issc422 discussion response 2

Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

Save your time - order a paper!

Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

Topic: Public Key Infrastructure

Which one of the following statements is most correct about data encryption as a method of protecting data?

  1. It should sometimes be used for password files
  2. It is usually easily administered
  3. It makes few demands on system resources
  4. It requires careful key Management

Student one:

Interesting topic. I’ve always had a thing for codes. Would love to have a course just on Cryptography alone.

After looking over the four different statements, the one that I feel is most correct is the fourth statement, “It requires careful key management.” To understand more about cryptography, the first thing is to know exactly what Cryptography is. Depending on which dictionary you take your definition from, Webster’s Revised Unabridged Dictionary, cryptography is “the act or art of writing in secret characters.” The Free Online Dictionary of Computing says cryptography is “encoding data so that it can only be decoded by specific individuals.” (Kim 298) So bottom line, my definition of cryptography is the study of keeping your secrets safe when they are going from one place to another. Key Management is a very important area of Cryptography because along with security, it deals with security issues and security flaws. The keys are what turns the readable message into gibberish to any unauthorized person who manages to get their hands on it. The cipher is the coded algorithm used to scramble or unscramble the message and the key is its directions on how to do it. The ciphers are broken into two separate keys – public and private keys. The private keys are used by individuals to both encrypt/decrypt a message and public keys are used by people who have separate keys for encoded and decoding the messages. There are a number of different functions that are used by cryptography key management including:

  • Generation / back up / restore / update
  • Distribution – automated or in key shares
  • Import or export in key shares
  • Enforce security controls
  • Provide audit and usage logs
  • Encryption using Key Encryption Keys (KEKs) / Zone Master Keys (ZMKs)
  • Certification (e.g. using X.509 or EMV certificates) (Key Management, 2019)

There are two different types of keys, Symmetrical and Asymmetrical. Symmetrical keys are used to code and decode the message. This means if a Symmetrical code is being used between two parties, both parties need to have the right keys to code and recode. It uses a public key to encrypt the information and the private key to decrypt it. This could be a problem if either party were to lose one of the keys. Asymmetrical keys, also known as Public keys, are used to send codes back and forth over a known network. The public key is available to the public for sending the message but only the private key, held by the person receiving the data, can decode what was sent. The main problem with key management is that it’s not a 100% sure system. Any weakness in policies or the use of shortcuts, for instance, can cause a secure system to be less than secure.

References:

Key Management, (2019). Cryptomathic.com. Retrieved from https://www.cryptomathic.com/products/key-management

Kim, David, Michael Solomon. Fundamentals of Information Systems Security PDF VitalBook, 2nd Edition. Jones & Bartlett Learning, 07/2013. VitalBook file.

-Arleen

Student two:

When addressing which of the four statements is most correct it is important to address each one individually.

Passwords are often used with encryption to make security stronger. Any time you have a collection of passwords that act as the key with some form of encryption it is important to protect them as well. We all know someone, or have done it ourselves, who has passwords written in a book, saved in their phone, or scribbled on a piece of paper next to their computer. This defeats the purpose of the password and its encryption. It is much safer to use a password manager to consolidate that information. I disagree that this is the most correct statement because encryption should always be used in conjunction with passwords and another form of authentication.

When it comes to the administration of encryption many user take it for granted. So many forms of encryption go into protecting information that it is used multiple times daily. I used it to log in to this website. It is used when transferring the code to my computer. The development of the encryption is where the difficulty comes in. As the reading pointed out encryption has become more complicated over time. So much so that it now has it’s own field of science. While the end user may believe it is easy to administer it does not appear so easy.

Administration was a result of perspective. I believe few demands on system resources is also perspective. While almost transparent to the user the computer is computing encryption hashing algorithms fates than any person could possibly. We owe the seemingly transparency of demand to two things. First is the exponential growth of processing power to which encryption are decrypted. Second is the fact that the encryption used is just enough to make it undesirable to try to crack. Using the strongest encryption would make decryption a huge demand on resources. I haven’t even begun to delve into the resources required to exchange the encryption data required to simplify decryption.

Careful Key management is probably the most correct statement when it comes to protecting data. Take the password example in my first paragraph, most of us find it careless to expose passwords. Key management is protecting its confidentiality and integrity while ensuring its availability. This allows the key to be un-compromised when when providing those same three things and non-repudiation of our data. Key management is the most correct.

-Hilton