Report on Security and Cryptography (SE CRYPT)

Facebook uses a conventional access control model consisting of Discretionary access control (DAC), role-based access control (RBAC), and mandatory access control (MAC). The system uses interested permissions for the contextual privileges. The focus of the access control model is on the first-order logic that classifies activities, personal information, and photos (Belbergui, Elkamoun, & Hilal, 2016).

1.      The subject of an access control model is privacy settings interface. The information is related to the largest number of users and their offers. Two-level policies are defined in the access control policy one is abstract including role, activity, and view while the second one is concrete one that considers the object, action, and subject. The attributes are contextual rules that work under the management policy.

2.      The objects are passive entities that satisfy common properties of the model. Access to objects is actions and activities. The model depends on the permission to perform the action and other privileges are prohibited. Facebook is defined as a central organization that works with a number of users. The roles of each hierarchy of model are defined for the central organization (Belbergui, Elkamoun, & Hilal, 2016).  

3.      The users of Facebook own their resources such as videos and photos. The users are permitted to have their own access and control on the access. The access control of users is on the members, friends, pictures, and other actions. There are different types of management process on Facebook and some finer ways are designed to access the resources (Belbergui, Elkamoun, & Hilal, 2016).

4.      It is indisputable that all the features of Facebook are expanding in the same direction under the access control model of Facebook. In the same way, management of the access control is under the limited needs for the users. The users often claim problems on the basis of models and simulations of the security policy that is adopted by Facebook. The access control model is working under the action of the OrBAC model and MotOrBAC software. Different aspects such as subjects, objects, and resources are connected to each other in a formal way (Belbergui, Elkamoun, & Hilal, 2016).

5.      The social networks are working to keep the people close through the virtual platform and they can share information about the community, profession, and personal. Facebook is working on the same pattern (Belbergui, Elkamoun, & Hilal, 2016). The information shared by the users can be controlled on the basis of their preferences. The access control mechanism works to manage the access ad performance of users. The mechanism of an access control model is linked with the control policy, profound access, and organization of access control models. In the whole process, appropriate simulators are used to develop coherence. The extracted conclusion proves the need for development, access to the requirement, and subject to the access control model (Belbergui, Elkamoun, & Hilal, 2016).  

Task 2

a.      AES cryptography versus DES cryptography

Both AES (Advanced Encryption Standard) and DES (Data Encryption Standard) are the symmetric block ciphers. The introduction of AES was mainly to overcome the drawbacks of DES (Daemen & Rijmen, 2013). DES is mainly used for the smaller key size and it is relatively less secure. DES worked slowly, AES was introduced by National Institute of Standard and Technology. The main difference is that DES is a block of plain text that can be further divided into two parts of algorithms while on the other hand, AES is the main block that can be processed to obtain the complete ciphertext (Techdifferences. com, 2016).

Features of AES:

AES consists of 128-bit plaintext and secret keys that work together to form a 4 x 4 square matrix.  This matrix undergoes all the initial transformations. The whole process contains 10 rounds with the 9 round stages. The sub bytes of the S-box perform the byte by byte substitution for the whole block of matrix. The rows of the matrix can be shifted. The columns of the matrix are shuffled to from one side to the other side. There are possibilities of Xor current blocks that can expand the key performances (Blog. syncsort. com, 2018).

Features of DES:

The expansion permutation consists of 32-bit right portion for the 48-bit right portion that is expanded. The Xor feature contains a 48-bit right portion along with the subkey. In the results, the 56-bit key is expanded from the 48-bit output. The Xor step is used to obtain 48-bit output and it can be reduced to 32 bit again. P-Box is another feature of DES that can be resulted from the S-box and it is permuted again. As a result, 32 bit permuted output is obtained (Belbergui, Elkamoun, & Hilal, 2016; Daemen & Rijmen, 2013).

Uses of AES and DES

Both DES and AES are the elegant cryptographic and efficient mathematical algorithms that are used for the data encryption. The main strength of both is based on the length of various keys. Initially, AES allowed selecting between 128 bit, 192 bit, and 256-bit key. The keys are exponentially strong as compared to the 56 bit key of DES. Different keys are used in AES encryption and AES decryption. These keys are used in both operations including decryption and encryption (Techdifferences. com, 2016). The whole algorithm can be used for symmetric operations. While on the other hand, data encryption standards are listed as an outdated symmetric system that uses a key method for data encryption. The same key used by the DES for the decryption as well as an encryption of any message. In the whole process, the receiver and the sender must have accurate information about the same private key. In the usage, AES is highly secure due to use of small key size as compared to the DES but AES is faster as compared to the DES (Blog. syncsort. com, 2018; Belbergui, Elkamoun, & Hilal, 2016).

b.      RSA versus Diffie-Hellman public key encryption algorithms

RSA and Diffie Hellman are the types of public-key encryption algorithms. These two are strongly related to each other and have commercial applications based on intractable problems. The encryption algorithms are used to reduce the difficulty of factoring the large numbers, modular arithmetic processes, and exponentiation. The key length recorded at minimum length for the encryption systems is 128 bits but in case of both types, it can be exceeded from 1024 bit keys (Belbergui, Elkamoun, & Hilal, 2016). RSA and Diffie Hellman public key encryption algorithms are subjected to eh scrutiny by many cryptographers and mathematicians. After the implementation, both are highly secure. According to the analysis, it can be concluded that the nature of Diffie Hellman key exchange is different as compared to RSA in case of man-in-the-middle attacks. The Diffie-hellman algorithm is used with a combination of the authentication method that is digital signature (Belbergui, Elkamoun, & Hilal, 2016). While on the other hand the RSA algorithm can be used for different processes such as digital signatures and asymmetric key exchange. According to recent researches, RSA key demonstrates 2048 bit long code that can be effectively downgraded. Both procedures are based upon interoperability constraints. The performance of these procedures ready matter for the security and robust of 1024-bit RSA key. In Asa algorithms, there are four different steps including key generation, key distribution, encryption and decryption (Thorsteinson & Ganesh, 2004). These algorithms are used to generate public and private key algorithms alone with Complex parts. RSA algorithm is used to ensure integrating, authenticity, non-reputability, and confidentiality for data storage and Electronic Communication. Diffie-Hellman key exchange is often known as exponential key exchange. This method can be used for Digital encryption. The process is specific for the powers to produce decryption key on the basis of several components that can be used to directly transfer the mathematical code (Rouse & Peterson, 2019). This code can be used to transfer a secret communication between two parties by using public Network and exchange data by using the private encryption key. The Diffie-hellman key exchange process is used for small and positive integers that transfer information between two components. Diffie-Hellman to protect and to exchange the information between keys that are connected by using symmetric encryption (Belbergui, Elkamoun, & Hilal, 2016). One of the biggest limitations of the Diffie-Hellman exchange algorithm is lack of communication between DH to exchange keys it also makes the user susceptible to safety for man in the middle attack. RSA algorithm is the basic algorithm of a cryptosystem which enables public-key encryption by securing the sensitive data (Arampatzis, 2018).

c.       Write an essay of approximately 1000 words, with at least 5 references and at least 2 diagrams, describing how proper Public Key Infrastructure should be implemented and operated

The digital trust hierarchy is established by public key infrastructure (PKI) by which the identity of the object securely verified by the central authority. The computers and users are commonly certified by public key infrastructure. It can perform its functions by revoking, maintaining, validating and distributing the SSL/TLS certificates that are built from the pairs of public and private keys. The revocation, verification, and distribution of public keys are supported by the public key infrastructure and it is also for the encryption of public keys. The PKI allows the identities liking along with the certificates of public keys. It also allows the systems and used for exchanging data securely by using the internet. The legitimacy is also can be verified by the entities of the certificates holding just like as authenticated individuals and servers and web servers. The digital certificates holders are authenticated by PKI and it performs the role of mediators for the process of revocation certificates. It is used to securing the process by using cryptographic algorithms (Choudhury, 2002).

The multiple CAs utilized complex PKIs along with the root of CA. The CA root hold as self-signed certs as well as the certs issues to the CAs subordinates by which the certs can be issues for (registration authorities) RAs and local register Authority (LRA). During the operation, the initial request is taken by LRA or RA to the certificates by requesting the party. The authenticated request is passed towards its CA by which the certs can issues. The CAs hierarchy resembles with the tree that’s is used for CA roots. As given in the below picture (Younglove, 2001).    

Figure 1: Complex PKI with a root CA-0 and multiple subordinate CAs

Source: (Younglove, 2001).      

On this particular point, the chain of trust has been established among the entire EEs according to the CAs subordinates.  But the question is the EE-1 does and how it works according to its path.  The public key infrastructure is commonly used as barcoding for differentiating the specifications features and prices of the products. A PKIs needs numerous various elements to using it’s effectively. The digitals identities of the users can be authenticated by using the CA (certificate authority) that is ranges among the individuals towards the computer system and then severs. The falsified entities are prevented by the certificate authorities and it is also used to managing the life cycles of the required numbers of the digital certificates along with its systems.

The component of the RA (Registration Authority) comes on the second in command that is also authorized by its certificate authority for providing the digital certificates for its users according to the basis of case by case. All the certificates which are used in this process are revoked, requested and received by both of these RA and CA that are stored in the database of encrypted certificates.

The certificates stores are used to keeping the information and certificates history that is usually referred to as the particular computers as well as act as storage space for its all certificates history and relevant memory. It also includes private encryption keys and issued certificates such as the Google Wallet that is the greater example of the PKI. The identities are protected by the public key infrastructure by hosting all of these elements for the security of the framework. The private information is also used in these various situations where digital security is required. For example encrypted documents, smart card logins and SSL signatures (Munivel, 2010).  The PKI (public key infrastructures) is implemented for the security purposes in the following ways as;

·         It is used for securing the emails

·         The web communications are secured by this such as retail transactions

·         It provides digital signing software.

·         The digital signing applications are also used in this process.

·         Encrypting files are used in this process.

·         It is used for decrypting the files.

·         The smart card can authenticate by implementing the process of the public key infrastructure.

The public key infrastructures can be implanted and operated according to the following processes and there are various steps in the below-given diagram that can be explanted the implementations of the KPI (Malan, 2008).

https://www.altaro.com/hyper-v/public-key-infrastructure/

·         The implementations of the PKI in the above figures explained as;

·         The privates and public key pairs are generated by the entities.

·         The certificates are crafted by the entities by signing the request as well as submit it to the certification authority.

·         The certificates are issued by the certificate authorities as well as than recording it in the database.

·         The certificates are presented by the entities to the clients.

·         The certification authority’s certificate has presumably signed by the client and it gets it by using this.

·         It has been observed by the clients that the certificates do not appear on the CRL.

After checking the 4, 5, and 6 the certificate will be accepted by the client. The PKI identity can be wrapped up by establishing its own identity and the encryption or discussion can be continued by it.

The PKI is implemented in the various organization by using the two-tier hierarchy design which is best fit to meet the requirements and needs majority organization that is required to focus on these organization. Its setup can be entailed by;

·         The role of the root can be segmenting and issuing for providing a secure configuration.

·         The root of CA can be offline which is required the private key to root that can be more secure.

·         At the various geographical location, it allows the multiple deployments for issuing the CAs

·         At various security levels, it provides greater control for issuing the CAs.

    According to the analysis, it can be concluded that the nature of Daffier Hellman key exchange is different as compared to RSA in case of man-in-the-middle attacks.

The performance of these procedures ready matter for the security and rousting of 1024-bit RSA key. The security infrastructure can be enabled by implementing the public key infrastructure (Misra, 2016).

References of Security and Cryptography (SECRYPT)

Arampatzis, A. (2018, 12 21). How is Diffie-Hellman Key Exchange Different than RSA? Retrieved from www.venafi.com:

https://www.venafi.com/blog/how-diffie-hellman-key-exchange-different-rsa

Belbergui, C., Elkamoun, N., & Hilal, R. (2016). Modeling Access Control Policy of a Social Network. (IJACSA) International Journal of Advanced

Computer Science and Applications, 07(06), 198-201.

Blog. Syncsort. com. (2018, 08 21). AES vs. DES Encryption: Why Advanced Encryption Standard (AES) has replaced DES, 3DES, and TDEA.

Retrieved from blog.syncsort.com: https://blog.syncsort.com/2018/08/data-security/aes-vs-des-encryption-standard-3des-tdea/

Daemen, J., & Rijmen, V. (2013). The Design of Rijndael: AES - The Advanced Encryption Standard. Springer Science & Business.

Rouse, M., & Peterson, R. (2019). Diffie-Hellman key exchange (exponential key exchange). Retrieved from searchsecurity.techtarget.com:

https://searchsecurity.techtarget.com/definition/Diffie-Hellman-key-exchange

Techdifferences. com. (2016, 10 20). Difference Between DES (Data Encryption Standard) and AES (Advanced Encryption Standard). Retrieved

from techdifferences.com: https://techdifferences.com/difference-between-des-and-aes.html

Thorsteinson, P., & Ganesh, G. G. (2004). NET Security and Cryptography. Prentice-Hall Professional.