CSI6199: TrueCrypt Analysis and Alternative Recommendations Report
VerifiedAdded on 2023/01/12
|9
|2195
|84
Report
AI Summary
This report, prepared for Auto Body Supplies (ABS), analyzes the security of TrueCrypt software, a disk encryption tool. It begins by detailing the threats and vulnerabilities inherent in TrueCrypt, arguing for its discontinuation due to security risks. The report then justifies an alternative open-source product, Kali Linux, discussing the importance of both symmetric and asymmetric encryption in securing data. A test plan is developed to ensure the implementation of best cyber security practices. The report also includes a detailed overview of test methodologies, scopes, strategies, and results. Finally, the report concludes that TrueCrypt is not completely secure, and recommends that ABS adopt the alternative open-source product with the proposed security measures.
Truecrypt Software
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
Discuss about the threat and vulnerabilities inherent TrueCrypt, analyse that should stop using
TrueCrypt software......................................................................................................................3
Justified an alternative open source product for ABS, identify symmetric and asymmetric
encryption....................................................................................................................................4
Develop test plan to use best cyber security practice and how performed function without any
issues............................................................................................................................................5
Test result or outcome.....................................................................................................................6
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................8
2
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
Discuss about the threat and vulnerabilities inherent TrueCrypt, analyse that should stop using
TrueCrypt software......................................................................................................................3
Justified an alternative open source product for ABS, identify symmetric and asymmetric
encryption....................................................................................................................................4
Develop test plan to use best cyber security practice and how performed function without any
issues............................................................................................................................................5
Test result or outcome.....................................................................................................................6
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................8
2
INTRODUCTION
The report is based on TrueCrypt software that mainly used for establishing and maintaining
on-fly-encrypted drive. It means that data is automatically decrypted or encrypted right before
they are saved and loaded without any intervention. It is mainly useful for migrated the existing
data, identified that software is not completely secure and contain unfixed security issues. The
report will discuss about the different threats, vulnerabilities that inherent TrueCrypt and also
analyse after stop using within data storage. Furthermore, it is mainly focused on the identifying
another product for company which always maintain both asymmetric as well as symmetric
encryption. However, it will design test plan to use in cyber security aspects where how they will
perform function in proper manner.
PART -1
Discuss about the threat and vulnerabilities inherent TrueCrypt, analyse that should stop using
TrueCrypt software.
TrueCrypt is the most popular software that will perform different task within the system.
It happens shortly after Anonymous handlers pulled the overall plugin in the system performance
(Balavivekan and han, 2019). In most of cases, both threat and vulnerabilities are critically
affecting on the overall system.
In ABS, Many attacker could abuse vulnerability in which TrueCrypt software is not
properly validate the driver letter. It also used the symbolic link for mounting the large volumes.
In this way, it become easier for attacker to leverage running process and get privileges from
administrator. So that it can be identified that TrueCrypt is risk software and not completely
protect in term of security as well as privacy (AliShiaeles and Kontogeorgis, 2019).
In ABS Company, it is to be consider as critical issue since any processor call TrueCrypt
driver. It means that process can get privileges and exploited through malware which helping to
access data in machine. There are two different ways to identify that True Crypt software bad for
ABS Company.
3
The report is based on TrueCrypt software that mainly used for establishing and maintaining
on-fly-encrypted drive. It means that data is automatically decrypted or encrypted right before
they are saved and loaded without any intervention. It is mainly useful for migrated the existing
data, identified that software is not completely secure and contain unfixed security issues. The
report will discuss about the different threats, vulnerabilities that inherent TrueCrypt and also
analyse after stop using within data storage. Furthermore, it is mainly focused on the identifying
another product for company which always maintain both asymmetric as well as symmetric
encryption. However, it will design test plan to use in cyber security aspects where how they will
perform function in proper manner.
PART -1
Discuss about the threat and vulnerabilities inherent TrueCrypt, analyse that should stop using
TrueCrypt software.
TrueCrypt is the most popular software that will perform different task within the system.
It happens shortly after Anonymous handlers pulled the overall plugin in the system performance
(Balavivekan and han, 2019). In most of cases, both threat and vulnerabilities are critically
affecting on the overall system.
In ABS, Many attacker could abuse vulnerability in which TrueCrypt software is not
properly validate the driver letter. It also used the symbolic link for mounting the large volumes.
In this way, it become easier for attacker to leverage running process and get privileges from
administrator. So that it can be identified that TrueCrypt is risk software and not completely
protect in term of security as well as privacy (AliShiaeles and Kontogeorgis, 2019).
In ABS Company, it is to be consider as critical issue since any processor call TrueCrypt
driver. It means that process can get privileges and exploited through malware which helping to
access data in machine. There are two different ways to identify that True Crypt software bad for
ABS Company.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Exploited to the attack server if in case it is installed TrueCrypt software. Even there is
not volume mounted. In some situation, it is enough to compromise with the user account
on the server and get remote access.
Another type of vulnerabilities occurs when TrueCrypt driver doesn’t properly validate
the security during user calling. Therefore, it allows for attacker to impersonate another
people through same machine.
In this way, It can be identified that shows a lot of issues and problem that’s why it cannot be
measured as bad software because it became easier to dismount VeraCrypt large volume or
change if software is configured (Balavivekan and han, 2019). It has increased possibilities of
attack when hacker can shared machine where user can dismount the volume by another one.
The primary step is to target the potential attacker and used as disruptive attack through
dismounting volume. Afterwards, it automatically compromise its normal user account. In this
way, ABS Company convince their potential client to use another platform those are secured
sensitive information or data into proper manner.
For Example – A real world example is that when missing authentication for critical
function during data storage and maintenance, control. Afterwards, it has found that memory for
most users but it cannot be stopped and controlled by Truce Crypt encryption software.
Furthermore, it has identified the countermeasure in the system processing such as user
management, privacy, data confidentiality, authentication, accountability, transport security and
integrity. As per given scenario, these are playing important role in ABS company for
monitoring and controlling overall activities of system effectively.
PART-2
Justified an alternative open source product for ABS, identify symmetric and asymmetric
encryption.
It has been justified that an alternative open source such as kali Linux product for ABS
Company. It is based on the open source product that mainly used by organization to perform
different tasks. In context of security, they consists of Asymmetric and symmetric encryption.
Asymmetric encryption is combination of public-private key which become more secure than
symmetric (Emetere and Akinlabi, 2020). The public key will be shared with everyone but store
private key in separately. Data encryption is one of most common factor that decrypted
information which make it easier to maintain proper security and privacy, implemented on the
4
not volume mounted. In some situation, it is enough to compromise with the user account
on the server and get remote access.
Another type of vulnerabilities occurs when TrueCrypt driver doesn’t properly validate
the security during user calling. Therefore, it allows for attacker to impersonate another
people through same machine.
In this way, It can be identified that shows a lot of issues and problem that’s why it cannot be
measured as bad software because it became easier to dismount VeraCrypt large volume or
change if software is configured (Balavivekan and han, 2019). It has increased possibilities of
attack when hacker can shared machine where user can dismount the volume by another one.
The primary step is to target the potential attacker and used as disruptive attack through
dismounting volume. Afterwards, it automatically compromise its normal user account. In this
way, ABS Company convince their potential client to use another platform those are secured
sensitive information or data into proper manner.
For Example – A real world example is that when missing authentication for critical
function during data storage and maintenance, control. Afterwards, it has found that memory for
most users but it cannot be stopped and controlled by Truce Crypt encryption software.
Furthermore, it has identified the countermeasure in the system processing such as user
management, privacy, data confidentiality, authentication, accountability, transport security and
integrity. As per given scenario, these are playing important role in ABS company for
monitoring and controlling overall activities of system effectively.
PART-2
Justified an alternative open source product for ABS, identify symmetric and asymmetric
encryption.
It has been justified that an alternative open source such as kali Linux product for ABS
Company. It is based on the open source product that mainly used by organization to perform
different tasks. In context of security, they consists of Asymmetric and symmetric encryption.
Asymmetric encryption is combination of public-private key which become more secure than
symmetric (Emetere and Akinlabi, 2020). The public key will be shared with everyone but store
private key in separately. Data encryption is one of most common factor that decrypted
information which make it easier to maintain proper security and privacy, implemented on the
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
large scale. On the other hand, Symmetric encryption use same type of key encrypt and decrypt
data which require to find out method safe key into another parties(Singh, Ikuesan and Venter,
2019).
During Linux security, these are two most common encryptions that perform significant role for
protecting information of ABS Company in proper manner. It is mainly used the encryption
algorithm to identify the threat or vulnerabilities (Freeman, 2020). If in case it has found threat
within system. It automatically eliminating the errors or bugs in proper manner. ABS firm try to
collect or gather information in different manner. It also recognised as one of best encryption
software for Linux with the proper conventional symmetric key encryption. It can be protected to
create key pairs, generate individually to encryption message by another users.
In this way, it has concluded that Linux plays incredibly important part in the cyber
security which mainly specified Linux distributions to perform depth penetration testing. In order
to identify the vulnerability assessment (Singh, Ikuesan and Venter, 2019). It also providing the
forensic analysis after the security breach. Linux is open source that have access in properly and
transparent. After installation of Linux within system, it automatically perform task, initially start
with command, covers creating files, library directories, managing overall network setting,
allows permission and processes, setting up the user environment (Hassan, 2019). ABS
Company adopt the Open source product Linux for managing and controlling large amount of
data that must be stored within files. In case if it required to easily access file system to search
information. In order to protect from unauthorized access
5
data which require to find out method safe key into another parties(Singh, Ikuesan and Venter,
2019).
During Linux security, these are two most common encryptions that perform significant role for
protecting information of ABS Company in proper manner. It is mainly used the encryption
algorithm to identify the threat or vulnerabilities (Freeman, 2020). If in case it has found threat
within system. It automatically eliminating the errors or bugs in proper manner. ABS firm try to
collect or gather information in different manner. It also recognised as one of best encryption
software for Linux with the proper conventional symmetric key encryption. It can be protected to
create key pairs, generate individually to encryption message by another users.
In this way, it has concluded that Linux plays incredibly important part in the cyber
security which mainly specified Linux distributions to perform depth penetration testing. In order
to identify the vulnerability assessment (Singh, Ikuesan and Venter, 2019). It also providing the
forensic analysis after the security breach. Linux is open source that have access in properly and
transparent. After installation of Linux within system, it automatically perform task, initially start
with command, covers creating files, library directories, managing overall network setting,
allows permission and processes, setting up the user environment (Hassan, 2019). ABS
Company adopt the Open source product Linux for managing and controlling large amount of
data that must be stored within files. In case if it required to easily access file system to search
information. In order to protect from unauthorized access
5
Develop test plan to use best cyber security practice and how performed function without any
issues.
Test plan is based on the process that help for creating strategy in term of security testing. It
is built-in the software development life cycle of application. It can be performed different
function while consisting of various phases in the cyber security practices (Singh, Ikuesan and
Venter, 2019). Test plan is made up with objective, scope, roles and responsibilities for handling
overall testing approach in effective manner.
Testing Objective
To identify the security goal through understanding requirement within applications.
To define the security threat and vulnerabilities.
To validate that security control the overall functionality of system.
To eliminate impact of security issues in term of safety as well as security.
Roles and responsibilities
Test engineer Running multiple test cases
Test result analysis
Test reports creation
Table: 1
Testing Methodology
All type of testing process is built on the basis of different security attacks such as:
Client side testing
Checking dependencies
Exposed implementation threat and vulnerabilities
Exposed design threat as well as vulnerabilities
6
issues.
Test plan is based on the process that help for creating strategy in term of security testing. It
is built-in the software development life cycle of application. It can be performed different
function while consisting of various phases in the cyber security practices (Singh, Ikuesan and
Venter, 2019). Test plan is made up with objective, scope, roles and responsibilities for handling
overall testing approach in effective manner.
Testing Objective
To identify the security goal through understanding requirement within applications.
To define the security threat and vulnerabilities.
To validate that security control the overall functionality of system.
To eliminate impact of security issues in term of safety as well as security.
Roles and responsibilities
Test engineer Running multiple test cases
Test result analysis
Test reports creation
Table: 1
Testing Methodology
All type of testing process is built on the basis of different security attacks such as:
Client side testing
Checking dependencies
Exposed implementation threat and vulnerabilities
Exposed design threat as well as vulnerabilities
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Scope of testing
The scope of testing in the system, which help for gathering and collecting large amount of
data or information. It helps for eliminating or removing threat during system activities (Zhang,
Deng and Tan, 2019).
Features and modules are tested in proper manner
Feature is not to be tested in proper manner.
Testing Strategy
Review policies and standards: It is initial stage of test engineer which make sure that
different standards, policies and documentation maintained in proper manner (Freeman,
2020). It is important phase of testing plan whereas consider general requirement to
security in given business areas such as technical, security, and process.
Develop measurement and metric criteria: It is another stage where measure essential
metrics that controlled and defined in properly. In this phase, it analyse security aspects
during testing process (Zhang, Deng and Tan, 2019). Test engineer should understand
what exactly requirement on the project. It must be investigated during processes such as
user management, privacy, data confidentiality, authentication, accountability, transport
security and integrity.
Review and design architecture: it is related to the static manual testing which implies
that test engineer review overall design pattern. In order to identify the flaws that can
generate insecure behavior during application (Zhang, Deng and Tan, 2019). In this
process, test engineer review the overall process and emphasizes with the independent
software architecture.
Creating and review UML models: it is important phase which require for allowing to
look at the subject of testing. It can easily maintain abstraction level while understanding
the entire picture of application (Zhang, Deng and Tan, 2019). It is the best way to find
incompliances on the every stage of testing process.
Assumption during test Execution
The overall test environment is become ready to configure in properly.
It has been launched on the specific test environment which provide accurate notification
to quality team.
7
The scope of testing in the system, which help for gathering and collecting large amount of
data or information. It helps for eliminating or removing threat during system activities (Zhang,
Deng and Tan, 2019).
Features and modules are tested in proper manner
Feature is not to be tested in proper manner.
Testing Strategy
Review policies and standards: It is initial stage of test engineer which make sure that
different standards, policies and documentation maintained in proper manner (Freeman,
2020). It is important phase of testing plan whereas consider general requirement to
security in given business areas such as technical, security, and process.
Develop measurement and metric criteria: It is another stage where measure essential
metrics that controlled and defined in properly. In this phase, it analyse security aspects
during testing process (Zhang, Deng and Tan, 2019). Test engineer should understand
what exactly requirement on the project. It must be investigated during processes such as
user management, privacy, data confidentiality, authentication, accountability, transport
security and integrity.
Review and design architecture: it is related to the static manual testing which implies
that test engineer review overall design pattern. In order to identify the flaws that can
generate insecure behavior during application (Zhang, Deng and Tan, 2019). In this
process, test engineer review the overall process and emphasizes with the independent
software architecture.
Creating and review UML models: it is important phase which require for allowing to
look at the subject of testing. It can easily maintain abstraction level while understanding
the entire picture of application (Zhang, Deng and Tan, 2019). It is the best way to find
incompliances on the every stage of testing process.
Assumption during test Execution
The overall test environment is become ready to configure in properly.
It has been launched on the specific test environment which provide accurate notification
to quality team.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
It require to build notification of different features that planned for successfully complete
testing procedure.
Test result or outcome
The major possibilities that identify the different result and mainly contain specific information.
List the features which are completely tested in proper manner.
Identifying threat and vulnerabilities at the time of testing (Zhang, Deng and Tan, 2019).
Executed the test cases which always helping for finding outcome or result.
Listing the major risks which are mainly defined in the time of testing.
CONCLUSION
From above discussion, it concluded that TrueCrypt software help for establishing and
maintaining on-fly-encrypted drive. Through software, data or information has automatically
decrypted or encrypted right before they are saved and loaded without any intervention. It is the
best way to migrate with existing data, identified that software is not completely secure and
contain unfixed security issues.
It has summarised about the different threats, vulnerabilities that inherent TrueCrypt and
also analyse after stop using within data storage. Furthermore, it is also concerned to identify
another product for company which always maintain both asymmetric as well as symmetric
encryption. However, it is developing and designing the test plan to use in cyber security
perspective whereas how it can be performed different function in proper manner.
8
testing procedure.
Test result or outcome
The major possibilities that identify the different result and mainly contain specific information.
List the features which are completely tested in proper manner.
Identifying threat and vulnerabilities at the time of testing (Zhang, Deng and Tan, 2019).
Executed the test cases which always helping for finding outcome or result.
Listing the major risks which are mainly defined in the time of testing.
CONCLUSION
From above discussion, it concluded that TrueCrypt software help for establishing and
maintaining on-fly-encrypted drive. Through software, data or information has automatically
decrypted or encrypted right before they are saved and loaded without any intervention. It is the
best way to migrate with existing data, identified that software is not completely secure and
contain unfixed security issues.
It has summarised about the different threats, vulnerabilities that inherent TrueCrypt and
also analyse after stop using within data storage. Furthermore, it is also concerned to identify
another product for company which always maintain both asymmetric as well as symmetric
encryption. However, it is developing and designing the test plan to use in cyber security
perspective whereas how it can be performed different function in proper manner.
8
REFERENCES
Book and Journals
Ali, M., Shiaeles, S. and Kontogeorgis, D., 2019. A proactive malicious software identification
approach for digital forensic examiners. Journal of Information Security and
Applications. 47. pp.139-155.
Balavivekan and han, A., 2019. A COMPARATIVE STUDY OF CRYPTOGRAPHY
ALGORITHM IN DATA SECURITY FOR SOFTWARE DEVELOPMENT. Journal of
the Gujarat Research Society. 21(16). pp.1904-1918.
Emetere, M.E. and Akinlabi, E.T., 2020. Introduction to Environmental Data Analysis and
Modeling (Vol. 58). Springer Nature.
Freeman, D., 2020. The Abuse Uncertainty Principle, and Other Lessons Learned from
Measuring Abuse on the Internet.
Hassan, N.A., 2019. Antiforensics Techniques. In Digital Forensics Basics (pp. 291-310).
Apress, Berkeley, CA.
Singh, A., Ikuesan, A. and Venter, H., 2019. A Context-Aware Trigger Mechanism for
Ransomware Forensics. In International Conference on Cyber Warfare and Security (pp.
629-XV). Academic Conferences International Limited.
Zhang, L., Deng, X. and Tan, C., 2019, October. An Extensive Analysis of TrueCrypt
Encryption Forensics. In Proceedings of the 3rd International Conference on Computer
Science and Application Engineering (pp. 1-6).
9
Book and Journals
Ali, M., Shiaeles, S. and Kontogeorgis, D., 2019. A proactive malicious software identification
approach for digital forensic examiners. Journal of Information Security and
Applications. 47. pp.139-155.
Balavivekan and han, A., 2019. A COMPARATIVE STUDY OF CRYPTOGRAPHY
ALGORITHM IN DATA SECURITY FOR SOFTWARE DEVELOPMENT. Journal of
the Gujarat Research Society. 21(16). pp.1904-1918.
Emetere, M.E. and Akinlabi, E.T., 2020. Introduction to Environmental Data Analysis and
Modeling (Vol. 58). Springer Nature.
Freeman, D., 2020. The Abuse Uncertainty Principle, and Other Lessons Learned from
Measuring Abuse on the Internet.
Hassan, N.A., 2019. Antiforensics Techniques. In Digital Forensics Basics (pp. 291-310).
Apress, Berkeley, CA.
Singh, A., Ikuesan, A. and Venter, H., 2019. A Context-Aware Trigger Mechanism for
Ransomware Forensics. In International Conference on Cyber Warfare and Security (pp.
629-XV). Academic Conferences International Limited.
Zhang, L., Deng, X. and Tan, C., 2019, October. An Extensive Analysis of TrueCrypt
Encryption Forensics. In Proceedings of the 3rd International Conference on Computer
Science and Application Engineering (pp. 1-6).
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.