Let's start a new assignment project together, Get Exclusive Free Assistance Now!

Need Help? Call Us :

Place Order

CYBER ALGORITHMS THAT CHANGED THE FUTURE

Mar 13,23

Question:

Background:
Assignment 3: Research Paper

CSE1ACF: CYBER ALGORITHMS THAT CHANGED THE FUTURE

Individual scholarly research paper

This is an individual assignment (i.e. Assignment 3) for the “CSE1ACF: CYBER ALGORITHMS THAT CHANGED THE FUTURE” course and constitutes 40% of the total course grade.

1. Due Date

Sunday, 25-October 2020 at 23:55 pm in Melbourne time

  1. Marking

40% of the total score

  1. Format

The total length of your scholarly paper is 2500-3000 words NOTE: This is an individual assignment.

4. Goal

Demonstrate foundation knowledge in the latest algorithms for cybersecurity

Define requirements for cybersecurity algorithms and ordered steps in a formal language

Review algorithms in solving cybersecurity problems Interpret the steps required to execute an algorithm correctly

Describe the performance, accuracy and reliability of algorithms using real-world data

5. Submission of your assignment

Your assignment should be submitted through the Latrobe University Online Assignment Submission facility

ZEIT8036: Humans and Security – Mini project and scholarly paper

6. Assignment Task

In this assignment, students will work on their scholarly research paper individually. Students will be given the opportunity to identify their problem through a real world- case study according to the area of their expertise. Real-world case studies from intelligence analysis, fraud, databases, networks and firewalls will be used to illustrate how algorithms can be applied to solve problems.

Students are required to submit the scholarly research paper on the course webpage.

  • The scholarly research paper should clearly address:
    • Abstract (up to 250 words)
    • Introduction
      • What is the problem you are going to address? Real-world case studies from intelligence analysis, fraud, databases, software systems, networks and firewalls or any other area that will be used to illustrate how algorithms can be applied to solve
      • Why is this problem important or interesting?
      • Identify their problem through a real world-case study according to the area of their expertise. Real-world case studies from intelligence analysis, fraud, databases, software systems, networks and firewalls or any other area that will be used to illustrate how algorithms can be applied to solve
    • Literature review:
      • How is this problem currently addressed by others?
      • Students are required to argue how good your proposed solution is, compared to the previous ones in the
    • Methodology/Proposed solution:
      • What is the way you are proposing to address the problem?
      • Propose any new procedures and algorithms required to solve the problem.
      • Describe the system, procedure or algorithm (e.g. proposed system design, model, framework or concept etc.) you propose to design that will solve the identified
    • Discussion:
      • Discuss how your proposed solution is better than previous solutions with the support from the literature
      • Why and in what respect is your way to address this problem is going to be better than those developed by others?
    • Conclusions and recommendations
  • References:

You should cite at least 6-10 good scholarly articles in your report.

2

Formatting guide for your assignments

1. Section Numbering

The assignment report needs numbered sections to make it easy for readers to locate the information they are interested in.

Provide an abstract section which provides a concise and accurate summary of the issue (max. 200 words).

The first section to be numbered is the introduction (1). Sub-sections are labelled 1.1, 1.2, 1.3 or 2.1, 2.2, 2.3 etc. If you need further subsections you can use three

levels of heading e.g. 1.1.1, 1.1.2, 1.1.3 etc.

2. Page numbering

All pages after the title page should be numbered Arabic numerals i.e. 1, 2, 3 etc. Print your work on one side of the paper only.

3. Font

Choose a clear font (Arial, Times New Roman or Verdana). Apart from headings, all text should be font size 12. Use single line spacing.

4. Headings

You may consider using automated heading styles in Microsoft Word.

The “Styles” panel lists all possible levels of heading. It is handy to use these automatic styles if you use the automated table of contents feature in Microsoft Word.

5. Illustrations

Figures and tables should be used to illustrate concepts and summarise data to add clarity to your report.

Figures and tables need to be numbered and labelled.

6. Referencing

If you include figures or tables that you did not create yourself, you need to provide a reference.

The Academic Referencing Tool (ART) provides detailed examples of the four referencing styles; AGLC3 (Law), APA 6, Footnoting and Harvard that have been endorsed for undergraduate students by La Trobe University.

Visit http://www.lib.latrobe.edu.au/referencing-tool/ for more details.

7. Academic Integrity

Latrobe University has a set of Academic Integrity Policies (http://www.latrobe.edu.au/students/admin/academic-integrity) which states clearly that the following types of academic misconduct will not be tolerated:

  • Plagiarism: copying other people’s work without proper acknowledgement;
  • Collusion: working together on an individual assessment task; and
  • Cheating: copying from other people’s work, unauthorised access to prohibited materials, or paying someone else to do the

Latrobe University makes use of plagiarism software to detect any infringement. Any infringing student found will receive zero (0) mark for the assignment, and face the possibility of failing the whole subject, depending on the level of seriousness of the infringement.

Grading Criteria

Grade Understanding Demonstrated:

High Distinction (35-40%)

The project solves an important problem in an interesting and original way, and the solution is sound and feasible. Many techniques and methods, as well as the security-specific algorithmic knowledge studied during the course have been successfully applied to the project. The paper follows the topic sections/template given by the assignment (i.e. abstract, introduction, literature review, methodology/proposed solutions, discussion, conclusions and recommendations, and references). Includes references to methods, related studies, background sources within text; list of complete citations in appropriate style at end, and no more than 20% of all references refer to the sources that are online-only (i.e., don’t have paper versions).

Distinction (30-34%)

The project solves a somewhat important problem in an ordinary way, or the solution does not seem to be quite sound or realistic. Very few techniques and methods studied during the course have been successfully applied to the project. The paper follows the topic sections/template given by the assignment (i.e. abstract, introduction, literature review, methodology/proposed solutions, discussion, conclusions and recommendations, and references), but not exactly. Appropriate references are generally present; some may be incomplete or in incorrect style, or between 21% and 30% of all references refer to the sources that are online-only (i.e., don’t have paper versions).

Credit (20-29%)

The project solves a less important problem with a lack of depth in knowledge (e.g. security specific algorithmic knowledge). However, the solution is discussed, or the

4

solution is sound or is realistic. A fair bit of techniques, knowledge, or methods studied during the course have been successfully applied to the project. The paper follows the topic sections/template given by the assignment (i.e. abstract, introduction, literature review, methodology/proposed solutions, discussion, conclusions and recommendations, and references), but not exactly. Appropriate references are generally present; some may be incomplete or in incorrect style, or between 21% and 30% of all references refer to the sources that are online-only (i.e., don’t have paper versions).

Pass 1 (10-19%)

The project solves a not very important problem, or the solution is quite unoriginal, or the solution is not sound or is unrealistic. Almost no techniques, knowledge, or methods studied during the course have been successfully applied to the project. The paper follows the sections/template given by the assignment (i.e. abstract, introduction, literature review, methodology/proposed solutions, discussion, conclusions and recommendations, and references), but has major deviations from it. Few references are given. Style is incorrect and/or incomplete, or between 31% and 40% of all references refer to the sources that are online-only (i.e., don’t have paper versions).

Pass 2 (0-9%)

The project solves an unimportant problem, or the reported solution has been known, or the solution is unsound, incorrect, or completely unrealistic. No techniques, knowledge, or methods studied during the course have been successfully applied to the project. The paper doesn’t follow the topic sections/template given by the assignment (e.g. abstract, introduction, literature review, methodology/proposed solutions, discussion, conclusions and recommendations, and references). No references provided, or more than 40% of all references refer to the sources that are online-only (i.e., don’t have paper versions).

Answer:

CYBER ALGORITHMS THAT CHANGED THE FUTURE

Abstract

Unauthorized data access issues have become quite common inside big shot organizations. Dark web attackers are mostly targeting them and these attackers try to extract sensitive information from organizational databases and sell them on different platforms. Here, the report aims to identify an appropriate cyber algorithm that can change the lives of millions. It might save enormous data from being stolen. Systems should be thoroughly checked to find out any malicious activities. Sensitive information, which is prone to leakage, should be scanned for viruses. There is relevant information provided on a system, which is not capable of monitoring serious data threats. Here, a real life case study of Equifax is taken under consideration. This case study comes under the criteria of database fraudulent and unauthorized data access.

This case had occurred due to the carelessness of the company in renewing public key certificates. A damaged public key certificate was the main cause of illegal penetration. The particular real life case study involves the largest breach of data fraud and accessing important data of customers through unauthorized access. No update of encryption rules and policies has caused this issue. Most important fact of this entire data breach is that it was done inside an organization like Equifax and that too by outsiders. It is a matter of concern for the people inside the organization and outside of it. Customer data that was in use should engage in a controlling of access and appropriate storage. Hence, this study highlights the areas, which are important in managing unauthorized access and proposes solutions that can be useful.

Table of Contents

  1. Introduction. 4

1.1 Identification of problem.. 4

1.2 Problem addressed using algorithms. 4

1.3 Importance of problem.. 4

1.4 Real world case studies. 4

  1. Literature review.. 4

2.1 Current addressing of problem.. 5

2.2 Argument on proposed solution. 6

  1. Methodology. 7

3.1 Way of addressing problem.. 7

3.2 New procedures and algorithm for solving issues. 7

3.3 Description of system or algorithm.. 7

  1. Discussion. 8

4.1 Comparison of proposed solution and previous solution. 8

4.2 Better method of identifying issues. 9

  1. Conclusions and recommendations. 10

References. 11

 

1. Introduction

1.1 Identification of problem

This study is going to address issues of data breaches inside a reputed organization. This will highlight important cyber security threats and the process of overcoming it via using suitable cyber security algorithms. This problem is identified in terms of unauthorized data access cyber issues inside a company called Equifax. Equifax case study is identified as one of the largest data breaches of this era. Intelligence analysis of these processes can be done and it is presented in this report. There is implementation constraints observed in this case while cyber security algorithms were in use.

1.2 Problem addressed using algorithms

Problems like unauthorized data access inside an organization by organizational third parties is addressed in this case. This incident was possible with giving command to the system and accessed over 149 million customer’s records. However, by using new age cyber security algorithms, these problems can be easily mitigated.

1.3 Importance of problem

Most important fact of this entire data breach is that it was done inside an organization like Equifax and that too by outsiders. Enormous amount of information was extracted by this breach and this could be used in wrong actions as well. This information included customer’s private data like name, age and address. It also included financial statements of customers along with their credit eligibility. This organization does the job of storing information of individuals that are eligible for credits. Driving license and password are important files that are stored in a database.

1.4 Real world case studies

Comprehensive reports of car histories are provided by this organization. Introduction to the real world case study includes an attack on Equifax with an access to personal information of over 100 million people. It is regarded as one of the largest data thefts so far in this data analysis industry. This attack took place in 2019 (Equifax.com, 2020). Equifax had to pay $700 million in compensation for this data breach. Hackers gained access to details like customers’ age, name and personal details. However, data breach and fraudulent areas of expertise can be solved by using cyber algorithms in no time. Proposed cyber algorithm includes uses of AES.

2. Literature review

2.1 Current addressing of problem

Individual details of civilians in 21 countries were in danger after this attack was conducted. This problem can be accessed in terms of using an unauthorized access securing algorithm. Cyber algorithms that have changed lives can be remarked as AES algorithms. This is identified as an encryption algorithm. It is expected to overcome the issues faced in unauthorized access to sensitive data content. Individual customers were asked to claim upto $200000 compensation (Oaic.gov.au, 2020). In 2016, this organization had become one of the largest credit information holders. Several stakeholders like the mortgage brokers, finance providers were skeptical to continue relations with this organization. Hackers were able to access the company’s server by using a known vulnerability. This organization did not tackle any straightforward actions even though it was informed about a severe data breach. There was no update made on encryption standards. Equifax had taken 76 days starting from the day of attack to realize that they were under danger. The attack took place in March 2019.

This attack of Equifax can be categorized as a data breach fraud and unauthorized database access. Other people currently address this problem area as well. There is maximum information gained on extracting data from reputed company databases and selling it to the dark web. As highlighted by Lending, Minnick and Schorno (2018), hackers were capable of accessing unencrypted data from customer complaint portal. It was observed that as a remedy this organization created a secondary domain. This resembled a phishing or spam domain and is criticized highly. The known vulnerability can be addressed as a struts vulnerability and requires a better implementation of encryption algorithms and certifications. In case attackers send malicious HTTP requests with malicious codes engaged inside content type header, then struts might be tricked for executing that vulnerability. These vulnerabilities cannot be identified even after a series of scans.

A number of poor data governance practices resulted in such destruction of Equifax containing information of millions of people. Even though Equifax had enough tools for sniffing out data exfiltration events, it was of no use as no security patches were upgraded. In order to re-encrypt the traffic company like Equifax purchase public key certificates from third parties and annual renovation is required. More than 40% of the United States were at stake and affected information traffic (Equifax.com, 2020). Chinese state sponsored attackers were largely associated with this attack. The main purpose identified of this attack was espionage and not theft.

2.2 Argument on proposed solution

Figure 1: AES working protocol

(Source: Equifax.com, 2020)

Proposed solution includes an encryption algorithm for end-to-end protection of data and management of identities of the people that are included inside this organization. As highlighted by Lending, Minnick and Schorno (2018), advanced encryption standards are wired equivalent for the encryption process. Prevention of injecting unauthorized data into networks is done using AES. According to latest reports, $1.4 billion was spent on upgrading security as well. Personal identification of data was not expected to be dumped in bins like Equifax. It is never recommended to perform such activities. The proposed solution is good enough to address specific system issues. There are sustainable uses of encryption policies that enable an organization to prevent data losses from databases. Working function of AES algorithm includes:

  • Substitution of steps
  • Row-shifting steps
  • Column-mixing steps
  • Round key addition steps

Encryption algorithms can be a stronger approach to mitigate unauthorized access. It usually works on 127 bits of fixed data block for encryption. There is AES-192, which uses 192 bits of encryption key and it usually has 12 rounds (Csoonline.com, 2020). Processing steps ensure a conversion of plaintext to cipher text. 256-bit encryption might have 14 rounds of working algorithm execution. Rijndael block cipher is chosen for complete management of AES algorithm (Oaic.gov.au, 2020). It is so far the best algorithm for preventing unauthorized access as data is divided into different blocks as a primary step. Therefore, the key expansion is done and the systematic order of execution is completed. AES is defined as a symmetric algorithm. Database encryption and application encryption is relative parts of this process. Customizing the encryption process has become one of the common goals of organizations like Equifax. A private key is applied to the data, which is not readable until and unless decrypted using relevant keys. Transferring keys from sender to receiver is also done.

3. Methodology

3.1 Way of addressing problem

This problem is specifically going to be addressed using secondary qualitative methodology. Research will be done on available resources on the internet. As mentioned by Hameed, Ibrahim and Abd Manap (2018), different organizational data will be managed through qualitative analysis. Thematic analysis will be done based on circumstances and the proposed solution will require an optimization of algorithms.

3.2 New procedures and algorithm for solving issues

There is a new procedure of solving the issue Equifax is implementing the AES algorithm. As expressed by Maher et al. (2019), previous solutions are quite ineffective and hence require the-identification process. Enabling different privacy acts can be important and it will engage in meeting obligations. Robust de-identification processes are not always associated with personal information. It engages relevant release contexts as well. It will involve two most important steps such as:

  • Alternate action taking and removing information which might be dangerous for individuals
  • Uses of appropriate elements to safeguard data access environment in prevention of re-identification

Incorporation de-identification, privacy enhancement tool along with AES algorithm can jointly solve the issues of Equifax and deal with unauthorized data access menace.

3.3 Description of system or algorithm

Figure 2: AES-256 encryption mechanism in ATP securEncrypt

(Source: Oaic.gov.au, 2020)

This proposed algorithm is AES, which includes a round key addition step in managing access. As opined by Yaraghi and Gopal (2018), uses and disclosure of personal information can be limited and organizational operations can be managed. National security agencies will be followed for data protection standards and rules. For smaller subsets of data, AES flash storage processes can be invoked. Random number generation is done that passes on to AES engines. This is then organized as a part of plain text based encryption to cipher text. Unauthorized access is largely determined as gaining access to the organization data and network through end-point loopholes.

Uses monitoring tools to expose any vulnerable activities are required. Malware protection and prevention of unauthorized activities are done in business-to-business activities. As explained by Algredo-Badillo et al. (2018), after encryption, the AES engine sends it to NAND flash for storage. Even hardware based security modules can be managed under this tag of AES algorithms. 256-bit symmetric encryption cyber algorithms can give protection beyond encryption in today’s contact. ATP secureEncrypt provides a number of benefits including a variety of multi-level security suites. Illegal copying of data will be safeguarded after applying this mechanism. It will also be focused on that the data is not slowed down and costumes do not face any trouble.

4. Discussion

4.1 Comparison of proposed solution and previous solution

Initially this company Equifax had created a secondary domain called equifaxsecurity2017.com. These moves are not appropriate as this domain resembles a phishing scam one. Customers had trouble in trusting the site completely (Csoonline.com, 2020). Since, there was an involvement of customer’s private information; it was a trouble to trust the new website. Customers started to lose their trust and they thought that their security was compromised.

However, in this new proposed solution, there is practically no threat observed for customer’s confidential data. As stated by Laaksonen (2018), it was in secure hands and under control of a 256-bit encryption process. Moreover, some alternate actions can be taken and removing information, which might be dangerous for individuals, can be done as a part of de-identification. Uses of appropriate elements to safeguard the data access environment in prevention of re-identification are important in managing significant amounts of data. Company had taken more than a month to make an understanding of the data breach and defected internal control system. With application of AES a prevention system can be designed that will prioritize encryption.

There will be uses of encryption keys and more value will be given to the updation of encryption modules. As commented by Kumar (2019), this organization Equifax is also suggested to design a necessary audit control system for scanning internal issues about data protection. Creating a sustainable policy for managing individual records can be essentially upgraded. Building a huge data lake can be sometimes ineffective for organizations like Equifax. It is required to manage the black mail attempts by intruders as well.

It is observed that existing literature are mostly focused on identification of problems not in remedy. Many literatures suggest using firewalls and IDS. They are more focused on intrusion detection that identified the primary level of intrusion to a network. However, prevention can be created by using encryption algorithms that work better in any situation.

4.2 Better method of identifying issues

This method of identifying issues can be better as the issue will be solved in a few seconds. There are wide varieties of AES encryption algorithms that are used by different organizations from different industries. Issues can be identified in terms of data breaches and stealing important organizational assets. As depicted by Tempini and Leonelli (2018), there is proper implementation methodology followed and systematic management of steps done by experts. Equifax ID protection services can be encrypted as well to ensure a complete understanding of opportunities and managing the core data modules. Affected people should be enrolled in separate DMZ servers and it should be monitored for any suspicious activities in their accounts.

This method is considered to be better than other mediums as there is one single sender associated with one single receiver here. Moreover, execution of secure channels manages secret. As described by Mikhed and Vogan (2018), key authorization and ciphertext concepts. Plaintext is received at the encryption server and the decryption server has ciphertext attributes. Now the entire plain text is received by passing through a decryption server by the receiver. Secret keys are always important in this sender and receiver chronology. Creating a solution by utilizing algorithms and a use of de-identification process is expected to be beneficiary for this unauthorized data access issues and fraudulent activities in databases of Equifax.

5. Conclusions and recommendations

It is recommended to remove direct identifiers from organizational databases. It includes an overall management of sensitive data and leveraging privacy act standards. De-identification cannot alone eliminate all possible threats. Some probable solutions to manage unauthorized data access issues include the following details such as:

  • Incorporation of data protection standards
  • Meeting community expectation by storing personal and sensitive content in demilitarized servers
  • Building policy for identification of any insider threat
  • Installation of firewall for application layer security
  • Access limitation by using encryption algorithms (Csoonline.com, 2020)
  • Uses of de-identification method for common record management
  • Uses of updated encryption keys and certification
  • Regular security patch installation and update management
  • Secure access checking of objects by conducting a regular scan of systems

Systems should be thoroughly checked to find out any malicious activities. Sensitive information, which is prone to leakage, should be scanned for viruses. Databases of companies like Equifax should consider vulnerability checking as a part of their weekly audit. Removal of struts vulnerability can be a good step towards the management of data access.

References

Books

Kumar, R., 2019. Research methodology: A step-by-step guide for beginners. United States: Sage Publications Limited.

Laaksonen, S., 2018. Survey Methodology and Missing Data. Berlin: Springer.

Journals

Algredo-Badillo, I., Castillo-Soria, F.R., Ramirez-Gutierrez, K.A., Morales-Rosales, L., Medina-Santiago, A. and Feregrino-Uribe, C., 2018. Lightweight Security Hardware Architecture Using DWT and AES Algorithms. IEICE TRANSACTIONS on Information and Systems, 101(11), pp.2754-2761.

Hameed, M.E., Ibrahim, M.M. and Abd Manap, N., 2018. Review on improvement of advanced encryption standard (AES) algorithm based on time execution, differential cryptanalysis and level of security. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1), pp.139-145.

Lending, C., Minnick, K. and Schorno, P.J., 2018. Corporate governance, social responsibility, and data breaches. Financial Review, 53(2), pp.413-455.

Maher, N.A., Senders, J.T., Hulsbergen, A.F., Lamba, N., Parker, M., Onnela, J.P., Bredenoord, A.L., Smith, T.R. and Broekman, M.L., 2019. Passive data collection and use in healthcare: A systematic review of ethical issues. International journal of medical informatics, 129, pp.242-247.

Mikhed, V. and Vogan, M., 2018. How data breaches affect consumer credit. Journal of Banking & Finance, 88, pp.192-207.

Tempini, N. and Leonelli, S., 2018. Concealment and discovery: The role of information security in biomedical data re-use. Social studies of science, 48(5), pp.663-690.

Online Article

Yaraghi, N. and Gopal, R.D., 2018. The role of HIPAA omnibus rules in reducing the frequency of medical data breaches: Insights from an empirical study. The Milbank Quarterly, 96(1), pp.144-166 .[Online], Available at: < https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5835681/> [Accessed on 29/09/2020]

Websites

Csoonline.com, 2020. Equifax data breach FAQ, Available at: <https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html> [Accessed on 29/09/2020]

Equifax.com, 2020. About Us, Available at: <https://www.equifax.com/about-equifax/> [Accessed on 29/09/2020]

Oaic.gov.au, 2020. De-identification and the Privacy Act, Available at: <https://www.oaic.gov.au/privacy/guidance-and-advice/de-identification-and-the-privacy-act/> [Accessed on 29/09/2020]

0 responses on "CYBER ALGORITHMS THAT CHANGED THE FUTURE"

Leave a Message

Your email address will not be published. Required fields are marked *