Professional Documents
Culture Documents
Module - 05 - Dale - Baltazar - Assignment 5
Module - 05 - Dale - Baltazar - Assignment 5
Module 05 – Encryption
Ans: Exchanging encryption keys via email, whether over an intranet or the
internet, poses significant security risks. Here are several vulnerabilities and
potential consequences that Majorie and Marlon may face. Eavesdropping (Man-
in-the-Middle Attacks) attackers could intercept the email containing the
encryption key. And consequently, gains unauthorized access to the encryption
key, compromising the confidentiality of the communication. Social Engineering:
attackers may use social engineering techniques to trick either Majorie or Marlon
into revealing the encryption key. The security of the communication is
compromised, as the attacker gains access to the key without directly exploiting
technical vulnerabilities. Phishing Attacks: A phishing email could be crafted to
appear as if it's from the other party, tricking them into sharing the encryption
key. The attacker obtains the key, compromising the security of the encrypted
communication. To mitigate these risks, Majorie and Marlon should consider
using more secure methods for exchanging encryption keys, such as in-person key
exchange, secure file transfer, or utilizing a trusted key distribution service.
2. List example of where you see the daily use of public-private key encryption?
Ans: Public-private key encryption is widely used in various applications to
secure communication and protect sensitive information. Here are some examples
of its daily use:
Digital signatures use public-private key encryption to verify the authenticity and
integrity of digital messages or documents. This is commonly used in electronic
documents, software distribution, and online transactions.
3. What are the associated risk that comes along with using public-private key encryption.
Ans: While public-private key encryption is a widely used and effective method for
securing communications and data, there are still some associated risks and
considerations.
Key Management:
Loss of Private Key: If the private key is lost or compromised, it can lead to
unauthorized access and potential data breaches. Proper key management
practices, including regular backups and secure storage, are crucial.
Cryptographic Weaknesses:
Trust Issues:
4. Outline other forms of encryption that are increasingly becoming popular. Explain the
rationale behind their popularity
Ans: Various forms of encryption are gaining popularity as technology advances
and the need for secure communication and data protection becomes more crucial.
Homomorphic Encryption:
Rationale: Homomorphic encryption allows computations to be
performed on encrypted data without decrypting it first. This is
particularly valuable in scenarios where privacy is a top priority, such as
in healthcare or finance. Users can perform computations on sensitive data
without exposing the raw information, enhancing security.
Blockchain Encryption:
Rationale: Blockchain relies on cryptographic techniques to secure
transactions and data. Public and private key cryptography is widely used
in blockchain to ensure the integrity and authenticity of transactions. As
blockchain technology gains popularity in various industries beyond
cryptocurrencies, the demand for secure and tamper-resistant data storage
and communication is driving the use of blockchain-based encryption.
Zero-Knowledge Proofs:
Rationale: Zero-knowledge proofs allow one party (the prover) to prove
to another party (the verifier) that they know a specific piece of
information without revealing the actual information. This is valuable in
privacy-preserving applications, such as authentication and identity
verification. Zero-knowledge proofs enhance privacy by providing
evidence of knowledge without disclosing the knowledge itself.
The common rationale behind the popularity of these encryption techniques is the
growing awareness of security and privacy concerns. As technology continues to
advance, the need for robust encryption methods that address emerging threats
and challenges becomes increasingly critical.
5. Explore the possible ways that a private key can exploited from a person and a node on a
network. Recommend the stopgap measures that could be put in place to reduce these
risk.
Phishing Attacks:
Exploitation: Users might receive fraudulent emails or messages that mimic
legitimate services, tricking them into providing their private keys.
Stopgap Measures:
Educate users about phishing tactics and encourage them to verify the
authenticity of messages.
Use two-factor authentication (2FA) to add an extra layer of security.
Physical Theft:
Exploitation: If physical access to a device or hardware wallet is obtained, the
private key can be stolen.
Stopgap Measures:
Keep hardware wallets in a secure location.
Implement physical security measures, such as locks and surveillance, for
devices containing private keys.
Social Engineering:
Exploitation: Attackers may manipulate individuals into revealing their private
keys through deceptive means.
Stopgap Measures:
Train individuals to recognize and resist social engineering tactics.
Establish clear communication protocols and verification processes.
Software Vulnerabilities:
Exploitation: Bugs or vulnerabilities in software may be exploited to
compromise private keys.
Stopgap Measures:
Regularly update software and firmware to patch known
vulnerabilities.
Perform security audits on the software and infrastructure
supporting private key operations.
In addition to these measures, it's important to regularly educate users about
security best practices and keep them informed about emerging threats.