Double DES Encryption, Cybersecurity Failure: A Detailed Report

Verified

Added on 2023/06/10

AI Summary

This report provides a detailed analysis of security and risk management, focusing on double Data Encryption Standard (DES) encryption and decryption processes. It includes a step-by-step decryption of an encrypted code using two keys (K1 and K2) and examines a cybersecurity failure, specifically the Eastern Health cyber-attack in Australia. The report outlines the nature of the attack, exploited vulnerabilities such as ransomware, and the impact on healthcare services and patient data. Furthermore, it discusses the remedy actions taken by Eastern Health, including shutting down IT systems and implementing stronger security measures, and provides recommendations for preventing future cyber-attacks in the healthcare sector. The analysis emphasizes the importance of robust cybersecurity practices to protect sensitive data and ensure the continuity of critical services.

SECURITY AND RISK
MANAGEMENT
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................3
MAIN BODY...................................................................................................................................3
Double DES Encryption to decryption code................................................................................3
Report on cybersecurity failure..................................................................................................12
CONCLUSION..............................................................................................................................15
REFERENCES..............................................................................................................................16

INTRODUCTION
Security and risk management refer as the ongoing process for finding the risks and proceed
to implement the plan for addressing them. Risk is identified by examining the likelihood that
termed as threats that will exploits the vulnerabilities and gives the major impact over any asset.
It is most important to manage the risk it helps in addressing all uncertainties around the assets
so that desired outcomes can be achieved (Wahlgren & Kowalski, (2018)). Encryption is the
process by which the readable messages can easily transforms into the unreadable form to protect
the information from unauthorised access. Whereas Decryption process used to convert
encrypted message into its original form. Following report will cover the Decryption of the
encrypted code along with the Data encryption standard steps. It will further highlight the cyber
security failure with its exploited vulnerability, remedy actions and recommendation for future
overcoming strategy.
MAIN BODY
Double DES Encryption to decryption code
Data encryption standard mainly known as the symmetric key algorithm for encrypting the
digital data. Where the key length is 56 bits. Where double DES uses the two keys to perform
operation on same plain text, in both instance different keys are required for encrypting the plain
text (Bateni, & Saeidi, (2019).
Given cypher text is = KNTGETRZTXRUQFACTIOSJNZA
Key values:
K1 = QWERTYUIOPLKJHGFDSAZXCVBNM
K2 = 627158943
DECRYPTION process
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12
3

N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
For decrypting specific method is:
P= D (K, C) = D(C-K) mod 26
16-10=4 mod 26
Where P= Plain text
D= Decryption
C= Cypher text
K= key
In case of double DES
P= Dk1 [Dk2 (C)]
First will perform by using K2 that is 627158943
1)P= D (k2, c) = (C-K2) mod 26
(6, 10) = (10-6) mod 26
= 4 mod 26
=4 (E)
2)P=D (2, 13) = (13-2) mod 26
= 11 mod 26
=11 (L)
3)P=D (7,19) = (19-7) mod 26
= 12 mod 26
=12 (M)
4)P=D (1,6)= (6-1) mod 26

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

= 5 mod 26
=5 (F)
5)P=D(5,4)= (4-5) mod 26
= -1 mod 26
=25 (Z)
6)P=D(8, 19)= (19-8) mod 26
= 11 mod 26
=11 (L)
7)P=D(9, 17)= (17-9) mod 26
= 8 mod 26
=8 (I)
8)P=D(4, 25)= (25-4) mod 26
= 21 mod 26
=21 (V)
9)P=D(3, 19 )= (19-3) mod 26
= 16 mod 26
= 16 (Q)
10)P=D(6, 23 )= (23-6) mod 26
= 17mod 26
= 17 (R)
11)P=D(2, 17 )= (17-2) mod 26
= 15 mod 26
5

= 15 (P)
12) P=D(7, 20)= (20-7) mod 26
= 13 mod 26
= 13 (N)
13)P=D(1, 16 )= (16-1) mod 26
= 15 mod 26
= 15 (P)
14)P=D(5,5 )= (5-5) mod 26
= 0 mod 26
= 0 (A)
15)P=D(8,0)= (0-8) mod 26
= -8mod 26
= 18 (S)
16)P=D(9, 2)= (2-9) mod 26
= -7mod 26
= 19 (T)
17)P=D(4, 19)= (19-4) mod 26
= 15mod 26
= 15 (P)
18)P=D(3, 8)= (8-3)mod 26
= 5 mod 26
= 5 (F)

19)P=D(6, 14)= (14-6)mod 26
= 8 mod 26
= 8 (I)
20)P=D(2,18)= (18-2)mod 26
= 16 mod 26
= 16 (Q)
21)P=D(7,9)= (9-7)mod 26
= 2 mod 26
= 2 (C)
22)P=D(1,13)= (13-1)mod 26
= 12 mod 26
= 12 (M)
23)P=D(5,25)= (25-5)mod 26
= 20 mod 26
= 20 (U)
24)P=D(8,0)= (0-8)mod 26
= -8 mod 26
= 18 (S)
25)P=D(9,6)= (6-9)mod 26
= -3 mod 26
= 23 (X)
26)P=D(4,19)= (19-4)mod 26
= 15 mod 26
= 15 (P)
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

27)P=D(3,16)= (16-3)mod 26
= 13 mod 26
= 13 (N)
Encrypted Text is: ELMFZLIVQRPNPASTPFIQCMUSXPN
Further decrypting it by using the K1 key to get the plain text
K1 = QWERTYUIOPLKJHGFDSAZXCVBNM
P= Dk1 [Dk2 (C)]
1) P=(16,4 )= D(4-16)mod26
=-12mod26
= 14 (O)
2) P=(22,11)= D(11-22)mod26
=-11mod26
= 15 (P)
3) P=(4,12)= D(12-4)mod26
=8mod26
= 8 (I)
4) P=(17,5)= D(5-17)mod26
=-12mod26
= 14 (O)
5) P=(19,25)= D(25-19)mod26
= 6mod26
= 6 (G)

6) P=(24,11)= D(11-24)mod26
=-13mod26
= 13 (N)
7) P=(20,8)= D(8-20)mod26
=-12mod26
= 14 (O)
8) P=(8,21)= D(21-8)mod26
= 13 mod26
= 13(N)
9) P=(14,16)= D(16-14)mod26
=2mod26
= 2 (C)
10) P=(15,17)= D(17-15)mod26
=2mod26
= 2 (C)
11) P=(11,15)= D(15-11)mod26
=4mod26
= 4 (E)
12) P=(10,13)= D(13-10)mod26
=3mod26
= 3(D)
13)P=D(9,15)= (15-9)mod 26
= 6 mod 26
= 6 (G)
9

14)P=D(7,0)= (0-7)mod 26
= -7 mod 26
= 19 (T)
15)P=D(6,18)= (18-6)mod 26
= 12 mod 26
= 12 (M)
16)P=D(5,19)= (19-5)mod 26
= 14 mod 26
= 14 (O)
17)P=D(3,15)= (15-3)mod 26
= 12 mod 26
= 12 (M)
18)P=D(18,5)= (5-18)mod 26
= -13 mod 26
= 13 (N)
19)P=D(0,8)= (8-0)mod 26
= 8 mod 26
= 8(I)
20)P=D(25,16)= (16-25)mod 26
= 9 mod 26
= 9 (J)
21)P=D(23,2)= (2-23)mod 26
= -21 mod 26
= 5 (F)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

22)P=D(2,12)= (12-2)mod 26
= 10 mod 26
= 10 (K)
23)P=D(21,20)= (20-21)mod 26
= -1 mod 26
= 25 (Z)
24)P=D(1,18)= (18-1)mod 26
= 17 mod 26
= 17 (R)
25)P=D(13,23)= (23-13)mod 26
= 10 mod 26
= 10 (K)
26)P=D(12,15)= (15-12)mod 26
= 3 mod 26
= 3 (D)
27)P=D(16,13)= (13-16)mod 26
= -3 mod 26
= 23 (X)
So final plain text is “OPIOGNONCCEDGTMOMNIJFKZRKDX”
11

Report on cybersecurity failure
Failure in cyber security cause many life threatening situation which negatively impact
over the physical as well as emotional aspects of humans. It is found that in Australia there are
some incidents which shows the biggest data breach, ransomware and other cyber-attacks in the
country (Dobaj and et.al (2019)). Thus Eastern health cyber-attack is one of the greatest cyber
security failure in the country which held in the year 2021 march, it gives the major impact over
the 4 Hospitals in the Melbourne city, it creates lots of problem in treatment for the patients. Its
impact also causes delays in the surgeries for the patients. Nature of the cyber-attack is unknown
but still authorities considered it as ransomware attack. It is also found that ACSC (Australian
cyber security centre) have received nearly 500 ransomware reports in the year 2020-21.
Attack summary: In march Eastern health have experienced the cyber-attacks as most of the
health care professional are not able to access the patient’s details. Staffs were facing problem in
reviewing the critical medical histories of the patient because of the ransom ware attack that
cause the delays in urgent surgeries. Because of this attack Eastern health is forced to shut down
their some of the IT systems which also affects the functionalities and impact overall process.
But somehow Hospitals managed the urgent surgery as they elected the surgeries which should
be done in 30 days other than this are postponed (Alghamdi and et.al (2019)). This incident
shows that for the health care sector cyber security is very important as due to such attack the
consequences are much higher for the health care as they mainly aim to provides the critical
services to the patients. Also if there is any delay in medical treatment can cause the life
threatening situation for the patient. It is analysed that Hospitals are more attractive target for the
cyber-attacks because of nature of data they stored or hold on their patient.
Due to poor security in Eastern health have invited the cyber attackers to cause some
criminal activities. It is important for them to develop strict cyber security to prevent from such
attacks. Because of this personal data of employees and patient have been stolen by the attackers,
as complete database of the patient attacked that compromises the data privacy of the patients.
As it is suggested by the governmental officials it is found that data breaches include the basic
information which is regarding patient’s registration form for the appointments, that covers the
personal information of patient which is their age, phone no, address emails etc. it is also found
that attackers were able to theft the data of the employees that are working for almost 14 years
for the Eastern health. It is identified that approx. 200000 files were taken by the attackers in