Delivery in day(s): 3
Network Security OZ Assignment Help
Information security is required to prevent the unauthorized access and modifications to information. The report will discuss the CIA of security with examples to contrast security threats and attacks. Generate discussion to build the system will be discussed along with practical on RSA key coding. The report will discuss the process to generate the certificate with the help of OpenSSL.
1. CIA of security with examples to contrast security threat and attacks
CIA is security triad for confidentially, integrity and availability of the information in network. CIA is used to offers measurement of the usage of information technology in homes and business for security purpose and threats. Following are key components of CIA triads.
Confidentially: the principle of confidentially ensure that the information is only accessible to the authorized users so that unwanted users cannot read the information. The measurement is required to prevent disclose of information on unauthorized users and protect the information for confidentiality. For example, businesses need to protect the business information and secrets from the employees and customers so that they need confidentially among users so that unauthorized users cannot access the information.
Integrity: the integrity triad is useful to measure the accuracy and protection of the information during the transmission, modification and access. The authorized users need to access the information in consistent and accurate manner under various operations (Tipton and Nozaki, 2012). The measure offers correct and consistent information in operations from systems and storages. For example, same set of information in database might be access simultaneously by multiple numbers of users but it is required to provide the consistent and integrated manner.
Availability: the goal of availability triad is to offer the information whenever it is required by authorized users. This triad ensures that the information is accessible to all the users those are allowed to access and process (Peltier, 2013). For example, the information of the employee details and work objectives should be available to managers whenever they want.
Contrast to security threats and attacks
The information is compromised for the own benefits through damage, reuse and interruption in services. Eavesdropping attacks, passive listening to transmission, active interrupt to communication and malicious codes are some threats on CIA to compromise the services to organization (Vacca, 2012). Deny of access and virus attacks compromise the principles of data integrity and availability to authorized users. Such attacks and threats also disclose the confidentiality of the information by capturing the results from background activities in network and systems.
2. General discussion to made when constructing secure systems
In order to create secure systems for the CIA security, it is suggested to follow general guidance of secure system development:
1.Discuss that the system construction process is following the standard model and practices to implement the security. The model and practices should address the need of CIA triads and their implementation in system.
2.Discuss potential barriers to implement security and system as effective according to requirements. It is required to discuss the constraints of user skills and system requirements for system.
3.Discuss the framework to control the build process of the system so that effective outcome can be achieved in security implementation (Vacca, 2012) Framework should be defined to measure the process and maintenance for function implementation.
4.Discuss the monitoring of information flow and processing among the users so that information can be prevented from disclose and integrity compromises.
5.Discuss the testing process for the information system for the functional requirements and security in transmissions.
6.Discuss the approaches those can be used to standardize the process of improvements and upgrade in organization (Montesdioca and Maçada, 2015).
3. Calculation of Ciphertext Integers
In the scenario, the value of p is 11 and q is 3 p = 11 and q = 3.
n is the product of p and q i.e. 33
Let φ(n) = (p - 1) * (q - 1) = 10 * 2 = PHI= 20
Value of e is to be chosen such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 3
(d * e) % φ(n) = 1,
Compute d = e-1 mod phi = 3-1 mod 20
Find a value for d such that phi divides (ed-1)
Find d such that 20 divide 3d-1.
Simple testing (d = 1, 2 ...) gives d = 7
Public key is calculated as (n, e) => (33, 3)
Private Key is calculated as (n, d) => (33, 7)
Encrypt the message m = 7,
c = me mod n = 73 mod 33 = 343 mod 33 = 13
Hence the cipher text c is equal to 13
To check decryption we compute
m' = cd mod n = 137 mod 33
Possible values of m (0 to 32), we get
m 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
c 0 1 8 27 31 26 18 13 17 3 10 11 12 19 5 9 4 29 24 28 14 21 22 23 30 16 20 15 7 2 6 25 32
HELLOWORLD is represented through the cipher text c1, c2…. as
(3, 18, 19, 19, 4, 30, 4, 28, 19, 26) This is the required cipher integers.
Generating Digital certification using OpenSSL
OpenSSL is a general purpose cryptography library which offers commercial-grade, robust, and full-featured toolkit for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. OpenSSL library is used to secure the information from the certifications so that the source of the information can be determined for the originality. Certification is required to encode the information for the receiver in communication so that sender can be validated for right source of information (Lenstra et.al, 2012). OpenSSL is apache licensed project for the commercial and non-commercial encoding of information in communication.
OpenSSL is used to generate public keys those are mechanism of information encoding on the basis of public sharing of keys. The organization as sender of the information generates the specific public key which is used by users to encode the information for the sender. The receiver uses own private key to decode the information received. In this manner, public key is known to all users but private key is only available at organization or website to decode the information. There are certain tools available to generate OpenSSL certificate but command line tools are preferred to discuss the mechanism in detail.
Following are the key steps to generate the digital certificates with the help of OpenSSL:
For windows operating systems, OpenSSL can be downloaded from the official source: https://www.openssl.org/community/binaries.html. Linux based systems can use the inbuilt application store to install the OpenSSL (Bernstein et.al, 2012).
Create a certificate request (CSR)
The command uses the several parameters related to user, password and name of certificate to generate with CA. The following command is a sample to generate the request for certificate in which req is parameter to define that it is a CSR. Pass is used to define the password for the file to prevent unauthenticated usage. Subj is used to define the user which is owner of the certificate. It accepts certain attributes like country code, state, location, office, operating unit, computer name and mail address of the user. New parameter defines that the request should be treated for new creation in network. After the use of redirect symbol, user needs to specify the name of certificate file.
openssl req -passout pass:abcdefg -subj "/C=US/ST=IL/L=Chicago/O=IBM Corporation/OU=IBM Software Group/CN=Rational Performance Tester CA/emailAddressemail@example.com" -new > waipio.ca.cert.csr
For the custom use of key and security, following commands can be used with required parameters.
Generate own key
The user can use following command to create a key with RSA. In order to protect the key with password, add the parameter for des3 algorithm as shown:
openssl gen rsa -out ca.key 4096
The number in command is a length of key to attain in the generate process. Outcome will be saved in ca.key file based on the RSA algorithm.
Executing final command
The command is used for the root as well as subordinates to generate the request and to sue the certificate. It needs to define the days and key to include for the certificate. User has to provide the basic information about the country code and other addresses. X509 isused to self-sign the certificate (GUO and WANG, 2012).
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
The sample outcome and processing is shown below:
The information asked below would further be used in the certificate. The information to be entered is referred as the Distinguished Name. Some of the fields can be left blank while some have the default values attached.
Country (Enter two letter code only) [GB]: BE
Name of the province (Enter the full name of the province) [Berkshire]: Paris
Name of the city (Enter the full name of the city) [Newbury]: Paris
Name of the city Name (Enter the full name) [XYZ Ltd]: https://xyz.com
Common Name (hostname of the server) : xyz (https://xyz.com)
Email Address : dfg Google mail
The report has been discussed the CIA principles and their example of implication. The report has been contrast on security threats and attacks in CIA implication and discussed the general practices for the system security during development. The report has been present the detail about the RSA key coding and discussed the process to generate the certificate with OpenSSL tool.
Books and Journals
Bernstein, D.J., Lange, T. and Schwabe, P., 2012, October. The security impact of a new cryptographic library. In International Conference on Cryptology and Information Security in Latin America (pp. 159-176). Springer Berlin Heidelberg.
GUO, J. and WANG, Y.G., 2012. CA certification and SSL communication based on openssl [J]. Modern Electronics Technique, 3, p.030.
Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T. and Wachter, C., 2012, August. Public keys. In Annual Cryptology Conference (pp. 626-642). Springer Berlin Heidelberg.
Montesdioca, G.P.Z. and Maçada, A.C.G., 2015. Measuring user satisfaction with information security practices. Computers & security, 48, pp.267-280.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Tipton, H.F. and Nozaki, M.K., 2012. Information Security Management Handbook, Volume 6. Auerbach Publications.
Vacca, J.R., 2012. Computer and information security handbook. Newnes.