ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Cryptography and Authentication Techniques

Verified

Added on  2020/03/28

|14
|3681
|68
AI Summary
This assignment delves into the world of cryptography and authentication. It examines different encryption techniques, including RSA and Vigenere Cipher, analyzing their strengths and weaknesses. Additionally, it explores authentication mechanisms such as OAuth and Open System Authentication (OSA), discussing their role in securing online interactions. The assignment encourages a critical understanding of how these techniques protect sensitive information in today's digital landscape.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Advanced e Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Abstract
In the area of the e commerce services, e-commerce processes need more confidentiality of the
customer details, the integrity of invention offers and the availability of the vendor’s servers.
Cryptography, is the art and science of secret writing for protected communications proposed to
be intelligible only to the person possessing a key. A cipher is one of the most important efficient
secret technique of lettering, whereby original text is converted into cipher text (often named as
cryptogram).
1
Document Page
Table of Contents
1. Bring Your Own Device........................................................................................................3
1.1 Restrictions on authorized use.......................................................................................3
1.2 BYOD policy for an organization..................................................................................3
1.2.1 Acceptability use......................................................................................................3
1.2.2 Devices and Support................................................................................................4
1.2.3 Safety.........................................................................................................................4
1.2.4 Risks/Responsibilities/Disclaimers.........................................................................5
1.3 Control over the personal devices..................................................................................5
2. Open Authentication.............................................................................................................6
2.1 Description.......................................................................................................................6
2.2 OAuth administration suppliers....................................................................................6
2.3 Technology used in the OAuth.......................................................................................6
2.4 Strength of OAuth...........................................................................................................7
2.5 Weakness of OAuth........................................................................................................8
2.6 Will it replace Open ID...................................................................................................8
2.7 Would you recommend it for secure applications like online banking......................9
3. Cryptanalysis of Polyalphabetic Ciphers............................................................................9
3.1 Vigenere cipher...............................................................................................................9
References.....................................................................................................................................12
2
Document Page
1. Bring Your Own Device
Bring your own device is referred to the policy of allowing the employees in order to
bring personally owned devices. Such as phone, laptops, personal computer and tablets to their
corresponding workplace, and in order to use those electronic devices to fetch privileged
particular organization information and their applications.
BYOD is a collection of rubrics for the organization employees held Laptops
smartphones and tablets. Many of the companies generates this BOYD policy, by this the
employees can make use their campaigns based on the rubrics well-defined in the BYOD policy
(Smith & Forman, 2014).
1.1 Restrictions on authorized use
i. A Worker might not store data starting with or identified with previous job on the
company’s requisition.
ii. Companions ought to not utilize particular units that would utilized for shares of
the organization purposes.
iii. Mobile phones also tablets that couldn’t on the company’s execute about the
devices are/are not allowed should unite with those organize.
iv. Employees should/should not contact those gadget maker
v. The employer desires to impose and it will bound the employer permits to work
data only.
1.2 BYOD policy for an organization
Employees must consent of the terms What's more states set hence in this approach so as
should have the ability to interface their units of the shares of the organization system.
1.2.1 Acceptability use
The organization characterizes worthy particular utilization around organization period as
sensible Also constrained personal correspondence alternately recreation, for example, such that
perusing alternately diversion playing.
Employees would blocked from gaining entrance to certain sites throughout worth of
effort hours/while associated with the corporate system during those circumspection of the
agency. Such sites include, be that need aid not constrained to the Devices’ Polaroid or feature
abilities are/are not handicapped same time on location (Zayed, 2016).
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Employees might use their portable gadget on get those accompanying company-owned
resources: email, calendars, contacts, documents, and so forth throughout this way, observing
and stock arrangement of all instrumentation.
1.2.2 Devices and Support
Mobile phones containing Android, blackberry, Windows phones and iPhone are
allowed. Similarly as fundamental including models, functioning systems, versions, and so
onwards throughout this way, observing and stock arrangement of all instrumentation.
Tablets including iPad What's more bisexuality would permitted. Connectivity issues
need aid underpinned via IT; Employees should/should not contact those gadget maker
alternately their bearer to functioning framework alternately hardware-related issues.
Units must be introduced to it for correct particular occupation provisioning What's more
setup about standard apps, for example, browsers, office benefit product What's more security
tools, in front of they might right those organize.
1.2.3 Safety
So as on prevent unapproved access, units must be secret key ensured utilizing those
features of the gadget What's more a solid secret key is required with get the organization
organize.
The company’s solid international ID arrangement is: Passwords must make in any event
six characters and a blending about upper- What's more small letters, numbers Furthermore
pictures. Keywords will make turned at ordered intervals and the original international ID can’t
make a standout amongst 15 older passwords. The device must lock itself with a PIN whether
it’s inactive pulley to 5 minutes. Then afterward 5 failed login attempts, those gadget will lock.
Contact it will recapture right. Established (Android) or jailbroken (iOS) gadgets would strictly
banned starting with gaining entrance to those organize.
Employees need aid logically kept back from transferring, presenting and using at
whatever app that doesn't display up on an organization execute from claiming recommended
applications.
Mobile phones Furthermore tablets having a place with workers that are to personage
utilization main are/are not permitted will unite with those organize.
Employees’ get will organization information will be constrained In light of client
profiles characterized Eventually Tom's perusing it also naturally authorized.
4
Document Page
1.2.4 Risks/Responsibilities/Disclaimers
Same time it will detract each precaution on prevent the employee’s particular data from
constantly missing in the occurrence it need remote spread an device, the employee’s
responsibility to make additional precautions, for instance, support up contacts, email, etc. An
organization stores those good with disengage unit benefits without warning. Lost gadgets must
make showed up for the group inside 24 hrs. Workers need aid answerable for advising their
portable transporter instantly upon passing of a gadget.
Those Employee will be relied upon to utilize as much or her units for a moral way
whatsoever times Furthermore stick of the company’s satisfactory use strategy concerning
illustration delineated over.
The Worker may be personally at risk to all fetches connected with as much gadget.
The Employee expects full responsibility containing, However not limited to, those
incomplete reduction of organization Also particular data because of a functioning framework
crash, errors, bugs, viruses, malware alternately fittings failures, alternately modifying errors that
render the gadget unusable (Priya, 2017).
1.3 Control over the personal devices
In a BYOD platform, if a worker has full managerial rights for all the info on the device,
an organization might not be competent to properly determine liability for the info under its
control. In addition, linking an individual device to an organization’s system may posture
significant confidentiality and safety threats, such as company network security integrity.
An organization must have strategies in place that direct the storage and retaining of
individual information in its supervision or under its control. Organizations to proceeds
reasonable phases to maintain the individual information in their supervision or control from the
security risks as illegal access, group, use, revelation, repetition, alteration, removal or
obliteration. Active authentication and authorization are important to make sure the effective
safety controls and for representing accountability (Definitions & Hope, 2017).
5
Document Page
2. Open Authentication
2.1 Description
The extension for OAuth may be open commission. It is open standard. Along these lines
it utilized to furthermore token based verification in the system. It will be you quit offering on
that one kind for straightforward secure commission protocol ("OATH, Strong Authentication,
and What it Means", 2017). It might a chance to be permitted to distinctive right levels for
example, such that synchronize the Gmail contacts should new LinkedIn companions. Access
granularity will be given toward OAuth. Those Access granularity methods gatherings give those
contact information of the whole companions rundown. Those asset supplier request will be
figured. It gives administration get additionally. It is used to make furthermore furnish
information or information from or of the additional website for the Confirmation. The vitality
about planning OAuth will be identified the limits and furthermore issues in the customary
client-server Confirmation model. Those secured customer right may be given of the server
toward the utilization of OAuth ("End User Authentication with OAuth 2.0 — OAuth", 2017).
Those schema about OAuth verification give those get to outsider application, to lessen those
right of http administration. This guides those clients with offer information that is middle of
provisions.
2.2 OAuth administration suppliers.
1. Facebook.
2. Foursquare.
3. Google.
4. Microsoft (Hotmail, Messenger, Xbox).
5. LinkedIn.
6. Myspace.
7. Netflix.
8. Twitter.
9. Vimeo Take illustration as Facebook.
2.3 Technology used in the OAuth
1. Challenge handshake verification Protocol – It may be a verification protocol used to log
a client. Ahead with a web entry supplier. It might have been generally utilized within
right on time dialup administrations.
6

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
2. Extensible verification Protocol - EAP may be utilized the middle of a dialup customer
and also a server with determine. EAP will be additionally generally utilized for other
customer server verification and Benefits ("OAuth: Pros and Cons of OAuth | Social
Technology Review", 2017) ("What is Open System Authentication (OSA)? - Definition
from WhatIs.com", 2017).
3. Nonspecific security administration provision program interface – GSSAPI gives security
administrations on. Calling provisions over a nonexclusive fashion, underpinned via a
range from claiming underlying instruments. Advances- It permits source-level
portability from claiming provisions should distinctive situations. Those verification
strategy specified toward GSSAPI may be Verwoerd nonexclusive and further
characterized previously, other RFCs that manufacture.
4. Http essential and digest Confirmation - http Confirmation portrays username / secret
key. Confirmation to http 1. 1. It may be regularly utilized over blending for SSL should
furnish secrecy. Those secret key (Basic) alternately a cryptographic hash of the
watchword (Digest) as it is sent over the channel.
2.4 Strength of OAuth
1. It may be used to track a portion passwords.
2. It will be used to decrease the client profiles.
3. Those focal point on this may be that any individual camwood perused those guidelines
on the Facebook Developers page Furthermore make their website a customer.
4. The third-party website doesn't bring your accreditations (thus can’t get your record Also
do an undertaking that you didn’t provide for it consent to). The third-party website need
main and pinhole see of every last bit of your information (which you might configure).
Those third-party website need a characterized span from claiming. Assuming that at
whatever minute you choose to draw the plug, you might discredit those token also (C. J
& A. G, 2014).
2.5 Weakness of OAuth
i. Those hindrance will be that they have no security. Not on set as well fine a perspective
on it, they bring not verified the client. They have gotten delegated entry of the client’s
majority of the data. There is a shortcoming both to the desktop and mobile phones.
7
Document Page
ii. For desktop, At you to start with make a token those administrations that you need aid
authenticating for (twitter for example) will solicit you for your username Furthermore
watchword which will be not an issue since you need aid entering your accreditations
straightforwardly to twitter, the issue may be that you need aid trusting your web
program (internet explorer, Firefox, chrome, or safari) with not sniff these preceding
clicking submit. Envision though An hacker might have been fit with implant an infection
inside your program to lift dependent upon every last one of way strokes you enter at that
point generally you recently provided for that hacker your username alternately
watchword. This issue is not particular will OAuth and relates that's only the tip of the
security for your desktop overall Anyway it will be still a hazard.
iii. To mobile phone application, with have the ability to utilize this token again and again
once more it need should a chance to be put away some place inside your phone’s hard
plate which implies assuming that a hacker got entry with your phone, he might extricate
this token and use it to himself (HAO, ZHAO, LIU, HUANG & LIU, 2010).
2.6 Will it replace Open ID
The point when OAuth might have been initially announced, there were who thought that it
might set a few nails in the box from claiming OpenID. Same time it might have been a great
idea, OpenID by means didn't make on the way it might have been needed with or ought to
bring. Those light of OpenID might have been positively tepid. Sure, AOL needed through 60
million OpenID clients during one purpose. However huge numbers administration suppliers
found that their clients weren't taking playing point for OpenID. Web applications designer
37Signals, to example, discovered that under 1% from claiming its client build took point about
OpenID help in the organization's items. Furthermore likewise for the organization is phasing out
its OpenID help. Also mainstream administrations in Twitter, Facebook, Netflix, Evernote, and
Furthermore Meet up. That said, OpenID isn't pointless. Or will be it dead. Sure, OAuth need
stolen very much a bit from claiming OpenID's thunder. Yet the two technologies, same time
similar, could really supplement one another. On one side, we bring OpenID which may be
proposed will empower secure logins inside a Web program. On the different side, we have
OAuth which empowers destinations on safely return information. Anyhow might both
innovations coincide? They doubtlessly supplement one another (Mekhaznia & Menai, 2014).
8
Document Page
2.7 Would you recommend it for secure applications like online banking
OAuth verification will be not protected. This is the benchmark starting. It may request
the chance to be attempting. There may be a spot for social login, but it has a confined Web-
domain. It need a portion for security flaws, puts your clients protection toward risk.
3. Cryptanalysis of Polyalphabetic Ciphers
3.1 Vigenere Cipher
The Vigenere Cipher, is a sequences of Caesar Ciphers where every letter move rely on a
Keyword ("An Introduction to Cryptographic Authentication and Encryption - Red Hat
Customer Portal", 2017). The Vigenere Cipher use a square called Vigenere square, mentioned
below, which is used to decrypt the cipher text. The Vigenere square contains 26 rows of the
Caesar Ciphers beginning with a 0 letter move. On every extra rows, the movement of letters are
raised by 1 ("Chapter 3 -- How to Solve a Problem in "The Cryptogram"", 2017) (Som & Ghosh,
2012).
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
To decrypt the following cipher text by using the keyword MASTER. Repeat a Key until
that is corresponding the length of the cipher text like MASTERMASTERMASTER. Using the
above table, corresponding the cipher text letter to the row and the matching keyword to a
column and also find out the letter at their meeting point on the above table ("Cryptography 101:
Basic Solving Techniques for Substitution Ciphers - dummies", 2017). So using key word
(MASTER), we would find the plain text ("Cryptography for Network and Information
Security", 2017).
Decipher
Student Id-13475382
Cryptogram for whom their Student-ID is XXXXXXX2
fhwvseoehmswyudmmcqvwesitiwkeiohaveceeukikehskmeswslgfzsawiiqdtrwvhejt
prgtzhvjeewysiqxsftcqsztqzdkgmlrdiamsrzduaeizekllryijlyxsekmwktalmliqs
zhpueczxqvefgklzqrskgyucsekiauhlgrzbwkirxirxhskgaomesmgkijtajxwkahazlv
dlwoicbajmmtupsgxjwolaeiucggwzpejxhyuejtvttiutpktrwllfxdkvlvyekbrntiua
ejumheikunamliqszhpueczxqvusslwfoismiuiilaxyqilapvhedhjryudmmcqvwekiau
hmlvabnbsledjtasmcchjktiklscgtahrzetztxzfdgxweathksmudwvseoujkieoysfse
sdayjvdefmpvhedlswtiwkeiohavecsrgntjutgwmjoukliueeukikehskmesfgkkvzejt
procwlwjfrmvxldektrubrgoiufhsmimqrqtgtqsklxigclnvvoafuiiqadbdvpbqttvdf
wvxjqcjxxjtajbrxeczxqvfhwfezzdjtasmcchjkteakwtteexmjfhsmxyqmgkigdinbpv
sevieifiubtrztktvvmskbkeqddhrxqrkaeiqskbqdankiszztwwslftztxktekhplfigg
wwarkxgiqtkaeiunybrdgllbpvhedzvfgpkivfbokxhskeskpzqrsnxyarktvvzolxjwuc
axrkteknkxqslxhvrfavmvztyxsdqtjbgrxswvvvfsztvzzgkvlvyekpmkttzxvvcuakiu
brgiiifiwllfienxvyuskhplfiggmjmphemtmbdxsexylhegmrlbglxajvejqoxfycfidx
zvxgjhygemgkigdeubwvxyzxhzecmlwvpswvvvfsztvzzgagqlxtaeimqlykslbsobxyba
jmmtglsketoeklwkduumyiqstkmtwedewkgdaxhxqnwkeceeukikehskmesiffycfidxzv
xgjhygeafwtiavwwxymtammjboklmsxelhgfzslkytfivxeceeukikehskmessuaidqsxh
vrzyenpkulwoicmcuxwjetjngkgrwbrsdiudicxsnxgkarkietqcggwkduummfztzxpfie
juslzdggxyqsasifrtzxqfpudnwgeirxswfhwymvxdagayuczmlvoadvycmtahrjmrwuiz
zgvhrvusuhrjudwkesxydtvxqifmlzeswvxzanoxtiqswgxrzexymtuefmwfxulbserojl
itdelllrdifzmeyudmmcqvwekiauhlsldsuaidqikuejqdggxyqsztqzdsuaidqafwmjbe
jyitfafwmuqadbrfgrkvlvyelaicawwkffgnvhrkteehhlxukbwjugfbjzoafmppemsepv
dtztrzzbjbgbqldlwtteexmepewwxyqcgghzfiggtzegjxekqrlaeezakbrjtaebvjaraz
memlkvlvyealwlrfavmvztlhmdblwfiefomktiapgliueczxqv
Answer
Keyword: MASTER
10
Document Page
The concept of multilevel or hierarchical secret sharing was considered by several authors see for
example shamirk otharii to and charnes shamir suggests that threshold schemes for hierarchical
groups can be realized by giving more shares to higher level participants Kothari considered
hierarchical threshold schemes in which a simple tini threshold scheme is associated with the ith
level of a multilevel group the obvious drawback of this solution is that it does not provide
concurrency among different levels of hierarchical groups i to discussed secret sharing for
general access structures and proved that every access structure can be realized by a perfect
secret sharing scheme the main drawback of their scheme is that the more privileged participants
are assigned longer shares simmons pointed out that the solutions for secret sharing in multilevel
groups proposed by earlier authors are not efficient he suggested efficient geometrical secret
sharing schemes with the required properties however his solution is applicable only to a
particular case of multilevel groups more precisely he discussed secret sharing in multilevel
groups with particular access structures brickell studied general secret sharing in multilevel
groups and proved that it is possible to construct ideal secret sharing schemes for any multilevel
access structure in brickells vector space construction the lower bound on the size of the modulus
size of the field in which the calculations are being done is considerably large in this section we
present an efficient solution for secret sharing in multilevel groups our scheme is based on the
shamir scheme and is perfect and ideal in our scheme the lower bound on the modulus is
significantly smaller than in brickells scheme in deed the condition np is greater thann as in
shamirs original scheme is sufficient to implement our proposed scheme (Cipher et al., 2017).
References
An Introduction to Cryptographic Authentication and Encryption - Red Hat Customer Portal.
(2017). Access.redhat.com. Retrieved 5 October 2017, from
https://access.redhat.com/blogs/766093/posts/1975983
C. J, E., & A. G, U. (2014). Analysis of Network Data Encryption & Decryption Techniques in
Communication Systems. International Journal Of Innovative Research In Science,
Engineering And Technology, 03(12), 17797-17807.
http://dx.doi.org/10.15680/ijirset.2014.0312008
Chapter 3 -- How to Solve a Problem in "The Cryptogram". (2017). Und.nodak.edu. Retrieved 5
October 2017, from http://www.und.nodak.edu/org/crypto/crypto/.chap03.html
Cipher, V., Cipher, V., cipher?, H., cipher?, H., ciphertext?, H., & key?, H. et al.
(2017). Vigenère Cipher - Decoder, Encoder, Solver, Translator. Dcode.fr. Retrieved 5
October 2017, from http://www.dcode.fr/vigenere-cipher
Cryptography 101: Basic Solving Techniques for Substitution Ciphers - dummies.
(2017). dummies. Retrieved 5 October 2017, from
11
Document Page
http://www.dummies.com/games/cryptograms/cryptography-101-basic-solving-techniques-
for-substitution-ciphers/
Cryptography for Network and Information Security. (2017). Technet.microsoft.com. Retrieved 5
October 2017, from https://technet.microsoft.com/en-us/library/cc962027.aspx
Definitions, C., & Hope, C. (2017). What is Ciphertext?. Computerhope.com. Retrieved 5
October 2017, from https://www.computerhope.com/jargon/c/cipherte.htm
End User Authentication with OAuth 2.0 — OAuth. (2017). Oauth.net. Retrieved 5 October
2017, from https://oauth.net/articles/authentication/
HAO, W., ZHAO, E., LIU, Y., HUANG, Y., & LIU, J. (2010). Research and implementation of
key techniques of encryption and decryption system on heterogeneous database. Journal Of
Computer Applications, 30(9), 2339-2343. http://dx.doi.org/10.3724/sp.j.1087.2010.02339
Mekhaznia, T., & Menai, M. (2014). Cryptanalysis of classical ciphers with ant
algorithms. International Journal Of Metaheuristics, 3(3), 175.
http://dx.doi.org/10.1504/ijmheur.2014.065159
MushtaqSherAli, F., & Hassan Sarhan, F. (2014). Enhancing Security of Vigenere Cipher by
Stream Cipher. International Journal Of Computer Applications, 100(1), 1-4.
http://dx.doi.org/10.5120/17486-7998
OATH, Strong Authentication, and What it Means. (2017). Celestix Networks. Retrieved 5
October 2017, from http://www.celestix.com/oath-strong-authentication-means-2/
OAuth: Pros and Cons of OAuth | Social Technology Review.
(2017). Socialtechnologyreview.com. Retrieved 5 October 2017, from
http://www.socialtechnologyreview.com/articles/oauth-pros-and-cons-oauth
Priya, N. (2017). Comparative Study of RSA and Probabilistic Encryption/Decryption
Algorithms. International Journal Of Engineering And Computer Science.
http://dx.doi.org/10.18535/ijecs/v6i1.04
Smith, K., & Forman, S. (2014). Bring Your Own Device-Challenges and Solutions for the
Mobile Workplace. Employment Relations Today, 40(4), 67-73.
http://dx.doi.org/10.1002/ert.21436
Som, S., & Ghosh, S. (2012). A Simple Algebraic Model based Polyalphabetic Substitution
Cipher. International Journal Of Computer Applications, 39(8), 53-56.
http://dx.doi.org/10.5120/4844-7111
12

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
What is Open System Authentication (OSA)? - Definition from WhatIs.com.
(2017). SearchSecurity. Retrieved 5 October 2017, from
http://searchsecurity.techtarget.com/definition/Open-System-Authentication-OSA
Zayed, K. (2016). Information Security Awareness: Managing Web, Mobile & Endpoint
Security; Overcoming the Challenges of Bring Your Own Device (BYOD). International
Journal Of Teaching And Case Studies, 7(3/4), 1.
http://dx.doi.org/10.1504/ijtcs.2016.10001478
13
1 out of 14
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]