The Efficiency Of Symmetric Encryption

Published Date: 02 Nov 2017

In this era, where Internet is highly expanding and accessible and information covering structures are enormously utilized, the maintaining of systems is of paramount importance. With the aid of easy security practices, the recent information the security needs and early monitoring of security incidents can be easily done by system administrators, and they can further make counteractive actions. Below are mentioned a few of these:

Currency of Knowledge

With the assistance of accurate security reports, the administrator should keep knowledge of security of systems. The understanding of each and every security issue of the settings of system and having information of known problems is of prime importance. It helps to counter all security bugs.

Authorized Staff to avoid misuse

To avoid the misuse of systems, they should be established in a place where there is authoritative staff. The reason is that if accessed by a hacker, all the information of system can be misused unless you detect and correct it.

Installation of fewer services

The maintenance of servers should be with least, important services. The system is at greater risk of abuse if more services and applications are installed. Only install the important components during Operating System installation.

Password Management

The administrator password should be very strong, unique, complex and of at least 10 characters. They should be easy to remember and coded before storage.

Less Authorization to Users

Occasionally, you have to provide the users with some access to confidential commands. Instead of giving the full authority, limit their opportunity to access.

Strong Password Strategy

A strong password policy should be used in order to prevent access and misuse. Characteristics like password aging, short length, exclusivity and use of uncommon words should be imposed. This helps the users to carefully make passwords under the strategy.

Screen-Lock Feature

The screen-lock feature must be putted into operation as unlocked user terminals are susceptible to misuse. Password lockout is another security providing feature that makes the user account invalid after failed login attempts.

Limit Users access

The systems should be organized for connection with only known I.P addresses and allow known numbers to call. Additional level of security is needed to limit the handling of user. For this, use of Firewall or VPN is recommended

Education of Users

The awareness of users regarding the importance of maintaining security systems is very necessary. For this, they usually contact System Administrator and they should guide them to tell them the security issues and significances.

Up to date Security Patches

The system should always be kept current with the latest security patches in order to lessen most of the major security issues.

Scanning of Systems

The frequent canning of systems is of vital importance. For the fulfillment of this purpose, one should use appropriate tools, which scan and report the problems for remedy. This prevents the exposure from being misused.

Filing change in Configuration

The change in configuration of systems of hardware or software should be filed as helps in detection of stalker, disaster recovery and trouble-shooting.

Keeping Backup Procedure

A recovery process is very necessary as the system may fail due to hacking or natural cause. SO, a backup should always be there.

NIST has provided all guidelines and advices that can be helpful in implementation of security practices. (Michael, 2010). The Information Security Handbook (800-100) satisfies all the terms like, development of system, authority, threat management and many others. It states that safety of the system is a very difficult command and is only dealt with team-work. The recommended safety control paper outlines the latent security authority. This document determines with evidence that proper organized plan must be used for securing the system and saving it from hacking.

Q.2

a) Describe type of measures used for information security management measurement programs. b) Describe the recommended process for the development of information security measurement program implementation.

To keep a check on the security of information systems, performance measurements are a worthy tool that provides the administrators with the helpful information regarding security from time to time. In this way, the organizations can take measures to evaluate the performance of security systems in order to maintain their information systems.

Concisely, the function of information security has become vital for every business in order to accomplish their operations. With the increasing impulse of securing information, there is a need to introduce better standards for apprehension of the state of security. The momentum to secure organizational information has also introduced the need to develop better metrics for understanding the state of an organization’s information security. The use of these metrics can enhance liability, make progress in strategy and show conformity with valid laws.

These metrics are also helpful in tackling multiple aspects of security. Three kinds of information security metrics are mentioned by NIST SP 800-55 and examples are provided by Section 5-4 as follows:

1. Implementation metrics to check the execution of security policy;

2. Effectiveness/efficiency metrics to appraise outcome of security services delivery; and

3. Impact metrics to measure dealing or mission impact of security activities and events.

These three types can be used but they differ in their utility depending on the development of each security program.

These performance measures can judge the security of either a single security control, a group of controls, or a whole security program. It aids the organizations to keep a check on the endorsement of their strategy. The professionals of organizations must use these metrics to measure the progress and efficiency of various features of their security programs. The steps for the development process of an information security measurement program are:

Launch of a Program

Characterization of goals and operators, getting the support of management and checking the individual audiences are the most important responsibilities in the initiation of a program. Superior management support and organized objectives are the keys for success of security metric programs.

Advancement of Measures

The determination of qualities and commencements of a information security metric is an important work. The qualities of good metrics are that, they are precise, irrefutable, analogous, time dependant, reasonable and persistent.

Examining of Measures

For the development in system, programs for the examining of data are essential. They can aid in collecting the information of security metrics, analysis and set up of targets.

Reporting and Responding to Measures

Meaningful reporting can lead to success of any information security metrics program. Major tasks of the reporting and responding include deciding how metrics will be reported, and the frequencies and formats, and determine who will be reported and respond to the information security metrics.

Sustenance of Security Measurement Program

The sustenance of security measurement program is not an erstwhile effort; it undergoes several evolution processes and need a continual support. The maintenance of the metrics program requires an official plan for evaluation and polishing of the program. Furthermore, the task is to assess the organization’s principles and values.

By winding up the steps, it is of no doubt that the legitimacy of information security is increased by taking security measures. This measurement program helps in spotting security controls correctly and calculating improvement in security of systems. The organizations can also exhibit conformity by regulations and laws by sustaining an information security measurement program. Q.3 Explain the key differences between symmetric and asymmetric encryption. Provide one software utility used in each encryption method. Which encryption method can computer process faster? Which lowers the cost associated with key management?

By the word encryption, we mean encoding. Encryption is basically a process/system that scrambles a message from readable to an unreadable and deceiving form with the aid of algorithm. This type of data is in cipher text form which is unreadable and explicit to unauthorized people. It is first in plain text and after encoding acquires a form known as cipher text. Encryption key can be commonly thought of as a string of random bits inserted into the encryption algorithm for the conversion from plain to cipher text. (Elizabeth, 2006).

Efficiency of Symmetric Encryption

Symmetric encryption is also known as shared key encryption. In this type, a single common password, key or pass phrase is being shared between the sender and receiver of a message being transmitted. With the help of same key, encoding and decoding (decryption) of the data is done. Due to this, it has less complexity and more fast speed in symmetric algorithm. Further, they are less costly and utilize less power and memory of a computer. So, in this way they have little superiority over asymmetric encryption.

The negative aspect of it is that it cannot be operated unless the passwords or keys are exchanged between the two parties. To keep it private, symmetric encryption involves a procedure in which input is merged with a secret key in such a way that the process becomes fat and output cannot derive the input. This type of encryption is very efficient for encoding even a massive data of range up to terabytes. There are further two sub-types of symmetric encryption, which are block ciphers and stream ciphers. The block ciphers can process input data in block of eight, sixteen or thirty-two bytes at a time. A free open-source disk encryption tool is Truecrypt and Microsoft Bitlocker for Windows Vista/XP/2000 and Linux.

Asymmetric Encryption and its Utility

Asymmetric encryption is also known as public/private encryption. There are two correlated keys, the public key and private key. These are used for encryption and decryption of data respectively. The application of this type is that the public key of a user is shared freely with everyone for communication, while the private keys are kept confidential and limited to the user. In comparison, the Algorithms are more complex and slower up to 1,000 times for asymmetric encryption than symmetric encryption algorithms. But they have command in that they are more significant and secure. The "access codes" of asymmetric encryption accomplishes fast solutions to problems. Factoring large numbers and discrete logarithms are the mathematical problems usually used. A minus point of asymmetric algorithms is that they can only work on a fixed range of data size, which is 1024 to 2048 bits for RSA and El Gamal, and 384 bits for the Elliptic Curve versions of RSA or El Gamal. This type of encoding solves the problem of keys as it gives a private/public pair to every user and everyone requires just the public key. These encryptions are used to correspond the session keys and for digital signatures. Asymmetric encryptions are typically used to communicate session keys for symmetric ciphers, and for digital signatures. The asymmetric ciphers are used for encoding small amounts of data like message digests and session keys. Though a symmetric cipher can be used for message authenticity, it cannot be used to provide non-reputable signatures.

G.A.E.T. (Graphical Asymmetric Encryption Tool) is a software function that uses symmetric encryption.

"An essential difference between symmetric and asymmetric cryptosystems is that one of the transmitter or receiver keys can be compromised in the asymmetric system with some secure communications still possible. These unique capabilities of asymmetric systems distinguish them from symmetric systems." (Simmons, 1979)

Summarizing the facts mentioned above, symmetric encryption is more efficient than asymmetric encryption. Just it has one flaw that a single key is present. Whereas, asymmetric ciphers are slow but solve the key distribution problem. Like in HTTPS, these can be combined to get the best come back.