P4/M2 Cryptography: Securing
and protecting data
Cryptography is a process of storing and then transmitting data; so that it is hidden and can only be
processed and read by its intended recipient. As an online money transfer company, it will be
integral that we use cryptography methods as it will enable us to electronically make financial
transactions without the possibility of the data being intercepted and read, due to the data being
encrypted to anyone other than the sender and recipient. In this document I will outline the
principles and uses of cryptography and how to use it in your business.
Principles and uses of cryptography
There are many reasons why cryptography is used - not just for financial transactions or personal
data transfer - and these are listed below:
Digital Rights Management (DRM)
This type of system is used to provide copyright protection for digital media (e.g. films and games).
Its main purpose is to prevent - by making it difficult - the unauthorised copping and distribution of
all types of digital media. An example of this is the ‘AACS’ system on Blu-ray disks which encrypts the
media data meaning in order for it to be played, it has to be unencrypted. This makes it harder to
copy the content off the disk.
This management system will play an important role in
the protection of data within our company as it would
make it harder for hackers to access and then copy our
information; therefore, lowering the chances of a
breach and the impacts on the company that may have.
Password storage
Within your company, you will need to make sure that all passwords are stored as encrypted files.
This will ensure that if the system was hacked, the hacker wouldn’t be able to view the passwords
and access the data on that account. Any passwords that are not encrypted are stored in plain text
and are considered risks as they are easy to read if someone gained access to the system. Another
thing to consider is password strength; all employees should have long passwords with letters,
numbers and special characters to ensure it is harder to find out what the password is - therefore
increasing security.
Both these methods should be used as they will make sure that all passwords are secured safely and
that they are hard to crack; therefore,
meeting our requirements to protect
data. It also limits the impact a potential
breach could have as all the passwords
are stored in encrypted form.
Two-factor authentication
Unit 7: IT Systems Security and Encryption
, This is a method which uses multiple methods to verify a user’s ‘claimed identity’, before they are
granted access to certain data. Entering a second
password (normally numbers) which is sent to a linked
device or CAPTCHA are examples of second methods
of authentication which could be used. They are used
in order to give an extra layer of security, and to
protect and confirm the information being entered
into the site matches that of the user’s actual identity.
As a company, we should use this mechanism as it
would only grant people access to our money transfer
site after they had successfully presented two or more
pieces of evidence to verify that they are the holders of the bank account linked to our site. This
method will ensure that the customers’ accounts can only be accessed by themselves, meaning we
are meeting the requirements to protect people’s data and limit the effects of any potential data
breach, by making it harder to access information.
Apple’s ‘Two-Factor Authentication’ system protects their customer’s products by
only allowing access to their account on devices they trust, like their iPhone, iPad or
Mac. This means that when you sign into your account you will need to enter two
pieces of information – your password and six-digit code which is sent to another of
your trusted devices. A system like this is used as it verifies whether the owner of
the new device matches the Apple ID account.
To implement this system at the company, alongside regular passwords, we would
need to use security tokens which contain cryptographic keys, as this would allow
us to use Two-factor authentication effectively.
Obfuscation and steganography
These are two ways of encrypting data and, when used
together, can provide two levels of security. Obfuscation is
when you can tell a message - normally in the form of source
or machine code - has been encrypted, but you cannot decode
or understand the message without knowing the proper key,
meaning it is unclear and difficult to break for humans to
understand. In contrast, steganography is when the message
or data is easier to decode, however you wouldn’t find it as
easy to detect, as the file, message, image, or video is hidden
within another file, message, image, or video.
Most computer programs are designed to encrypt any data on them using cryptography methods,
and this would be useful for your business as it would insure all the data was hidden and hard to
decode.
Secure transactions
Our customers will be transferring highly
confidential information over the internet
through our site. This means that we need to
make sure that our side has an SSL Certificate,
which would mean the site was secure, and that
Unit 7: IT Systems Security and Encryption