Paper Example. Military Encryption Framework

When working for a military organization is one’s responsibility to safeguard the information that has been entrusted to them. A critical part of the responsibility is to make sure that one accurately collects, accesses, uses, shares, and even disposes of personally identifiable information. When handling all PII, extra care ought to be exercised altogether. Besides, sensitive PII calls for unique handling because of the prospective increased risk of harm to an individual in case of a compromise. Thus, as a PII system developer, I would recommend the use of an advanced encryption standard (AES) and asymmetric algorithm in developing a secure military framework.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Personnel Records for Encryption

The rule of thumb in military-like most of security organization is straightforward. If it aids you in communicating with another person, it has to be secured. It all starts with AES-256, which ensures the communication done confidentially. Then other features are added like organization-wide passcode policies, multi-facet authentication, intuitive user management, and remote wipe. That means that the following ought to be secured; emails, instant messages, conference calls, shared files, text messages, and video calls (Nakashima, 2015). Besides communication channels which ought to be encrypted, components of official military file also should be encrypted. Administrative record with information regarding service subject of an individual also needs encryption. Such include appointment, duty s6tation, qualification performance, and decorations and awards attained administrative remarks emergency data. However, military engagements and veteran’s participation in battles may not call for encryption though many opt for security measures. Healthcare records for the military may also need to be encrypted.

Recommended Encryption Algorithm

Advanced encryption standard (AES) would be the best encryption algorithm for the military organization. The logarithm is one of the rules and trusted platforms by the American government and many other reputable organizations. Over the years, the American security systems have employed the logarithm, and it has proved to be reliable. Though it is incredibly resourceful even in 128-bit form, for heavy-duty encryption, it can also use the keys of 256 and 192 bits (Abdullah, 2017). The reason why the algorithm recommended, first it is considered resistant to all kinds of attacks, only with exceptions of brute-force attacks, which tries to decipher data using all possible combinations of 192-128 and 256-bits cipher. Secondly, it is one of the robust security protocols since it is implemented both in software and hardware. Thirdly, it is a commonly spread commercial and open source solution that is used across the world. Finally, it compatible and used in various applications like financial transactions, encrypted data storage, and wireless communication.

Asymmetric Encryption

Asymmetric encryption will be the best for the project because its primary benefit is increased security. According to Innokentievich et al. (2017), it is the most secure encryption compared to the symmetric process because users are never required to share or reveal their private keys. Without sharing of such keys, it minimizes the chances of cyber attackers from identifying the user’s private key in the course of transmission. Based on asymmetric encryption, digital signatures can offer assurance of evidence to the identity, origin, and status of an electronic document message and also recognize the informed approval of the undersigned.

Key Length

The asymmetric key ought to be longer for equivalent resistance to attack compared to symmetric algorithm keys. According to Irfan & Ahad (2017), an ordinary key length of asymmetric, which is RSA should have a range between 1024 and 4096 bits. Symmetric keys may be static or transient, with the crypto-period ordinary in a rage of a day to a year. But with asymmetric, it has a longer lifetime ranging from a single year to five years. The good thing is, the key be retained far beyond their crypto-time or rather indefinitely. What happens if the data kept in encrypted form and the successive access needed at a later date.

Securing Algorithm Key

Securing the keys is an essential approach in ensuring total security of encrypted data. The best way would be to encrypt the algorithm key. After that, the encryption keys should be kept on a different machine from the data that they are used to secure (Bellareet al. 2017). In case they are kept in the same device that has data they protect, once the machine is compromised, the keys are compromised too. Management of the encryption key cycle is another way to keep the key securely. After the stipulated expiry of encryption keys, the keys become useless regardless of how encrypted such keys are unless a new one is issued. Finally, a periodic change of keys in case of a data breach would be a needful precaution and a way of securing keys. The ability to change those keys intermittently can also help in preventing illegal access incase the keys were accessed unsuspectingly.

Key Management

Managing the encryption key may be a great challenge, especially for big organizations that require the essentials for several applications. However, the best mechanism of managing keys pegged on the following five steps. First is to generate a few possible keys per unit, which reduces the risk that an increased number of keys may pose. Secondly, store and secure all the essentials in a location which can be centrally accessed. The latter helps to track the keys accurately as well as saving them more securely. Thirdly is to create a multi-step system of access (Bellare et al. 2017). A secure system should always call for several sequences and steps before accessing the target information. Fourthly, Audit trial set-up would be another way of managing the keys well. Detailed documentation of the key usage should be adopted to ensure compliance with existing protocols and identification and correction of discrepancies—finally, an implementation of a computerized system that incorporates all the four steps discussed above. The system would be able to document and track the uses of the key and also raise the alarm in case of suspicious use.

Additional Security Mechanisms to Address System Compromise-Rogue

Multi-factor authentication for master keys can be additional security for the compromise scenario. An authorized should be able to get keys to the rebuilding of the database from encrypted back-ups in case of uncertainties or security bleach (Shah et al. 2016). However, such keys should also have an additional layer of security that only multi-factor authentication can give. However, if the holder of the key goes rogue, it poses a great challenge. Since the safety of the protected data is equivalent to the security of the key, thus its compromise means that the data would not be spared. As discussed earlier, if there are some steps towards authentication and not one person-in-charge of the entire process, it would be easier to track any suspected activity.

Transit Data Encryption Techniques

For the data on transit, the best mechanism is end-to-end encryption. The mechanism ensures that information is safeguarded when users communicate through open channels like texting and chats on social platforms. Protocols of cryptography like transport layer security and secure socket layer that authenticate transfer of data between systems or servers can be recommended. The latter offers an encryption system, which is end-to-end and thus preventing unauthorized access. A hashing algorithm can be adopted as a measure to ensure that data is not altered in transit. It helps to deal with the middle-man attacker because decrypting and encrypting data can allow an attacker to change the signature, but the critical data cannot be altered.

Policy and Process-Related Controls

IPsec and SSL are the widely acknowledged policies, especially for data on transit encryption (Valenza & Lioy, 2018). The policies offer encryption when data transits across a network but has little or nothing to do for data stored in a disk or database. Access control policies also stipulate all the controls put on both the software and physical contact to the mainframe to minimize contact to computer facts and systems.

References

Abdullah, A. (2017). Advanced encryption standard (AES) algorithm to encrypt and decrypt data. Cryptography and Network Security, 16.

Irfan, A., & Ahad, M. A. (2017). Implementation & Security Analysis for RSA-based Algorithms on Variable Key Length. International Journal of Advanced Research in Computer Science, 8(5).

Bellare, M., Singh, A. C., Jaeger, J., Nyayapati, M., & Stepanovs, I. (2017, August). Ratcheted encryption and key exchange: The security of messaging. In Annual International Cryptology Conference (pp. 619-650). Springer, Cham.

Shah, Y. C., Schmidt, A., Choyi, V. K., Subramanian, L., & Leicher, A. (2016). U.S. Patent Application No. 14/786,688.

Valenza, F., & Lioy, A. (2018). User-oriented Network Security Policy Specification. J. Internet Serv. Inf. Secur., 8(2), 33-47.

Innokentievich, T. P., & Vasilevich, M. V. (2017, September). The Evaluation of the cryptographic strength of asymmetric encryption algorithms. In 2017 Second Russia and Pacific Conference on Computer Technology and Applications (RPC) (pp. 180-183). IEEE.

Nakashima, E. (2015). Hacks of OPM databases compromised 22.1 million people, federal authorities say. Washington Post, 9.