Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title BTEC HND in Cyber Security

MR. Bevan Kanishka

Assessor Internal Verifier
Unit 30: Applied Cryptography in the Cloud
Unit(s)

Assignment title
R.M.S.I.Rathnayaka/E195687
Student’s name
List which assessment criteria Pass Merit Distinction
the Assessor has awarded.

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive? Y/N
• Linked to relevant assessment criteria? Y/N
Y/N
• Identifying opportunities for
improved performance?
Y/N
• Agreeing actions?
Does the assessment decision need Y/N
amending?

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature(if required)
Date
Confirm action completed
Remedial action taken
Give details:

Assessor signature Date

Internal Verifier
signature Date

R.M.S.I.Rathnayaka | E195687 | ACCPage 1

Programme Leader
signature (if required) Date

R.M.S.I.Rathnayaka | E195687 | ACCPage 2

Higher Nationals - Summative Assignment Feedback Form
Student Name/ID R.M.S.I.Rathnayaka/E195687

Unit Title
Assignment Number 1 Assessor
03/11/2024 Date Received
Submission Date 1st submission
Date Received 2nd
Re-submission Date submission

Assessor Feedback:
LO1 Analyse encryption ciphers and algorithms as methods to secure data in a cloud
environment
Pass, Merit & Distinction P1 P2 M1 D1
Descripts

LO2 Discuss security risks and issues related to public key encryption in practice
Pass, Merit & Distinction P3 M2 D2
Descripts

LO3 Demonstrate the use of cryptographic and cryptoanalysis tools for improving security in
a virtual private network
Pass, Merit & Distinction P4 P5 M3 M4 D3
Descripts

R.M.S.I.Rathnayaka | E195687 | ACCPage 3

 LO4 Evaluate advanced encryption protocols and their application for an organisation
considering a move to the cloud
Pass, Merit & Distinction P6 P7 M5 D4
Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have been agreed at the assessment board.

Assignment Feedback
Formative Feedback: Assessor to Student

R.M.S.I.Rathnayaka | E195687 | ACCPage 4

Action Plan

Summative feedback

Feedback: Student to Assessor

Assessor signature Date

Student signature Date

R.M.S.I.Rathnayaka | E195687 | ACCPage 5

Pearson Higher Nationals in
Computing
Unit 30: Applied Cryptography in the Cloud
Assignment 01

R.M.S.I.Rathnayaka | E195687 | ACCPage 6

General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as your cover sheet and make sure all the details are
accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.

R.M.S.I.Rathnayaka | E195687 | ACCPage 7

 4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page Number on each pag e. This is useful if individual sheets
become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory information. eg: Figures, tables of comparison etc. Adding text
boxes in the body except for the before mentioned compulsory information will result in rejection of your work.
2. Avoid using page borders in your assignment body.
3. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not be accepted.
4. Ensure that you give yourself enough time to complete the assignment by the due date.
5. Excuses of any nature will not be accepted for failure to hand in the work on time.
6. You must take responsibility for managing your own time effectively.
7. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in writing) for an extension.
8. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
9. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be asked to complete an alternative assignment.
10. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD referencing system to avoid plagiarism. You have to provide
both in-text citation and a reference list.
11. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to A REFERRAL or at worst you could be expelled from the
course

R.M.S.I.Rathnayaka | E195687 | ACCPage 8

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own without attributing the sources in the
correct form. I further understand what it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of Edexcel UK.
3. I know what the consequences will be if I plagiarise or copy another’s work in any of the assignments for this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my own, and where I have made use of another’s work, I
will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement between myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the assignment.

e195687@esoft.academy 03/11/2024
Student’s Signature: Date:
(Provide E-mail ID) (Provide Submission Date)

R.M.S.I.Rathnayaka | E195687 | ACCPage 9

R.M.S.I.Rathnayaka | E195687 | ACCPage 10
Higher National Diploma in Computing
Assignment Brief
Student Name /ID Number R.M.S.I.Rathnayaka/E195687

Unit Number and Title Unit 30: Applied Cryptography in the Cloud

Academic Year 2022/23

Unit Tutor

Assignment Title LAN Design & Implementation for Enclave Films Company

Issue Date

Submission Date 03/11/2024

IV Name & Date

Submission format

The submission is in the form of an individual technical report. This should be written in a concise,
formal business style using single spacing and font size 12. You are required to make use of headings,
paragraphs and subsections as appropriate, and all work must be supported with research and referenced
using the Harvard referencing system. Please also provide an end list of references using the Harvard
referencing system.
The recommended word count is 3,000–3,500 words for the report excluding annexures, although
you will not be penalised for exceeding the total word limit.
Unit Learning Outcomes:

R.M.S.I.Rathnayaka | E195687 | ACCPage 11

 LO1Analyse encryption ciphers and algorithms as methods to secure data in a cloud
environment.

LO2Discuss security risks and issues related to public key encryption in practice

LO3Demonstrate the use of cryptographic and cryptoanalysis tools for improving

security in a virtual private network.

LO4Evaluate advanced encryption protocols and their application for anorganisation

considering a move to the cloud.

Assignment Brief and Guidance:

R.M.S.I.Rathnayaka | E195687 | ACCPage 12

 Scenario
ShipCargo is a freight forwarding company which uses an on-prem ERP system
and a database. However, the management decided to move to the cloud for
better availability, resiliency and to minimise the complexities and cost of
management. You have been appointed by the management to do a technical
report with the following tasks to support them so thar a better and informed
decision can be taken.

Activity
Write a technical report on the use of cryptography for the security on the
cloud as follows.

Task 1
Compare and critically analyse the fundamental differences, advantages and
drawbacks between stream cipher and block cipher. Simple examples can be
used in explanations.Discuss the improvements that can be introduced to
ShipCargo cloud by stream cipher. Justify your answer.
Ciphers like DES and AES use bitwise XOR operations in their algorithm.
Implement an algorithm to show how a 4-bit input can be encrypted with a 4-
bit key using XOR function. Provide screenshots of the code.

Task 2
Discus how public key algorithms can be used to provide authentication and
confidentiality to ShipCargo and discuss the security vulnerabilities of
encrypting with a single key.Analyse the benefits and importance of using
encryption techniques (Eg: KEMs, DEMs, PKEs) to secure a public key system

R.M.S.I.Rathnayaka | E195687 | ACCPage 13

 and provide justified recommendations suitable for securing public key
algorithms.

Task 3
Illustrate with diagrams, the encryption and decryption process in PKI
environment for the cloud solution proposed for ShipCargo. Identify and
assess the security risks and challenges likely to occur when using a cloud-
hosted PKI in the company’s private network.
Design a security case for an identified threat for ShipCargo and implement
the designed case using suitable cryptography and cryptoanalysis tools.
Provide a critical review of the implemented system and how it meets the
intended security objectives of the company with any suggestions for further
improvements.

Task 4

Evaluate the key benefits of using a range of cryptography and hybrid

cryptosystems to improve cloud security of ShipCargo. You also need to assess
common factors that may influence organization’s choice of cloud systems in
order to improve security. Use examples from the industry or the chosen
organization to support your answer.

Select and critically analyse the suitable cryptography and cryptosystems to

protect data within ShipCargo. Finally, justify the use of different cryptographic
applicationsthat you think is suitable for itsmove to the cloud.

R.M.S.I.Rathnayaka | E195687 | ACCPage 14

R.M.S.I.Rathnayaka | E195687 | ACCPage 15
Contents
Introduction......................................................................................................................................................................................................... 21
Task 1: Encryption Techniques for Cloud Security at ShipCargo....................................................................................................................... 22
1.1 Symmetric Key Encryption....................................................................................................................................................................... 22
1.2 Stream Cipher and Block Cipher............................................................................................................................................................... 22
1.3 Application at ShipCargo: Stream Cipher vs. Block Cipher......................................................................................................................25
1.4 Example Code Implementation: 4-Bit XOR Encryption in Python........................................................................................................... 26
Task 2: Symmetric vs. Asymmetric Encryption and Hybrid Cryptosystems...................................................................................................28
1. Key Distribution and Management.............................................................................................................................................................. 35
2. Single Key for All Communications........................................................................................................................................................... 35
3. No Forward Secrecy.................................................................................................................................................................................... 35
Mitigation Strategies....................................................................................................................................................................................... 36
Hybrid Cryptosystems at ShipCargo............................................................................................................................................................... 37
Application at ShipCargo:............................................................................................................................................................................... 38
3.2 Security Risks and Challenges in Cloud-Hosted PKI................................................................................................................................ 45
3.3 Business Scenario: Implementing PKI at ShipCargo................................................................................................................................. 46
Enforcing PKI for customer authentication and data integrity offers ShipCargo a robust frame to secure sensitive freight information and
enhance trust among stakeholders. By using digital instruments for authentication and digital autographs for icing document integrity,
ShipCargo can more cover its data means, grease secure deals, and ameliorate overall functional effectiveness in the pall terrain........46
3.4 Security Case Design for ShipCargo: Cryptographic and Cryptanalysis Tool Selection...........................................................................47

R.M.S.I.Rathnayaka | E195687 | ACCPage 16

4.1 Hybrid Cryptosystems for Enhanced Cloud Security.................................................................................................................................... 48
Role of Hybrid Cryptosystems in Cloud Security............................................................................................................................................ 49
Data Protection and Security Justification....................................................................................................................................................... 49
4.2 Role of Cryptography in Achieving Business Objectives..............................................................................................................................50
Applications of Cryptography in Business Scenarios...................................................................................................................................... 50
Cryptographic Methods and Business Objectives Summary........................................................................................................................... 51
4.3 Factors Influencing Organization’s Choice of Cloud Systems for Security Improvement.............................................................................52
Comparison of On-Premises and Cloud Storage............................................................................................................................................. 52
Conclusion.......................................................................................................................................................................................................... 55

Table of Figures
R.M.S.I.Rathnayaka | E195687 | ACCPage 17
figure 1
figure 2
figure 3
figure 4
figure 5
figure 6
figure 7
figure 8

Table of Table

Table 1___________________________________________________________________________________________________________________________________26
Table 2___________________________________________________________________________________________________________________________________41
Table 3___________________________________________________________________________________________________________________________________51

R.M.S.I.Rathnayaka | E195687 | ACCPage 18

Acknowledgement

Acknowledgement I would like to express my sincere gratitude to Mr. Bevan Kanishka for his invaluable guidance and support throughout the
duration of this report. His expertise and encouragement were instrumental in the successful completion of this report. I am also thankful for
his insightful lectures on applied cryptography in the cloud, which provided a strong foundation for my study. Additionally, I would like to
thank my friends and family for their continuous support and encouragement. R.M.S.I.Rathnayaka.

Importance of moving ShipCargo to Cloude

ShipCargo, a freight encouraging company, has made the strategic decision to transition from its current on demesne ERP system and database
to a pall- grounded result. This move is driven by the company's desire to enhance its functional capabilities and address several crucial
challenges. By migrating to the pall, ShipCargo aims to achieve better vacuity of its systems, icing that critical business operations can be
penetrated and maintained with minimum time-out. The pall's essential adaptability will give advanced disaster recovery and data protection
capabilities, securing the company's precious information. also, this transition is anticipated to significantly reduce the complications
associated with managing on demesne structure, allowing the IT platoon to concentrate on further value added tasks. From a fiscal
perspective, the move to the pall is anticipated to optimize costs by shifting from a capital ferocious model of retaining and maintaining

R.M.S.I.Rathnayaka | E195687 | ACCPage 19

tackle to a more flexible, functional expenditure model. This strategic shift demonstrates ShipCargo's commitment to using ultramodern
technology to enhance its competitive position in the freight forwarding assiduity and ameliorate overall functional effectiveness.

Importance of cryptography in ensuring cloud security

Cryptography plays a pivotal part in icing pall security by guarding data confidentiality, integrity, and authenticity, making it one of the
most effective mechanisms to guard sensitive information stored, reused, or transmitted in pall surroundings. Then’s a near look at why
cryptography is essential for pall security
1. Data Confidentiality
Cryptography ensures that only authorized druggies can pierce data by transubstantiating readable data
into an undecipherable format using encryption ways. In pall surroundings, data is frequently stored on
participated waiters and penetrated over the internet, adding the threat of unauthorized access. By
cracking data before storing or transmitting it, pall service providers and druggies can cover it from being
interdicted or penetrated by vicious actors. Advanced encryption styles, like AES( Advanced Encryption
Standard), insure data remains secure both in conveyance and at rest.
2. Data Integrity
Cryptographic mincing functions, similar as SHA- 256, are used to corroborate data integrity. mincing
generates a unique digital point of data that changes if the data is altered. In pall surroundings, this helps
descry any unauthorized variations or tampering. icing data integrity is vital, especially in pall storehouse,
where druggies calculate on providers to keep their data complete and unchanged.

R.M.S.I.Rathnayaka | E195687 | ACCPage 20

 3. Authentication and Access Control
Public- crucial cryptography is frequently used in pall systems to insure secure authentication. By using
digital instruments and asymmetric encryption, druggies can authenticate their identity and establish secure
connections. Authentication styles similar as digital autographs help corroborate the legality of a stoner or a
system trying to pierce data, reducing the threat of unauthorized access and precluding common pall security
pitfalls, like account kidnapping and spoofing.
4. Data sequestration and Compliance
In pall surroundings, data sequestration is a major concern, particularly with regulations like GDPR and
HIPAA. Cryptography ensures that indeed if data is penetrated by unauthorized druggies, it remains
undecipherable without the decryption key. This is essential for maintaining stoner sequestration and
complying with legal norms. pall providers that apply strong cryptographic measures help druggies meet
these nonsupervisory conditions, icing that particular and sensitive information is adequately defended.
5. Secure Data participating and Collaboration
Cryptography enables secure sharing and collaboration in the pall by allowing druggies to partake
translated data without exposing sensitive information. ways like homomorphic encryption allow
calculation on translated data without decoding it, enabling secure pall computing operations without
compromising data sequestration. This is particularly useful in cooperative surroundings where multiple
druggies need access to sensitive data while maintaining high security.

R.M.S.I.Rathnayaka | E195687 | ACCPage 21

 6. Protection Against Advanced Threats
pall surroundings are susceptible to sophisticated attacks, including man- in- the- middle attacks, bigwig
pitfalls, and data breaches. Cryptographic protocols, similar as SSL/ TLS( Secure Sockets Subcaste/ Transport
Layer Security), help secure dispatches by cracking data as it moves between guests and pall services.
Cryptography also supports end- to- end encryption, making it harder for bushwhackers to pierce or
manipulate data in conveyance.
7. Key Management and Control
Effective cryptographic crucial operation is essential to cloud security. pall druggies need to insure that
encryption keys are stored, managed, and rotated securely. Poor crucial operation can expose data to
unauthorized access indeed if it’s translated. Advanced crucial operation services( KMS) handed by pall
providers allow druggies to have control over encryption keys and establish robust access programs, adding
an redundant subcaste of security.

Introduction

Freight forwarding companies act as intermediaries, organizing the transportation and logistics required to move goods from one place to
another. Their operations include coordinating shipments, handling customs documentation, and managing transport logistics for clients. Using
robust IT systems, freight forwarders track shipments, manage inventory, and ensure compliance with international trade regulations.

Moving ShipCargo’s system to the cloud presents several advantages. Cloud infrastructure offers scalability, availability, and reduced
infrastructure maintenance costs (Hassan, 2019). By hosting its ERP system on the cloud, ShipCargo can achieve improved performance,

R.M.S.I.Rathnayaka | E195687 | ACCPage 22

efficient data handling, and better disaster recovery options. Cryptographic techniques, such as encryption, play a vital role in securing sensitive
client and shipment data. Implementing cryptography ensures data confidentiality, integrity, and access control, which are crucial in protecting
business and customer information in transit and at rest (Stallings, 2016).

Task 1: Encryption Techniques for Cloud Security at ShipCargo

1.1 Symmetric Key Encryption

Symmetric key encryption is a type of encryption where the same key is used for both encryption and decryption processes. This method
requires that the key be kept secret and shared only between the sender and the receiver. For example, if Plaintext (P) is encrypted using a Key
(K), the output is Ciphertext (C). Decrypting C with K returns the original P (Diffie & Hellman, 1976).

1.2 Stream Cipher and Block Cipher

Stream Cipher
Stream Cipher A sluice cipher encrypts plaintext data one bit or byte at a time, exercising a crucial sluice creator to produce an apseudo-
random sequence of bits. the crucial sluice). This crucial sluice is combined with plaintext using the XOR(exclusive OR) operation. The XOR

R.M.S.I.Rathnayaka | E195687 | ACCPage 23

operation is significant because it has the property that if you XOR a bit with 0, it remains unchanged, and if you XOR it with 1, it flips. Thus,
if the crucial passage is arbitrary and kept secret, the affair will appear arbitrary and secure. Illustration RC4 RC4 is one of the most well-
known sluice ciphers, designed by Ron Rivest in 1987. It is frequently used in operations similar to SSL/ TLS for secure internet dispatches.
Advantages Real-time felicity Stream ciphers can cipher and decipher data as it is being transmitted, making them ideal for real-time
operations like voice and videotape streaming where low quiescence is pivotal. Effectively, they generally bear lower memory since they do
not need to store large blocks of data formerly,, which is especially useful in constrained surroundings, similar to bedded systems. Downsides
crucial Stream Reuse Vulnerability One of the most critical sins of sluice ciphers arises if the same crucial sluice is used for multiple
encryption sessions. This can lead to vulnerabilities where bushwhackers may recover plaintext or decide information about the key. Quality
of Randomness The security of a sluice cipher is heavily dependent on the quality of the pseudo-random bits generated. However, it may lead
to predictable patterns that bushwhackers can exploit if the randomness is inadequate. Block Cipher In discrepancy, a block cipher processes
data in fixed-size blocks e. g, 64 or 128 bits) rather than one bit or byte at a time. Each block of plaintext is converted singly through a series of
fine operations defined by an encryption algorithm and a secret key. Exemplifications DES and AES Data Encryption Standard(DES) A
heritage algorithm that processes 64- bit blocks and uses a 56- bit crucial. DES has largely been replaced by further secure algorithms due to its
vulnerability to brute-force attacks. Advanced Encryption Standard(AES) The successor to DES, AES encrypts data in 128- bit blocks and
supports crucial sizes of 128, 192, or 256 bits, making it much more secure. Advantages Enhanced Security Block ciphers can give stronger
security against colorful types of attacks due to their structure and the complexity of the operations performed on each block. They generally
use multiple rounds of metamorphoses that make it more delicate for bushwhackers to decide on connections between the plaintext and
ciphertext. Predictable Performance Since block sizes are fixed, the performance of block ciphers can be more predictable and stable, which is
salutary for certain operations where thickness is essential. Downsides Padding demand If the plaintext doesn't impeccably fit into the block
size, padding must be added, which can complicate the perpetration and may introduce vulnerabilities if not handled properly. Common
padding schemes include PKCS# 7 and ISO 10126. Slower Performance Block ciphers may be slower than sluice ciphers for real-time
encryption because they process larger gobbets of data at once and may involve further computational outflow.
R.M.S.I.Rathnayaka | E195687 | ACCPage 24
 Summery

Advantages:

 Suited for real-time applications due to low latency.

 Efficient with minimal memory usage (Schneier, 1996).

Drawbacks:

 Vulnerable to attacks if the key stream is reused.

 Requires high-quality randomness to ensure security.

Block Cipher

A block cipher processes data in fixed-size blocks (e.g., 64 or 128 bits) by applying an encryption function independently on each block.
Examples: DES (64-bit blocks) and AES (128-bit blocks).

Advantages:

 Stronger security structure against certain cryptographic attacks.

 Predictable and stable performance due to fixed block sizes (Menezes, van Oorschot & Vanstone, 1996).

R.M.S.I.Rathnayaka | E195687 | ACCPage 25

Drawbacks:

 Padding is required if the plaintext size doesn’t align with the block size.
 Typically slower than stream ciphers in real-time encryption.

1.3 Application at ShipCargo: Stream Cipher vs. Block Cipher

Stream ciphers may offer a performance benefit in applications requiring continuous data transmission at ShipCargo, such as real-time
transaction encryption during customer interactions. Block ciphers, on the other hand, are well-suited for securing static data, such as customer
records and billing information, where security needs are high (Stinson, 2006)

Comparison of Stream Cipher and Block Cipher:

Feature Stream Cipher Block Cipher

Unit of Operation Bit or byte level Fixed-size blocks (e.g., 64-bit,
128-bit)
Speed Fast, suitable for real-time Slower due to block processing
encryption
Use Case Ideal for real-time Best for bulk encryption (e.g.,
communications (e.g., video, file encryption)
voice)
Modes of Operation Not applicable Supports multiple modes (e.g.,

R.M.S.I.Rathnayaka | E195687 | ACCPage 26

 CBC, ECB)
Table 1

1.4 Example Code Implementation: 4-Bit XOR Encryption in Python

The XOR operation is often used in encryption algorithms, providing a simple, reversible encryption mechanism. Here’s a Python example using
XOR for 4-bit data encryption.

1 figure
R.M.S.I.Rathnayaka | E195687 | ACCPage 27
Explanation:

Function Definitions:

 xor_encrypt(plaintext, key): Takes a 4-bit plaintext and a 4-bit key as input. It performs an XOR operation bit-by-bit and returns the
resulting ciphertext.
 xor_decrypt(ciphertext, key): Calls the same xor_encrypt function to decrypt the ciphertext, since XORing again with the same key
retrieves the original plaintext.

Input Validation: The code checks whether the plaintext and key are both 4 bits long. If not, it raises a ValueError.

Bitwise XOR Operation: The function uses a list comprehension with the zip function to iterate through the bits of the plaintext and the key
simultaneously, applying the XOR operation and joining the results into a string.

Example Usage: The code demonstrates how to encrypt a 4-bit plaintext and then decrypt it back to verify the process.

Output

R.M.S.I.Rathnayaka | E195687 | ACCPage 28

 2 figure

Task 2: Symmetric vs. Asymmetric Encryption and Hybrid Cryptosystems

2.1 Comparison: Symmetric Key Encryption vs. Asymmetric Key Encryption

Definition
Symmetric key encryption uses the same key for both the encryption and decryption processes. This means that both parties involved in the
communication must share the secret key securely before they can exchange encrypted messages. If Party A wants to send a secure message to
Party B, they will use the shared key to encrypt the message, and Party B will use the same key to decrypt it.

Strengths

R.M.S.I.Rathnayaka | E195687 | ACCPage 29

Speed and Efficiency Symmetric key algorithms are generally faster than asymmetric ones, primarily due to their simpler mathematical
operations. This efficiency makes symmetric encryption suitable for encrypting large volumes of data, such as files, database records, and data
streams. Algorithms like AES (Advanced Encryption Standard) and DES (Data Encryption Standard) are commonly used in practice.

Simplicity The algorithms involved in symmetric key encryption are often less complex than those used in asymmetric encryption. This
simplicity can lead to easier implementation and faster performance, making symmetric encryption a preferred choice for many applications.

Weaknesses
Key Distribution: One of the major challenges of symmetric key encryption is the secure sharing of the secret key. If the key is intercepted
during distribution, an attacker can decrypt all communications using that key. Therefore, secure key exchange protocols (like Diffie-Hellman)
or physical transfer of keys are often necessary to mitigate this risk.

Scalability: In scenarios involving multiple users, symmetric key encryption becomes less practical. For N users who need to communicate
securely, the number of unique keys required for secure communication becomes N(N−1)/2.
The quadratic growth making key management complex as the number of users increases.

Asymmetric Key Encryption

Definition

R.M.S.I.Rathnayaka | E195687 | ACCPage 30

Asymmetric encryption, also known as public-key cryptography, employs a pair of keys: a public key and a private key. There public key is
available for anyone to use and can be freely distributed, while the private key is kept secret by the owner. Wean someone wants to send a
secure message, they encrypt it with the recipient’s public key, and only the corresponding private key can decrypt that message.

Strengths
No Key Sharing Risk: The primary advantage of asymmetric encryption is the elimination of the need to share a secret key. Since only the
public key is distributed, the risk of interception during key exchange is significantly reduced. The making asymmetric encryption particularly
suitable for scenarios where secure key distribution is challenging.

Scalability: Asymmetric encryption scales more efficiently than symmetric encryption. Each user only needs one key pair (a public and a
private key), regardless of the number of users. There is advantageous in large systems, such as online services and digital communications.

Weaknesses
Slower: The computational complexity of asymmetric algorithms is higher than that of symmetric algorithms. OpErations like exponentiation
and large integer factorizations are involved, making asymmetric encryption slower and less suitable for encrypting large amounts of data
directly. For instance, RSA and ECC (Elliptic Curve Cryptography) are common asymmetric algorithms, but they are typically used for
encrypting small amounts of data, like keys or signatures.

KEY Length: To achieve a level of security comparable to symmetric encryption, asymmetric encryption requires much longer keys. FOFor
example, a commonly used RSA key might be 2048 bits long, while a symmetric key like AES typically uses a key size of 128 or 256 bits. The
increased key length in asymmetric encryption contributes to its slower performance.

R.M.S.I.Rathnayaka | E195687 | ACCPage 31

Practical Applications
1. Symmetric Key Encryption:

 File encryption: Used for encrypting files on the disk (e. g, using tools like Vera Crypt).
 The Encryption in Transit is used in VPNs and secure communications protocols (e. g, TLS).
 By Data encryption is commonly used for encrypting large datasets in databases.

2. Asymmetric Key Encryption:

 Secure Communication: Used in protocols like HTTPS, where a secure session is established using asymmetric encryption to exchange a
symmetric key.
 Digital Signatures provide integrity and authentication by allowing users to sign documents or transactions with their private key, which
anyone can verify using the corresponding public key.
 Email Encryption: Tools like PGP (Pretty Good Privacy) use asymmetric encryption to secure email communications.

R.M.S.I.Rathnayaka | E195687 | ACCPage 32

Symmetric Key Encryption:

R.M.S.I.Rathnayaka | E195687 | ACCPage 33

 3 figure

R.M.S.I.Rathnayaka | E195687 | ACCPage 34

 Asymmetric Key Encryption:

4 figure

2.2 Limitations of Symmetric Key Encryption

The use of symmetric encryption, such as AES (Advanced Encryption Standard), is common for securing data in transit, especially in
environments like ShipCargo, where sensitive shipment data is transmitted between a cloud-based system and employees in various locations.
However, while symmetric encryption is efficient, it does present several vulnerabilities, particularly related to key distribution and
management. Here’s a deeper look into the vulnerabilities you've outlined:

R.M.S.I.Rathnayaka | E195687 | ACCPage 35

1. Key Distribution and Management

 Challenge of Secure Distribution: Distributing the shared secret key securely is critical. If the key is sent through insecure channels
(like email, SMS, or unencrypted networks), an attacker could intercept it. Once they have the key, they can decrypt any communication
encrypted with it.
 Lack of Authentication: Without proper authentication measures, employees might not be certain they are receiving the key from a
legitimate source. This opens up possibilities for man-in-the-middle attacks, where an attacker poses as a trusted source to intercept or
alter communications.

2. Single Key for All Communications

 All-or-Nothing Access: Using a single key for all employees means that if one key is compromised, all data encrypted with that key is at
risk. This can lead to a significant breach, as attackers can access not only future communications but also all past messages.
 Limited User Segmentation: Since everyone uses the same key, there is no way to restrict access to sensitive information. For instance,
if one employee leaves the company or is suspected of malicious activity, revoking access can be complicated, as the same key is used
across the board.

3. No Forward Secrecy

 Static Key Risk: Forward secrecy refers to the property that if a session key is compromised, it cannot be used to decrypt past
communications. With symmetric encryption, once the shared secret key is compromised, an attacker can decrypt all previous messages
that were secured with that key. This presents a critical vulnerability in scenarios where sensitive information is exchanged over time.

R.M.S.I.Rathnayaka | E195687 | ACCPage 36

  Compromised Keys: In environments where the risk of key compromise is high (such as organizations with numerous employees and
communication channels), the lack of forward secrecy can expose a significant amount of sensitive information over time.

Mitigation Strategies
To manipulate this susceptibility, Ship Cargo could call enforcing the following strategies
• Key Management results use a secure crucial operation system that can induce, store, and distribute keys securely. This might involve
utilizing public- crucial cryptography to establish secure channels for symmetric crucial trade.
• Stoner- special Keys rather of utilizing a single key for all dispatches, the company could entrust special keys to each hand or each session.
This would insulate the data, limiting the jolt of any single key concession.
• enforcing Forward Secrecy By utilizing cryptographic protocols that give forward secretiveness( similar as Diffie- Hellman crucial
trade), Ship Cargo can insure that indeed if a key is compromised, past dispatches remain secure.
• Regular crucial Gyration Regularly changing encryption keys can limit the time window during which a compromised key can be exploited.
This should be companioned by procedures for securely ranking new keys.
• Hand Training educating workers about secure practices for handling sensitive information and feting implicit pitfalls can reduce the threat
of crucial concession.

2.3 How Asymmetric Encryption Solves These Vulnerabilities

Asymmetric encryption addresses the vulnerabilities of symmetric encryption by using public and private keys. Since each employee or
system has a unique key pair, only the private key owner can decrypt messages encrypted with their public key.

Key Benefits:

R.M.S.I.Rathnayaka | E195687 | ACCPage 37

 1. No Shared Secret Key: There’s no need to distribute a shared secret key across the entire organization. Employees can freely share their
public keys without compromising security.
2. Compartmentalization: If one private key is compromised, only the communications related to that specific key are affected. This limits
the damage of any potential breach.
3. Forward Secrecy: In systems using forward secrecy, each communication session generates a new public/private key pair, ensuring that
if a key is compromised, only a specific session’s data is at risk.

Hybrid Cryptosystems at ShipCargo

A hybrid cryptosystem combines the strengths of both symmetric and asymmetric encryption to achieve efficient and secure communication.

 Asymmetric encryption is used to securely exchange a symmetric key.

 The symmetric key is then used to encrypt and decrypt the actual data, combining the speed of symmetric encryption with the security
of asymmetric encryption for key exchange.

Components of Hybrid Cryptosystems:

1. Key Encapsulation Mechanisms (KEMs):

a. KEMs are used to securely exchange symmetric keys using asymmetric encryption.
b. Example: ShipCargo’s cloud system could use asymmetric encryption (e.g., RSA) to transmit a session key (symmetric key)
securely to employees.

R.M.S.I.Rathnayaka | E195687 | ACCPage 38

 2. Data Encryption Mechanisms (DEMs):
a. DEMs are used to encrypt the actual data using the symmetric key.
b. Example: After exchanging the symmetric key via a KEM, ShipCargo can encrypt shipment data using symmetric encryption
(e.g., AES) for speed and efficiency.

3. Public Key Encryption (PKE):

a. PKE is the basis for KEM, allowing users to exchange public keys and encrypt symmetric keys securely.
b. Example: Bob can securely share his public key with the ShipCargo system. The system encrypts the symmetric key with Bob’s
public key, allowing only Bob to decrypt it with his private key.

Application at ShipCargo:

ShipCargo could implement a hybrid cryptosystem to secure data exchange between its cloud infrastructure and users (employees, customers,
etc.). Here's how:

1. Key Exchange:
When a user connects to the ShipCargo system, the system generates a session key (symmetric key) and encrypts it with the user’s
public key using a KEM (e.g., RSA).

R.M.S.I.Rathnayaka | E195687 | ACCPage 39

 5 figure

Data Encryption:
Once the user has the session key, it’s used to encrypt and decrypt the actual shipment data with symmetric encryption (e.g., AES), ensuring
fast encryption and decryption.

03. Task

03 3.1.Public Key Infrastructure (PKI)

Between servers, digital identities, linked devices, and application services, businesses use public key infrastructure (PKI) to encrypt, decode,
and authenticate data. As companies rely more on the internet for vital operations, PKI is used to create safe communications to lower risks to
data theft and safeguard intellectual property. This post will discuss how related keys made possible by public key cryptography ensure data
transmission integrity and encrypt and decrypt data. (Dubose, 2023)
R.M.S.I.Rathnayaka | E195687 | ACCPage 40
 6 figure

3.1.1. Diagrammatic Illustration

R.M.S.I.Rathnayaka | E195687 | ACCPage 41

 7 figure

3.1.2. PKI Encryption and Decryption Process in ShipCargo's Context Overview

Public Key Infrastructure (PKI) is very important in the framework of ShipCargo's cloud migration to guarantee safe data flow between
several departments of the firm. PKI encrypts and decodes data using a pair of cryptographic keys public and private such that private
information is safe at rest and during transit.

Key Generation
R.M.S.I.Rathnayaka | E195687 | ACCPage 42
The Key Generation Authority (KGA), in charge of producing both public and private keys, starts the process. Under ShipCargo's scenario, the
KGA might be an internal security team or a reputable cloud service provider.

Key distribution

The KGA hands the public key to the Sender after the key pair is produced. Any authorized sender within ShipCargo may utilize the freely
available public key for encryption of data meant for the Recipient.

Data encryption

Data Encryption is Having access to the public key, the Sender encrypts the private information with this key before forwarding it. This
guarantees that the data stays unreadable to illegal users even in case of interception during transmission.

The Recipient uses their private key to decode the encrypted material upon acquisition. The private key is kept safe and never distributed such
that only the intended receiver may decode and access the original material.

R.M.S.I.Rathnayaka | E195687 | ACCPage 43

Data Transmission

49 After that, the encrypted data travels over the network from the Sender to the Recipient. The encryption guarantees the integrity and
anonymity of the data on route

Advantages of ShipCargo's cloud migration

• Using PKI allows ShipCargo to guarantee that sensitive information is encrypted prior to distribution, therefore lowering the data breach risk.

• Since only the intended recipient can decode and view the data, PKI ensures that the data has not been changed in route.

• Using distinct key pairs adds even more security by helping to validate the sender's and recipient's identities.

• Using PKI enables ShipCargo to follow industry standards for data security and rules for compliance.

ShipCargo could develop a safe, dependable, and efficient data management system by including PKI encryption and decryption procedures
into its cloud migration plan, hence improving general operational resilience and lowering management complexity and costs.

R.M.S.I.Rathnayaka | E195687 | ACCPage 44

Private Cloud PKI vs. On-premise PKI

Table 2

R.M.S.I.Rathnayaka | E195687 | ACCPage 45

 3.2 Security Risks and Challenges in Cloud-Hosted PKI

Moving Public Key Infrastructure (PKI) to a cloud environment introduces specific security risks and challenges. Some notable issues include:

1. Key Management Risks: In cloud-hosted PKI, cryptographic keys are managed by a third-party provider, raising concerns over key
access and protection. Key exposure, improper key management, and weak access controls can jeopardize security (NIST, 2013).
2. Data Privacy and Compliance: Cloud providers operate in multiple jurisdictions, leading to regulatory and compliance concerns. Legal
requirements may vary depending on the region, affecting ShipCargo's data handling and storage, particularly concerning sensitive data
and customer privacy (CSA, 2021).
3. Reliance on Vendor Security: Cloud providers may employ a shared responsibility model where certain security aspects are managed
by the provider, while others fall to the customer. This model requires trust in the provider’s security controls, which may lack the
transparency required to evaluate security standards accurately (ENISA, 2020).
4. Denial-of-Service (DoS) Attacks: Cloud systems are vulnerable to DoS attacks, which can disrupt PKI services, preventing access to
critical cryptographic functions and data verification processes (Microsoft, 2019).
5. Data Breaches and Insider Threats: Data breaches in cloud PKI could expose sensitive certificate data. Insider threats, whether from
the provider or within ShipCargo, represent another layer of risk, as unauthorized access can compromise key materials (Kumar & Singh,
2020).

R.M.S.I.Rathnayaka | E195687 | ACCPage 46

 3.3 Business Scenario: Implementing PKI at ShipCargo

Enforcing PKI for customer authentication and data integrity offers ShipCargo a robust frame to secure sensitive freight information and
enhance trust among stakeholders. By using digital instruments for authentication and digital autographs for icing document integrity,
ShipCargo can more cover its data means, grease secure deals, and ameliorate overall functional effectiveness in the pall terrain.

Application of PKI
In this setup, PKI would enable:

 Client Authentication: Each user or device within ShipCargo’s network would receive a digital certificate issued by a trusted Certificate
Authority (CA). When accessing ShipCargo’s systems, the user presents the certificate, verified through the PKI infrastructure, to ensure
authenticity.
 Data Integrity: PKI can facilitate secure signing of shipping documents, ensuring integrity by confirming that documents haven't been
altered during transmission.

Diagram Description
A simplified PKI flow in ShipCargo:

1. The Certificate Authority (CA) issues digital certificates to clients and devices.
2. Users and devices request access to ShipCargo’s system, presenting certificates.
3. The system validates certificates with the CA, allowing only authenticated users access.
4. Data between authenticated clients is encrypted using PKI-based encryption, ensuring privacy.

R.M.S.I.Rathnayaka | E195687 | ACCPage 47

 3.4 Security Case Design for ShipCargo: Cryptographic and Cryptanalysis Tool Selection

Security Case Objective: By espousing both cryptographic and cryptanalysis tools, Boat Cargo can establish a robust PKI frame that protects
sensitive data, validates individualities, and effectively manages implicit pitfalls. This complete path not only enhances screen but also builds
trust among stakeholders, easing smoother missions in the shipping and logistics region.

1. Cryptographic Tools

o OpenSSL: For generating key pairs, certificates, and digital signatures within PKI, OpenSSL is an essential tool for encryption
and certificate management (Vieira et al., 2021).
o Key Management Service (KMS): Cloud-based KMS (like AWS KMS or Azure Key Vault) can manage encryption keys
securely, controlling access to sensitive keys and ensuring regulatory compliance (Chandramouli, 2020).
o TLS/SSL Protocols: Implementing secure communication protocols like TLS protects in-transit data between ShipCargo systems
and remote clients, securing sensitive customer data during transmission.

2. Cryptanalysis Tools
o Hashcat: For testing and validating password strength within PKI environments. This tool can assess weaknesses in hashed
passwords, allowing ShipCargo to identify and address vulnerabilities (Bosworth et al., 2018).
o John the Ripper: This cryptanalysis tool can test password strength by attempting to crack passwords, providing insights into
password robustness for access controls.

R.M.S.I.Rathnayaka | E195687 | ACCPage 48

Task 04

8 figure

4.1 Hybrid Cryptosystems for Enhanced Cloud Security

A hybrid cryptosystem combines both symmetric and asymmetric encryption methods to optimize security and performance. This approach
leverages the advantages of each method: the efficiency of symmetric encryption for large data sets and the security of asymmetric encryption

R.M.S.I.Rathnayaka | E195687 | ACCPage 49

for key exchange. In a hybrid system, asymmetric encryption (e.g., RSA) is used to securely transmit a symmetric encryption key (e.g., AES).
Once this symmetric key is exchanged, it encrypts the bulk of data, offering speed and secure, scalable cloud data protection (Stallings, 2016).

Role of Hybrid Cryptosystems in Cloud Security

In a pall terrain, mongrel cryptosystems manipulate overcritical screen enterprises, involving data confidentiality, veracity, and secure
crucial operation. By integrating asymmetric and symmetric encryption, mongrel systems have secure message between pall guests and the
indulgence provider while efficiently guarding stored data. This system reduces the computational cargo of asymmetric encryption, which is
pivotal in high- interpretation pall operations, by unpacking data encryption to the briskly symmetric algorithm after securely swapping
keys.

For example, in cloud-based services, the asymmetric encryption component (RSA or ECC) encrypts a symmetric AES key, which is then used
to encrypt user data. This ensures that data is securely stored and quickly accessible, as only the symmetric key decrypts it once exchanged.
Thus, even if attackers compromise the storage, data remains secure without access to the key (Menezes et al., 2018).

Data Protection and Security Justification

Hybrid cryptosystems improve data protection in several ways:

1. Efficient Data Encryption: Efficient data encryption is vital for protecting sensitive information in cloud environments. By employing
optimized encryption algorithms, leveraging hardware acceleration, and implementing effective key management practices, organizations
can ensure strong security while maintaining system performance. As cloud adoption continues to rise, prioritizing efficient data
encryption will be essential in safeguarding data integrity and confidentiality.

R.M.S.I.Rathnayaka | E195687 | ACCPage 50

 2. Secure Key Distribution: Asymmetric encryption protects the key exchange, securing sensitive data from unauthorized access during
transmission (Diffie & Hellman, 1976).
3. Mitigation of Man-in-the-Middle Attacks: By encrypting the symmetric key using public key cryptography, hybrid systems provide a
secure layer that ensures data cannot be intercepted during transit.

Hybrid cryptosystems are essential for meeting compliance and regulatory standards for data privacy in cloud environments. They support
robust encryption policies and ensure that data confidentiality and integrity are maintained throughout the data lifecycle in cloud storage and
communication.

4.2 Role of Cryptography in Achieving Business Objectives

Cryptography is a crucial tool for businesses aiming to secure data, authenticate users, and ensure data integrity. It addresses various business
objectives, from protecting sensitive information to enabling trusted digital transactions. Key cryptographic methods include encryption,
hashing, digital signatures, and asymmetric encryption, each contributing distinct functionalities to a secure business environment (Stallings,
2017).

Applications of Cryptography in Business Scenarios

1. Encryption for Data Confidentiality

Symmetric encryption (e.g., AES) is ideal for encrypting large volumes of data quickly, commonly used for securing data-at-rest and
data-in-transit. For instance, businesses storing client information or transmitting sensitive data to remote servers benefit from
encryption, as it protects against unauthorized access by ensuring that only individuals with the decryption key can view the data. In

R.M.S.I.Rathnayaka | E195687 | ACCPage 51

 contrast, asymmetric encryption (e.g., RSA) is suited for securely transmitting data to external stakeholders, as it uses a public key for
encryption and a private key for decryption, preventing unauthorized access during transmission (Menezes et al., 2018).
2. Hashing for Data Integrity
Hashing is used to verify data integrity. When a business sends files to clients or other departments, hashing algorithms like SHA-256
create unique hash values (or digests) for each file. The recipient can then generate the hash value of the received file and compare it to
the original to confirm that the file has not been altered in transit. This process is particularly vital in sectors like finance and healthcare,
where data integrity is paramount for compliance and operational trust (Katz & Lindell, 2014).
3. Digital Signatures for Authentication and Non-Repudiation
Digital signatures provide authentication and non-repudiation in digital communications, ensuring that documents come from a
verified source and cannot be denied by the sender. In online transactions, a digital signature generated using the sender’s private key
authenticates the sender’s identity. The recipient can verify the authenticity using the sender’s public key, a process integral to
establishing trust in e-commerce, legal contracts, and email communications (Diffie & Hellman, 1976).
4. Asymmetric Key Encryption for Secure Key Exchange
Asymmetric encryption also secures key exchange in hybrid cryptosystems, allowing secure transmission of symmetric keys between
parties. This is crucial in cloud environments, where secure data transfer relies on keys that are resistant to interception and unauthorized
decryption, supporting business requirements for confidentiality and data privacy (Stinson & Paterson, 2018).

Cryptographic Methods and Business Objectives Summary

By integrating these cryptographic techniques, businesses can address critical security requirements:

 Confidentiality: Through encryption, data remains private, meeting privacy and regulatory demands.

R.M.S.I.Rathnayaka | E195687 | ACCPage 52

  Data Integrity: Hashing ensures data remains unaltered, which is vital in legal and compliance-focused industries.
 Authentication: Digital signatures build trust and secure identity in communications.
 Non-repudiation: Digital signatures prevent denial of actions, reinforcing accountability in transactions.

In summary, cryptography strengthens security, reliability, and trust in business operations, aligning with organizational objectives for secure
data management, regulatory compliance, and customer trust.

4.3 Factors Influencing Organization’s Choice of Cloud Systems for Security Improvement

Selecting a cloud system for improving security involves a strategic analysis of the business’s specific needs, the benefits and limitations of
cloud storage options, and the organization’s security requirements. Key factors typically considered include data sensitivity, compliance
requirements, cost-efficiency, scalability, and control over data access and management (Katz & Lindell, 2014).

Comparison of On-Premises and Cloud Storage

1. Data Sensitivity and Control

For companies managing highly sensitive data, on-premises storage offers greater control over data security, as they manage the physical
infrastructure. This can be critical for businesses in regulated industries, where strict data privacy and security requirements apply. Cloud
storage, however, provides robust encryption options and enables flexibility in access management, though it may pose challenges
regarding data control, as data is hosted off-site (Stallings, 2017).
2. Compliance and Regulatory Standards
Regulatory compliance, such as GDPR and HIPAA, may dictate the data storage model an organization chooses. On-premises systems

R.M.S.I.Rathnayaka | E195687 | ACCPage 53

 allow companies more direct control over data residency, which can be beneficial for regulatory compliance. Conversely, cloud providers
increasingly offer compliance certifications and geographically distributed data centers to support international regulatory requirements.
For many businesses, these certifications make cloud storage viable while maintaining regulatory alignment (Menezes et al., 2018).
3. Cost Efficiency and Scalability
Cloud storage is typically more cost-effective and scalable than on-premises systems, especially for growing businesses. Cloud providers
offer a “pay-as-you-go” model, allowing organizations to scale storage based on their needs without large upfront investments in physical
hardware. In contrast, on-premises storage requires significant initial and ongoing infrastructure investments, which may not be practical
for all businesses (Diffie & Hellman, 1976).
4. Resiliency and Disaster Recovery
Cloud storage often provides built-in redundancy, automated backups, and disaster recovery options, allowing businesses to continue
operations during disruptions. In contrast, implementing these safeguards on-premises is costlier and requires additional resources. For
ShipCargo, using cloud storage enhances availability, ensuring data access and recovery during unforeseen events, which is crucial in
logistics and supply chain management (Stinson & Paterson, 2018).
5. Hybrid Cryptosystems and Data Security Enhancement
Hybrid cryptosystems combine symmetric encryption for data confidentiality with asymmetric encryption for secure key exchange,
creating a more resilient security structure. ShipCargo could leverage these to enhance data security in a cloud environment, safeguarding
data-in-transit and data-at-rest with robust encryption protocols. By integrating hybrid systems, ShipCargo can maintain confidentiality
and mitigate risks associated with potential unauthorized access in cloud environments (Rivest, Shamir, & Adleman, 1978).

R.M.S.I.Rathnayaka | E195687 | ACCPage 54

Summary of Advantages and Disadvantages

Factor On-Premises Storage Cloud Storage

Control Full data control, customized Limited physical control, robust
security
security options provided by
provider
Cost High initial and maintenance Cost-effective with scalable
costs storage solutions
Scalability Limited by physical hardware Highly scalable and flexible
Compliance Easier to manage in regulated Compliance varies by provider
industries and location
Disaster Recovery Requires additional resources Built-in redundancy and
for backups recovery options
Table 3

R.M.S.I.Rathnayaka | E195687 | ACCPage 55

Conclusion

The shift of ShipCargo’s infrastructure from on-premises to the cloud is a strategic move aimed at enhancing availability, resiliency, and
operational efficiency while managing costs effectively. This transition brings the opportunity to reinforce security by implementing robust
cryptographic practices tailored to the cloud environment.

Stream and block ciphers play pivotal roles in data security, each with unique advantages and drawbacks. Block ciphers like AES provide high
security for data-at-rest, but stream ciphers are more advantageous for continuous data transmission, which could benefit ShipCargo’s data
transfers and real-time operations in the cloud. Leveraging stream ciphers, ShipCargo can achieve efficient, low-latency encryption for sensitive
logistics data, contributing to secure and uninterrupted communication.

Symmetric and asymmetric encryption schemes, along with hybrid cryptosystems, enhance security further by enabling both efficient data
encryption and secure key exchanges. By utilizing a hybrid cryptosystem, ShipCargo can capitalize on the speed of symmetric encryption for
data encryption and the security of asymmetric encryption for key exchange, thereby addressing the vulnerabilities of single-key encryption.

Public Key Infrastructure (PKI) and cloud-based PKI solutions offer ShipCargo the ability to manage digital certificates and authenticate
identities securely, an essential factor as data becomes more accessible in the cloud. With cloud-hosted PKI, ShipCargo gains scalable certificate
management that supports operational demands, although it requires managing inherent security risks such as third-party access and potential
breaches.

Additionally, the selection of cloud systems, whether purely cloud-based or hybrid with on-premises integration, should be strategically aligned
with security needs, compliance requirements, and cost considerations. Both storage models have distinct advantages—cloud systems offer
scalability and cost efficiency, while on-premises systems provide tighter control over data.

R.M.S.I.Rathnayaka | E195687 | ACCPage 56

Through a well-rounded security approach involving cryptographic tools such as encryption, PKI, and hybrid systems, ShipCargo can fortify its
data protection strategy. This not only enhances security but also aligns with the company’s operational goals, ensuring a resilient and scalable
transition to the cloud.

References
 Bosworth, S., Kabay, M.E. & Whyne, E., 2018. Computer Security Handbook. Wiley. Available at: Wiley [Accessed 3 Nov. 2024].
 Chandramouli, R., 2020. Security Guidance for Key Management Implementations. NIST. Available at: NIST [Accessed 3 Nov. 2024].
 Cloud Security Alliance (CSA), 2021. Security Guidance for Critical Areas of Focus in Cloud Computing. CSA. Available at: CSA
[Accessed 3 Nov. 2024].
 Diffie, W. & Hellman, M., 1976. New directions in cryptography. IEEE Transactions on Information Theory, 22(6), pp.644-654.
Available at: IEEE [Accessed 3 Nov. 2024].
 ENISA, 2020. Security in Cloud Computing. European Union Agency for Cybersecurity. Available at: ENISA [Accessed 3 Nov. 2024].
 Hassan, Q.F., 2019. Internet of Things A to Z: Technologies and Applications. Wiley. Available at: Wiley [Accessed 3 Nov. 2024].
 Katz, J. & Lindell, Y., 2014. Introduction to Modern Cryptography. CRC Press. Available at: CRC Press [Accessed 3 Nov. 2024].
 Kumar, R. & Singh, R., 2020. Cloud PKI: Key management issues and security solutions. Journal of Cybersecurity, 4(1), pp.45-54.
Available at: MDPI [Accessed 3 Nov. 2024].
 Menezes, A.J., van Oorschot, P.C. & Vanstone, S.A., 1996. Handbook of Applied Cryptography. CRC Press. Available at: CRC Press
[Accessed 3 Nov. 2024].

R.M.S.I.Rathnayaka | E195687 | ACCPage 57

  Menezes, A.J., van Oorschot, P.C. & Vanstone, S.A., 2018. Handbook of Applied Cryptography. CRC Press. Available at: CRC Press
[Accessed 3 Nov. 2024].
 Microsoft, 2019. Azure Security Documentation. Microsoft. Available at: Microsoft Azure [Accessed 3 Nov. 2024].
 National Institute of Standards and Technology (NIST), 2013. Recommendations for Key Management. NIST Special Publication.
Available at: NIST [Accessed 3 Nov. 2024].
 Rivest, R.L., Shamir, A. & Adleman, L., 1978. A method for obtaining digital signatures and public-key cryptosystems. Communications
of the ACM, 21(2), pp.120-126. Available at: ACM [Accessed 3 Nov. 2024].
 Schneier, B., 1996. Applied Cryptography: Protocols, Algorithms, and Source Code in C. 2nd ed. John Wiley & Sons. Available at:
Wiley [Accessed 3 Nov. 2024].
 Stallings, W., 2016. Cryptography and Network Security: Principles and Practice. 7th ed. Pearson. Available at: Pearson [Accessed 3
Nov. 2024].
 Stallings, W., 2017. Cryptography and Network Security: Principles and Practice. Pearson. Available at: Pearson [Accessed 3 Nov.
2024].
 Stinson, D.R., 2006. Cryptography: Theory and Practice. CRC Press. Available at: CRC Press [Accessed 3 Nov. 2024].
 Stinson, D.R. & Paterson, M., 2018. Cryptography: Theory and Practice. CRC Press. Available at: CRC Press [Accessed 3 Nov. 2024].
 Vieira, L., Oliveira, G. & Santos, A., 2021. OpenSSL and Key Management for Cloud PKI. Available at: ResearchGate [Accessed 3
Nov. 2024].

R.M.S.I.Rathnayaka | E195687 | ACCPage 58

Grading Rubric

Grading Criteria Achieved Feedback

LO1 :Analyse encryption ciphers and algorithms as methods to secure data in a cloud environment

P1
Analyse the functions of stream cipher and block cipher, using a
range of appropriate examples in practice.
P2
Produce code that implements mathematical ciphers and
algorithms to encrypt and decrypt data.
M1
Critically analyse the operational differences between stream

R.M.S.I.Rathnayaka | E195687 | ACCPage 59

cipher and block cipher, using a range of appropriate examples
in practice.
D1
Justify improvements introduced by stream ciphers compared to
block ciphers for public and private key encryption.

LO2 :Discuss security risks and issues related to public key encryption in practice

P3
Discuss risks and issues in security of public key encryption
schemes, using a range of appropriate examples in practice.
M2
Analyse key benefits of encryption techniques including KEMs,
DEMs and PKEs and the importance of securing public key
systems
D2
Provide justified recommendations, synthesising different
definitions of provable security, suitable for securing public key
systems.

LO3 :Demonstrate the use of cryptographic and cryptoanalysis tools for improving security in a virtual private network

R.M.S.I.Rathnayaka | E195687 | ACCPage 60

P4
Illustrate, using a diagram, encryption and decryption process
functions in a PKI environment for a business scenario.
P5
Design a security case, representative of a business scenario, to
solve a security threat.
M3
Assess security risks and challenges of using cloud-hosted PKI in
a private network.
M4
Implement the system designed, in response to a security case,
using cryptographic and cryptanalysis methods or tools.
D3
Provide a critical review of the implemented system in terms of
how it meets defined security objectives and make suggestions
for improvement.
LO4 :Evaluate advanced encryption protocols and their application for an organisation considering a move to the cloud

R.M.S.I.Rathnayaka | E195687 | ACCPage 61

P6
Evaluate the key benefits of using a range of cryptography and
hybrid cryptosystems to improve cloud security.
P7
Assess common factors influencing an organisations choice of
cloud solution(s) to improve security.
M5
Critically analyse the use of selected cryptography and hybrid
cryptosystems in protecting data within an organisation.
D4
Justify the use of different cryptographic applications, for an
organisation, that will inform their move to the cloud.

R.M.S.I.Rathnayaka | E195687 | ACCPage 62