Data Security and Encryption: A Comprehensive Guide
VerifiedAdded on 2024/05/23
|7
|2437
|212
AI Summary
This document explores various aspects of data security and encryption, covering key encryption techniques, file server encryption methods, cloud backup ramifications, digital signatures, and key types. It also delves into the dangers of malicious software, providing insights into the motivations behind malware creation and offering recommendations for downloading safe software. The document aims to provide a comprehensive understanding of data security practices and the challenges associated with protecting sensitive information in the digital age.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Question 3
a.
Key Encryption
Key encryption is the methodology of protecting the useful data from attackers. In this
different techniques and algorithms are applied over the data to turn them in different
format. The actual data is which is treated as plain text is computed according to the
proposed algorithm which will result in a cipher text that will be in unreadable format. The
algorithm uses a predefined proposed key for encrypting the data. The decryption of the
cypher text will be from the same key which is the symmetric key. For example –
Plain text – “My name is Max”
After encrypting with 32-bit encryption key the encrypted text will be –
“b5c0db6cd47ab5c0db6cEnCt210a37f599cbsQK8W/
ikwIb979cb5b5c0db6cdf8c10a37f599cb5”
The plain text is converted to an encrypted text which is unreadable to other (Encryption:
An Introduction to Protecting Your Data 2018).
b.
File servers in the company deals with tons of important data and information. In respect to
deal with data security there are two methods of encrypting the data stored in file server
which are File encryption and Full Disk Encryption.
File Based Encryption – It is the technique of encrypting the specific files over the file server.
This will only ensure the data encryption of that particular file and other files will remain
unprotected and there will be security threat to other unencrypted files (Gatka 2017).
Full Disk Encryption (FDE) – Full disk encryption is better approach than File based
encryption. In this method complete disk is encrypted in order to protect the data. All the
data stored on the disk gets encrypted.
Full Disk Encryption makes the complete storage disk protected including all the files in it
but it limits to protecting the particular file from storage. File based encryption lets to do
this. Both technologies are used accordingly as per the usage requirement (Gatka 2017).
File Encryption methods – RSA, AES, DES, Blowfish, Twofish (Bradford 2017)
Full Disk Encryption products - Dell data protection, McAfee Data encryption, Microsoft
Bit locker (The top full disk encryption products on the market today 2015).
a.
Key Encryption
Key encryption is the methodology of protecting the useful data from attackers. In this
different techniques and algorithms are applied over the data to turn them in different
format. The actual data is which is treated as plain text is computed according to the
proposed algorithm which will result in a cipher text that will be in unreadable format. The
algorithm uses a predefined proposed key for encrypting the data. The decryption of the
cypher text will be from the same key which is the symmetric key. For example –
Plain text – “My name is Max”
After encrypting with 32-bit encryption key the encrypted text will be –
“b5c0db6cd47ab5c0db6cEnCt210a37f599cbsQK8W/
ikwIb979cb5b5c0db6cdf8c10a37f599cb5”
The plain text is converted to an encrypted text which is unreadable to other (Encryption:
An Introduction to Protecting Your Data 2018).
b.
File servers in the company deals with tons of important data and information. In respect to
deal with data security there are two methods of encrypting the data stored in file server
which are File encryption and Full Disk Encryption.
File Based Encryption – It is the technique of encrypting the specific files over the file server.
This will only ensure the data encryption of that particular file and other files will remain
unprotected and there will be security threat to other unencrypted files (Gatka 2017).
Full Disk Encryption (FDE) – Full disk encryption is better approach than File based
encryption. In this method complete disk is encrypted in order to protect the data. All the
data stored on the disk gets encrypted.
Full Disk Encryption makes the complete storage disk protected including all the files in it
but it limits to protecting the particular file from storage. File based encryption lets to do
this. Both technologies are used accordingly as per the usage requirement (Gatka 2017).
File Encryption methods – RSA, AES, DES, Blowfish, Twofish (Bradford 2017)
Full Disk Encryption products - Dell data protection, McAfee Data encryption, Microsoft
Bit locker (The top full disk encryption products on the market today 2015).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
c.
Cloud backup is great practice for backing up the important data as a security option. But
every technology has its own challenges to deal with. Following are some of the cloud
backup ramifications which company has to deal with –
Uncontrolled Data – The thing is that when an enterprise uses the cloud service as a
backup all of its information is transferred over the cloud service provider network and
then the privacy settings of information is no longer in the hand of enterprise and there
may be a chance of unauthorized access to information.
Leakage of data – There is always the risk of leakage of data because the enterprise
depends on the security preventions for data provided by the third party cloud service
provider.
Snooping – Cloud is totally over the internet, so there is a great risk of snooping of data
because hackers and intruders vitally depends on internet for attacking a system, if the
system is in the enterprise and in the internal network then it’s hard for them to
penetrate the network. Snooping can be prevented by strong security measures taken
by cloud service providers.
Management of Key – Management of the cryptographic key is a must in cloud service.
A better approach and confidentiality must be implemented for managing the key
(Prinzlau 2016).
d.
Digital Signature
When a sender sends a data or information then a fingerprint from sender is attached that
guarantees the non-alteration of the data to the receiver. Digital signature maintains the
property of data integrity and authenticity. In digital signature the sender’s private key is
used for encryption. The process of digital signature is as following –
1. Sender generates the hash value of the actual message from a certain algorithm.
2. The generated hash values are then being encrypted with the sender’s private key.
3. The encrypted hash value is then combined with sender’s public key and digital signed
document is generated and sent to the receiver.
4. Now the receiver uses the public key to open the digital signed document.
5. Now the encrypted hash value is decrypted using the private key of sender and then the
hash is converted into actual document.
6. Now the final hash decrypted data is compared with the actual message that was
received in the digitally signed document (How do Digital Signatures Work? 2015).
By this data can be assured that it is not altered. The company persons and clients uses
email which includes digital certificates, this practice ensures that the data sent over email is
not altered in between (What is digital signature and how it works? 2018).
Cloud backup is great practice for backing up the important data as a security option. But
every technology has its own challenges to deal with. Following are some of the cloud
backup ramifications which company has to deal with –
Uncontrolled Data – The thing is that when an enterprise uses the cloud service as a
backup all of its information is transferred over the cloud service provider network and
then the privacy settings of information is no longer in the hand of enterprise and there
may be a chance of unauthorized access to information.
Leakage of data – There is always the risk of leakage of data because the enterprise
depends on the security preventions for data provided by the third party cloud service
provider.
Snooping – Cloud is totally over the internet, so there is a great risk of snooping of data
because hackers and intruders vitally depends on internet for attacking a system, if the
system is in the enterprise and in the internal network then it’s hard for them to
penetrate the network. Snooping can be prevented by strong security measures taken
by cloud service providers.
Management of Key – Management of the cryptographic key is a must in cloud service.
A better approach and confidentiality must be implemented for managing the key
(Prinzlau 2016).
d.
Digital Signature
When a sender sends a data or information then a fingerprint from sender is attached that
guarantees the non-alteration of the data to the receiver. Digital signature maintains the
property of data integrity and authenticity. In digital signature the sender’s private key is
used for encryption. The process of digital signature is as following –
1. Sender generates the hash value of the actual message from a certain algorithm.
2. The generated hash values are then being encrypted with the sender’s private key.
3. The encrypted hash value is then combined with sender’s public key and digital signed
document is generated and sent to the receiver.
4. Now the receiver uses the public key to open the digital signed document.
5. Now the encrypted hash value is decrypted using the private key of sender and then the
hash is converted into actual document.
6. Now the final hash decrypted data is compared with the actual message that was
received in the digitally signed document (How do Digital Signatures Work? 2015).
By this data can be assured that it is not altered. The company persons and clients uses
email which includes digital certificates, this practice ensures that the data sent over email is
not altered in between (What is digital signature and how it works? 2018).
e.
File servers and digital certificates both have different keys in use. Various types of keys are
there which have different types of implementation while encryption. The following are
some of the types of keys which are in practice for such types of use
Symmetric and Asymmetric keys – Symmetric keys are keys which are same in use for
encryption and decryption of data where Asymmetric keys are two different keys one for
encryption and one for decryption.
Static and Ephemeral keys – Static keys are the keys which have static or long term use
in encryption or decryption where ephemeral keys are used for single session.
Data Encryption keys – These keys can be symmetric or asymmetric key which are used
for different purpose. If Symmetric then it is used for 3DES or AES algorithm but if
Asymmetric, then used for RSA algorithm
Public Key – This type of key is used when digital certificate is in use. Usage of public
keys are not that much secured.
Private key – Private key is the key owned only by the sender and receiver for encryption
and decryption of the data.
Root key – Root key are the top most secured key in the public key hierarchy and it’s a
asymmetric key.
For file server Data encryption key, root key will be most proposed and for digital
certificates for email software use public, private and root key will be best in use. They must
be provided to authorized and genuine person (Stubbs 2018).
File servers and digital certificates both have different keys in use. Various types of keys are
there which have different types of implementation while encryption. The following are
some of the types of keys which are in practice for such types of use
Symmetric and Asymmetric keys – Symmetric keys are keys which are same in use for
encryption and decryption of data where Asymmetric keys are two different keys one for
encryption and one for decryption.
Static and Ephemeral keys – Static keys are the keys which have static or long term use
in encryption or decryption where ephemeral keys are used for single session.
Data Encryption keys – These keys can be symmetric or asymmetric key which are used
for different purpose. If Symmetric then it is used for 3DES or AES algorithm but if
Asymmetric, then used for RSA algorithm
Public Key – This type of key is used when digital certificate is in use. Usage of public
keys are not that much secured.
Private key – Private key is the key owned only by the sender and receiver for encryption
and decryption of the data.
Root key – Root key are the top most secured key in the public key hierarchy and it’s a
asymmetric key.
For file server Data encryption key, root key will be most proposed and for digital
certificates for email software use public, private and root key will be best in use. They must
be provided to authorized and genuine person (Stubbs 2018).
Question 4
a.
There are number of developers in the world who makes such sick malicious application and
software’s and the number is growing (Perrin 2009). The reason behind of such worthless
jokes is a list of points which are as follows –
Espionage - For spying the information of bulk users
Sabotage - For political or military purpose destroying the experience
Advertising for money
For prank
For time pass
Hacking
For getting attention
b.
Flashlight application – Flashlight application are the smartphone flash light applications
which was developed for using the flashlight of the smartphone as a torch. There were
number of application on Google play store (which is a popular official android application
provider which hosts paid and unpaid application over it) for the flashlight of smartphone.
Number of users have downloaded. These application actually had a malware named as
LightsOut. This malware somehow bypasses the Google Play store redirection of application
and connects to fraud servers who posts fraudulent ad over the application (Vanian 2018).
WeChat application – WeChat application is a messaging application which is available on
various application sources like apple’s app store, google play store and for blackberry. The
application was developed by Tencent in China. The application deals with number of
problems in the accessibility. The application provides the feature of voice calls and video
calls but sometimes it was commented by the users that these features are inaccessible also
some users have reported that the messaging feature is not working and application also did
make some device to shut down whenever they use WeChat application (WeChat app
problems 2015).
a.
There are number of developers in the world who makes such sick malicious application and
software’s and the number is growing (Perrin 2009). The reason behind of such worthless
jokes is a list of points which are as follows –
Espionage - For spying the information of bulk users
Sabotage - For political or military purpose destroying the experience
Advertising for money
For prank
For time pass
Hacking
For getting attention
b.
Flashlight application – Flashlight application are the smartphone flash light applications
which was developed for using the flashlight of the smartphone as a torch. There were
number of application on Google play store (which is a popular official android application
provider which hosts paid and unpaid application over it) for the flashlight of smartphone.
Number of users have downloaded. These application actually had a malware named as
LightsOut. This malware somehow bypasses the Google Play store redirection of application
and connects to fraud servers who posts fraudulent ad over the application (Vanian 2018).
WeChat application – WeChat application is a messaging application which is available on
various application sources like apple’s app store, google play store and for blackberry. The
application was developed by Tencent in China. The application deals with number of
problems in the accessibility. The application provides the feature of voice calls and video
calls but sometimes it was commented by the users that these features are inaccessible also
some users have reported that the messaging feature is not working and application also did
make some device to shut down whenever they use WeChat application (WeChat app
problems 2015).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
c.
Message digest is the technique of converting a fix data value in some another data text
which is unreadable (cryptography), the message so digested is known as hash or
fingerprints of the actual data. Now the hash produced from the message digest algorithm
(example - MD5) is directly used in the creation of digital signature. These digital signature
are implemented so that the property of data integrity is preserved. While downloading any
file from internet the security policies must be preserved. For this message digest, hash and
digital signature comes in handy. Message digest and hash secure the data by encrypting it
and digital signature maintains the property of integrity and confidentiality of the file. Digital
signatures have number of limitations which are – expiry of the old certificate, certificate
costs are higher from renowned certificate providers, compatibility (Advantages and
Disadvantages of Digital Signatures 2016) and for message digest and hash have the most
common limitation which is the collision of encrypted data.
d.
Developers must take care of developing a software that is malware or virus free. In
developing stage or in distributing stage if a malware gets attached to the software and
remains undetected than there is 100% possibility that the software shared will be infected
one. The developers and distributers can take various measures to ensure that the software
developed and/ or distributed does not have such problems. Following are some measures –
Code Reviewing – Developers should always take care of including code or functionality
from different source as they can be infected in nature and can cause some serious
harm (Biomedical software development 2017).
Bug Tracking – Bug tracking is a great practice for hardly testing the software for any
kind of problems and issues with it. Testers are totally dependent on the testing tools so
there can be a risk of hidden malware and Trojan included in the code (Biomedical
software development 2017).
Source repositories – The distributers of the software store the data in a system
repositories and these repositories must be highly protected using different security
policies so that hackers and attackers cannot inject malware and Trojans to the system
(Siricharoen 2014).
Recommendation engine for analyzation of malware and Trojan free code and
generation of recommendations for clean development (Siricharoen 2014).
Distributing sources must follow high security policies and software for malware
detection
Message digest is the technique of converting a fix data value in some another data text
which is unreadable (cryptography), the message so digested is known as hash or
fingerprints of the actual data. Now the hash produced from the message digest algorithm
(example - MD5) is directly used in the creation of digital signature. These digital signature
are implemented so that the property of data integrity is preserved. While downloading any
file from internet the security policies must be preserved. For this message digest, hash and
digital signature comes in handy. Message digest and hash secure the data by encrypting it
and digital signature maintains the property of integrity and confidentiality of the file. Digital
signatures have number of limitations which are – expiry of the old certificate, certificate
costs are higher from renowned certificate providers, compatibility (Advantages and
Disadvantages of Digital Signatures 2016) and for message digest and hash have the most
common limitation which is the collision of encrypted data.
d.
Developers must take care of developing a software that is malware or virus free. In
developing stage or in distributing stage if a malware gets attached to the software and
remains undetected than there is 100% possibility that the software shared will be infected
one. The developers and distributers can take various measures to ensure that the software
developed and/ or distributed does not have such problems. Following are some measures –
Code Reviewing – Developers should always take care of including code or functionality
from different source as they can be infected in nature and can cause some serious
harm (Biomedical software development 2017).
Bug Tracking – Bug tracking is a great practice for hardly testing the software for any
kind of problems and issues with it. Testers are totally dependent on the testing tools so
there can be a risk of hidden malware and Trojan included in the code (Biomedical
software development 2017).
Source repositories – The distributers of the software store the data in a system
repositories and these repositories must be highly protected using different security
policies so that hackers and attackers cannot inject malware and Trojans to the system
(Siricharoen 2014).
Recommendation engine for analyzation of malware and Trojan free code and
generation of recommendations for clean development (Siricharoen 2014).
Distributing sources must follow high security policies and software for malware
detection
e.
Downloading a malware or trojan free software for users is a best way to be away from
system failure and problems. Following are some recommendation for downloading a
malware free software –
Research – Users must first research about the application or software they are going to
download from. They should check the user feedbacks and comments on the software
source (Spector 2015).
Source distributer – User should always download either from the official website of the
software developer or they should use services of trusted third party software providers.
Anti-Virus – Anti-Virus is a great tool for protecting the pc from malwares, viruses and
trojans. The software downloaded must be first scanned from anti-virus then installed.
False Positive – Always take false positive condition and should always take actions like
scanning and testing without knowing that in real is the software is infected or not.
Pirated software – Pirated software are serious threat to proper functioning of the
application and system. User should always download genuine products.
References
Advantages and Disadvantages of Digital Signatures 2016, viewed 17 April 2018,
https://lerablog.org/technology/data-security/advantages-and-disadvantages-of-digital-
signatures/
Bradford, C 2017, 5 Common Encryption Algorithms and the Unbreakables of the Future,
in , StorageCraft Technology Corporation, viewed 17 April 2018,
https://blog.storagecraft.com/5-common-encryption-algorithms/
Encryption: An Introduction to Protecting Your Data 2018, viewed 17 April 2018,
https://www.upwork.com/hiring/development/introduction-to-encryption-data-
security/
Gatka, J 2017, Showdown: Full disk encryption vs. file encryption, in , The OnBase Blog,
viewed 17 April 2018, http://blog.onbase.com/onbase/showdown-full-disk-encryption-
vs-file-encryption/
How do Digital Signatures Work? 2015, viewed 17 April 2018,
https://www.globalsign.com/en/blog/how-do-digital-signatures-work/
Perrin, C 2009, 10+ reasons why people write viruses, in , TechRepublic, viewed 17 April
2018, https://www.techrepublic.com/blog/10-things/-10-plus-reasons-why-people-
write-viruses/
Prinzlau, M 2016, 6 security risks of enterprises using cloud storage and file sharing apps,
in , Digital Guardian, viewed 17 April 2018, https://digitalguardian.com/blog/6-security-
risks-enterprises-using-cloud-storage-and-file-sharing-apps
Stubbs, R 2018, Classification of Cryptographic Keys, in , Cryptomathic.com, viewed 17
April 2018, https://www.cryptomathic.com/news-events/blog/classification-of-
cryptographic-keys-functions-and-properties
Downloading a malware or trojan free software for users is a best way to be away from
system failure and problems. Following are some recommendation for downloading a
malware free software –
Research – Users must first research about the application or software they are going to
download from. They should check the user feedbacks and comments on the software
source (Spector 2015).
Source distributer – User should always download either from the official website of the
software developer or they should use services of trusted third party software providers.
Anti-Virus – Anti-Virus is a great tool for protecting the pc from malwares, viruses and
trojans. The software downloaded must be first scanned from anti-virus then installed.
False Positive – Always take false positive condition and should always take actions like
scanning and testing without knowing that in real is the software is infected or not.
Pirated software – Pirated software are serious threat to proper functioning of the
application and system. User should always download genuine products.
References
Advantages and Disadvantages of Digital Signatures 2016, viewed 17 April 2018,
https://lerablog.org/technology/data-security/advantages-and-disadvantages-of-digital-
signatures/
Bradford, C 2017, 5 Common Encryption Algorithms and the Unbreakables of the Future,
in , StorageCraft Technology Corporation, viewed 17 April 2018,
https://blog.storagecraft.com/5-common-encryption-algorithms/
Encryption: An Introduction to Protecting Your Data 2018, viewed 17 April 2018,
https://www.upwork.com/hiring/development/introduction-to-encryption-data-
security/
Gatka, J 2017, Showdown: Full disk encryption vs. file encryption, in , The OnBase Blog,
viewed 17 April 2018, http://blog.onbase.com/onbase/showdown-full-disk-encryption-
vs-file-encryption/
How do Digital Signatures Work? 2015, viewed 17 April 2018,
https://www.globalsign.com/en/blog/how-do-digital-signatures-work/
Perrin, C 2009, 10+ reasons why people write viruses, in , TechRepublic, viewed 17 April
2018, https://www.techrepublic.com/blog/10-things/-10-plus-reasons-why-people-
write-viruses/
Prinzlau, M 2016, 6 security risks of enterprises using cloud storage and file sharing apps,
in , Digital Guardian, viewed 17 April 2018, https://digitalguardian.com/blog/6-security-
risks-enterprises-using-cloud-storage-and-file-sharing-apps
Stubbs, R 2018, Classification of Cryptographic Keys, in , Cryptomathic.com, viewed 17
April 2018, https://www.cryptomathic.com/news-events/blog/classification-of-
cryptographic-keys-functions-and-properties
The top full disk encryption products on the market today 2015, viewed 17 April 2018,
https://searchsecurity.techtarget.com/feature/The-top-full-disk-encryption-products-
on-the-market-today
Vanian, J 2018, Why Downloading Flashlight Apps From Google Play May Be a Bad Idea,
in , Fortune, viewed 17 April 2018, http://fortune.com/2018/01/05/google-play-
flashlight-security/
WeChat app problems 2015, viewed 17 April 2018, https://downtoday.co.uk/wechat-
app/
What is digital signature and how it works? 2018, viewed 17 April 2018,
https://www.instantssl.com/https-tutorials/digital-signature.html
National Institutes of Health 2017, Biomedical software development, viewed 17 April
2018, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5383938/
Siricharoen, Waralak & Pakdeetrakulwong, Udsanee & Wongthongtham, Pornpit 2014,
'Recommendation systems for software engineering: A survey from software
development life cycle phase perspective', 2014 9th International Conference for
Internet Technology and Secured Transactions, ICITST 2014.
10.1109/ICITST.2014.7038793.
Spector, L 2015, Five precautions for avoiding malware when you download and install
software, in , PCWorld, viewed 17 April 2018,
https://www.pcworld.com/article/2917319/five-precautions-for-avoiding-malware-
when-you-download-and-install-software.html
https://searchsecurity.techtarget.com/feature/The-top-full-disk-encryption-products-
on-the-market-today
Vanian, J 2018, Why Downloading Flashlight Apps From Google Play May Be a Bad Idea,
in , Fortune, viewed 17 April 2018, http://fortune.com/2018/01/05/google-play-
flashlight-security/
WeChat app problems 2015, viewed 17 April 2018, https://downtoday.co.uk/wechat-
app/
What is digital signature and how it works? 2018, viewed 17 April 2018,
https://www.instantssl.com/https-tutorials/digital-signature.html
National Institutes of Health 2017, Biomedical software development, viewed 17 April
2018, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5383938/
Siricharoen, Waralak & Pakdeetrakulwong, Udsanee & Wongthongtham, Pornpit 2014,
'Recommendation systems for software engineering: A survey from software
development life cycle phase perspective', 2014 9th International Conference for
Internet Technology and Secured Transactions, ICITST 2014.
10.1109/ICITST.2014.7038793.
Spector, L 2015, Five precautions for avoiding malware when you download and install
software, in , PCWorld, viewed 17 April 2018,
https://www.pcworld.com/article/2917319/five-precautions-for-avoiding-malware-
when-you-download-and-install-software.html
1 out of 7
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.