 2018). In 2017, over 317 million new pieces of encrypted malware and
6,500 new vulnerabilities far surpassed the capacity growth a skilled information security
personnel can defend against. The DHS is concerned that terrorists might use these encrypted
malicious programs to shut down military computer systems. At present, all U.S. network and
weapon systems could be vulnerable to attacks of encrypted computer viruses (Zulkefli et al.,
2017).
9
A model for military strategists is asymmetric conflict theory, which usually involves
unconventional strategies and tactics used by the weaker belligerent to attempt strategies that
strategy could prevent asymmetric warfare. Due to several successful attempts at attacking
critical infrastructure, reliance on human defenders still struggles with the ability to identify,
detect, respond, and reduce these threats limiting our knowledge of this form of encryption
The knowledge of the widely available encryption from DHS information security and
their undetectable ability is a comparable scenario that can be seen with organized crime,
W
hackers, and syndicates taking on big organizations. This type of unconventional warfare appears
IE
to be prevailing as a conflict in the digital world, where the use of technology is moving from
symmetry with big organizations to an asymmetric engagement used by the terrorist groups to
EV
organize for the purpose of sharing information, hiding plans, recruiting followers, encouraging
espionage, and performing cyber and terrorist attacks (Cozma, 2015; Maurer, 2017).
This study used a purposeful sample of experienced participants to gain insight into the
PR
lived experiences and how the DHS perceived the challenges posed by the widely available
encryption technology. This theory has also been used to advance the ways by which cybercrime
can be addressed through the perception of those entrusted to guard against it. This theory
provided an insight into the DHS strong alliance information personnel's challenges and the
reasons why the weak alliances are unpredictable and undetected with the use of the widely
available encryption technology. From the experiences of DHS information security personnel in
detecting and obstructing data, the researcher gathered a robust understanding of what makes
relevant to conduct this study by integrating the asymmetric conflict theory precepts to explore
the challenges and experiences of the DHS information personnel. The asymmetric conflict
theory was applied to the study methodology to (a) analyze technological warfare and terrorism
conflicts, (b) identify the strategy behind the problems, (c) analyze the operational possibilities,
This study explored the lived experiences of DHS security information personnel in
detecting and obstructing widely available encryption technologies. The study used a qualitative
research method because qualitative research is used to understand human behavior from an
W
informant’s perspective (Thomson & McLeod, 2015). The researcher conducted a qualitative
IE
research interview to obtain descriptions of the experiences. This researcher engaged 13
participants in interviews. Following Creswell (2013), participants were allowed to select the site
EV
and the time of the interviews to enable them to relax and be more forthcoming with information.
Each interview session was audio recorded and transcribed. The researcher asked for the
technologies. The questions were open-ended questions with informal dialogue about the
participants. Each of the interviews lasted approximately 30–45 minutes. All interview data were
recorded, transcribed, and analyzed to identify themes. The themes that emerged were
synthesized into a description of the meaning and essence of the experiences of DHS information
Research Questions
RQ1: What are the experiences of DHS information personnel in identifying, detecting,
Reproduced with permission of copyright owner. Further reproduction prohibited without permission.