Question

Consider the encryption efforts of one of your current or past employers, or research a typical enterprise network and discuss the following:

Where is encryption deployed in the enterprise, and what critical data or business process is it protecting?

How does the organization handle management of cryptographic keys?

Explain the policies, tools, and/or protocols used for key generation, key exchange, key storage, key use, key destruction, and replacement of lost keys.

Answer 1

Encryption scrambles text to make it unreadable by anyone other than those with the keys to decode it and its becoming less of an added option and more of a must have element in any security strategy for its ability to slow down and even deter hackers from stealing sensitive information.

The encryption is deployed in the enterprise where there is :

1)Risk posed by hackers.

2)Insider Threats.

3)other Malicious attack.

The Encryption is generally used by the organisation to protect sensitive data wherever it is found across the organisation on-premises,virtual,public cloud and hybrid environment.This includes data at rest in application and web servers,file servers,databases and network attached storage,as well as data in motion across in organisation's network.

Data that is critical for business operation may have the potential to be breached which in turn might impact the business,putting it at risk.It is beneficial to encrypt the data until the chances of integrity or confidentiality tampering is minimized. The various algorithms provide confidentiality and drive key security initiatives including authentication,integrity and non-repudiation.The organisation should provide encryption for devices,email and data itself.

Once keys are inventoried,key management typically consists of three steps:

1)Exchange: Key Exchange involves encapsulating one key with another key.A Master key is generated and exchanged using secure method.This secure method is usually expensive and not suitable for use on a larger scale.Once the Master key has been securely exchanged,it can then be used to securely exchange subsequent keys with ease.

2)Key Storage: Keys must be stored securely to maintain communication security.Security is a big concern and therefore various techniques is used to do so.The most common ease that an encryption application manages keys for the user and depends on an access password to control use of the key.

3)Key Use: The issue is with the length of time a key is used to be used,and therefore,frequency of replacement.Because it increases attackers's required effort, keys should be frequently changed.This also limit loss of information, as the number of stored encrypted message which will become readable when a key is found.

Key Generation:

POLICIES

It is the process of generating keys for cryptography. The key is used to encrypt and decrypt data whatever the data is being encrypted or decypted.

TOOLS

Tools used for key generation are symmetric key algorithm( for example DES and AES),and public key algorithm (for example RSA).

PROTOCOLS

Computer cryptography uses integers for keys.Key generation must be such that at the end of process two specific entities will know know the key.Key generation necessarily involves using source data which is unknown to third party. In general this source data will be random values obtained from suitable source.

Key Exchange:

POLICIES

Key exchange is done either in-band or out-of-band. In in-band key exchange,keys are exchanged through same communication channel that will be encrypted.In out-of-band keys, keys are exchanged through a channel other than one will be encrypted.

TOOLS

Tools used for key exchange are RSA,Diffie-Hellman,Elliptic curve Diffie-Hellman algorithms.

PROTOCOL

key exchange can be used only if server key types and certificate matches.

Key Storage:

POLICIES

Keys must be stored securely to maintain communication security.Security is a big concern and therefore various techniques is used to do so.

TOOLS

The tools that manages keys for the user and depends on the access password to control use of the key.

PROTOCOLS

The most common ease that an encryption application manages keys for the user and depends on an access password to control use of the key.

Key Use

POLICIES

The issue is with the length of time a key is used to be used,and therefore,frequency of replacement.Because it increases attackers's required effort, keys should be frequently changed

TOOLS

tools that limits loss of information as the number of stored encrypted message increases.

PROTOCOLS

the Encrypted message should be stored so that loss of information should be minimized.