CST 620 Project 1Manny4747
CST 620 Project 1 Resources:
1. Enterprise Key Management Plan: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2. Enterprise Key Management Policy: A two- to three-page double-spaced Word document.
3. Lab Report: A Word document sharing your lab experience along with screenshots. (I will provide)
Enterprise Key Management
As a security architect and cryptography specialist for Superior Health Care, you're familiar with the information systems throughout the company and the ranges of sensitivity in the information that is used, stored, and transmitted.
You're also expected to understand health care regulations and guidelines because you're responsible for advising the chief information security officer, or CISO, on a range of patient services, including the confidentiality and integrity of billing, payments, and insurance claims processing, as well as the security of patient information covered under the Health Insurance Portability and Accountability Act, or HIPAA.
You also have a team of security engineers, SEs, that help implement new cryptographic plans and policies and collaborate with the IT deployment and operations department during migrations to new technology initiatives.
This week, the CISO calls you into his office to let you know about the company's latest initiative.
"We're implementing eFi, web-based electronic health care, and that means we need to modernize our enterprise key management system during the migration,” he says.
The CISO asks for an enterprise key management plan that identifies the top components, possible solutions, comparisons of each solution, risks and benefits, and proposed risk mitigations.
The plan will help create an enterprise key management system.
The SEs would be responsible for the implementation, operation, and maintenance of the plan and system.
The CISO also wants you to come up with an enterprise key management policy that provides processes, procedures, rules of behavior, and training.
The new web-based system needs to be running in a month. So, you'll have a week to put together your enterprise key management plan and the accompanying policy.
Step 1: Identify Components of Key Management
Key management will be an important aspect of the new electronic protected health information (e-PHI). Key management is often considered the most difficult part of designing a cryptosystem.
Choose a fictitious or an actual organization. The idea is to provide an overview of the current state of enterprise key management for Superior Health Care.
Review these authentication resources to learn about authentication and the characteristics of key management.
Authentication is the process by which credentials are presented and validated to enable access. There are a number of different methods of authentication. Passwords are the most common type of authentication and are usually coupled with user identification (user IDs). Tokens and certificates are often used in place of passwords to provide a higher level of security. Tokens can contain unique identifiers (e.g., digital signatures or keys). Tokens can also store biometric data—for example, fingerprints.
There are several different types of combinations of authentication. Higher levels of security are generally associated with more levels of authentication (multifactor). For example, two-factor authentication might include a token and a password. Kerberos is a protocol for authentication made up of two components: a ticket (distributed by a service) for user authentication and a key that is developed from the user's password. Another authentication scheme is the Challenge-Handshake Authentication Protocol (CHAP), which uses a representation (hash) of the user's password to authenticate.
Provide a high-level, top-layer network view (diagram) of the systems in Superior Health Care. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Conduct independent research to identify a suitable network diagram.
Read these resources on data at rest, data in use, and data in motion.
Data at Rest
Data at rest refers to data stored on end-user devices, such as computers and phones, or removable storage media, such as memory cards, external hard drives, and USBs. According to the National Institute of Standards and Technology (NIST), there are several threats to stored data (Scarfone et al., 2007):
Some threats are unintentional, such as human error, while others are intentional. Intentional threats are posed by people with many different motivations, including causing mischief and disruption, and committing identity theft and other fraud. A common threat against end-user devices is device loss or theft. Someone with physical access to a device has many options for attempting to view or copy the information stored on the device. Another concern is insider attacks, such as an employee attempting to access sensitive information stored on another employee’s device. Malware, another common threat, can give attackers unauthorized access to a device, transfer information from the device to an attacker’s system, and perform other actions that jeopardize the confidentiality of the information on a device. (p. ES 1)
Encryption, authentication and backup, and disaster recovery systems are the main security measures that are commonly undertaken to restrict access to and maintain confidentiality of stored data.
Scarfone, K., Souppaya, M., & Sexton, M. (2007). Guide to storage encryption technologies for end user devices: Special Publication 800-111.. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
Data in Motion
Data in motion or data in transit refers to data that is transferred, generally over a network or on the internet. As multiple users access the transmitting resources, data may be exposed to several threats, and it is essential to ensure that the data is accessed only by the intended users. As discussed by Vesperman, encryption and authentication can be used to minimize unauthorized access to data in motion (2002):
The secure transmission of data in transit relies on both encryption and authentication—on both the hiding or concealment of the data itself, and on ensuring that the computers at each end are the computers they say they are. (p. 1)
Vesperman, J. (2002). Introduction to securing data in transit. http://www.tldp.org/REF/INTRO/SecuringData-INTRO.pdf
Identify data at rest, data in use, and data in motion as it could apply to your organization. Start by focusing on where data are stored and how data are accessed.
Review these resources on insecure handling and identify areas where insecure handling may be a concern for your organization.
Insecure handling of data can harm its quality, confidentiality, and integrity or even cause complete destruction. The potential issues include insecure indexing of web content and external threats, such as malware. According to the Web Application Security Consortium (2010):
Insecure Indexing is a threat to the data confidentiality of the web-site. Indexing web-site contents via a process that has access to files which are not supposed to be publicly accessible has the potential of leaking information about the existence of such files, and about their content. In the process of indexing, such information is collected and stored by the indexing process, which can later be retrieved (albeit not trivially) by a determined attacker, typically through a series of queries to the search engine. The attacker does not thwart the security model of the search engine. As such, this attack is subtle and very hard to detect and to foil—it's not easy to distinguish the attacker's queries from a legitimate user's queries. (p. 151)
Malicious code or malware is a program code that intends to access and compromise secure data. Guidelines from the National Institute of Standards and Technology (Souppaya & Scarfone, 2013) discuss how several organizations implement systems to ensure secure handling of data by monitoring access requests:
The security checking is often done through network access control software by placing on each host an agent that monitors various characteristics of the host, such as OS patches and antivirus updates. When the host attempts to connect to the network, a network device such as a router requests information from the host's agent. If the host does not respond to the request or the response indicates that the host is insecure, the network device causes the host to be placed onto a separate VLAN. (p. 28)
Souppaya, M., & Scarfone, K. (2013). Guide to malware incident prevention and handling for desktops and laptops: Special Publication 800-83, Revision 1. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-83r1.pdf
Web Application Security Consortium. (2010). WASC threat classification. http://projects.webappsec.org/f/WASC-TC-v2_0.pdf
Incorporate this information in your key management plan.
In the next step, you will consider key management capabilities.
Step 2: Learn Key Management Capabilities (Lab; I will complete)
You have successfully examined the major components of an enterprise key management system for Superior Health Care. Enter Workspace and complete the “Enterprise Key Management” exercise. Conduct independent research on public key infrastructure as it applies to your organization.
In the next step, you will identify the key management gaps, risks, solutions, and challenges found in corporations.
Step 3: Identify Key Management Gaps, Risks, Solutions, and Challenges
In a previous step, you identified the key components of an enterprise key management system. In this step, you will conduct independent research on key management issues in existing organizations. You will use this research to help identify gaps in key management, in each of the key management areas within Superior Health Care.
Conduct independent research to identify typical gaps in key management within organizations. Incorporate and cite actual findings within your key management plan. If unable to find data on real organizations, use authoritative material discussing typical gaps.
Identify crypto attacks and other risks to the cryptographic systems posed by these gaps. Read these resources to brush up on your understanding of crypto attacks.
Cryptography is used to send data over the network: Plaintext is encrypted to ciphertext using a key, transmitted over the network and decrypted back to plaintext by the receiver. Crypto attacks are the attacks that are performed to get unauthorized access to the transmitted data. According to Phatak, some "cryptographic attacks try to decipher the key, while others try to steal data on the wire by performing some advanced decryption” (2013). Common examples of crypto attacks include key hijacking, man-in-the-middle attacks, and SSL brute-force attacks.
Phatak, P. (2013). Cyber attacks explained: Cryptographic attacks. http://opensourceforu.com/2013/05/cyber-attacks-explained-cryptographic-attacks/
Propose solutions organizations may use to address these gaps and identify necessary components of these solutions.
Finally, identify challenges, including remedies, other organizations have faced in implementing a key management system.
Include this information in your enterprise key management plan.
Provide a summary table of the information within your key management plan.
Incorporate this information in your implementation plan.
In the next step, you will provide additional ideas for the chief information security officer (CISO) to consider.
Step 4: Provide Additional Considerations for the CISO
You have satisfactorily identified key management gaps. Incorporate these additional objectives of an enterprise key management system as you compile information for the CISO.
1. Explain the uses of encryption and the benefits of securing communications by hash functions and other types of encryption. When discussing encryption, be sure to evaluate and assess whether or not to incorporate file encryption, full disc encryption, and partition encryption. Discuss the benefits of using triple DES or other encryption technologies. To complete this task, review the following resources:
Uses of Encryption
Encryption is used to transform simple data into an unreadable format or ciphertext. The ciphertext can be transformed back to the original format by using decryption. This promotes security and ensures that information can only be accessed by authorized users. Hence, encryption is widely used by businesses, institutes, and organizations to securely store and transmit data, maintain confidentiality, and provide restricted access. The National Institute of Standards and Technology's guideline document describes the use of encryption for stored data (Scarfone et al., 2007):
Encryption can be applied granularly, such as to an individual file containing sensitive information, or broadly, such as encrypting all stored data. The appropriate encryption solution for a particular situation depends primarily upon the type of storage, the amount of information that needs to be protected, the environments where the storage will be located, and the threats that need to be mitigated. (p. ES-1)
Scarfone, K., Souppaya, M., & Sexton, M. (2007). Special publication 800-111: Guide to storage encryption technologies for end user devices. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
Types of Encryption
There are two main types of encryption technologies: symmetric and asymmetric. Symmetric encryption technologies use the same key for both encryption and decryption, whereas asymmetric—or public-key—encryption technologies use separate public and private keys for encryption and decryption.
The most well-known encryption technique is symmetric cryptography, which is based on a shared secret, or key. Although symmetric cryptography works well within an isolated environment, maintaining secure communication is difficult if the system has to communicate with a large number of users.
Asymmetric cryptography involves the use of an asymmetric-key pair—a private key and a public key. This method is also known as public-key cryptography. The public key is freely available to anyone on the Internet, whereas the private key is kept secret by the owner.
Hashing is a one-way mapping of data. It takes a variable-length input and produces a fixed-length output called a message digest or simply a hash. Unlike encryption, which can be decrypted, hashes cannot be transformed back into the original message.
The diagram below shows some sample hash values for some encrypted words and phrases.
Graphic that shows sample hash values for some encrypted words and phrases. The left column shows variable-length inputs: the words “Students,” “Students are graded” and “Students are graduated.” Arrows lead to the middle column, which represents the cryptographic hash function that processes plain text and converts it to a hash value. Arrows also lead to the right column, called hash value or digest. Here we see that “Students” has been converted to the 24-character hash 3LCR 8CBO 6DH3 EW4D ABK8 JLE2. Below that, “Students are graded” has also been converted to a 24-character hash AB3F CCD4 67DA FD3F JKL7 8DML.
Sample Hash Values
Hash functions are commonly used to validate file integrity, to prove authentication of issuing parties in digital certificates, and to check against passwords stored in application databases.
When a user attempts to log onto a system that requires a password, the system typically takes the password, converts it to a hash using a specific hashing algorithm, and checks to see whether the password matches the stored hash within the system's user database. If the two hash functions match, the user is allowed to log in; if not, access is denied. Hash functions thus ensure confidentiality and integrity by preventing operating systems and applications from saving passwords in plaintext.
Hash functions produce a "fingerprint" known as a signature, which can be used to determine the integrity of any data element. More specifically, if even one bit of data is modified in the data input, a completely different message digest is produced.
However, as hash functions generate a fixed-length hash for any length of input, there is a chance that two values can produce the same hash value, an eventuality that is referred to as a collision. Collision is rare, but it can happen more often when a smaller key space is used. Therefore, it is better to use hash functions that produce longer-length fixed output. For example, the chance of collision is smaller for a 192-bit output than for a 128-bit output. The longer length protects against a sophisticated class of attack known as the birthday attack.
Examples of Hash Functions
The most widely used hash function today is the Secure Hash Algorithm (SHA) developed by the National Institute of Standards and Technology (NIST) in 1993.
In 2002, NIST produced a revised version of the federal information processing standard (FIPS 180-2), which defined three new versions of SHA, with hash value lengths of 256, 384, and 512 bits, known as SHA-256, SHA-384, and SHA-512, respectively. Further revisions are expected (Keswani & Khadilkar, n.d.).
Hash functions are not particularly vulnerable to attack. However, brute force is one way to attempt to attack hash functions. The greater the length of the hash value, the longer the amount of time that is required to break the hash, often making brute force an ineffective attack method.
A more effective way to attack hash functions is to use rainbow tables, which offer a shortcut to breaking the hash.
However, creating rainbow tables for each hash function (Message-Digest Algorithm 5 [MD5], SHA1, SHA-256) takes a considerable amount of time and space. Rainbow tables that have both upper and lower cases of alphanumeric characters, including special characters, can range from a few hundred gigabytes (GBs) to a few terabytes (TBs).
Keswani, A., & Khadilkar, V. (n.d.). The SHA-1 algorithm. Lamar University Computer Science Department, Beaumont, TX. cs.lamar.edu/faculty/osborne/5340_01/summer_06/.../SHA/Project_Paper.doc
2. Describe the use and purpose of hashes and digital signatures in providing message authentication and integrity. Review these resources on authentication to further your understanding. Focus on resources pertaining to message authentication.
a. Authentication is the process by which credentials are presented and validated to enable access. There are a number of different methods of authentication. Passwords are the most common type of authentication and are usually coupled with user identification (user IDs). Tokens and certificates are often used in place of passwords to provide a higher level of security. Tokens can contain unique identifiers (e.g., digital signatures or keys). Tokens can also store biometric data—for example, fingerprints.
b. There are several different types of combinations of authentication. Higher levels of security are generally associated with more levels of authentication (multifactor). For example, two-factor authentication might include a token and a password. Kerberos is a protocol for authentication made up of two components: a ticket (distributed by a service) for user authentication and a key that is developed from the user's password. Another authentication scheme is the Challenge-Handshake Authentication Protocol (CHAP), which uses a representation (hash) of the user's password to authenticate.
3. Review the resources related to cryptanalysis. Explain the use of cryptography and cryptanalysis in data confidentiality. Cryptanalysts are a very technical and specialized workforce. Your organization already has a workforce of security engineers (SEs). Cryptanalysts could be added to support part of the operation and maintenance functions of the enterprise key management system. Conduct research on the need, cost, and benefits of adding cryptanalysts to the organization’s workforce. Determine if it will be more effective to develop the SEs to perform these tasks. Discuss alternative ways for obtaining cryptanalysis if the organization chooses not to maintain this new skilled community in-house.
a. Cryptanalysis refers to the techniques used by attackers to get access to encrypted data. According to Elaine Barker of the National Institute of Standards and Technology (2016), cryptanalysis is "the study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself."
b. The two main types of cryptanalysis techniques are differential and linear. Differential cryptanalysis uses comparison of key pair combinations to find information about the key, whereas linear cryptanalysis uses laws of probability to find relationships between the original data and encrypted data.
c. References: Barker, E. (2016). Special publication 800-57, part 1, revision 4: Recommendation for key management. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf
4. Research and explain the concepts and practices commonly used for data confidentiality: the private and public key protocol for authentication, public key infrastructure (PKI), the X.509 cryptography standard, and PKI security. Read about the following cryptography and identity management concepts: public key infrastructure and the X.509 cryptography standard.
Keep in mind that sometimes it takes considerable evidence and research for organizational leaders to buy in and provide resources.
Incorporate this information in your implementation plan.
In the next step, you will provide information on different cryptographic systems for the CISO.
Step 5: Analyze Cryptographic Systems
In the previous step, you covered aspects of cryptographic methods. In this step, you will recommend cryptographic systems that your organization should consider procuring.
Independently research commercially available enterprise key management system products, discuss at least two systems, and recommend a system for Superior Health Care.
Describe the cryptographic system, its effectiveness, and its efficiencies.
Provide an analysis of the trade-offs of different cryptographic systems.
Review and include information learned from conducting independent research on the following topics:
· security index rating
· level of complexity
· availability or utilization of system resources
Include information on the possible complexity and expense of implementing and operating various cryptographic ciphers. Check out these resources on ciphers to familiarize yourself with the topic. Incorporate this information in your implementation plan.
Ciphers refer to algorithms, which are used to encrypt and decrypt data so its security is maintained. The original data or plaintext is encrypted to ciphertext before it is sent. Though ciphertext contains the original data, it is not readable. When the ciphertext is received by the intended user, it is decrypted back to plaintext.
The commonly used ciphers for encryption include block ciphers and stream ciphers. According to Stallings (2010), a block cipher chunks the message together into a fixed-length bit stream and then processes the blocks. A stream cipher, on the other hand, processes bits one element at a time.
Stallings, W. (2010). Cryptography and network security: Principles and practice (4th ed.). Prentice Hall.
In the next step, you will begin final work on the enterprise key management plan.
Step 6: Develop the Enterprise Key Management Plan
In the previous steps, you gathered information about systems used elsewhere. Using the materials produced in those steps, develop your Enterprise Key Management Plan for implementation, operation, and maintenance of the new system. Address these as separate sections in the plan.
In this plan, you will identify the key components, the possible solutions, the risks, and benefits comparisons of each solution, and proposed mitigations to the risks. These, too, should be considered as a separate section or could be integrated within the implementation, operation, and maintenance sections.
A possible outline could be:
· Key Components
· Benefits and Risks
The following is the deliverable for this segment of the project:
Enterprise Key Management Plan: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Lab Report: A Word document sharing your lab experience along with screenshots. (I will provide)
Step 7: Develop the Enterprise Key Management Policy
The final step in this project requires you to use the information from the previous steps to develop the Enterprise Key Management Policy. The policy governs the processes, procedures, rules of behavior, and training for users and administrators of the enterprise key management system.
Research similar policy documents used by other organizations and adapt an appropriate example to create your policy.
Review and discuss the following within the policy:
Digital certificates help prove who owns a public key for a particular host/user by specifically naming the host/user in the certificate.
Digital certificates use public and private key cryptography. Public and private key pairs complement each other for a highly secure data transfer. A public key is used to encrypt messages that can be decrypted only by using the corresponding private key. Public keys can be made widely available to anyone with a web browser with no security risk to the corresponding private key.
Certificates are also used for authentication purposes. They are issued by what are called certificate authorities (CAs) and used to verify identity with a CA's private key. CA certificates can be trusted, and organizations use trusted lists to verify signatures.
· certificate authority
· certificate revocation lists
Discuss different scenarios and hypothetical situations. For example, the policy could require that when employees leave the company, their digital certificates must be revoked within 24 hours. Another could require that employees must receive initial and annual security training.
Include at least three scenarios and provide policy standards, guidance, and procedures that would be invoked by the enterprise key management policy. Each statement should be short and should define what someone would have to do to comply with the policy.
The following is the deliverable for this segment of the project:
Enterprise Key Management Policy: A two- to three-page double-spaced Word document.