Exam candidate number: Y3856191


Word count: 2474 , wordcounter.net

An Evaluation of Cryptography for Business Development

Executive summary

The future development of the company heavily depends on its ability to mitigate risk from increasing
cyber threats. Addressing cryptography more seriously is becoming of core importance; Consider
what it would cost the company if:
1. Customer data is stolen and it is released to the public
2. Sensitive company data which was used as a competitive advantage is stolen and released


Such problems can occur from risks on both networks and mobile environments. Here are a couple of
such threats:
1. Masquerade - When a hacker sends an email in the name of a person they are not
2. Spoofing - A false message is inserted into an email of a user


Cryptographic methods which could be implemented to prevent such threats include the use of VPNs,
Kerberos and Quantum computers. Cryptography provides many opportunities for the future growth
of the company; an effective security program could stimulate opportunities such as :
1. Interacting with customers in a reliable, timely manner
2. Being able to safely access new markets 


The intent of this report is to highlight the importance of using cryptography as a means to aid the
future development of the company by preventing major security breaches.

Introduction

Technology is undoubtedly important in helping businesses; whether improving organisation or

productivity, companies are able to reap the benefits technology has to offer. However, as our world
becomes ever more technocentric, addressing security issues has become of parallel importance - if

!1
companies fail to address their security, they become vulnerable to major damage. Criminal activities
such as blackmail and espionage are becoming more prevalent as hackers obtain critical information
through networks to extort businesses or to demand ransom. As of 2016, cybercrime affected 32% of
businesses, being the 2nd most reported economic crime worldwide.[6]

Adopting security measures to address these issues is essential for the future development of the
company. This report presents, analyses and evaluates cryptography as a means to mitigate such risks
to ensure that the enterprise can take advantage of new market opportunities and develop
progressively. This report will also highlight threats posed to businesses, basic cryptography concepts,
and focally, the importance of cryptography for future enterprise development.

What is cryptography ?

Cryptography is the study and practice of mathematical techniques in relation to information security.
Cryptography addresses several problems, however, ensuring that information is kept confidential
during communication is key. Cryptography allows a party to imbue their messages with secure
properties to prevent adversaries. Consider adversaries as an entity with the intention of
compromising the security of a network. Cryptography achieves security and integrity by supplying
the sender and receiver with a protocol. A protocol is set of rules which the sender and receiver adhere
to, these protocols may be a collection of programs or equivalently, software or algorithms. As
organisations become more dependent on the internet and electronic commerce, ensuring
confidentiality has greatly risen in importance.

Basic cryptographic concepts

Firstly, an algorithms is a set of steps or formula for solving a particular problem whereas an
encryption algorithm is a set of mathematical steps used on encrypting data. Through the use of an
encryption algorithm, data is turned into an unreadable format known as cipher-text and requires a
key to turn it back to normal text known as plain text. Encryption is a key concept in cryptography; it
is the process of turning plain text into cipher text with the aim of keeping information confidential.
Keys are used in encryption algorithms to decrypt or encrypt information, similar to the way a
password provides access to an account. Keys are important in encryption since they determine the
effectiveness of an encryption algorithm.

Symmetric and Asymmetric encryption

Symmetric encryption is when two parties share a common key used to encrypt and decrypt
information. This is one of the oldest and best known methods of encryption that provides

!2
confidentiality of information although, this encryption method does little to authenticate parties to
one another. In addition, all parties involved have to share and distribute the same key used to encrypt
the information to decrypt the information. Keys which are used for extended periods of time with a
more widespread use are considered to bring a weaker level of security.

On the other hand, Asymmetric encryption, also known as public-key cryptography uses different
keys for encryption and decryption. These keys are mathematically linked such that when one key is
used to encrypt information the other key must be used to decrypt it. One key is kept private (private
key) and the other is released to the public (public key). The public key encrypts the information
being sent using a particular algorithm and the private key , which is in possession of the receiver ,
decrypts it. The use of two keys in asymmetric encryption makes this process a relatively complex
technique; bringing a greater level of security. However, asymmetric encryption is slower than
symmetric encryption due to the former's algorithm complexity.

The importance of cryptography

Is cryptography important ? As threats evolve and emerge, businesses are facing new dilemmas and
customers are raising stronger concerns .The failure of businesses to tend to new threats will place
them in a vulnerable position, exposing them to greater risk. Consider what it would cost the company
if:
1. You cannot detect a security breach
2. Customer data is stolen and it is released to the public
3. The company's reputation and brand is damaged by a security breach affecting customer
loyalty and investor confidence
4. Sensitive company data which was used as a competitive advantage is stolen and released


As one can imagine, these instance would cause irreversible damage towards the company. Such
instances can arise from an endless list of threats which can occur in many different settings.
Additionally, it is essential for an organisation to acknowledge its ability to tolerate risk and its ability
to tolerate the impact of the risk once and if, the risk is realised. Considering and implementing
bespoke cryptographic system across a company accordingly, would help better determine a
company's level of tolerance and thus, will help reduce the possible impediment of a company in the
future.

!3
 The security in an organisation
The security of networks

Organisations rely on networks to access information stored in databases; this information could be
continuously updated to reflect sales online - critical information needed for any company to analyse
and determine on how they are progressing. As discussed before, keeping this type of information
secure is vital to prevent potential catastrophes. Information obtained from E-commerce in particular,
since this usually contains credit cards, personal information etc which often is the most sensitive and
if released , the most costly. So, what type of attacks can be prevented as a result of better security
measures ? The following subsection provides a list of common attacks used to steal data from
information systems.
1. IP Spoofing - this is where a hacker steals an IP address from a trusted host to gain access to a
particular network.
2. Packing sniffs - A hacker waits for a particular TCP/IP packets to be sent out of a network to
steal the information in them. Typically, they contain users logins, e-mail messages ,credit
card numbers etc.
3. Password attacks - The hacker uses a program which cycles through a range of words from a
dictionary and inputs them as the password. This is common when users choose weak
passwords. If an employee has administrative privileges on a network and becomes subject to
such an attack ,they could cause several problems.



As time progresses technology will branch out to a larger domain of users increasing the frequency of
such attacks. More so, different types of attacks, some more effective than others , will emerge
pressuring businesses to adopt better security measures or else, face cumbersome problems from
adversaries.

The security of E-Mail

With the rise of smartphones, the electronic mail (E-mail) has become imbedded in our everyday
communication. Yet , as organisations increasingly rely on emails to send information , new
vulnerabilities and methods of attacking arise through mobile environments. Preventing information
being stolen, regardless of the medium is key in maintaining security and confidentiality. Different
aspects of the company need to be considered to ensure that a high standard of security is being set
forth. For this reason, this section highlights one aspect of a company's vulnerability; being

!4
susceptible to hackers through email in mobile environments. Despite the wide-use of the email in
both organisations and everyday life, it is not as secure when used in a mobile environment.

The following is a list of common threats to email protocols:

1. Disclosure of information - Since most emails are not encrypted, hackers are able to read the
contents of your email given access to the appropriate tools.
2. Modification of messages - The content of an email can be altered during transport
3. Masquerade - When a hacker sends an email in the name of a person they are not
4. Spoofing - A false message is inserted into an email of a user
5. Denial of service - Spamming a mailing system with emails causing it to overload


As demonstrated, threats can surface anywhere within an organisation - both in networks and mobile
environments. 



Cryptography in the workplace

So far, we have outlined some threats both in the mobile environment and networks, but how can
cryptography reduce the likelihood of such threats occurring ? This section will discuss a range of
protocols that can be used to prevent such problems.

1. VPNs ( Virtual Private Networks)


A VPN is a type of technology that creates a safe and encrypted network connection across a
public network. VPNs act as tunnels which branch through wide area networks (WAN) e.g the
internet; by using a VPN, all the information is jumbled into cipher text throughout the WAN
so the network is “virtually” private.Many businesses use VPNs to access corporate files and
other resources or to communicate across multiple locations. VPNs are widely used since they
provide a secure network in which users can access information ; users must be authenticated
to access the private network through passwords or other unique authentication methods.


2. Kerberos


!5
 Kerberos is an authentication protocol aimed at providing strong and secure authentication
across a network. Unlike standard password/username authentication methods, Kerberos
uses symmetric encryption and a third party , otherwise known as the key distribution
centre (KDC) to authenticate users to a range of network services. Once users gain access
to these network services they are able to encrypt all of their information, ensuring
confidentiality.

3. Secure Shell (SSH)


SSH is a cryptographic network protocol that enables system administrators to access remote
computers. SSH provides a secure channel over an insecure network such as the internet and
enables administrators to log into another computer, alter files and execute commands. This
protocol is often used in organisations since administrators can manage systems and
applications remotely. 


The implications of Quantum Cryptography

In the upcoming decades quantum computers are expected to become more accessible and integrated
across our society. Quantum computers are very powerful in comparison to modern computers and as
a result, will revolutionise the way we implement security measures . A unit of quantum information
is called qubit. In a standard computer, bits are one of two states; on or off (1 or 0) and takes the form
of tiny transistors. A qubit however, is not composed of transistors but of physical components so
small, that they follow the rules of quantum physics. Unlike a bit, a qubit can be a 1,0 or both at the
same time. This means that a single qubit can perform two calculations at any given moment in time,
dramatically increasing performance speed. Such computers will be able to decode most crypto-
systems quite easily in comparison to conventional methods.

Symmetric key cryptography is currently a popular method for ensuring the confidentiality of
information across organisations. However , as previously mentioned, keys used for an extended
period of time in symmetric systems often bring vulnerabilities. More so, managing and distributing
keys can prove to be difficult especially when trying to keep the key confidential. Currently, quantum
cryptography offers the highest standard of security. We are at the cusp of a new technological age
where quantum computers will alter our approach to data security and therefore, it is important for
businesses to address these shifts in technology to better understand the implication towards
organisations.

What Are the Risks and Opportunities ?

!6
Using cryptography as a means to better the security of an organisation increases its ability to take
advantage of new opportunities. Often, these opportunities arise when a company has available,
accessible, secure networks coupled with sufficient security controls. A company with a good
reputation for safeguarding information increases its ability to preserve and raise market share. An
effective security program could stimulate the following opportunities:
1. Interacting with customers in a reliable, timely manner
2. Being able to safely access new markets
3. Sustain customer loyalty by providing secure, private and integral transactions to achieve
customer satisfaction and confidence.
4. An increase in productivity as a result of staff being able to work in different locations as a
result of secure access to networks. 


Being able to determine adequate security for an organisation may prove to be tricky and difficult. If
the wrong type of security measure is implemented it may be a waste of time and become very costly.
As mentioned before, Consider what it would cost the company if:
1. You cannot detect a security breach
2. Customer data is stolen and it is released to the public
3. The company's reputation and brand is damaged by a security breach affecting customer
loyalty and investor confidence
4. The company network goes down because of a breach
5. Sensitive company data which was used as a competitive advantage is stolen and released

These are a handful of risks that businesses face if they fail to provide an effective security
program.

!7
Figure 1.0 - What percentage of organisations have a response plan to deal with cyber attacks?
This pie chart highlights how businesses are not sufficiently equipped in preventing cybercrime or
dealing with the risks once they occur. Given that cybercrime affects 32% of businesses, being the
2nd most reported economic crime worldwide , organisations need to take a serious approach when
dealing with security.

Conclusion
Having underlined the threats faced to businesses, it is has become evident that cybercrime is a
boundless threat that needs to be addressed by every organisation. Cryptography plays a crucial role
in maintaining security and preventing cyber threats. More importantly however, the future growth of
the company depends on the safeguarding of sensitive information; reforming the way the company
addresses and prioritises cryptography is pinnacle in ensuring that the company develops
progressively in the years to come.

!8
References:
1. Anish Bhimani, Securing the commercial internet, June 1966/Vol.39 ,No.6 Communications of the
ACM

Report published by a reputable source (ACM), author has an average of 16.33 citations per article




2. Marcin Niemiec,Andrzej R. Pach,Management of Security in Quantum Cryptography,11 citations,

published by a reputable source (IEEE)




3. Fariborz Farahmand,Shamkant B. Navathe,Gunter P. Sharp,Philip H. Enslow

A management perspective on Risk of Security Threats to information Systems, April 2005, Volume
6, Issue 2–3, pp 203–225, 1.1k downloads, 26 citations,published by a reputable source
(SpringerLink)




4. Mohsen Toorani,SMEmail , A New Protocol for the Secure E-mail in Mobile Environments,
published by a reputable source (IEEE)




5. Kendrick Conner, November 4 2004, Cryptography : At work in the business , very reputable
source (GIAC Certifications)

6. Global Economic Crime Survey 2016 - PwC

!9