Introduction of Cryptography Assignment
Get free written samples by subject experts and Assignment Writing Help in UK.
The examination of secure advanced correspondence frameworks that empower just the originator and approved beneficiary of correspondence to pursue its data is characterized as cryptography. The term comes from the Greek expression Kryptos, and that signifies "stowed away." It is firmly connected to encryption, which would be the method involved with changing a plain message into the encoded message and subsequently back thereafter when it shows up. Besides, cryptography remembers the darkening of information for pictures using strategies, for example, advanced watermarking or joining. As per the IBM 2018 Price of a Security Breach Survey, the typical security breach costs $3.86 million. This price is expected to rise by 6.4 percent the ongoing year, with the chance of a repeat attack rising by 27.9 percent over the following two years. In this report, various ranges of cryptographic control are discussed in order to address the issue related to the case study scenario.
1. Risk assessment
Business assets - The business asset of the fashion company is its confidential business information, customer private data, and the reputation of the company which may be compromised if there is any type of data breach due to the unavailability of cryptography.
Vulnerabilities - The vulnerability is any possible weak spot through which danger might do harm. Obsolete antivirus software, for instance, is a weakness that could enable a malware assault to prevail (Celiktas, Ozdem?r, & Guzey, 2021). Establishing a data facility in the underground raises the risk of a storm or flood destroying hardware and generating delay. Discontented personnel and outdated hardware are two further instances of vulnerability.
Threats - The threat is any incident that has the potential to endanger a company's assets and employees. Website outages, natural disasters, and intellectual property theft are a few examples (Ferreres, et al. 2021).
Risks - The risk related to the information security of the company can be calculated by the following formula
Risk = Vulnerability X Threat X Asset
Though the risk is depicted as a mathematical equation, this is a conceptual construction rather than a numerical one. If the company wishes to estimate the risk connected to the danger of cyber criminals breaching a certain system. If the network is extremely exposed (possibly due to a lack of an antivirus solution and firewall) and the resource is vital, the risk is considerable. Nonetheless, if the company has effective boundary defenses and the vulnerability is minimal, the risk would be moderate even though the property is still essential.
Impact - The entire harm that an organization would suffer if a vulnerability was exposed by a risk is referred to as the impact.
2. UML diagram
Use case diagram of the entire system
(Source: Self created in draw.io)
Above is the basic use case diagram that has been drawn in the draw.io platform to make it easily understandable. So as it is being shown that there are several attributes for the clotting system that needs to be encrypted through the cryptography models (Genço?lu, 2019). The tasks of the retailer have been shown as well as the task of the customers is also defined through the diagram. Each and every attribute needs the encryption system to enable the encryption system in the clothing store.
ordering encrypted system
(Source: Self created in draw.io)
This one is the time pad of the encryption system which is going to be installed in the clothing store. After the encryption is done users or the customers will be able to book the clothes as per their requirements through the online system also they will be able to directly message to the shop and this entire process with the customer and the retailer will be secured and encrypted (Junge et al. 2021). These are the basic fundamentals about starting the encryption system in the clothing store.
3.1. Role of Cryptography
In reality, the Online is not secure for retail, which often includes a large number of payments, except if it employs encryption and makes its customers informed of the risks associated with retail. PC users must understand how to boost retail security. SSL and PGP encryption both offer cryptography and therefore can serve as the foundation of a secured retail infrastructure (Luo, & Huang, 2021). Any reasonable person would agree whether, while directing a retail buy, purchasers actually really like to present their Visa subtleties to nearly anybody who asks before guaranteeing that the individual or Web webpage is totally secure and reliable. Dependability in retail is a genuine issue. Being implied in retail involves risks, (for example, listening in and parodying) and possible dangers (like protection). The utilization of cryptography in the retail area adds a degree of safety, which is a definitive strategy to give incredibly secure retail area exchanges and Internet applications containing a client's private information. If SSL, host safety, and cryptographic keys are permitted to manage retail, it would be totally in generating trust, providing the privacy, authorization, and integrity of data by the encryption that is required to counter dangers connected with Internet-based payments (Basuki & Anugrah, 2019). The significance of encryption is that it may safeguard retail businesses and ensure customers and businesses that their data is secure and from snoopers (hackers who utilize the Web to steal users' data). The usage of cryptography ensures the authenticity of retail transactions and therefore can protect data.
3.2. Advantages and disadvantages
IT is an important data security tool that gives four key services of data security such as -
- Confidentiality - The cryptography approach can protect communication and information from unwanted disclosure and accessibility.
- Authentication − Encryption algorithms like digital signatures and MAC can safeguard data from forgery and spoofing.
- Information Integrity - The hash elements of Cryptography are basic in ensuring shoppers of the data's credibility (Matache, 2020).
- Non-renouncement - The electronic mark offers a non-disavowal capacity to safeguard from questions that might happen because of the beneficiary's refusal of sending correspondence.
- Even a genuine user may find it difficult to obtain highly encrypted, authenticated, and electronically signed content at an important moment of decision-making. An attacker can assault the computer system network and render it inoperable (Avkhimovich, 2021).
- The utilization of cryptography can't guarantee exceptional accessibility, which is an essential element of information security. Different methodologies are expected to safeguard against dangers like interference of access or complete organization disappointment.
- One more fundamental prerequisite of information security, selectable availability the board, can't be met utilizing cryptography. Institutional techniques and controls should be carried out for this reason.
- Encryption does not protect against the dangers and vulnerabilities that result from bad system design.
4.1 Different cryptography methods
Hashing is indeed a cryptographic procedure that turns each type of information into a distinct text string. Each piece of information, regardless of nature or size, could be encrypted. Hashing seems to be a simple mathematical procedure that is extraordinarily hard to reverse. The distinction between encryption and hashing is that encryption could be decrypted, or reversed, using a unique key. , SHA1, MD5, and SHA-256 are the most commonly used hashing methods.
The cryptography of Symmetric Key
This is a cryptography method in which the receiver and sender of a signal decode communications using a single shared key. Symmetric key methods are simpler and faster, but the receiver and sender must interact in a safe manner such that the information is not revealed. Data Protection Technology is by far the most widely used symmetric-key encryption system (DES).
The cryptography of Asymmetric Key
A key pair is employed in this technique to encode and decode data. For cryptography, a general key is being used, while for decryption, a secret key is utilized. The fundamental benefit of the cryptography of asymmetric keys is that it employs two keys, thus if everybody knows the public key, they could not decrypt the message since the secret key solely decodes the message being sent to the receiver (Toosi, Buckley, & Sai, 2019).
The hashing cryptography will be appropriate for the company to address any risk related to its business.
4.2. Security posture
The security posture of the company can be improved by
- Performing security assessment
- Having a management plan
- Prioritizing the impact of the business
- Implementing security encryption
- Implementation automation detection of threat and remediation
- Regular updates of software and antivirus installation.
Cryptography is described as the study of secure digital communication systems that allow only the originator and authorized recipient of the communication to view its information. Cryptography entails the hiding of data in images using techniques such as digital watermarking or combining. Any potential weak place through which a threat may cause harm is referred to as a vulnerability. Any occurrence that has the potential to jeopardize a company's assets or personnel is considered a threat. If a corporation desires to quantify the risk associated with the threat of cyber thieves infiltrating a certain system. The tasks of the retailer have been depicted, and the tasks of the customers have also been outlined using the UML diagram. Both SSL and PGP encryption provide cryptography and can thus serve as the backbone of a secure retail system. Encryption does not guard against the threats and vulnerabilities that arise as a result of poor system design. The hashing cryptography will be appropriate for the organization to meet any commercial risks.
Avkhimovich, N. (2021, May). Logic program invertibility in cryptography problems. In Journal of Physics: Conference Series (Vol. 1902, No. 1, p. 012049). IOP Publishing.Retrieved fromhttps://iopscience.iop.org/article/10.1088/1742-6596/1902/1/012049/pdf[Retrieved on 10.03.2022]
Basuki, S., &Anugrah, R. (2019). Transaction Document Security Protection In The Form Of Image File, Jpg Or Tif Interbank Transfer Using Steganography And Cryptography. IAIC Transactions on Sustainable Digital Innovation (ITSDI), 1(1), 42-48.Retrieved from:https://www.aptikom-journal.id/index.php/itsdi/article/download/12/6[Retrieved on 10.03.2022]
Celiktas, B., Ozdem?r, E., &Guzey, S. (2021). An Inner Product Space-Based Hierarchical Key Assignment Scheme for Access Control.Retrieved fromhttps://www.techrxiv.org/articles/preprint/An_Inner_Product_Space-Based_Hierarchical_Key_Assignment_Scheme_for_Access_Control/16577402/1/files/30682253.pdf[Retrieved on 10.03.2022]
Ferreres, A. I. G. T., Manzano, L. G., & Portillo, S. P. LAB ASSIGNMENT: CLASSIC CRYPTOGRAPHY. Retrieved from http://ocw.uc3m.es/ingenieria-informatica/cryptography-and-computer-security/Statement_Lab_Classiccrypto_solutions.pdf [Retrieved on 10.03.2022]
Genço?lu, M. T. (2019). Importance of Cryptography in Information Security. IOSR J. Comput. Eng, 21(1), 65-68.Retrieved from:https://www.researchgate.net/profile/Mtuncay-Gencoglu/publication/331641251_Importance_of_Cryptography_in_Information_Security/links/5d443bce299bf1995b5ef14e/Importance-of-Cryptography-in-Information-Security.pdf[Retrieved on 10.03.2022]
Junge, M., Kubicki, A. M., Palazuelos, C., & Pérez-García, D. (2021). Geometry of Banach spaces: a new route towards Position Based Cryptography. arXiv preprint arXiv:2103.16357.Retrieved from: https://arxiv.org/pdf/2103.16357[Retrieved on 10.03.2022]
Luo, H., & Huang, Y. Cryptography in NC 0.Retrieved from:https://yizhihuang.org/blog/wp-content/uploads/2021/07/Crypto_in_NC0.pdf[Retrieved on 10.03.2022]
Matache, M. (2020). Standardizing Lightweight Cryptography (Bachelor's thesis).Retrieved fromhttps://trepo.tuni.fi/bitstream/handle/10024/121564/MatacheMaria.pdf?sequence=3[Retrieved on 10.03.2022]
Toosi, F. G., Buckley, J., & Sai, A. R. (2019, September). Source-code divergence diagnosis using constraints and cryptography. In Proceedings of the 13th European Conference on Software Architecture-Volume 2 (pp. 205-208). Retrieved from: https://dl.acm.org/doi/pdf/10.1145/3344948.3344983?casa_token=OkbYOt-LKe4AAAAA:Hgw4Y4mYSZsHJoZqV0vTZe5QX0K5vwVaA8rAnA1E8iqS6ideNQHPeuyHbNbW3GGEt7xgADxayZcQuYA[Retrieved on 10.03.2022]