Post Quantum Cryptography and Offensive Cyber Security
Post-Quantum Cryptography
Introduction
Mitigating the adverse effects of encryption within computing is paramount for fixing the initial access threat vector. The secure processing layer of encryption-less encryption uses the information-theoretic secure protocol. ITS protocols always have decentralized information. A secure processing layer for Web3 is grounded in the information-theoretic secure framework (Vega et al., 2022). With disruptive innovation theory at its heart, this stands to be the next-level cryptographic obfuscation technique.
According to Gungor (2014), the study will provide significant insights into the practical implementation of information theory-enabled secrecy and authentication protocols on wireless networks. The domain of information theoretic secrecy and authentication is paramount in our current society with wireless security implications, Bluetooth threat vectors, and other areas of the modern world.
Gungor’s 2014 study focused on whether keyless authentication is possible if and only if the adversary cannot simulate the legitimate channel, to focus on successful authentication. This base research in information-theoretic secrecy authentication leads to further work by Liang et al. (2021) and Vega et al. (2022), whose research is in ITS protocols on the decentralized node network. With multi-party computation techniques, interoperability and ITS will be the next-level cryptographic solution.
The target population for this study is current ransomware target companies and identifies the cryptographic or encryption methodology used. This study will compare security frameworks, cryptographic obfuscation techniques, encryption frameworks, and the severity of ransomware attacks. Cryptographic obfuscation techniques will lead to further research in secure processing layers and the cryptography realm of edge, cloud, and Web3 infrastructures (Liang et al., 2021).
The current gaps in literature around ITS (information-theory secure) and this cryptographic methodology are around use cases and ITS architecture. More research around interoperability solutions and ITS needs to be done to identify the best methods moving forward, along with user adoption and acceptance through the Unified theory of acceptance and use of technology (Liang et al., 2021).
Augmenting Zero Trust Architecture to Endpoints Using Blockchain
Zero Trust Architecture Created by the United States Department of Defense and Defense Information Systems Agency (DISA), labeled initially “black core,” which focused on a transition away from the perimeter-based security architecture to one that emphasized the security of individual transactions (Alevizos et al., 2021). With ZTA, implicit trust in the packet transmission is not given; thus, all entities are verified, authenticated, authorized, and monitored.
Blockchain is considered a system in which a record of transactions made in bitcoin or another cryptocurrency is maintained across several computers linked in a peer-to-peer network.
Distributed Ledger Technology Distributed ledger technology is a decentralized peer-to-peer digital system for recording transactions between parties in multiple places simultaneously.
Collaborative Intrusion Detection, Referred to as Distributed Collaborative Intrusion Detection Systems (DCIDSs), can alleviate the ZTA threat vector of endpoint security.
Borderless Networks Traditionally, perimeter-based security models rely on heavily fortified defenses such as firewalls, antivirus technologies, intrusion detection systems, and web application firewalls (Alevizos et al., 2021). Borderless networks utilize cloud-based architectures and distributed networks, sometimes referred to as a borderless digital identity-based perimeter, where, according to Alevizos et al. (2021), data is at the epicenter of the security architecture.
The purpose of Zero Trust Architecture to Endpoints Using Blockchain is to defend against threat actors that are utilizing a lateral movement strategy through the network (Alevizos et al., 2021). Zero Trust Architecture, or ZTA, focuses on securing network stability at the compromised endpoint. With the Zero Trust Architecture being the sole defense mechanism, the threat vectors of a compromised endpoint can promote lateral movement. Alevizos et al. (2021), utilized a blockchain technology approach and a distributed collaborative intrusion detection system. Unfortunately, threat actors utilizing Advanced Persistent Threats (APTs) can bypass such detection systems to create an obfuscated presence in the network.
The overarching goal is to identify the potential of blockchain’s immutability, focus on the detection process, and identify open challenges to the ZTA and blockchain architectures.
One major accomplishment of this study is the focus on blockchain technologies to augment ZTA successfully onto endpoints. This is the first time in ZTA or Blockchain research that the augmentation of ZTA and the immutability of blockchain is researched.
An Overview of Information-Theoretic Security and Privacy
Information-theoretic Security A cryptosystem is information-theoretically secure if its security derives purely from information theory. Furthermore, no brute-force attack or any other attack aside from stealing the key can break the security.
Privacy A state or condition of being free from being observed or disturbed by other people.
Wiretap Channel A setting where one aims to provide information-theoretic privacy of communicated data based solely on the assumption that the channel from sender to the adversary is “noisier” than the channel from sender to receiver.
Secret Key Agreement A method of encryption, which involves the use of a single key, is used to encrypt and decrypt the information and is sometimes referred to as symmetric key cryptography.
Adversarial Models Common threat models in adversarial threat vectoring include evasion attacks, data poisoning attacks, Byzantine attacks, and malware.
The purpose of Information-Theoretic Security and this article is to identify, synthesize, and summarize the pivotal role of fundamental limits and coding techniques for secure communication system design. This study identifies and compares security metrics, secrecy, privacy, and others while applied in real communication and computing systems. Bloch et al. (2021) identify the pivotal roles of fundamental limits and code techniques for secure communication system design. With the introduction of 5G and 6G telecommunication protocols, internet of things (IoT) devices, and a host of other networks and cellular, within the next decade tens of billions of devices will be transmitting data across networks. Since the introduction of cloud, IoT, and edge computing, the higher network layered protocols will not be able to secure information flowing over systems. With the varying degree of battery, computational power and storage abilities of edge and IoT devices. It is impractical to rely solely on computational cryptographic security. A strong need for a lightweight security that is built into the mechanisms from the hardware up will provide the much needed layer of security moving forward (Bloch et al., 2021).
Information-theoretic security can be synthesized into three categories, according to Bloch et al. (2021):
Information-theoretic secrecy and privacy metrics have well-grounded crypto-graphic properties, such as the mutual information rate. Semantic security measures the ability of an adversary to infer information in secret communication setups. Maximum information leakage offers a “principled and operationally motivated way of measuring information leakage in privacy problems.”
The fundamental limits of models of ITS are to focus on communications secretly in the presence of powerful adversaries utilizing APT style attacks, with an emphasis on strategic adversaries, not passive adversaries at the historical start of ITS.
The tools and system designs of informational-theoretic secrecy.
The focus now is on the future of security and privacy, such as secure caching and private information retrieval. Federated learning, machine learning, and quantum computing are all areas that information-theoretic security.
Disruptive Innovation
Disruptive Innovation Theory According to Christensen, disruptive innovation is the process in which a smaller company, usually with fewer resources, is able to challenge an established business (often called an “incumbent”) by entering at the bottom of the market and continuing to move up-market.Nov
Disruptive innovation is a theory that focuses on small companies beating larger companies because larger companies focus on more profitable customers adding more (Christensen et al., 2015). The disruptor focuses on improvement to appeal to more people and takes over the market. Smaller companies that are innovators create new markets and reshape new markets. One of the key tenets of disruptive innovation theory is that incumbents focus on improving their products and services for their most profitable customers. While entrants successfully target those overlooked segments, gaining a foothold by delivering more sustainable functionality.
While Christensen et al. (2015) focused solely on disruptive innovation theory, the larger area of applied information-theoretic secure and zero trust architecture lends itself very well to this theory. In the case of information-theoretic secure and zero trust architecture, large data companies such as Google and Microsoft have cryptographic security issues with AES encryption methods. Big data, cloud computing, and a significant increase in internet connected devices transmitting data creates a need for both information-theoretical secure cryptographic architectures and node style computing with zero trust architectures to stop both ransomware style payload deliveries.
The disruptive innovation theory can help web3 companies come to market against larger incumbent companies specializing in centralized data and AES style cryptography. Further research is needed to identify if information-theoretic secure and zero-trust architecture can mitigate current ransomware style attack vectors (Christensen et al., 2015).
Generic Tools for Information-Theoretic Secrecy
Physical Layer Security (PLS) Physical-layer security is to exploit the physical properties of the communication channel to enhance communication security through appropriate coding and signal processing.
Channel State Information (CSI) CSI refers to the known channel properties of a communication link.
Artificial Noise (AN) Artificial noise is a wave or vibration, audible, electromagnetic, or another signal, generated by a human source.
Artificial Fast Fading (AFF) Artificial Fast Fading occurs when the coherence imposes randomness on Eve’s channel to invalidate Eve’s blind detection methods while keeping the legitimate user channels deterministic.
Cryptography and data confidentiality has been connected since the birth of computers. While the design is to prevent data loss, unauthorized access, or malicious users, many cryptographic methods need additional security measures to assure data confidentiality and security This study focuses on upper-layer encryption via Physical Layer Security or PLS (Kong et al., 2021).
The study focuses on the physical properties of wireless propagation environments and the relationships between signaling and coding mechanisms to add an additional layer. The main focus of this paper is to utilize information-theoretic security against eavesdropping attacks. Furthermore, this study focuses on artificial-noise-aided security and security diversity layers' secret key generation (Kong et al., 2021).
The Information-Theoretic Secure focus in this study is partitioned into three categories: memoryless wiretap channels, Gaussian wiretap channels, and fading wiretap channels. The result of the research focused on four models: Small-scale fading model, Large-scale, Composite, and Cascaded. The practical approaches of MG, MoG, and Fox’s H Function distributions helped simplify the analysis of security performance metrics. They helped identify the enhancement techniques deployed on Wyner’s wiretap channel model, protected zones, and the jamming approach (Kong et al., 2021).
WaterBear: Information-Theoretic Asynchronous BFT Made Practical
Asynchronous BFT A system is asynchronous and Byzantine Fault Tolerant (aBFT) when a consensus algorithm that ensures liveness of the protocol without depending on any timing assumptions, which according to Duan et al. (2022) is prudent when an adversary controls the network.
Information-Theoretic BFT Where Byzantine Fault Tolerance (BFT) is the resiliency of a fault-tolerant computer system to such conditions, information-theoretic security is defined where a cryptosystem is information-theoretically secure if its security derives purely from information theory (Duan et al., 2022). Furthermore, no brute-force attack or any other attack aside from stealing the key can break the security.
Quantum Cryptography A system that is completely secure against being compromised without the knowledge of the message sender or the receiver. It is important to note that data is impossible to copy or view that is encoded in a quantum state without alerting the sender or receiver (Duan et al., 2022).
The focus of this paper is to find a practical application method for information-theoretic Byzantine Fault Tolerance through an efficient, quantum-secure asynchronous BFT protocol. WaterBear protocol, or sometimes referred to as WaterBear-QS was developed by Duan et al. (2022) as the first practical information-theoretic asynchronous Byzantine fault-tolerant protocol which is free from failure scenarios and performance degradation. The BFT is a technique that focuses on mission-critical systems, but as Duan et al. (2022) referred to it as the current standard model for permissioned blockchains and various hybrid blockchains.
In contrast, standard Information-Theoretic Secure system architectures are approaching secure multiparty computation (MPC) to achieve fairness and guaranteed output delivery. The WaterBear and WaterBear-QS were tested within Golang. Both protocols use authenticated channels, and WaterBear- QS additionally uses a hash function. The information-theoretic BFT protocol approach resolves the issue with fault-tolerant distributed computing and cryptography. The theoretical models that are in this study by Duan et al. (2022) focus on: 1) computational security, where the adversary is restricted to probabilistic polynomial-time (PPT), and 2) Information-theoretic (IT) security, where the adversary is unbounded.
Secure Distributed Matrix Computation
Secure Distributed Matrix Computation (SDMC) Design efficient matrix computation to keep data private.
Upload Cost The amount of data that can be transmitted from the source to the server.
The purpose of this study is to design an efficient, secure distributed matrix computation (SDMC) algorithm and to focus on mitigating the potential collusion of computing servers. The related work within the cryptography community has focused on secure multi-party computation (MPC), or secure function evaluation. While SDMC and MPC are interrelated, the goal is to have no computing server learn the original data. The novel polynomial-coded computation scheme reduces the SDMM across multiple servers and overrides the collusion issue. The main focus of the study is an in-depth analysis of the large-scale matrix multiplication, which happens to be the building blocks of machine learning and signal processing algorithms used in cryptographic safeguards (Mital et al., 2022).
Intelligent Zero Trust Architecture for 5G/6G Networks
Intelligent Zero Trust Architecture (i-ZTA) A framework for 5G/6G networks with untrusted components.
Software-defined Networking (SDN) A key area of 5G networks utilizing virtualization network architecture.
Service-based Architectures (SBA) The Service Based Architecture in 5G Core is a flat architecture that separates control pain functions from user plane functions.
The focus of Ramezanpour & Jagannath’s (2022) study is on intelligent zero-trust architecture applications on a 5G/6G network. Novel research was given on designing machine learning components to assist in intelligent zero-trust architecture across networks. Real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components (Ramezanpour & Jagannath, 2022).
Security of Zero Trust Networks in Cloud Computing
Zero Trust is a Strategic approach to cybersecurity that focuses on the elimination of implicit trust and requires validation at every level of digital interaction.
Cloud Security Security measures are designed to protect cloud-based infrastructure, applications, and data.
Zero-Trust Cloud Networks Zero Trust is an IT security model that eliminates the notion of trust to protect networks, applications, and data in a cloud-network environment.
The purpose of this study is to focus on Zero Trust Networks in Cloud Computing to further harden security infrastructures from advanced persistent threats (APT), exploits, and the over-reliance on third-party applications which produce another threat vector. Cloud computing offers flexibility, cost savings, and security. According to Sarkar et al. (2022), the National Security Agency recommends the Zero-Trust mindset:
(a) Coordinated management and monitoring of the system as well as its defensive
capabilities;
(b) Assume all requests for critical resources and network traffic to be malicious;
(c) Assume that the network infrastructure and devices are already compromised;
(d) Assume all approvals for critical resources as risky and be prepared to perform
damage control and recovery operations.
The origin of trust evaluation as a precursor to zero trust is emphasized in the research. This article also focuses on the specific changes that a pre-existing cloud network can undertake to migrate to a ZTA and focuses on the security issues related. While ZTA has significant strategic and security effects on cloud computing as a whole, more research is needed in the implementation and execution of ZTA to existing cloud computing infrastructures (Sarkar et al., 2022).
Quantum Safe Zero Trust Deterministic Internet of Things
Deterministic Threat vectors and APTs will always be prevalent.
Internet of Things Network of physical objects, such as sensors, software, and other technologies that exchange data over the internet.
Quantum computing Computer-based technologies centered around the principles of quantum theory.
Software Defined Networking (SDN) Networking approach that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network.
Industrial Internet of Things (IIoT) Industrial is a centric network of physical objects, such as sensors, software, and other technologies that exchange data over the internet.
The control of critical infrastructure by the next-generation Internet of Things (IoT) is already taking a significant hold to power all areas of industrial and transportation infrastructure. The focus of this paper is to improve cyber security through a boost in deterministic IoT with a defined quality of service that is centralized. D-flows and links according to Szymanski (2022), significantly boost cyber security resilience, particularly from nation-state threat actors. Supporting a zero trust architecture (ZTA), this paper focuses on five distinct topics within the next generation of IoT:
Deterministic Communications
Post Quantum Cryptography
Zero Trust Architectures
Access Control Systems
Intrusion Detection Systems,
In conclusion, this study found that the logically centralized SDN control plan with D-flow and link utilization can significantly harden the cybersecurity of IoT devices. Some of the more common cyber attacks on critical infrastructure include DDOS, spoofing, phishing, spear phishing, MITM, replay, recon (harvest and decrypt), and malware attacks with code executions (Szymanski, 2022).
A Secure Processing Layer for Web3
Web3 The next iteration of the world wide web, where concepts of decentralization, blockchain technologies, and token based economies are prevalent.
Information-theoretic secrecy authentication leads to further work by Liang et al. (2021) and Vega et al. (2022) in research in ITS protocols on the decentralized node network. With multi-party computation techniques, interoperability and ITS will be the next-level cryptographic solution. The target population for this study is current ransomware target companies and identifies the cryptographic or encryption methodology used. This study will compare security frameworks, cryptographic obfuscation techniques, encryption frameworks, and the severity of ransomware attacks. Cryptographic obfuscation techniques will lead to further research in secure processing layers and the cryptography realm of edge, cloud, and Web3 infrastructures (Vega et al, 2022).
Novel Logistics Scheme Based on Zero-Trust Model
Security Attribute-based Dynamic Access Control (SADAC) Is an access control mechanism that can secure communication networks and services.
The focus of the Novel Logistics Scheme Based on Zero-Trust Modeling is that big data and cloud computing need an additional layer of trust. The Zero-trust model is one that needs to be applied to managing network boundary access behavior. This blockchain style concept uses domestic chains to activate nodes. The solution Want et al. (2022) discovered a new security border that protects user privacy.
Disruptive Innovation Theory
Disruptive Innovation Theory describes where a smaller company with fewer resources is able to successfully challenge an established incumbent business.
The critical construct for the security of a secure processing layer for data transmission is the disruptive innovation theory. Disruptive innovation theory predicts when an “entrant that proves disruptive begins by successfully targeting those overlooked segments, gaining a foothold by delivering a more-suitable functionality” (Dan & Chieh, 2008). One of the key pillars of data encryption is Advanced Encryption Standards (AES) cryptography. With the increase in connections via blockchain nodes, decentralized nodes, the Internet of Things, edge computing, and cloud computing, AES cryptographic standards consume a tremendous amount of power and require security keys to both encrypt and decrypt data. The main goal of disruption describes where a smaller company with fewer resources is able to successfully challenge an established incumbent business (Yu Dan & Hang Chang Chieh, 2008).
Application to Research Statement and Relevance to Topic
Security of data and secure processing above AES encryption is one of the world's greatest challenges. With encryption techniques in current use, there is always a key and always a threat vector. The need for a more robust cryptographic solution is needed. The increase in ransomware and malware-style attacks on databases is increasing significantly every year (Vega et al., 2022). Further research is required to identify if Information-Theory Secure, or ITS, is a feasible solution for encryption-less encryption cryptography to protect databases (Vega et al., 2022).
The critical construct for the security of a secure processing layer for data transmission is the disruptive innovation theory (Christensen et al., 2015; Liang et al., 2021). Disruptive innovation theory predicts when an “entrant that proves disruptive begins by successfully targeting those overlooked segments, gaining a foothold by delivering a more-suitable functionality” (Dan & Chieh, 2008). One of the key pillars of data encryption is Advanced Encryption Standards (AES) cryptography. With the increase in connections via blockchain nodes, decentralized nodes, the Internet of Things, edge computing, and cloud computing, AES cryptographic standards consume a tremendous amount of power and require security keys to both encrypt and decrypt data.
Topic Definition Statement
Security of data and secure processing above AES encryption is one of the world's most significant challenges. With encryption techniques in current use, there is always a key and always a threat vector. The need for a more robust cryptographic solution is needed. The increase in ransomware and malware-style attacks on databases is increasing significantly every year (Vega et al., 2022). Further research is required to identify if Information-Theory Secure, or ITS, is a feasible solution for encryption-less encryption cryptography to protect databases (Vega et al., 2022).
Identify key constructs or theoretical foundations.
The critical construct for the security of a secure processing layer for data transmission is the disruptive innovation theory (Christensen et al., 2015; Liang et al., 2021). Disruptive innovation theory predicts when an “entrant that proves disruptive begin by successfully targeting those overlooked segments, gaining a foothold by delivering a more-suitable functionality” (Dan & Chieh, 2008). One of the key pillars of data encryption is Advanced Encryption Standards (AES) cryptography. With the increase in connections via blockchain nodes, decentralized nodes, the Internet of Things, edge computing, and cloud computing, AES cryptographic standards consume a tremendous amount of power and require security keys to both encrypt and decrypt data.
Research Problem
Ransomware attacks, data leaks, and the vast expanse of threat vectors identify a need for data security now more than ever. Recent advances in Advanced Encryption Standards (AES) Cryptography have led to new innovations in Low-Power AES data encryption, typically used in IoT, cloud computing, and mobile devices. Any mathematically-based cryptographic data security tools will always have a key that needs to be mathematically accessed, thus, will always have the potential to be unlocked. Cryptographic mathematics leaves many encryption methods, including AES, at significant risk. In a study by Chong & Kaffe (2020), side-channel attacks on AES-128 and recovery of the cipher key are possible with an overall prediction accuracy of 35%, which is more than sufficient to retrieve the entire cipher key.
Research Problem Background
The secure processing layer of encryption-less encryption uses the information-theoretic secure protocol. ITS protocols always have information that is decentralized. A secure processing layer for Web3 is grounded in the information-theoretic secure framework (Vega et al., 2022). With disruptive innovation theory at its heart, this stands to be the next-level cryptographic obfuscation technique. With multi-party computation techniques, interoperability and ITS will be the next-level cryptographic solution. The target population for this study is current ransomware target companies and identifies the cryptographic or encryption methodology used. This study will compare security frameworks, cryptographic obfuscation techniques, encryption frameworks, and the severity of ransomware attacks. Cryptographic obfuscation techniques will lead to further research in secure processing layers and will further the cryptography realm of edge, cloud, and Web3 infrastructures (Liang et al., 2021).
The current gaps in literature around ITS (information-theory secure) and this cryptographic methodology are around use cases and ITS architecture. More research around interoperability solutions and ITS needs to be done to identify the best methods moving forward, along with user adoption and acceptance through the Unified theory of acceptance and use of technology (Liang et al., 2021).
Research Questions
Does the usage of information theory secure throughout the organizational database architecture reduce ransomware payload delivery threat vectors?
What levels of interoperability issues will organizations see from utilizing a ITS framework?
Method
Research Purpose
The purpose of this research is to gather information on how to provide post-quantum security in secure messages and data transmissions. Exploring the theoretical ideas and identifying use cases is of prime importance in the merging of information-theoretic secure and zero-trust architectures. At the end of this research, we should be able to identify use cases with ITS and ZTA and how to implement a possible solution to the scaling and privacy issues of decentralized computing and secure communications. The adoption and use of Zero Trust Architecture and Information Theoretic Secure cryptography will have a positive impact on data security, computing, and business development.
In a world of ransomware attacks and threat vectors expanding past the standard computer to data server attack surface, these post-quantum-proof cryptographic technologies can have a significant impact on the world. Ransomware attacks, data leaks, and the vast expanse of threat vectors identify a need for data security now more than ever. Recent advances in Advanced Encryption Standards (AES) Cryptography have led to new innovations in Low-Power AES data encryption, typically used in IoT, cloud computing, and mobile devices (Liang et al., 2021).
Any mathematically-based cryptographic data security tools will always have a key that needs to be mathematically accessed, thus, will always have the potential to be unlocked. Cryptographic mathematics leaves many encryption methods, including AES, at significant risk. In a study by Chong & Kaffe (2020), side-channel attacks on AES-128 and recovery of the cipher key are possible with an overall prediction accuracy of 35%, which is more than sufficient to retrieve the entire cipher key.
Methods: ITS, ZTA, and Disruptive Innovation Theory
The present research used a quantitative regression model to explore if a significant relationship exists between the use of Information-Theoretic Secure and Zero Trust Architecture having a positive effect on defending against ransomware attacks and data-style breaches in both real-world and controlled environments.
Another variable we will study is the link between ITS and ZTA usage with disruptive innovation theory. The critical construct for the security of a secure processing layer for data transmission is the disruptive innovation theory. Disruptive innovation theory predicts when an “entrant that proves disruptive begins by successfully targeting those overlooked segments, gaining a foothold by delivering a more-suitable functionality” (Dan & Chieh, 2008). One of the key pillars of data encryption is Advanced Encryption Standards (AES) cryptography. With the increase in connections via blockchain nodes, decentralized nodes, the Internet of Things, edge computing, and cloud computing, AES cryptographic standards consume a tremendous amount of power and require security keys to both encrypt and decrypt data. The main goal of disruption describes where a smaller company with fewer resources can successfully challenge an established incumbent business (Yu Dan & Hang Chang Chieh, 2008).
This study selected a quantitative regression research design focused on identifying a correlation coefficient (r) between post-quantum cryptographic methods and defense against ransomware payload cyber attacks. The value of r will have a range of -1 to 1, where zero indicates no relationship (Sasso, 2021). The correlation may have a spurious relationship, where post-quantum cryptographic methods may act as a defense against ransomware attacks. Still, the connection between ransomware and post-quantum cryptographic methods usage is not dependent on one another since over 99% of data utilizes encryption technologies and techniques such as AES. These cryptographic methods are encryption based, which is rooted in having a single mathematical key, which in its fabric is not completely secure.
This study will focus on post-ransomware breach analysis and identification of the security measures in place at the time of the breach. Post-quantum cryptographic tools are in use within the security industry, enabling us to forensically identify the security measures during the ransomware breach (Report Ransomware | CISA, 2022). Forensic identifiable traits will include: a) the type of security measures in place, b) cyber threat intelligence utilized, c) security architecture, d) industry type, e) lateral movement through the network (e.g., where, if known, did the breach or payload delivery occur), f) type of malware, payload delivery system, and obfuscation techniques used, and g) coding stack used within the malware (e.g., Python, Rust, Go, etc.).
The link between secure post-quantum cryptography and ransomware defense can be found in the research of ITS secrecy authentication, leading to further work by Liang et al. (2021) and Vega et al. (2022) in research in ITS protocols on the decentralized node network. With multi-party computation techniques, interoperability and ITS will be the next-level cryptographic solution. The target population for this study is current ransomware target companies and identifies the cryptographic or encryption methodology used. This study will compare security frameworks, cryptographic obfuscation techniques, encryption frameworks, and the severity of ransomware attacks. Cryptographic obfuscation techniques will lead to further research in secure processing layers and the cryptography realm of edge, cloud, and Web3 infrastructures (Vega et al., 2022).
Populations
The population for this study on post-quantum cryptography will be across all industries. Industries will include manufacturing, production, industry, construction, agriculture, marketing, education, technology, trade, industrial, and government entities. The populations chosen are directly related to both critical infrastructure and the current top 5 targets of ransomware targets. According to a CISA 2022 report, ransomware cost $20 billion in 2021, and 37% of all businesses and organizations were hit with successful ransomware attacks. These attacks were not centric to one industry, so the population chosen for this study is across multiple industries that have increased use of post-quantum encryption methods, such as Zero Trust Architecture and Information-Theoretic Secure.
Participants will be contacted through initial surveys to identify the security measures, the type of ransomware attack, the industry type, and the confirmation of Zero Trust Architecture or ITS-style post-quantum encryption methods. A random selection of participants will be identified according to the industry types above. Analysis of the security measures will play a key role in forensically determining whether ITS and ZTA have a positive impact on preventing or mitigating ransomware attacks. The data collection instruments, procedures, and sampling strategies will not change once this study begins.
Ethics
In this post-quantum cryptographic study, ethics will receive concentrated attention from the Independent Review Board (IRB). There is no risk of harm to participants in this study. Company data and privileged information will be kept confidential and only within the scope of this study. We will obtain informed consent from each participating company, NGO, or government entity to publish research. Obfuscation techniques will shield companies from any leak in security architectures, ransomware payouts, and company reputation protection, thus maintaining anonymity and confidentiality. We will avoid deceptive practices and focus on the quantitative regression model, surveying participants, and following best practices by providing each company, NGO, or governmental organization with the right to withdraw.
Synthesis
With ransomware affecting over 35% of businesses worldwide (CISA, 2022), the secure processing layer of encryption-less encryption utilizing the information-theoretic secure protocol and Zero Trust Architecture may serve as a multi-industry defense and response to this specific attack vector, along with other malicious cyber attack payloads. ITS protocols always have decentralized information, which enables a layer of security that is post-quantum proof, meaning that even a quantum computer cannot compute via brute force through the ITS protocols.
A secure processing layer for Web3 is grounded in the information-theoretic secure framework (Vega et al., 2022). With disruptive innovation theory at its heart, this stands to be the next-level cryptographic obfuscation technique. With multi-party computation techniques, interoperability and ITS will be the next-level cryptographic solution. The target population for this study is current ransomware target companies and identifies the cryptographic or encryption methodology used. This study will compare security frameworks, cryptographic obfuscation techniques, encryption frameworks, and the severity of ransomware attacks. Cryptographic obfuscation techniques will lead to further research in secure processing layers and will further the cryptography realm of edge, cloud, and Web3 infrastructures (Liang et al., 2021).
The primary target population for this study is current ransomware target companies and identifies the cryptographic or encryption methodology used. This study will compare security frameworks, cryptographic obfuscation techniques, encryption frameworks, and the severity of ransomware attacks. Cryptographic obfuscation techniques will lead to further research in secure processing layers and the cryptography realm of edge, cloud, and Web3 infrastructures (Vega et al., 2022).
The quantitative regression research design focused on identifying a correlation coefficient (r) between post-quantum cryptographic methods and defense against ransomware payload cyber attacks with a forensic context. The value of r will have a range of -1 to 1, where zero indicates no relationship (Sasso, 2021). The correlation may have a spurious relationship, where post-quantum cryptographic methods may act as a defense against ransomware attacks. Still, the connection between ransomware and post-quantum cryptographic methods usage is not dependent on one another since over 99% of data utilizes encryption technologies and techniques such as AES.
These cryptographic methods are encryption based, which is rooted in having a single mathematical key, which in its fabric is not completely secure. The regression analysis tool chosen will be R. R is ‘GNU S’, a freely available language and environment for statistical computing and graphics which provides a wide variety of statistical and graphical techniques: linear and nonlinear modeling, statistical tests, time series analysis, classification, clustering, and regression modeling (The Comprehensive R Archive Network, 2022).
This study will focus on post-ransomware breach analysis and identification of the security measures in place at the time of the breach. Post-quantum cryptographic tools are used within the security industry, enabling us to forensically identify the security measures during the ransomware breach (Report Ransomware | CISA, 2022). Forensic identifiable traits will include: a) the type of security measures in place, b) cyber threat intelligence utilized, c) security architecture, d) industry type, e) lateral movement through the network (e.g., where, if known, did the breach or payload delivery occur), f) type of malware, payload delivery system, and obfuscation techniques used, and g) coding stack used within the malware (e.g., Python, Rust, Go, etc.).
Conclusion
According to Papakonstantinou et al. (2021), the Zero Trust paradigm is applied in which all humans, hardware, and processes interacting with the system are considered to pose a security risk. The correlation between Zero Trust Architecture and the security of nuclear facilities was found through a calculation of security-related probability estimates, which is dependent on the current global security environment. Subsequently, security and safety probability estimates are combined to present an overall safety-security risk calculation using hybrid safety-security trees. The risk values help designers assess the loss of specific key components and safety functions. The methodology is demonstrated with a case study of a spent fuel pool cooling system in a nuclear reactor (Papakonstantinou et al., 2021).
References
Alevizos, L., Ta, V. T., & Hashem Eiza, M. (2021). Augmenting zero trust architecture to endpoints using blockchain: A state‐of‐the‐art review. Security and Privacy. https://doi.org/10.1002/spy2.191
Ameer, S., Gupta, M., Bhatt, S., & Sandhu, R. (2022, June). BlueSky: Towards Convergence of Zero Trust Principles and Score-Based Authorization for IoT Enabled Smart Systems. In Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies (pp. 235-244).
Bertino, E. (2021). Zero trust architecture: Does it help?. IEEE Security & Privacy, 19(05), 95-96.
bluez | Kali Linux Tools. (2022, October 29). Kali Linux. https://www.kali.org/tools/bluez/
Bloch, M., Gunlu, O., Yener, A., Oggier, F., Poor, H. V., Sankar, L., & Schaefer, R. F. (2021). An Overview of Information-Theoretic Security and Privacy: Metrics, Limits and Applications. IEEE Journal on Selected Areas in Information Theory, 2(1), 5–22. https://doi.org/10.1109/jsait.2021.3062755
Christensen, C. M., Raynor, M. E., & McDonald, R. (2015, December). What Is Disruptive Innovation? Harvard Business Review; Harvard Business Review. https://hbr.org/2015/12/what-is-disruptive-innovation
Cybersecurity Maturity Model Certification (CMMC). (2022, October 1). Www.acq.osd.mil. https://www.acq.osd.mil/cmmc/
Duan, S., Zhang, H., & Zhao, B. (2022). WaterBear: Information-Theoretic Asynchronous BFT Made Practical. https://web.archive.org/web/20220108154429id_/https://eprint.iacr.org/2022/021.pdf
Hopp, C., Antons, D., Kaminski, J., & Oliver Salge, T. (2018). Disruptive innovation: Conceptual foundations, empirical evidence, and research opportunities in the digital age. Journal of Product Innovation Management, 35(3), 446-457.
Hosney, E. S., Halim, I. T. A., & Yousef, A. H. (2022, March). An Artificial Intelligence Approach for Deploying Zero Trust Architecture (ZTA). In 2022 5th International Conference on Computing and Informatics (ICCI) (pp. 343-350). IEEE.
Kerman, A., Borchert, O., Rose, S., & Tan, A. (2020). Implementing a zero trust architecture. National Institute of Standards and Technology, 2020, 17-17.
Kong, L., Ai, Y., Lei, L., Kaddoum, G., Chatzinotas, S., & Ottersten, B. (2021). An overview of generic tools for information-theoretic secrecy performance analysis over wiretap fading channels. EURASIP Journal on Wireless Communications and Networking, 2021(1). https://doi.org/10.1186/s13638-021-02065-4
Kumaraswamy, A., Garud, R., & Ansari, S. (2018). Perspectives on disruptive innovations. Journal of Management Studies, 55(7), 1025-1042.
Liang, C., Zhang, Q., Ma, J., & Li, K. (2019). Research on neural network chaotic encryption algorithms in wireless network security communication. EURASIP Journal on Wireless Communications and Networking, 2019(1), 1-10.
Mital, N., Ling, C., & Gündüz, D. (2022). Secure Distributed Matrix Computation With Discrete Fourier Transform. IEEE Transactions on Information Theory, 68(7), 4666–4680. https://doi.org/10.1109/TIT.2022.3158868
Papakonstantinou, N., Van Bossuyt, D. L., Linnosmaa, J., Hale, B., & O’Halloran, B. (2021). A Zero Trust Hybrid Security and Safety Risk Analysis Method. Journal of Computing and Information Science in Engineering, 1–26. https://doi.org/10.1115/1.4050685
Ramezanpour, K., & Jagannath, J. (2022). Intelligent zero trust architecture for 5G/6G networks: Principles, challenges, and the role of machine learning in the context of O-RAN. Computer Networks, 6(56), 109358. https://doi.org/10.1016/j.comnet.2022.109358
Ready.gov. (2019). Business Continuity Plan | Ready.gov. Ready.gov. https://www.ready.gov/business-continuity-plan
Report Ransomware | CISA. (n.d.). Www.cisa.gov. https://www.cisa.gov/stopransomware/report-ransomware-0
Sasso, M. D. (2021). LibGuides: Quantitative Research Methods: Regression and Correlation. Guides.library.duq.edu. https://guides.library.duq.edu/c.php?g=844215&p=6035786
Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., & Kim, H. (2022). Security of Zero Trust Networks in Cloud Computing: A Comparative Review. Sustainability, 14(18), 11213. https://doi.org/10.3390/su141811213
Si, S., & Chen, H. (2020). A literature review of disruptive innovation: What it is, how it works and where it goes. Journal of Engineering and Technology Management, 56, 101568.
Software Deployment Tools, Technique T1072 - Enterprise | MITRE ATT&CK®. (2022, October 1). Attack.mitre.org. https://attack.mitre.org/techniques/T1072/
Szymanski, T. H. (2022). The “Cyber Security via Determinism” Paradigm for a Quantum Safe Zero Trust Deterministic Internet of Things (IoT). IEEE Access, 10, 45893–45930. https://doi.org/10.1109/access.2022.3169137
Taherdoost, H. (2022). Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. Electronics, 11(14), 2181. https://doi.org/10.3390/electronics11142181
Techniques - Mobile | MITRE ATT&CK®. (2022, November 15). Attack.mitre.org. https://attack.mitre.org/techniques/mobile/
The Comprehensive R Archive Network. (2022, November 18). Lib.stat.cmu.edu. http://lib.stat.cmu.edu/R/CRAN/
Vega, M. de, Masanto, A., Leslie, R., Yeoh, A., Page, A., & Litre, T. (2022). A Secure Processing Layer for Web3 [PDF].
Wang, H., Ou, W., & Han, W. (2022). A Novel Logistics Scheme Based on Zero-Trust Model. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 203–215. https://doi.org/10.1007/978-3-031-17081-2_13
Wang, J., Chen, J., Xiong, N., Alfarraj, O., Tolba, A., & Ren, Y. (2022). S-BDS: An effective blockchain-based data storage scheme in zero-trust IoT. ACM Transactions on Internet Technology.
Post Quantum Cryptography and Offensive Cyber Security LinkedIn Post
#blockchain #cybersecurity #solidity #cryptographicarchitecture