ABDU GUSAU POLYTECHNIC TALATA MAFARA

ZAMFARA STATE
DEPARTMENT OF COMPUTER SCIENCE, SCHOOL OF SCIENCE AND TECHNOLOGY.

NDII COMPUTER SCIENCE

COMPILED BY
MUHAMMAD ABDULBASIT JUNIOR
1707231156

ABDULSAMAD MUSA
1707231155

TOPIC
DESIGN AND IMPLEMENTATION OF SECURITY MANAGEMENT
USING DATA ENCRYPTION AND DECRYPTION TECHNIQUE

SUPERVISED BY DR. SAMAILA MUSA

OCTOBER 2019

1
INTRODUCTION

Digital security today has taken a new dimension, a new style and a strategic approach
which tends to secure data’s travelling across the globe through a public vehicle called
the internet. Data’s cannot be over-secured with the available threats that can turn to
reality, small or large, minor or important; there is a need to build a secure wall around
them (Ananda Mitra 2010). The traditional method most computer users use in
securing data’s is to lock them with applications, use passwords from programs like
Microsoft Word, Excel and PowerPoint. This method is same as no protection
especially when data contain useful details that need to be enclosed by two parties
such as pay slips, financial records, military data’s and more.

Data encryption is a useful form of doing this; it employs technique that locks out
information from any unauthorized user. Nowadays, data can be hijacked and cracked
with intense logic, exposure to facts and experience in M.I.S- management information
security as well. With this in view, there is need to do even more to ensure that
sensitive data is protected through its life-cycle. This will create a sense of security
and assurance that the transited information is locked-out to only authorized
personnel. However, the fact remains that any data that is exposed to a third-party
stand a chance to be compromised no matter how secure, it may only take some time.
This process may be attempted for so many reasons best known to the person.

Hacking has gained its ground in countries where MIS has stood very firm like USA,
England, Canada, India etc., most of our security systems are built by these same
professional hackers. Cyber-attack is also a way to gain access to personal, business
or government systems and compromise sensitive data’s which may not be protected
or lightly protected. Data’s sent over the internet are open to hijackers who can sniff
them from the network, our mailboxes, secured cloud storage systems etc. at little or
no cost.

Encryption has long been used by military and governments to facilitate secret
communication. It is now commonly used in protecting information within many kinds
of civilian systems. For example, the Computer Security Institute reported that in 2007,
71% of companies surveyed utilized encryption for some of their data in transit, and
53% utilized encryption for some of their data in storage. Encryption can be used to
protect data "at rest", such as information stored on computers and storage devices

2
(e.g. USB flash drives). In recent years there have been numerous reports of
confidential data such as customers' personal records being exposed through loss or
theft of laptops or backup drives. Encrypting such data at rest helps protect them
should physical security measures fail. Digital rights management systems, which
prevent unauthorized use or reproduction of copyrighted material and protect software
against reverse engineering (see also copy protection), is another somewhat different
example of using encryption on data at rest.

Statement of the Problems

Due to the numerous damages that can be done to a computer connected to the
internet, one of which is to implant spywares and viruses to monitor and send user
data to a hacker, computer users like MIS-management information system faces lots
of problems in handling these challenges which can be disastrous to corporate firms,
governments arms and other parastatals. These problems includes

i. Unauthorized access to personal computer and data

ii. Lack of security enforcement on sensitive data
iii. Usage of non-trusted software to secure valuable data
iv. Existing security systems fail to create a single link between data transferred
by two parties
v. Easy breakage into data which tends to be secured

Weak security and encryption standards are found in data created by most
applications such as Microsoft Word, Excel, database data and special purpose
reports.

RESEARCH QUESTION

Below are some of the questions encountered during the research:

 Can designing and implementation of Advanced Encryption Standard be a

solution to unauthorized access to personal computer and data?
 May the supply of security majors help in solving lack of security enforcement
on sensitive data?
 When AES (Advance Encryption Standard) and Data Encryption Standard
where used in designing cryptography can the result be solution to non-
trusted software to secure the valuable data?

3
  Can provisions of link between the data transfer by the two parties bridge the
gap between the parties?
 Can Design and implementation of this software using cryptography secure
the data which is easily broken before?

SIGNIFICANCE OF THE STUDY

Security is a part of MIS (Management information Security) that cannot be ignored in
any form; any small hole identified in any system can become a large road for illegal
and traceless movements which can do damages to our data. This study is therefore
important since

i. It creates a secure environment for exchanging data

ii. It gives a clear knowledge of how sensitive and important data can be protected

This study uses a deep programming approach to bring life to the basics of this work

AIM AND OBJECTIVES OF THE STUDY

This study is a developmental research which employs the Advanced Encryption
Standard to build a security protocol for data which are highly sensitive to the owner a
case study of MIS- information system Abdu Gusau polytechnic . It combines an
already existing security format with a new approach to aid data security in the 21 st
century. it aims

i. To develop a security protocol for sensitive and valuable data

ii. To build a system based on AES and user key of choice to give a very high
level of security
iii. To develop a simple but well-structured system which can handle data
encryption and decryption
iv. To provide a new technique that will enhance the integrity of data which are
transferred over the internet or any other form
v. To expose the importance of using AES in data security

SCOPE AND LIMITATION OF THE STUDY

This research scope covers the message security, message integrity, user’s
authentication and key management of message.
These data can be of any format and any size which will be processed at a very high
rate. The software is meant to work in accordance to the aims and objectives stated

4
above to tackle the stated problems. Also it is built as a desktop application which will
run only on windows machine.

Some constraint identified in this research is the amount of time available to build the
software, availability of experienced MIS security personnel’s or hackers to fully try
their best on the output of the project. Searching information about computer security
through Data Encryption and another problem since the secrete key has to be sent to
the receiver of the encrypted data, it is hard to securely pass the key over the network
to the receiver.

LITERATURE REVIEW

Building of computer systems either large or small requires a proper focus into the
market for existing similar systems. This give you a guide on what to do, how to do it,
where to improve and what will make yours special than what already exist. Several
algorithms has been designed, same for programs which task is to handle security of
data, finance, data’s and other special functions. Bearing this in mind, the end product
is a function of existing algorithm and a new approach which differs from any product
of such. Using the Advanced Encryption Standard may be new to data security, in this
section, we dig deep into similar project works, research and software’s to enhance
the concept design.

Some similar past projects are further discussed below:

Secure data Transfer: Implementing Secure FTP with SSL in a Healthcare

Organization; (Steve 2014).

Secure electronic data transfer between organizations has become essential for
business transactions and communication. Healthcare organizations are no exception
to this requirement. The ability to leverage the Internet to share protected health
information also known as PHI or other sensitive information between healthcare
organizations is ever increasing. From individual data encryption and VPN's (Virtual
Private Networks), to a complete EDI (Electronic Data Interchange) system, a plethora
of methods and applications exist for securing the transfer of data over the Internet.

This case study presents the implementation of secure data transfer using FTP over
SSL (data Transfer Protocol over Secure Sockets Layer) in a healthcare organization.

5
Before state, project requirements including risk assessment, reasoning behind
product selection, implementation, and technical information regarding FTP, SSL and
SSH (Secure Shell) will be presented. Satisfying HIPAA (Health Insurance Portability
and Accountability Act) requirements will also be touched on. Research and
consideration were given to several different methods for secure data transfer
including a complete EDI solution. Due to the specific project requirements of the
healthcare organization, the solution chosen was a highly customizable and scalable
product that uses FTP over SSL with the additional ability of data encryption.

Automated Formal Analysis of a Protocol for Secure data Sharing on Untrusted

Storage; (Bruno, Avik 2012).

This is a study as regard formal security properties of a state-of-the-art protocol for

secure data sharing on untrusted storage, in the automatic protocol verifier ProVerif.
As far as we know, this is the first automated formal analysis of a secure storage
protocol. The protocol, designed as the basis for the data system Plutus, features a
number of interesting schemes like lazy revocation and key rotation. These schemes
improve the protocol’s performance, but complicate its security properties. Our
analysis clarifies several ambiguities in the design and reveals some unknown attacks
on the protocol. We propose corrections, and prove precise security guarantees for
the corrected protocol.

Secure Encryption Using Image Steganography; (Raul, N.2012).

Image Steganography is a way of securing secret data by embedding an image data

inside another. This research work produced a system which incorporated theories of
Steganography and proved to be a form of security. Steganography is a way of
transferring secret information in a non-important one, camouflaging the real one.

However, the limitation was obvious since it can only secure image data’s and also if
the primary image is destroyed or deleted, same thing happens to the encrypted
image.

Understanding Security Protocol

A security protocol (cryptographic protocol or encryption protocol) is an abstract or
concrete protocol that performs a security-related function and applies cryptographic
methods, often as sequences of cryptographic primitives.

6
Key encryption in multi-user setting, security proofs and improvement; (Bellare,
M. 2000)

A protocol describes how the algorithms should be used. A sufficiently detailed

protocol includes details about data structures and representations, at which point it
can be used to implement multiple, interoperable versions of a program.

Cryptographic protocols are widely used for secure application-level data transport. A
cryptographic protocol usually incorporates at least some of these aspects:

i. Key agreement or establishment

ii. Entity authentication
iii. Symmetric encryption and message authentication material construction
iv. Secured application-level data transport
v. Non-repudiation methods
vi. Secret sharing methods
vii. Secure multi-party computation

ADVANTAGES OF THE EXISTING SYSTEM

i. There is no risk of getting valuable single-copy data damaged by software’s
ii. Data’s are quick to access at anytime

Disadvantages of the Existing System

i. Data’s can be compromised when there is illegal access to the computer or
removable drive
ii. The current system does not provide any form of reasonable security for data’s
at any level
iii. It promotes the use of low cost security systems
iv. It allows unwanted access to personal, business or special purpose data and
reports can be used for blackmails or distribution of top valued information

Analysis of the Proposed System

In the quest to provide top security for data’s at all level, special purpose encryption
software will be developed. The system brings a new protocol for data between two or
more parties and also at an individual dealing. Similar systems are found in highly
ranked MIS countries like USA, UK, Canada, China and more. They are commonly

7
integrated into their military and government computer systems to ensure that reports
and system generated data are always accessed by authorized personnel’s.

This new system is built on the Advanced Encryption Standard (Rijndael algorithm),
which is discussed earlier in this chapter.

Advantages of the Proposed System

Building this new encryption protocol come with lot of advantages for public and private
usage which are;

i. Access to secluded information rest within the operating parties

ii. There is no fear for leak of vital information before time thereby increasing data
integrity
iii. The Rijndael algorithm provides a strong approach to encryption which
preserves every bit of data in its original state until decrypted
iv. This new system does not rely on drive protection for data security but securely
protecting the data on its own
v. This protocol is a formal means of conveying or preserving data for a very long
period

Disadvantages of the Proposed System

i. Encrypted data cannot be accessed without the software installed on a
computer
ii. Passwords used for securing data may be forgotten which mean the data is
permanently useless
iii. Encrypting and decrypting large data may take longer time in slower
computers

Justification of the Proposed System

i. Advanced Encryption Standard is the standard for data encryption used by
the US government
ii. The algorithm is very secure and has no history of known attacks
iii. Military systems uses this same standard to secure top-secret information

8
Types of Security Management System
Security management is the identification of an organization’s assets include
(buildings, people machines and information assets), followed by the development,
documentation, and implementation of policies and procedures for protecting these
assets. The following are the types of security management systems:
 CCTV
 Access control
 System integration
 Structured cabling/data
 Fire system
 Home automation
 Telecommunication
 Audio
 Industrial barriers and Gates
 Alarm system
 Automatic sliding door
 Intercoms

FUNCTION OF SECURITY MANAGEMENT SYSTEM

 Policy Function: These functions enumerate user accounts and trusted
domains, receive policy change notifications, and lookup account names and
SIDs.
 Account function: These functions add, enumerate, and delete permissions for
an account.
 Trusted domain function: the functions create, enumerate, and delete trusted
domains and set and retrieve trusted domain information
 Private Data Functions: do not use the LSA private data function, it uses the
cryptprotect data and cryptunprotect data
 Password Filter Functions: are implemented by custom password filter DLLs
to provide password filtering and password change notification.
 Safer Functions: can be used to check the safer level of any executable and
to log events.

9
Benefits of Security Management System
An information security management system (ISMS) is a set of policies, procedures,
processes and systems that manage information risks, such as cyber-attacks, hacks,
data leaks or theft. The following are the main benefits of information management
system.

 Ability to market more: because more people in the industry want to work with
companies that protect data better, you would be able to market yourself quite
easily. There would always be potential clients you can approach and share
your USPs with. They would potentially never have to worry about data loss or
theft with a certification like this with their vendor.
 Confidence of clients: having the confidence of your clients is of critical
importance in any field of business. The moment your clients know they have
the right vendor; they would renew your contracts with ease. Thus giving you
a higher retention of clientele.

Summary
Having developed and implemented data encryption software using the Advanced
encryption standard (Rijndael algorithm) and working in perfect condition as expected,
this chapter brings this research to a close by summarizing the undergone activities
and recommendations on how it can be made more standby and successful. Unlike
many encryption software, this one allows you to encrypt any type of data with any
size, it securely encrypts the data using any key of your choice or without any if you
choose to. With the Rijndael algorithm you are sure of a top level encryption at every
time, it is the Advanced Encryption Standard (AES) which is endorsed by NSA and
used across all top government and military systems in the USA.

In a nutshell, any data encrypted with this software can be decrypted by another
software developed in same fashion using the Rijndael algorithm but only when the
encryption key for the data is provided.

Conclusion
Data security will always be an important issue in business, government, military and
intelligence. As far data’s are properly secured, information can be transferred without
fear of intercepting the message. Software systems are being built and modified
periodically to make sure there is no mean of cracking the end product. Development

10
framework and language matter a lot in this sense which makes the Microsoft .NET
framework a very good option for developing this project. The success achieved in this
research work is attributed to the good standing and security measures of the Rijndael
algorithm (AES). This research work targets any type and size of data giving you an
output data based on your preferences.

Recommendations
Every software system has a potential to get better than its current version due to
changes in specifications, design patterns, logic and so on. To keep this end product
alive and the aims and objectives of design alive some recommendations are given
below;

i. The encrypted data from this software should be tested (by hackers) on a
regular basis for flaws that can make it exploitable, this will give room for
improvement
ii. Design specs should be updated based on suggestions and feedback from
users
iii. All encryption algorithm are open to the general public so people also try to
break the Rijndael algorithm, whenever there is a general fix, the software
should be modified as well
iv. To improve the software effectiveness certain features may be added in the
near future such as the ability to recover encrypted data’s when the key has
been forgotten.

11
 REFERENCES

Announcing the ADVANCED ENCRYPTION STANDARD (AES) (PDF). Federal

Information Processing Standards Publication 197. United States National
Institute of Standards and Technology (NIST). November 26, 2001. Retrieved
October 2, 2012.

Avik, C., & Bruno, B. (2012).Automated Formal Analysis of a Protocol for Secure
data Sharing on Untrusted Storage.

Ananda .M., (2010). The Digital world, digital security

Bellare,M. (2000).Public-Key Encryption in a Multi-user Setting: Security Proofs and

Improvements. Springer Berlin Heidelberg.

Christof, P., &Jan, P. (2009).The Advanced Encryption Standard: Understanding

Cryptography, A Textbook for Students and Practitioners

Goldreich, O. (2004). Foundations of Cryptography: Volume 2, Basic Applications.

Cambridge university press.

Henri, G., & Thomas, P. (2009). Super-Sbox Cryptanalysis: Improved Attacks for
AES-like permutations

Hiremath, S., & Suma, M. (2009). Advanced Encryption Standard Implemented on

FPGA, IEEE Inter Conf. Comp Elec Engineering.(IECEE),vol. 2, issue 28

Joan, D., & Vincent, R. (2002). The Design of Rijndael: AES – The Advanced
Encryption Standard.

John, S. (2000).U.S. Selects a New Encryption Technique. New York Times.

Liberatori, M., Otero, F., Bonadero, J.,&Castineira, J. (2007). AES-128 Cipher.

High Speed, Low Cost FPGA Implementation, IEEE Conf. Southern
Programmable Logic (SPL), vol. 4, issue 7.

McWilliams, G. (2011). Hardware AES Showdown - VIA Padlock vs. Intel AES-NI vs.
AMD Hexacore.

12