Paper Example on Successful Communication & IT: Crucial for Business Performance

Chapter 1: Introduction

Background

Communication and information technology are highly significant in the lives of people since it influences the success of the operations in which a person engages. For instance, Westrum (2014) states that information controls the activities of an organisation, and if a business ignores this sector, it can hinder its operations. Moreover, he says that when information stops flowing in an organisation, it will cause the corporation to stop functioning correctly, and therefore, this flow indicates the health of a business. Tomanek and Schroder (2017) moved ahead with showing the significance of good communication by stating that insufficient information flow leads to wastage in an organisation. This implies that when a business or an individual does not have appropriate modes and channels of passing information, the organisation will lose some critical factors, leading to loses. Therefore, following this evidence, the flow and accessibility of information are of high significance.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

One of the ways of improving the value of information is by ensuring that it reaches its recipient in the intended form. Precisely, it should not be altered in any way during transmission, and it should not end up at a wrong recipient. As modern technologies keep on advancing, better methods of passing information are getting developed, increasing the flow of information. Additionally, people have developed more secure means of storing and sharing it compared to how it was previously. However, as new ways of securing information when in transit and under storage are getting developed and implemented, other methods of disrupting this flow of information and its security are also invented. Precisely, hackers are always searching for ways of acquiring information before it reaches its target, and in some cases, they alter it, useless to the recipient. In fact, all kind of information is always at risk of ending up in the hands of unintended recipients (Yildirim, 2016). This statement implies that regardless of the state of information is, it is always at risk of getting compromised. That is, whether it is in storage, transmission, or being accessed by a user, it is still at risk. Therefore, there is the need to find ways of securing it to reduce the chances of it getting compromised.

This need for securing information led to the development of information security, which seeks to secure information when it is under transmission or in storage. This system ensures that a hacker or intruder cannot access the information and that if he or she receives it, then it should not be in a usable form. Precisely, the transfer of information should ensure that it can only be usable to the intended user, and not to any other person. Therefore, information security focuses on protecting and guaranteeing the confidentiality, integrity, and availability (CIA) of information whenever a person needs it (Aminzade, 2018). This trifactor model of information security is referred to as the CIA triad, and it shows the importance of focusing on all these sectors. Here, confidentiality means that information starts from the intended sender and is received by the authorised recipient. Its integrity means that it is received in the same form it was sent, without getting compromised in any way. Finally, its availability means that it will always be available to authorised users when they need it, and nothing should block their access to it (Qadir & Quadri, 2016). The main aim of this CIA triad is to secure information during storage and transfer and to ensure that it ends up with the legitimate recipients.

The best method of ensuring the security of information is by encrypting it. Encryption refers to using cryptography to make data incomprehensible, thus ensuring its confidentiality. This method uses mathematical algorithms to encrypt data, and then sends it in the encrypted form. If a person receives it in the encrypted mode, and the individual does not have a decryption key, he or she cannot access the information. Therefore, this will ensure that the data is only usable to its intended users. There are two different modes of encryption. The first method is symmetric encryption, and it uses a single key for encrypting and decrypting data. Therefore, the recipient should have this key, which implies that it will need to be sent to him or her in advance. This method is less secure than the second one since an attacker can get the key when in transit, and this will make the encrypted information vulnerable.

The second method is using an asymmetric key. This method uses a public key to encrypt a message and a private one in decryption (Aumasson, 2018). It uses the public key infrastructure (PKI), and it shares the public key with any person intending to send data to the recipient. Then a private key is used to decrypt the received message. This public key is readily available to any person, but the private one is only available to the recipient. This method ensures that any person that receives the data in transit cannot decrypt it since he or she lacks the private key needed to decrypt it. The PKI includes a certificate authority, which verifies public keys to ensure that they come from the sender from whom they claim to originate (Aumasson, 2018). It also uses a registration authority, which verifies the identities of entities needing their digital certificates to be stored by the certificate authority (CA). Finally, it also includes a central directory, which is the location where the CA stores and indexes keys.

The problem of using this method is that it relies on third-party for verification of the public keys and the certificates. This reliance on a third party introduces availability and authenticity issues, and it could hinder the transfer of information if the third party has problems. Therefore, this paper seeks to solve this problem using the Inter-Planetary File System (IPFS) and the Gnu-Privacy Guard (GPG) asymmetric key system. This proposed system does not rely on a third party for verification, but instead, it uses blockchain technology and IPFS, which removes the challenges that come with using a CA.

Problem Definition

Relying on a CA in encryption introduces probable problems such as availability of information due to the CA revoking certificates used in the transfer. Moreover, if a hacker accesses the CA, he or she can tamper with the certificates, and this will make it impossible for users to get the information that they seek. Such an issue happened before, with an example being the case of GlobalSign, which is a CA, whose system was compromised. This interference made it impossible for people to access the websites of many large companies that depended on GlobalSign. Other such cases have also happened and affected the accessibility of information from many reputable companies globally. Therefore, this paper seeks to solve this problem of relying on a CA, which can be compromised by proposing a different method that does not rely on a CA. Instead of the CA, this method uses the blockchain technology with the IPFS and a GPG asymmetric key to encrypt information.

Research Questions

This paper will seek to answer the research question:

• Will the implementation of the IPFS key management with blockchain produce a more robust and secure system compared to the conventional PKI with CA?

When answering this question, the paper will focus on these areas:

• How to generate private and public keys, and how to deal with lost keys,
• How will trust work in this system, and
• How will this system respond to a single point of failure problems?

Goals

The goal of this research will be to find if IPFS with blockchain produces a more secure and robust system compared to the conventional PKI with CA. It will, therefore, use information from different sources regarding the success of IPFS and GPG and compare them with those of PKI and CA. It will also seek to find information on how to deal with trust issues, single point of failure, recovery of lost keys, and revocation problems.

Thesis Structure

This thesis is structured in the following way:

The first chapter introduces information and information security by describing the importance of securing information both in storage and transit. It also introduces PKI and IPFS, and it shows the problems associated with CA as used in PKI. Therefore, it proposes a method of solving this problem using the IPFS and GPG, which does not need the CA.

The second chapter reviews the literature relating to encryption and different methods of improving information security. It also reviews the available literature regarding blockchain and IPFS.

The third chapter describes the process that the researcher uses to implement the proposed system and gather data that helps in comparing the two systems.

The fourth chapter discusses and compares the two systems based on the description in the previous chapter. This discussion helps in concluding.

The final chapter concludes the research based on the discussion in this paper.

Chapter 2: Literature Review

Encryption and Information Security

Encryption protects the information using a cypher algorithm and a key to ensure that it is only accessible to authorised users. The two methods of encryption use symmetric keys and asymmetric keys. The first method is the simplest of the two, and it uses one key to encrypt and decrypt data. Zaeniah and Purnama (2015) illustrate how the symmetric key encryption can be used to safeguard data using a password that is used in encryption and decryption. Due to the weakness of this method, some researchers have proposed ways of improving its security. A good example is Murad, Gody, and Barakat (2018), who described how steganography could be used in conjunction with visual cryptography to enhance the security of symmetric encryption. The second method uses two keys, a public and private key for encryption and decryption, respectively. This method is more secure than the first one since the decryption key is only accessible to the recipient of the message, and this ensures that unintended persons cannot decipher it. Precisely, if a person gets an encrypted message, but lacks the decryption key, the individual will not use any part of the information (Aumasson, 2018). The application of good encryption secures information against unauthorised users such as hackers.

Public Key Infrastructure

The Public Key Infrastructure (PKI) is a mode of encrypting information using a public and a private key. As already described, it is more secure than the symmetric key. The factors that make it more secure are its components, which include the following:

End entity. These are the users of the information, and they are identified in the subject field of the public key certificate. These users support and consume the Public Key Infrastructure and its related services (Kharehe & Chouhan, 2012).

A Certification Authority (CA). This is a trusted third party that is tasked with issuing certificates. Its certificates verify the validity of public keys and ensure the authenticity of users who issue them (Kharehe & Chouhan, 2012).

A Registration Authority (RA). It is an optional comp...