Introduction
System vulnerability in data security refers to glitches and gaps in data networks that hackers can leverage and gain unauthorized access to a web application or a computer system. These security flaws can emerge because of unforeseen linkages of different computer programs, related equipment, or basic defects in an individual application. It is worth noting that these vulnerabilities are present in practically all kinds of networks. There is no accurate way to detect and resolve them all because of the heavily intricate structure of contemporary networks and cloud infrastructure (Tushar & Mishra, 2021). However, administrators can substantially reduce the probability of a cyber-attack by identifying some of the most prevalent system vulnerabilities and fixing them on time. In this paper, cryptographic techniques are applied to improve the performance, safety, and functionality of a system at ACME Yearbook Company.
The new proposed system (MetaSpace) is expected to provide privacy, security, and authenticity of students’ data while concurrently supporting internet-based viewing, publishing, and purchasing yearbooks. Methods such as encryption, which entails transforming plain texts into inaccessible formats, have been used to facilitate cryptography. The different additional features to be introduced by MetaSpace, the risks and solutions associated with it, and how the identified potential vulnerabilities will be solved form the basis of discussion for this paper.
Risks and Security Concerns to Be Addressed by MetaSpace
Modification of data
Considering the idea that the new product should be internet-based, there is a considerable risk of data modification through cyber-attacks. Data manipulation can significantly undermine the trust and principles of victims. For example, if the school discovers that source code or fresh blueprints have been infiltrated, its credibility might be jeopardized at all levels, from teachers to parents and students. Attackers may meddle with certain sections of the entire yearbook by threading sexually explicit information and adult content into it.
If this occurs, the school’s ethics and dignity will be deemed questionable and its reputation shuttered. From a strategic perspective, however, high endpoint visibility is considered one of the most effective methods of preventing these forms of cyber-attacks. In that case, the new system at ACME should be able to prevent the possibility of occurrence and progress of data manipulation and respond promptly to mitigate it before the outcomes become severe. The section below highlights the risk involved with the online purchase of ACME’s products in the new system.
Risks Involved in Online Purchase of Electronic Yearbook Copies
Whenever a customer visits the company’s website and makes an online purchase, the information they enter becomes public. This is the loophole that attracts cyber attackers and makes their endeavors easy. An attacker can access these credentials by either impersonating the user or manipulating the server of the company’s website. Once a hacker obtains detailed information, such as the victim’s name, date of birth, contact information, and residence, they can have a significant financial impact on the victim’s bank accounts. The segment below discusses how the students’ information privacy could be a potential risk in the system.
Privacy Violation
The Personal Identifiable Information of a student refers to any information that, individually or collectively, specifically identifies a student. This data is usually gathered, maintained, or extrapolated by a public education entity, either implicitly, through a school service, or explicitly by a school service contract provider. In this context, ACME is the school service contract provider, handling different details of the students, such as their names, grades and photographs. Although this data is needed when processing the school yearbook, the privacy of the students’ PII is compromised in this situation. This would be violated even further in case a data breach occurs at ACME servers.
Communication and Data Security Risks
Since the company is processing data from many schools, there is a risk of miscommunications or misinterpretation if the product is made available via the Internet. Similarly, because yearbook data will be saved on ACME’s servers rather than on customers’ home computers, there is an equivalent possibility of data being stolen, modified, or lost. Given that the product should allow multiple users to modify the yearbook at the same time, there may be preference mismatches and delays in the implementation of specific data processing phases. The section below highlights how the above concerns will be solved by MetaSpace.
Solutions Proposed to Mitigate the Forecited Risks
Use of Multi-Factor Authentication
Before gaining access to an online resource such as a software program, an account, or a proxy server, the user needs to submit additional verification credentials in a process referred to as multi-factor authentication. With this in mind, ACME should employ MFA as a key element of a reliable identity and access management policy to strengthen the safety of student data. The new system will be embedded with MFA, necessitating two or more authentication criteria in addition to the ordinary login password request.
With this tool in use, successful cyber-attacks are less likely to occur. One of the most popular MFA factors, OTP, will be implemented by MetaSpace, requiring students and parents to enter a four to six-digit code each time they log in (Tushar & Mishra, 2021). The school Android application, SMS, and email will all be used to deliver this code. The OTPs will prompt new codes each time an authentication request is made. When a student, teacher, or parent initially registers with the system, they are given a seed value that will then be used to produce the code.
End-to-End Encryption for Communication Security and Privacy
End-to-end encryption is a secure communication technique that makes it impossible for outsiders to access information while in transit from one end-user system or device to another. The students’ data will be encrypted on the new system and devices at ACME, and only the intended receiver will be able to decrypt it. Similarly, the data will not be read or altered when being transferred by an internet service provider, an application service provider, or any other unauthorized third party. The endpoints containing the cryptographic keys, will be used to encrypt and decrypt the commands. A private key will then be generated and distributed to students, parents, and teachers to be used for decryption purposes. Once received, the trio can use it to decrypt the yearbook’s content and send any comments to ACME, who will be the public key’s owner.
Hashing Technique
This method, capable of transforming data of arbitrary length into fixed-size strings or numbers using an algorithm, will help to reduce the space needed to store data while concomitantly resolving data security issues. The technique will enable MetaSpace to convert data from one set to another user-defined length and specified cryptographic algorithm. This method will be used by MetaSpace to convert student data (of any size to a fixed length) into a digest and then store the resultant information such that it becomes practically impossible to recreate the input data from the output , even if the hash function is established. When creating their accounts with MetaSpace, parents, teachers, and students will be given special passwords to use. These passwords will be hashed and then saved in the digest after being processed. The password will be entered again during the subsequent login attempts, and the digest will be compared to the prior one to ensure an exact match. Access to the system will be automatically denied if the user’s login password is incorrect. The segment below discusses how different security concerns can be addressed by cryptography through encryption.
Solutions for Vulnerabilities Mitigated by Encryption
Use of E-mails
The new system will encrypt emails using the public key infrastructure. Along with each student’s name, registration number, and email address, the key will be kept on a server and will be accessible to yearbook customers. The company would then send encrypted emails to the students and customers thanks to a program called SafeGmail that will be included in the new system. SafeGmail will be used to ensure its anonymity when the company needs to send a low-resolution PDF of the completed yearbook to the school for proofreading.
The Chrome extension (SafeGmail) will automatically encrypt emails with PGP-based cryptography by adding a short-answer question to them. The company will have to click the “Encrypt” option in Gmail once SafeGmail has been installed on the new system to use it. Then, the sender (from the company) composes a question for the recipient, whose answer is only known to the latter. Although SafeGmail does not use server-side encryption, it has been established that the service has no access to any of the messages that its users send or receive (Tushar & Mishra, 2021). This feature will ensure that the communication needs of the system are adequately met.
Remote Access
The term “Remote Access” refers to a collection of security procedures or products used to guard against unauthorized access to a company’s digital assets as well as the loss of confidential information. In this case, MetaSpace will ensure Remote Access by combining VPN, multifactor authentication, and endpoint security. Many remote users may try to access the system through unreliable network connections, such as unauthenticated Wi-Fi signals. By creating a secure connection to a private network via the internet, a Virtual Private Network can help to reduce such possibilities. High-resolution PDFs will only be available to ACME’s printing facilities and partners thanks to this functionality. To strengthen Remote Access, a VPN, strong passwords, regular updates and Multi-Factor Authentication techniques will be jointly employed.
Encrypted Flash Sticks
These flash drives make excellent data protection solutions when dealing with massive amounts of data since they use hardware-based encryption. By restricting access to USB ports and encrypting students’ data, leaving the system’s portable media, MetaSpace will use USB controls and encryption to avert a system invasion. Spyware will have a very low chance of infiltrating an endpoint system and spreading throughout the network architecture since only authorized devices are identified and linked to the system.
E-Commerce Transactions
The Secure Sockets Layer encryption will be used by MetaSpace to protect online customers when making credit card purchases of yearbooks. SSL certificates encrypt sensitive data sent over the internet, preventing hackers from intercepting it. This method will guarantee that the information only reaches the appropriate recipient (the company). Before getting to ACME’s server, customers’ data will be routed through several computers. During this process, electronic devices between the local network and the ACME server can intercept customers’ information such as usernames, passwords, and credit card numbers, if SSL certificate encryption is not present. As a result, the SSL will ensure that the data is not only unreadable by unauthorized users but further allow people to safely purchase copies of the completed yearbook using their credit cards.
Database Encryption
Techniques such as TDE, Plug-in, and API can be used to encrypt databases. Whereas the TDE approach runs encryption and decryption within the database server itself, Plug-in’s versatility allows for application-level encryption. The database encryption blended in MetaSpace will use a specific algorithm to convert data into cypher text that will allow the yearbook data to be stored on ACME’s servers, rather than on the customer’s local computer.
This approach will safeguard students’ data that is saved hence if a hacker obtains all the data, they will not interpret it. Depending on the efficiency of the system at that time, ACME may decide to upgrade the system to Full Data Encryption in the subsequent years. FDE, as the name implies, protects the entire data set, including simple texts, folders, images, and multimedia. This approach will be the greatest and most successful database encryption technique in the system as it protects the entire database. The segment below highlights remedies to defects that may not be easily mitigated via encryption.
Solutions for Vulnerabilities That Cannot Be Solved by Encryption
Use of Hashes
By applying a function to any length of data, the MetaSpace system will employ hashing to reformat it into a fixed-size number or string. For instance, the system will employ a non-encrypted HTTP protocol to make sure that passwords shared via the internet cannot be read by someone tracking the connection. Similarly, using a hash to store the password in the database will ensure that any break-ins do not present additional compromises to the system. Whereas Cloud access security will ensure that data is synchronized before being transferred to the ACME Cloud, digital certificates will confirm the authenticity and nature of the user’s device via public key infrastructure.
DRM for Yearbook Electronic Copies
Digital rights management strategies refer to a cluster of access control systems which limit the usage of digital information that is protected by cothatpyrights. Access Control (AC), a popular technological security technique, will be used by MetaSpace to limit the usage of exclusive hardware and copyrighted materials. Yearbooks, schools’ software, and multimedia content will all be monitored by AC, along with the systems that administer these rules on ACME devices. However, this feature will allow multiple people to edit the yearbooks at the same time without the need for permission or approval, especially students who are working on them.
Acceptable Rules for Accessing and Using ACME Servers and Computers
MetaSpace users will be required to consent to the terms of the Acceptable Product-Use Policy (APUP) to access the ACME network. There will be several safety protocols to ensure a user-friendly interaction with the system. Some of the guidelines in the proposed system’s APUP document include but are not limited to:
- The desktop product can be used to edit the yearbook, in addition to any new Internet version of the product.
- Each PDF for different school yearbooks will have an expiration date after which users will not access it on the system. For instance, if a yearbook was published three years ago and copies were already sent to the school, the document will be deleted from the system.
- Watermarks will be used to indicate ownership and identification on PDFs and the final pages of each yearbook.
Three Potential Vulnerabilities with Their Proposed Solutions
Whereas the majority of the risks highlighted in the earlier paragraphs will be easily mitigated, the MetaSpace system, like any other system, may have its shortcomings. Some of these vulnerabilities have been discussed below:
- The use of stronger passwords in Remote Access does not necessarily guarantee the system’s safety. These passwords can be cracked by hackers and, therefore gain unauthorized access to student’s data in the yearbook PDFs. This can be minimized by changing them from time to time. Similarly, the passwords may be too complicated for the users to remember due to the combination of different alphabets, numbers and/or symbols. Students who have strong passwords should find it necessary to write them down or save them on their devices in safe, plain texts.
- Although there are huge benefits attributed to MFA, some well-known drawbacks can easily eclipse them. For instance, introducing out-of-band segments like One-Time Passwords and other credentials lengthens the login process. Similarly, the use of MFA increases reliance on third parties when data breaches occur. These glitches can be mitigated by combining different cryptographic techniques such that in case one fails, there is a sufficient backup plan to secure the targeted data.
- In case the decryption key is lost, data retrieval may be compromised. For example, if the data manager at ACME dies, it might be hard to access the data server if he was the only person in the company with the decryption key. This can be solved by having at least three trustworthy persons to handle the same decryption key.
Recommended Features by Order of Importance
Since the company may not implement all suggestions at once, the list below highlights specific features (in their order of importance) that this paper recommends.
- Allow all of the yearbook data to be stored on ACME’s server instead of the customer’s local computers.
- Allow multiple people to edit the yearbook at the same time.
- Allow a low-resolution PDF of the completed yearbook to be available to the school for proofing. Make available high-resolution PDFs that can only be accessed by ACME’s printing facilities and partners.
- Allow people to purchase copies of the completed yearbook using a credit card.
Conclusion
Although the existing system at ACME is fully functional, the safety of students’ data is not guaranteed, nor is there any internet access for the development and purchase of yearbooks. MetaSpace comes in to address these issues through encryption to protect data from attacks while simultaneously ensuring the proper storage, communication, and processing needs of the system are met. The study of cryptographic features highlighted in this paper can be used by organizations to guide the design and implementation of appropriate solutions that address system vulnerabilities.
Reference
Tushar, A. S., & Mishra, A. (2021). “Cryptographic algorithm for enhancing data security: A theoretical approach.” International Journal of Engineering Research & Technology, 10(03). Web.