Tuesday, 23 June 2020

i4C Blogathon - Second Runner Up Prize Winning Entry by Ms. Hima Varshini Parasa | Theme - Cyber Security and Data Protection

Staying Safe in the Cyber Era - 101

Second Runner Up Prize Winning Entry  |  Theme - Cyber Security and Data Protection

Ms. Hima Varshini Parasa
3rd Year, Comp/IT
Velagapudi Ramakrishna Siddhartha Engineering College

Today is the cyber era, revolutionizing innovations happen every day, a new superhero arises in the form of a tech-savvy to save the world from yet another problem through technology, and the entire human race revolves around technology more than the Earth revolves around the sun. Such over-achieving mechanization paves the path of drifting the lives of people personally, professionally and financially towards the digital world of cyberspace, automation, electronic media and much more, in a way leading to vulnerabilities of their private information being invaded. In such a digitally driven world, cyber security plays the role of a police officer in the land of crimes, cyber threats. What are Potential Attacks?

Working of Botenets 

Data breaches’ are done by the unauthorized entities to access confidential and sensitive information such as Personal Health Information (PIH) (each medical record is worth $60 on the dark web), trade secrets, Personally Identifiable Information (PII) etc. which are preserved in the corporate organizations or government classifications. 'Social Engineering’, can be described as a cyber crime where the people tend to be the victims out of pure innocence after being deceived and manipulated by the hackers in making them perceive hackers as an authorized entity trying to access the private information of the people including credit card details, bank accounting or social networking details. ‘Botnets’ are the networks working in accordance to a defeated firewall. Botnets are controlled by the hackers and they are used as a malware. Another cyber crime includes the DDos attacks known for highly trafficking a popular site as a way to corrupt the network with botnets leading to the opportunity to hack numerable people using the malware. Phishing, another cyber-crime, is the method in which the users are manipulated to open fake URLs or attachments and are tricked to change their passwords or update account information as a result providing the hacker insights to their data for exploitation. These cyber crimes are few of the many happening in an everyday scenario in addition to SQL Injection, Man-In-The-Middle Attacks, Cyber stalking, etc. through malwares like trojans, virus, ransom ware and many more and hence, cyber security measures serves a vital necessity to prevail. Cyber security as of perceived by now, is an approach to protecting valuable and confidential data. In order to effectively achieve this there are several data security methods to ensure the data being placed on the internet is protected to a great extent. These data securing mechanisms include risk assessments, access controls, encryption, pseudonymization, destruction, etc. out of which encryption stands out and is widely used all over the globe. 

Encryption - The Key to Protection

Private Key Encryption 

Private Key Encryption

Cryptography is the study of encryption and decryption and the reliable mathematical algorithms involved in building a secure and authentic communication path way over the internet. Encryption deals with the encoding of information using various procedures to derive an unreadable format of the data, which is transmitted to the network. Once the data reaches the intended receiver, the information is decoded at the user-end for the receiver to interpret it, known as decryption. The mathematical algorithms used to achieve this are symmetric key encryption, the data is encrypted and decrypted using the same key, public key encryption where the data is encrypted and decrypts using two unique keys which are mathematically related yet the relation is not derivable, and hashing functions are also mathematical approaches to transform the data but the result is irreversible. Cryptanalysis provides higher standard encrypting algorithms to achieve data privacy including the block encryption and stream encryption. A block cipher is an encryption algorithm that encrypts a fixed size of n-bits of data - known as a block - at one time. The usual sizes of each block are 64 bits, 128 bits, and 256 bits. In today’s world a great number of ciphers used are the block ciphers. Date Encryption Standard (DES), Triple DES, Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), and Blowfish are some of the commonly used encryption algorithms in which each uses a specific sized cipher, are classified in this category. Stream encryption on the other hand, is an encryption algorithm that encrypts 1 bit or byte of plaintext at a time. An infinite stream of pseudorandom bits is used as the key. A stream cipher is implemented by and is still in use because of the unpredictable pseudorandom generator and unique keys. The most popular stream cipher is the  RC-4, a variable length cipher, used dominantly in products supporting Secure Socket (SSL), a protocol developed for sending private documents via the internet. 
Diffie- Hellman Key Exchange Algorithm

RSA algorithm and Diffie- Hellman are categorized as popular encryption algorithms as well. RSA is similar to the public-key cryptography, used to protect communication between various users. RSA is also known as asymmetric cryptography, which uses a combination of public and private keys for security. The public key plays the role of encrypting the messages and the private key owned by rightful owners has the privilege to decrypt the message. On another note, Diffie-Hellman key exchange, also called exponential key exchange, since as the name itself is self-explanatory, the procedure of digital encryption happens using numbers raised to specific powers so as to produce decryption keys on the basis of components that are never directly transmitted. It is highly impossible for a hacker to actually break the algorithm to interpret the encrypted message being transmitted unless the intruder is rich in knowledge in the field of mathematics. Other Data Securing Mechanisms

Data protection against intruders is of great significance and for it to be ensured, encryption plays a vital role. In addition to encryption, pseudonymization holds effective as well. In pseudonymization, the data is represented with pseudonyms, false names tricking the intruders into believing, it is the data they need. The original names are re-identified through additional information given according to the particular dataset. Access controls to an extent halt the intruders but are not completely reliable since the users are vulnerable to be manipulated in most cases, eventually providing their personal information on the internet. Destruction or data erasure involves completely deleting the corrupted system when a data breach is possibly detected, the organizations in this case rely on the backups of the data stored on a completely different location. Another widely used securing protocol is data masking which involves masking fields of data important to retrieve the entire data as a way to protect the data from being leaked to malicious sources and at the same time from the inter personnel who could possibly misuse the data. An example of data masking is the masking of first 12 digits in a credit card in the database it is held.  

What can be done?

As a techie in a digitally driven world, it is important to be aware of the possible threats and vulnerabilities and exploitations and take the necessary measures to escape from being victimized. It is equally important to share the knowledge perceived with others and guide them away from the track of exploitations and manipulations. In order to do so, there are several tactics like:

Multi-factor Authorization 

  • Multi-Factor Authorization: The period of relying on a single password is over. 

  • Data Security Questions: Create or answer the security questions, plays an important role to reauthorize data in the midst of a data breach.

  • Restrict Data Access: If in an organization or personally, share data access limitedly.

  • Robust Supervising: Security practices involved in an organization must be checked thoroughly and regularly.

    Working of a Fire Wall
  • Use a Firewall: Firewall acts as a filtrate for data entering the system, and blocks any spyware, malware or viruses. 

  • Offsite Backup: Preserving data in multiple, yet feasible location is necessary.

  • Enable software updates: Software update popup shouldn’t be ignored and all updates must be taken care of as soon as possible. 

  • Antivirus Protection: Any sophisticated device comes with an antivirus protection; it is the responsibility of the user to constantly keep it upgraded.

  • Storing Passwords in devices: Must be avoided. It attracts the identity thieves as much as ever.

  • Delete legacy files: Remove unnecessary data if not being used and before doing so, make sure to completely destroy by shredding, overwriting, or degaussing.

  • Use strong Passwords: Don’t use names of pets, things, date of birth, or any other obvious information which could be known from your personal social media pages. Make the password as complex as possible, include alphanumeric, special symbols. Passwords created using identifiable information such as SSN, phone numbers, addresses must be avoided. It is advised to create paraphrases rather than single word passwords. 

  • Secure Wi-Fi: Guard your Wi-Fi with a strong password and don’t trust free hotspots and free Wi-Fi spots at public places, used only when really required.

  • Look out for Eavesdroppers: Enter passwords or access private information when no one is around or looking.

Thus, cyber security and its practices play hand in hand with the technological advancements happening every day.


No comments:

Post a comment