Question

Company X has recruited a recent Harvard Computer Science graduate, Todd Johnsom, to improve its Information...

Company X has recruited a recent Harvard Computer Science graduate, Todd Johnsom, to improve its Information Security. Todd's proposal is to implement a new cutting-edge encryption algorithm that he recently developed. Todd claims this algorithm to be faster and more secure than TLS. How would you support this new security technology? Why or why not?

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Before we are in a position to answer the question the key is to understand what TLS is and why it’s used industry wide.

TLS is a cryptographic protocol provided to secure end to end communications and transactions over networks. Many businesses rely on TLS for their daily running of operations because of its capability of securing communication where sensitive information is passed.

Currently we have TLS 1.3 in use, which was created in the wake of several attacks that have happened on TLS 1.2/SSL. Creating TLS 1.3 was the first major overhaul of the protocol as the Internet Engineering Task Force (IETF) set out to modernize it. Just to give a perspective of the amount of effort that was put in TLS 1.3 to make it safer, faster and more secure that the work on TLS1.3 started in April 2014 and it took four years and 28 drafts before it was approved in March of 2018.

Several key features on the new revised TLS 1.3 are

  • Faster handshake with improved encryption process by sending all the authentication information at one trip.
  • Getting rid of redundant algorithms that increased vulnerability in the previous protocols.
  • Switching over to TLS 1.3 is easy as it can work with same keys and certificates as used by TLS 1.2 .
  • TLS 1.3 is light weight consuming fewer resources thereby improving performance.

Now getting back into the question, the Company X should not support Todd new improved protocol in spite of the claims made by him. The following the list of reasons:

  • If we look into the amount of effort that was taken by IETF to make TLS 1.3 safe and secure than we can surmise that it took a team 4 years to work to get rid of inherent deficiencies and add new features so it’s not practical to just give into Todd’s claims that his protocol is better since it might be having deficiencies that are left undetected, which could be used by hackers to fetch sensitive information detrimental to Company X.
  • IETF created TLS 1.3 by taking into consideration the suggestions and ideas from various other stake holders too making the protocol more robust. One such incident was when IETF was in development phase of the protocol various financial institutions were opposed to the encryptions used in the protocol as is blinds them of the actual process going on in their network. This made IETF to make the protocol flexible enough so as to work harmoniously with monitoring tools. This kind of features would be missing in Todd’s protocol since this insight into the requirements of the industry couldn’t be had by Todd.
  • IETF is an organization that would be quick to correct any future vulnerability that are detected leading to easy fix with less turnaround time whereas in case of Todd’s protocol it would be impossible to get the required fix in required time.
  • Also any future development of the protocol would have to be taken up by Todd which makes it all the more unsuitable for future environments.
Add a comment
Know the answer?
Add Answer to:
Company X has recruited a recent Harvard Computer Science graduate, Todd Johnsom, to improve its Information...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below...

    First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below Include each of the following in your answer (if applicable – explain in a paragraph) Research problem: what do you want to solve using Delphi? Sample: who will participate and why? (answer in 5 -10 sentences) Round one questionnaire: include 5 hypothetical questions you would like to ask Discuss: what are possible outcomes of the findings from your study? Hint: this is the conclusion....

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT