April 6th – Project Update

April 7, 2010 at 11:51 am (Uncategorized)

Encryption/Decryption Schemes.

Today I had to continue on with my attempt to implement security in the form of some encryption package into my project. There was a sensitive area of the project that would need to have encryption as it would be a process of having data being sent over a network in plain text. This was identified as a key area that would need to be encrypted and protected in case the network traffic was to be intercepted. In the event this happened the attacker/interceptor  would be able to access records of employee’s activity in plain text. This would not be acceptable so to counter this it was decided that encryption of the data going across the network was a key aspect to implement. Two questions did arise though when choosing to implement security in the for of encryption.

What is it you want to encrypt and how valuable is the information if it was leaked/accessed?
The information in this case is the activities of each employee as they performed their day to day activities on the internet. This activity information contains records on things such as websites visited, ftp connections made and files downloaded from websites. This information is essential to keep secret but it is not of an extremely sensitive nature. If such information was intercepted it would not have any consequence on the organisation the employee works for it would merely  infringe on the employee’s right to privacy.

What Encryption/Decryption Algorithm should be utilised?
The situation stands as such. Encryption needs to be applied to the data that will be transferred across the network so that privacy rights are adhered to. The data itself needs to be transferred as efficiently and quickly as possible because the application will be running as a service which is triggered every specific time interval. This means that the previous process of logging must be complete before the new one starts to avoid any records being lost.

Code Implementation

The class by which the String-buffer was populated with the contents of the usage document was amended with code that would read in the contents of the usage record, pass them into an intermediate string-buffer and then encrypt the contents of this buffer and amended it to an output string buffer which would then be used to populated the message sent across the web-service.

The receiving end of the web-service also then had to be amended to include a small exertion of code to decrypt the message that was being passed by the web service.

Testing

The encryption scheme was then tested in a multiplicity of ways. The pass phrase then was changed on the decrpytion end and the test ran and without the correct pass-phrase the cipher-text could not be decrypted. The test of changing the cipher text even by one bit and then attempting to decrypt it proved that even a 1-bit change in the cipher-text would upset the plain-text generated.After performing these tests and after evaluating the risk associated with the data I opted to go with DES as my encryption algorithm.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.