D2 - Compare the security benefits of different cryptography techniques.


Symmetric Cryptography
A Symmetric Key Algorithm is an encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. The key can be a number, a word or just a string of random characters. This key is applied to a message to change the content  and make it unreadable. This key could be as simple as reversing every word so it is written backwards. It acts as a password so only the sender and receiver can decrypt and read the message. Symmetric Key Systems and very simple and fast, although the main disadvantage of using this method is that you have to share the key with the receiver somehow, meaning anyone could get hold of it and decrypt your messages.

Stream Cipher & Block Cipher
A stream cipher is a type of symmetric encryption, they are designed to be exceptionally fast, much faster than any block cipher. Block ciphers operate on large blocks of data, whereas stream ciphers encrypt each plaintext digit one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. The encryption of plain text when using a block cipher will always result in the same ciphertext when the same key is used, whereas with a stream cipher, the transformation will vary, depending on when they are encountered during the encryption process.

Asymmetric Cryptography 
Asymmetric Encryption is a method that uses two keys:
  • A Public Key - Visible to everyone
  • A Private Key - Secret, Only visible to the recipient of the message.
When the CEO wants to send a secure message to one of his employees, the CEO will use the employees public key to encrypt the message. This message can then only be decrypted using the employees private key, which only the employee knows. The public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. This method is very secure and quite simple to use, a slight disadvantage of this method is that you need to know the recipient's public key to encrypt a message, this means the organisation will need a registry of all public keys, this is stored on a server.

DES Encryption
DES is short for Data Encryption Standard, this is a encryption method that was originally developed in 1975 and standardised in 1981. DES uses a block cipher method, this means it encrypts data in blocks rather than encrypting individual characters. The key size is 64 bits, although 8 bits of they key are used for parity (Error detection), which makes the effective DES key size 56-Bits.This method is now very outdated and 56-bit key length is considered very weak.

Triple DES
Triple DES or 3DES involves repeating the DES algorithm in an attempt to make the message more secure. Using this method you use two or three different keys to make the text unreadable. 3DES can work in different modes, the mode chosen dictates the number of keys. The different modes are:
  • DES-EEE3 - This uses three different keys for encryption, and the data is encrypted, encrypted, encrypted.
  • DES-EDE3 - This uses three different keys for encryption and the data is encrypted, decrypted, encrypted.
  • DES-EEE2 - This uses two different keys and the first and third encryption processes use the same key.
  • DES-EDE2 - This is the same as DES-EDE3 but only uses two keys, the first and third encryption processes use the same key.
Hashing
Hashing is when you generate a number from a string of text. The hash value is much smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. For example if John wants to send a message to Nathan, John would calculate a hash value for the message and attach it to the message itself. When Nathan receives the message, he will perform the same hashing function and compare the result with Johns. If the two values are the same, Nathan knows the message was not altered during transmission. If the values are different, Nathan will know the message has been tampered with and he would delete the message. 

Digital Certificate 
A Digital signature is a hash value that has been encrypted with the sender’s private key. Forging a digital signature is impossible, this means by using a signature you are eliminating the possibility of an imposter signing the document. By having a digital signature you are proving the message is from you and therefore reassuring the recipient the document is valid and it does not contain false information. 

Popular posts from this blog

D1 - Discuss Recent Network Threats

Cross-Site Scripting (XSS) Cross-Site Scripting is a computer security vulnerability that is mostly found in web applications. XSS allows attackers to inject client-side scripts into web pages that are then viewed by others. The people that view this web page can then be infected without even knowing as the page appears to be normal. Depending on what scripts the attacker uses the effects can range from something very minor to a major security risk. XSS can be used to gain control and bypass the authorisation process. SQL Injection SQL Injection is a  technique  used to attack data driven applications and is implemented by adding parts of SQL statements in to entry fields within a website.This is done  in an attempt to get the website to accept a newly formed rouge SQL command to the database. SQL injection is a code injection  technique  that exploits a security vulnerability in an applications software. The vulnerability occurs when the user input field is incorrectly filtered.
Read more

P3 - Explain what an organisation can do to minimise security breaches in networked systems

Policies and Procedures Security Policies A security policy is a document containing the rules and regulations regarding computer network access within an organisation. The purpose of the security policy is so that all the users within the organisation have a set of rules to follow and also so the organisation can protect their devices. The security policy will be constantly changing and being improved because over time they will discover more and more things they have missed out. It is important to have a security policy in place so that all of their data is secure and can only be accessed by authorised people. Education and training All organisations should have policies in place regarding education and training, this is to ensure all colleagues are able to use the latest software and are aware of the latest and best techniques to use when working on the organization's network. If a colleague regularly uses a piece of software, and a 2013 version is released with new helpful
Read more

M3 - Report on the similarities and differences between securing wireless and wired networked systems.

When using a wired network, it is extremely difficult for an attacker to intercept your connection and steal bandwidth, whereas when using a wireless connection others can see and potentially access your wireless network, sometimes within seconds, enabling them to use your bandwidth and steal any information that is shared over the network. Wireless signals can be picked up from somebody in a neighbouring building or sitting in a car near your house, which is why they can be so unsecure. To make the problem worse some routers get delivered with encryption disabled, meaning anybody can connect to the network without having to enter a password, most homeowners don’t know that they need to enable anything leaving them very vulnerable. The good news is that it is not very hard to make your wireless network secure, which will both prevent others from stealing your internet and will also prevent hackers from taking control of your computer through your own wireless network. Changing the
Read more