Cryptography System for B Manufacturing Company

Encryption

The security of data and information of the B manufacturing is paramount. The computer network represents one area that is vulnerable to security compromise, which might be detrimental to the prosperity of the company. Therefore, it is would be useful to encrypt data or information Schneier, 2001) that is stored in or transmitted through the B manufacturing computer network. In particular, encryption is possible and necessary in all the nodes (refer to the appendix). However, it is of most importance that data that is accessible through node 1, node 2 and node 3 be encrypted because these areas link the company network to the outside. Nonetheless, encryption is also important for information that would be accessed through node 5 and node 6.

A layer 2 encryption where the data link layer is involved would be the most suitable for the B manufacturing network. Characteristically, layer 2 encryption has not had many hurdles when installing, and, furthermore, it can bear all kinds of protocols; nonetheless, additional devices are required to implement it. A hybrid type of encryption that utilizes both the public key algorithms and symmetric algorithms would be ideal for the B manufacturing network.

A public-key cryptography system is ideal for the entire B manufacturing network. This system would involve the use of a public key to encrypt data and a private key to decrypt data. Of importance is node 6 which involves the use of credit card information. Therefore, it would be vital to make sure that the key length is sufficient, not only for node 6 but also for other nodes, to guarantee security.

The RSA algorithm and elliptic curve algorithm (ECC) are credible algorithms to use for encrypting data (Electronic Frontier Foundation 1998). A general recommendation is that RSA public keys length of 1024 bits is sufficient enough to provide security to a system; nonetheless, a public key of 3072 bits long should be used to cater for future developments (RSA Laboratories 2003). For the E.C.C. cryptography system, a 384-bit key is appropriate to keep data secure (Schneier 2001).

The Array controller-based encryption could be suitable for node 5. This kind of encryption is done at the disk array controller prior to the delivery of data to the disk drives and backup tapes. Furthermore, encryption can be affected at the server’s hard disk, the Storage Area Network infrastructure.

Node 2 would be best served by encryption schemes such as Wi-Fi Protected Access (WAP) and Wi-Fi Protected Access 2 (WPA2), which are designed with particular attention to the securities issues of wireless networks.

Wireless access point and security

The use of wireless access points (WAP) requires special consideration as far as security is concerned. This is so because as anyone within the area that the WAP covers has a signal receiving device, he or she can access the network. Therefore, it would be critical to implement wireless traffic encryption such as WPA or WPA2 as well as security protocols for network access authentication to prevent unauthorized access to the network. The choice of WPA and WPA2 is because they are secure as compared to first-generation encryptions (cite).

Authentication for the WAP network would require the use of a RADIUS (Remote Authentication Dial in User Service) protocol as well as authentication servers. A Chilisoft authentication would be suitable because it would allow the separation of the wired local area network (LAN) from the WAP-based LAN. The Linux-based DD-WRT v24 firmware could be used to achieve this authentication.

Cryptographic protocols

Cryptographic protocols are vital in a computer network. Besides “formalizing behaviour”, they “abstract the process of accomplishing a task from the mechanism by which the task is accomplished” (Schneier, 2001). This is achievable through various cryptographic protocols.

There are three main categories of cryptographic protocols that can be used in the B manufacturing computer network: arbitrated, adjudicated, and self-enforcing protocols. It is worth noting that a protocol in this context refers to a chain of steps that involve more than one party and are meant to do a particular task (Schneier, 2001); a cryptographic protocol involves encryption or cryptography. The arbitrated protocols are characterised by the use of an arbitrator who ensures that each party performs his or her role; the arbitrator, in this respect, must be trusted by all the parties involved in the protocol. On the other hand, adjudicated protocols involve an arbitrated sub-protocol and a non-arbitrated sub-protocol. However, this arbitrated sub-protocol is executed only when there are disputes, where the arbitrator (or the adjudicator in this case) determines through existing data the problem and culprit. Unlike arbitrated protocols that prevent cheating, adjudicated protocols detect cheating. Self-enforcing protocols do not require an arbitrator nor an adjudicator. Instead, they are designed so that there are no disputes that arise. Furthermore, in the event that one party attempts to cheat, the other party is able to uncover the cheating immediately and the protocol halts. Self-enforcing protocols are the best (Schneier, 2001) and would be ideal for the B manufacturing computer network.

Node 2

There is a need to thoroughly cryptoanalyse node 2 because it represents a very risky section of the B manufacturing network as far as security is concerned. It is possible for outsiders to tap data being transmitted through the network as long as they have a device that receives the signal. Although wireless traffic authentication would prevent unauthorized access, it is not always a guarantee that outsiders cannot connect to the network. In this regard, therefore, encryption of data is very crucial.

The self-enforcing cryptographic protocols would be the most suitable for this section of the network. The choice for this encryption is so that to prevent any disputes at all. It is possible that many of the network data originating or arriving at this section of the network are from outside. It would be time-consuming and expensive to start engaging in the processes of solving disputes or employing arbitrators, as is the case with the adjudicated protocols and arbitrated protocols respectively. On the other hand, adjudicated protocols would be suitable for node 6 since it is easier to adjudicate any cheating if it occurs within the system.

Node 6

The adjudicated protocol feature two sub-protocol where one requires an arbitrator when a dispute arises, while the other sub-protocol is not arbitrated at all. This protocol is less expensive because an arbitrator is brought in when there is a dispute, it saves time, and this part of the network has the advantage in that it would be easier to adjudicate cheating issues because they are based within the company.

Assuming that object 1 originates from party 1, object 2 originates from party 2, and there is a trusted adjudicator, the protocol is implemented as follows: The non-arbitrated sub-protocol is executed all the time,

1. Party 1 and party 2 agree on terms
2. Party 1 makes commitments
3. Party 2 makes commitments

The arbitrated sub-protocol is executed when there is a dispute:

1. Party 1 and party 2 appear before the adjudicator
2. Party 1 presents evidence
3. Party 2 presents evidence
4. The adjudicator makes a judgement based on evidence.

There is also the need to replace the 1^st hub and the production office hub with switches. This is because the wireless access point makes the entire wired local area network slow (CIS370). Additionally, the production section of the network uses computer applications that are heavy and these kinds of data would cause the rest of the network to be slow. A bridge, in this respect, would make it possible to split the network so that these parts that cause slow transmission of data are placed on one side.

References

CIS370, Ethernet.

Electronic Frontier Foundation 1998, Cracking DES, O’Reilly and Associates, New York.

RSA Laboratories 2003, TWIRL and RSA Key Size.

Schneier, B 2001, Applied cryptography: protocols, algorthms, and source code in C, (2^nd edn.), Routledge, New York.

Siegel, A 1956, Automatic programming of numerically controlled machine tools, Control Engineering, vol. 3, no. 10, pp. 65-70.