Introduction
In this scenario, it’s important to realize that data integrity and confidentiality is achieved by ensuring that only the authorized person(s) gain access to the data and that during transmission, storage and retrieval data originality is maintained.
That is to say no alterations can be made whatsoever during these processes. We also know that the store employees are not authorized to access data sent for storage by their clients. This essay tries to discuss how this can be achieved from a CIO’s viewpoint.
Secure transmission and storage
Analyzing the requirements for this to be achieved we realize that, data should be illegible during transmission to the store and back to the customer since it is wired over a public network, (Merkle 1978); also the store staff should not be able to read it.
In this case we employ cryptography which is a mechanism for encoding character strings using some predetermined keys and encryption algorithm, ( Curry, 2001). The sender encrypts the message changing it to a form known as a ciphertext and the receiver on the other hand decrypts it to obtain the original message.
In our case, the receiver should not be able to read the message, therefore we use double encryption. First, the CIO should come up with a set of two keys, a public key PuKs and a private key PrKs. PuKs should be made known to all the customers, while PrKs should be kept secret only known to the staff in charge of data receipt and transmission.
Each customer also comes up with a set of two keys public, PuKc which is given out and private PrKc which is only known to the customer. He also comes up with another key PKc only known to him. The sender in this case, the customer encrypts the data using an algorithm and the key PKc.
This ensures confidentiality of data since only the owner has got the key so only him can read this data. However, the receiver, the store in this case needs to verify that the message received is the original one sent by the customer it has not been tampered with on the way.
Since the store employee receiving it cannot read it, the originality of sender can be verified by use of a digital signature. Both parties agree on some verification code known as the digital signature, (Rivest, Shamir and Adleman, 1978).
When the customer is sending his data, he encrypts it with PKc, generates a hash function, (Niven and Zuckerman, 1972) of the original verification code and attaches it to ciphertext, C1 obtained and encrypts the combination a second time using his private key PrKc to get ciphertext, C2 and sends it to the store.
When data is received at the store, the receiver decrypts it with the key, PuKc to verify the signature and if it matches the originally agreed code, then the data is original from the customer. The signature is removed from the message and the C1 is stored. This ensures data integrity. This method is made secure by the fact that any changes made to the data, will translate to a change in the digital signature, (Calabrese, 2004)
When the customer requires his data, the original ciphertext from the customer is retrieved from storage. Then the store employee in charge appends his digital signature to the ciphertext and encrypts it with the store’s private key, PrKs.
He then sends it over to the customer who decrypts the message with the store’s public key, PuKs which he already has to verify the sender. If the signature matches the original code, then the ciphertext is original from the store. He then detaches the signature from the ciphertext and decrypts the ciphertext with his private key PKc; the one he used to encrypt.
Secure email exchange
In the store, the staffs agree on an encryption method to secure their email exchange. Each member comes up with a set of two keys a public and a private key. Each of them gives out his public key to all the others but keeps his private key secret, (Curry, 2000)When party A wants to send a confidential email to party B, he encrypts the message with party B’s public key and sends the ciphertext to party B.
On receipt, party B decrypts the message with his private key and reads it, (Potter, 1977). To verify the originator and integrity of emails, the sender appends his digital signature to the message, the signature in our case could be the sender’s name for example but he encrypts it with his private key and the receiver can decrypt it using the sender’s public key which he already has, (Diffie, Hellman, 1976)
Secure backup transmission
During backup data transmission, StoreItRite employee in charge should combine all ciphertexts received from their customers during that day and encrypt it using a key only known to them, which is their private key PK3. The ciphertext, C3 is then sent over the leased line as one packet hence cutting on cost.
Conclusion
In conclusion we can say that encryption is the most appropriate way to ensure data security during transmission over a network and also during storage. Digital signatures enhance this security by providing a way of verifying that the data received is original from the sender.
No changes have been made along the way since it is only the sender who has his private key which was used to encrypt the signature. Double encryption technique enhances this integrity check by ensuring that any changes made to the data translate to a change in the digital signature.
References
Calabrese T. (2004) Information Security Intelligence: Cryptographic Principles & Applications. Delmar Learning. New York. Clifton Park.
Curry Ian, (2000), Key Update and the complete story on the Need for Two Key Pairs. Version 1.2. Canada. Entrust Technologies.
… (2001). An Introduction to Cryptography and Digital Signatures. Canada. Entrust Technologies.
Diffie W. and Hellman M. (1976) New Directions in Cryptography”, IEEE Transactions on Information Theory 22(6). 645-650. Web.
Merkle, R. (1978). Secure communications over an insecure channel. Communications of the ACM, 21(2):120–126.
Niven, I., and Zuckerman, H.S. (1972). An Introduction to the Theory of Numbers. New York. Wiley.
Potter, R.J., (1977) Electronic mail Science. Federal Register 40, PP 84-86.
Rivest, Shamir, Adleman (1978). A method for obtaining digital signatures and public-key cryptosystems; Communications of the ACM, 21(2) PP120-126.