Equifax Data Breach and its Impact
Question:
Discuss about the Experimental Quantum Key Distribution.
On September 2017, Equifax has declared an incident of one of the largest cyber security in the history of cyber crime. Equifax is considered to be one of the three nationwide companies of credit reporting, which rates and track financial history of the consumers of U.S. Equifax serves the companies with data regarding the loans, payments of loan, and also details of credit cards and much more (Miller, 2018). Equifax reported that the unauthorized data breach took place in the mid of May and continued up to July 2017. The data breach was disclosed on 29th July. The information that was breached was mostly PII (Personally Identifiable Information) that included names, SSN (Social Security Numbers), Addresses, Birth Dates, and in some of the cases, the driver license was also access by the attackers. The attackers stole almost about 209,000 numbers of credit card details and almost 182,000 people’s dispute documents were stolen along with PII. The data breach took place mostly in U.K. and Canada.
The details of the data breach that was released by the company, which had key facts such as:
- The website application of U.S. was mostly exploited by all the criminals so that they can access the files from their system.
- The company also stated that there is no proper evidence of the unauthorized activity on commercial credit or consumer reporting database.
- Recommendations are provided by the company for conduction such assessment in the following steps.
The data breach of Equifax aware all their customers in the company. In other data breach, people are not aware of the data breach that took place (Hedley & Jacobs, 2017). All the data like banks, lenders, retailers, credit card companies, and many more reports credit activity of a particular individual to credit the agencies that are reporting and purchase public records also. Equifax also pay attention to mail notices to all the people who were victims of the attack and to those person whose details of credit card and dispute documents were stolen in the data breach.
There are certain rules or principles that the consumers can follow to protect their details of credit cards (Larcker, Reiss & Tayan, 2017). The customers can protect their credit details from all identity theft by many ways. Four ways to protect the credit line of the customers are: credit freezes, credit monitoring, identity theft protection, and fraud alerts.
- Credit freezes- The work of credit freeze is to freeze the credit report. To make the customer account credit freeze means that any creditors that are potential cannot get access to the credit report that makes less likely to be open to identity theft. By credit freeze, the identity thief cannot open any new accounts by the name of the customer. The new lines of credit is generally blocked by credit freeze and also protects the attackers to see the credit reports (O’Brien, 2017). The mortgage leader or the credit card company known as potential creditors cannot access the credit report if the accounts are in a freeze state. This helps the customer to keep their accounts safe from identity theft and helps to keep the account safe.
- Fraud alerts- Fraud alert is another way to stop the credits from data breach. When some intruder wants to take credit by the mane of the victim, an alert regarding the credit is sent to the victim about the credit that is to take place or might have taken place. Fraud alerts shows an individual that the credit is taken by the customer itself, and not by any other attacker or intruder. Fraud alerts are to be renewed in an interval of 90 days.
- Credit monitoring- All the changes that are related to credit can be monitored by credit monitoring (Janakiraman, Lim & Rishika, 2018). The changes that are done with the credit reports are generally tracked using the credit monitoring that includes a loan or a new credit card. All the suspicious activities can be detected by credit monitoring.
- Identity protection- The identity theft protection generally provides monitoring for credit file at more than one credit agencies reporting as well as credit score from one agency or more than one agency (Mathews, 2017). The services that are included in theft includes the alerts that the customers receives on their PII. With identity protection, there is less possibility of data theft that may arise in a company. Restoration service are provided by protecting the identity theft that helps the victims to solve the issues that are related to identity theft.
QKD (Quantum Key Distribution) is known for its secure communication process that implements a protocol for cryptography that involves the components of general quantum mechanics. QKD helps two parties with a common secret key that is produced and is known only to both of them. This secret key is used to decrypt and encrypt all the messages that are transferred between them (Korzh et al., 2015). The secret key that is transferred and is kept secret in between two parties is known as quantum cryptography. There are many unique property of quantum key distribution. One of the most unique and important property of QKD is that it has the ability to establish communication in between two user as well as detect if any other third party intrude in between the communication trying to access the knowledge regarding the key. The mechanism of quantum key depends on the aspect of the quantum mechanics, which describes the process of measuring a system disturbs the whole system. When an intruder tries to eavesdrop the secret key, then it can detect the anomaly has occurred. There are three processes by which eavesdropping in a communication system can be detected. The processes are quantum entanglement, quantum superpositions, and transmitting the information through quantum states. If the eavesdropping level is below of a particular threshold, there will is a guaranteed key production that is kept secured.
Ways to Protect Yourself from Identity Theft
The quantum key distribution has a security that has fundamental characteristics with the quantum mechanics, which states measuring the quantum system actually disturbs the whole system (Lo, Curty & Tamaki, 2014). So, the quantum challenge is intercepted with the eavesdropper that will inevitably keep a trace that is detectable. The exchanging parties has the ability to decide whether to reduce all the information that are available with the eavesdropper or to discard the information that are corrupted. The implementation of QKD typically has some components in it. The components are information leakage that are potential and errors information leakage are removed by subsequent correction of error, and a post-processing amplification steps that are generally kept private, with the two parties sharing the secret key only in between them. A free-space quantum or a fiber quantum channel is generally sent to the quantum states between both the transmitter and receiver. The channel of fiber quantum is not to be kept secured. The communication link that is shared in between the two parties so that the post-processing steps can be performed should be authenticated. The link also should be distilled and should be kept in secret with the correct information (Comandar et al., 2016). The protocol of key exchange generally exploits the properties of quantum so that they can ensure the security for detecting the errors or the eavesdropping to take place. The protocol of key exchange also calculates the required amount of information that can be intercepted or is lost. The potential information or the erroneous information leakage are usually removed during the subsequent post processing privacy amplification step or error correction method (Yin et al., 2016). This enables the transmitter as well as the receiver to share a common key that is known only to them.
The commercial systems that are currently used are generally aimed at corporations and governments along with security requirements (Tang et al., 2014). The key distribution that are sent by courier are used in traditional scheme of key distribution that cannot offer sure guarantee. The advantage of using the protocol of key distribution is that the distance in not limited intrinsically and irrespective of the long distance travelling time, the rate of transfer is very high because of the portable devices of storage available having a large capacity space (Leverrier, 2015). The main difference between the quantum distribution of key and the traditional distribution of key is that QKD has the ability for detecting any type of interception key. However, the traditional method of key distribution cannot prove or test the interception key (Vallone et al., 2014). The QKD has the advantage of having an automatic key distribution, along with some greater reliability and the operating cost is also low as compared to the traditional key distribution method.
There are some disadvantages as well for using the QKD. In spite of having a high security with the interception key, QKD has huge equipment cost and also lack in demonstrated threat to all the protocols of key exchange. The networks of optic fiber those are present in many of the companies usually shares a infrastructure that is more in use (Takesue et al., 2015). In order to address the issues that are involved in quantum cryptography, a specification group known as ISG was set up in ETSI (European Telecommunication Standard Institute). European Metrology Research Programme that measures the characteristics of optical components of the QKD system developed a research program regarding the metrology of the industrial communication.
The four types of popular firewalls that are discussed in this section are packet filtering firewalls, firewall at circuit-level, application level firewall, and firewalls of stateful inspection.
Protocols of Key Exchange and the Advantages of Quantum Cryptography
Packet filtering firewalls: Packet filtering is basically a control access to the network in order to analyze the outgoing packets as well as incoming packets and then let the packets to pass or halt considering the IP address related to destination and the source of the transfer. Among many techniques of secure firewalls, packet filtering is one of the filtering, which has some basic block of security network. Packet filtering is a technique or a tool that has an instrument for accomplishing a particular task (Ali, Darwish & Guirguis, 2015). Packet filtering is a original firewall that usually operates as inline at the junction points that has devices as switches and routers for completing their works. The cost of implementing packet filtering is very low. The packet filtering does not provide route packets. The packet filtering compares all the packet of data received, such as packet type, IP address, and port number, that are set to establish. The firewall of packet filtering is generally flagged as a troublesome firewall filtering. So, nowadays packet filtering is not used much and are on the way to exist.
Circuit gateways firewall: A firewall of circuit gateway is generally a firewall, which provides the UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) to establish a connection security and generally works in between all the layers of OSI (Open System Interconnection) network model transport and the entire application layer including the session layer (Hager et al., 2014). The process of handshaking process usually monitors the TCP packets of data and all the sessions are fulfilled that satisfies the policies and rules in circuit gateways. The TCP handshake is a best way to establish a network in between the remote host and the local host. The TCP handshake protocol helps to determine whether a connection established is legitimate or not. The packets are not inspected by the TCP themselves. The Circuit gateway firewall inspects them.
Stateful Inspection: Stateful inspection firewall is also known by another name, dynamic packet filtering. The firewall of packet filtering is a technology that generally monitors the active state connections and also uses the information for determining the packets of network so that they can be allowed through firewall. The older technology of firewall protection is largely replaced by the stateful inspection (Han et al., 2016). The headers that are included in the packets are generally checked. The stateful inspection helps to analyze the packets of data to application layer. Each of the packets are not only examined by the stateful firewall, but also helps to keep the track whether the packet is a section of the TCP session. The packet filtering offers a great toll on the performance of the network. This firewall is a multilayer firewall that considers the transaction flow of processes across different layers in the seven-layer protocol.
Application-level gateway protocol: The application gateway protocol normally provides a communication of network system with a high level of security. When the sender requests for a server resource access including the web pages, databases, and files, the sender is firstly connected to a proxy server and then a connection is established with main server. The gateway application firewall resides on the server and client firewall (Giannakou et al., 2016). The server proxy generally hides the IP address and all other information that are on the client side. The internal system of the computer can communicate the external system by the use of firewall protection. The external system and the application gateway can function the information and knowledge of the client on IP address of the proxy server. The application server is normally known as proxy server and can also be referred to as the proxy firewall that combines the attributes of the packet filtering firewall in the circuit-level gateway. The filter packets are not according to service they intend to do as specified by destination port, but certain other characteristics are also server different HTTP request string. The gateways, which helps to filter application layer can provide the required data security, the network performance can also be affected.
References
Ali, A. A., Darwish, S. M., & Guirguis, S. K. (2015). An approach for improving performance of a packet filtering firewall based on fuzzy petri net. Journal of Advances in Computer Networks, 3(1), 67-74.
Comandar, L. C., Lucamarini, M., Fröhlich, B., Dynes, J. F., Sharpe, A. W., Tam, S. B., … & Shields, A. J. (2016). Quantum key distribution without detector vulnerabilities using optically seeded lasers. Nature Photonics, 10(5), 312.
Giannakou, A., Rilling, L., Pazat, J. L., & Morin, C. (2016, December). AL-SAFE: A Secure Self-Adaptable Application-Level Firewall for IaaS Clouds. In Cloud Computing Technology and Science (CloudCom), 2016 IEEE International Conference on (pp. 383-390). IEEE.
Hager, S., Winkler, F., Scheuermann, B., & Reinhardt, K. (2014, September). MPFC: Massively parallel firewall circuits. In Local Computer Networks (LCN), 2014 IEEE 39th Conference on (pp. 305-313). IEEE.
Han, W., Hu, H., Zhao, Z., Doupé, A., Ahn, G. J., Wang, K. C., & Deng, J. (2016, June). State-aware network access management for software-defined networks. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (pp. 1-11). ACM.
Hedley, D., & Jacobs, M. (2017). The shape of things to come: the Equifax breach, the GDPR and open-source security. Computer Fraud & Security, 2017(11), 5-7.
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The Effect of Data Breach Announcement on Customer Behavior: Evidence from a Multichannel Retailer. Journal of Marketing.
Korzh, B., Lim, C. C. W., Houlmann, R., Gisin, N., Li, M. J., Nolan, D., … & Zbinden, H. (2015). Provably secure and practical quantum key distribution over 307 km of optical fibre. Nature Photonics, 9(3), 163.
Larcker, D., Reiss, P., & Tayan, B. (2017). Critical Update Needed: Cybersecurity Expertise in the Boardroom.
Leverrier, A. (2015). Composable security proof for continuous-variable quantum key distribution with coherent states. Physical review letters, 114(7), 070501.
Lo, H. K., Curty, M., & Tamaki, K. (2014). Secure quantum key distribution. Nature Photonics, 8(8), 595.
Mathews, L. (2017). Equifax Data Breach Impacts 143 Million Americans. Forbes. Last modified September, 7.
Miller, L. (2018). Cybersecurity Insurance: Incentive Alignment Solution to Weak Corporate Data Protection.
O’Brien, S. A. (2017). Giant Equifax data breach: 143 million people could be affected. CNN Tech.
Takesue, H., Sasaki, T., Tamaki, K., & Koashi, M. (2015). Experimental quantum key distribution without monitoring signal disturbance. Nature Photonics, 9(12), 827.
Tang, Z., Liao, Z., Xu, F., Qi, B., Qian, L., & Lo, H. K. (2014). Experimental demonstration of polarization encoding measurement-device-independent quantum key distribution. Physical review letters, 112(19), 190503.
Vallone, G., D’Ambrosio, V., Sponselli, A., Slussarenko, S., Marrucci, L., Sciarrino, F., & Villoresi, P. (2014). Free-space quantum key distribution by rotation-invariant twisted photons. Physical review letters, 113(6), 060503.
Yin, H. L., Chen, T. Y., Yu, Z. W., Liu, H., You, L. X., Zhou, Y. H., … & Chen, H. (2016). Measurement-device-independent quantum key distribution over a 404 km optical fiber. Physical review letters, 117(19), 190501.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
