The National law institute university, Bhopal

Project

On

Cryptographic techniques for cybersecurity incident response

Submitted by

Isharth Kumar
2022BSCLLB17
Semester-III
B.Sc.LLB (Hons.) [Cyber Security]

Submitted to

Assistant Prof. Pooja Kiyawat

Date of submission:

15/09/23
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

ACKNOWLEDGEMENT

I take this opportunity to thank everyone who helped me out in completing my project directly or
indirectly. I express my profound gratitude and deep regards to Assistant Professor Mrs Pooja
Kiyawat for their exemplary guidance, and monitoring throughout the course of this project.

I am grateful to all those with whom I had the pleasure to work during this and other related
projects. I would also thank my batchmates, seniors for their unconditional support and guidance
which helped me to conclude this project.

1
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

TABLE OF CONTENTS

ACKNOWLEDGEMENT......................................................................................................................................... 1

DECLARATION..................................................................................................................................................... 3

INTRODUCTION.................................................................................................................................................. 4

LITERATURE REVIEW........................................................................................................................................... 6

STATEMENT OF PROBLEM................................................................................................................................... 7

HYPOTHESIS........................................................................................................................................................ 7

RESEARCH OBJECTIVE......................................................................................................................................... 8

RESEARCH QUESTIONS........................................................................................................................................ 8

RESEARCH METHODOLOGY................................................................................................................................. 8

INTRODUCTION TO CYBERSECURITY INCIDENT RESPONSE...................................................................................9

ENCRYPTION IN INCIDENT RESPONSE................................................................................................................ 11

DIGITAL SIGNATURES AND AUTHENTICATION.................................................................................................... 14

BLOCKCHAIN FOR INCIDENT RESPONSE............................................................................................................. 16

CASE STUDIES................................................................................................................................................... 20

CONCLUSION AND SUGGESTIONS...................................................................................................................... 22

BIBLIOGRAPHY.................................................................................................................................................. 23

2
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

DECLARATION

I, Isharth Kumar D/S/ Mr. Sandip Kumar Roll Number 2022BSCLLB17 do hereby declare that
the Project titled “Cryptographic Techniques for Cybersecurity Incident Response” is an
outcome of my own independent research endeavor and has been carried out under the guidance
of Assistant Prof. Mrs. Pooja Kiyawat. Literature relied on by me for the purpose of this Project
has been fully and completely acknowledged in the footnotes and bibliography. The Project is
not plagiarized, and all reasonable steps have been taken to avoid plagiarism. Similarity Index as
per the Turnitin Report is____%. In case, my project is found to be plagiarized, the course
teacher shall have the full liberty to ask me to revise the Project. If I fail to comply with the
instructions of the teacher, my project may be referred to the Committee Against Use of Unfair
Means and I will comply with the decision of the said Committee.

Name and signature of student:

Isharth Kumar

Roll Number: 17

3
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

INTRODUCTION

In an increasingly digital world, protecting sensitive information and responding quickly to

security breaches have become top priorities for organisations of all sizes and across all
industries. Cyberattacks are becoming more sophisticated, posing substantial risks to the security
and confidentiality of data. In this unpredictable environment, strong cybersecurity incident
response techniques have never been more important.

The organised method to dealing with and managing the aftermath of a security breach or hack is
known as incident response. It entails detecting, containing, eradicating, and recovering from
security occurrences while minimising harm and lowering recovery time and costs. The
protection of data is a significant priority within this framework, as the disclosure or compromise
of sensitive information is a major concern.

Cryptography is an essential weapon in the armoury of cybersecurity specialists. Cryptographic

techniques have advanced dramatically over time, allowing organisations to protect their data
and communications from a wide range of dangers. Cryptography plays a critical role in
maintaining the confidentiality, integrity, and availability of information during incident
response, from the encryption of data at rest and in transit to the verification of data integrity and
the authentication of individuals and systems.

The topic of this research paper is "Cryptographic Techniques for Cybersecurity Incident
Response." It delves into the underlying concepts of cryptography and how they are applied in
incident response scenarios. This article tries to give a complete overview of how cryptography
may improve security by studying various cryptographic tools, protocols, and recommended
practises.

We will explore the complex ecosystem of cryptographic solutions for incident response through
a succession of subtopics spanning from encryption and digital signatures to secure
communication and blockchain integration. Real-world case studies will provide light on the
practical uses of these strategies, demonstrating their effectiveness in minimising risks and
maintaining organisational resilience in the face of adversity.

4
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

Furthermore, because the cybersecurity landscape is always changing, we will investigate

contemporary cryptographic trends as well as potential future difficulties. By the end of the
article, readers will have gained useful insights and ideas for using cryptographic approaches to
improve their cybersecurity incident response skills.

In an era where cyber threats continue to evolve, organizations must arm themselves not only
with the knowledge of how to respond to incidents but also with the tools and strategies to
protect their assets in the first place. Cryptography, as we shall see, plays a pivotal role in
achieving this dual objective, making it an indispensable ally in the ongoing battle for digital
security.

5
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

LITERATURE REVIEW

1. "Cryptography and Network Security: Principles and Practice"1 by William

Stallings

Summary: William Stallings' "Cryptography and Network Security" is a comprehensive

textbook that covers the fundamentals of cryptography and its applications in network
security. The book provides a detailed introduction to cryptographic techniques, including
encryption, authentication, digital signatures, and key management. It also explores network
security protocols and their integration into incident response strategies. With numerous real-
world examples and case studies, this book offers practical insights into how cryptography
can be effectively employed in the context of incident response.

2. "Blockchain Basics: A Non-Technical Introduction in 25 Steps2" by Daniel Drescher

Summary: Daniel Drescher's "Blockchain Basics" offers a non-technical introduction to

blockchain technology and its relevance to incident response. The book explains how
blockchain can be utilized to create tamper-proof logs and enhance data integrity during
incident investigations. It provides a step-by-step guide to understanding the principles of
blockchain and its potential applications in securing incident response processes. This
accessible resource is suitable for both technical and non-technical readers interested in
harnessing blockchain for cybersecurity.

3. "Incident Response & Computer Forensics3" by Jason T. Luttgens, Matthew Pepe,

and Kevin Mandia

Summary: "Incident Response & Computer Forensics" is a comprehensive guide that covers
various aspects of incident response, including the use of cryptographic techniques. The book
offers insights into how encryption, digital signatures, and other cryptographic tools can be
applied to protect data and facilitate forensic investigations during security incidents. It
1
Stallings, William. Cryptography and Network Security: Principles and Practice. [7th edition].: [Pearson], [1998].
2
Drescher, Daniel, Blockchain Basics: A Non-Technical Introduction in 25 Steps : [2017])
3
Luttgens, Jason T. Incident Response & Computer Forensics [2014].

6
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

provides practical advice and case studies to help readers understand the integration of
cryptography within the broader incident response framework.

STATEMENT OF PROBLEM

Many organizations face the challenge of securing sensitive data and maintaining data integrity
during cybersecurity incidents, necessitating effective cryptographic techniques for incident
response.

HYPOTHESIS

Implementing advanced cryptographic techniques in incident response will enhance data

protection and expedite recovery, reducing the impact of cybersecurity incidents.

7
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

RESEARCH OBJECTIVE

 To assess the effectiveness of cryptographic techniques in safeguarding data during

cybersecurity incident response.
 To investigate the impact of encryption and digital signatures on incident response speed
and accuracy.
 To explore the integration of blockchain technology for immutable incident logs and data
integrity verification.
 To evaluate the compliance implications of cryptographic solutions in incident response
frameworks.

RESEARCH QUESTIONS

 How does the implementation of cryptographic techniques affect the security of sensitive
data during cybersecurity incident response?
 What are the measurable improvements in incident response speed and accuracy when
employing encryption and digital signatures?
 How can blockchain technology enhance incident response by ensuring tamper-proof
logs and data integrity?
 What are the legal and regulatory considerations associated with the use of cryptographic
solutions in incident response, and how can compliance be ensured?

RESEARCH METHODOLOGY

The method of research used in this Project work is Doctrinal. Principles that have been
discussed are discussed with the help of relevant case laws and examples for better
understanding. Many books, internet sources and databases have been hovered to complete and
make this research effective.

8
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

9
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

INTRODUCTION TO CYBERSECURITY INCIDENT

RESPONSE

The spectre of cyber dangers lurks menacingly over organisations, governments, and individuals
alike in the ever-changing realm of cyberspace, where technology develops swiftly and digital
footprints become greater with each passing day. Cybersecurity events have become an
unwelcome reality, wreaking havoc on businesses, compromising personal information, and even
jeopardising national security. In this turbulent digital environment, the discipline of
cybersecurity incident response emerges as a vital safeguard against the pernicious effects of
cyberattacks.4

Definition and Importance of Incident Response in Cybersecurity

At its core, cybersecurity incident response can be defined as a systematic approach to

addressing and mitigating the aftermath of a security breach or cyberattack. It encompasses a
series of well-orchestrated steps aimed at identifying, containing, eradicating, and recovering
from incidents while minimizing damage, preserving data integrity, and restoring normal
operations.

The importance of incident response cannot be overstated. As the adage goes, "It's not a matter
of if, but when" an organization will face a cyber incident. Whether it's a data breach, malware
infection, insider threat, or a sophisticated cyberattack, the consequences of not having a robust
incident response plan in place can be catastrophic. Financial losses, damaged reputation, legal
liabilities, and regulatory penalties are just a few of the dire consequences organizations may
face in the absence of a well-prepared incident response strategy.

4
‘What Is Incident Response? Strategy, Process, Templates & More’ (Cynet, 20 August 2023)
<https://www.cynet.com/incident-response/#:~:text=Incident%20response%20(IR)%20is%20the,the%20risk
%20of%20future%20incidents.> accessed 15 September 2023

10
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

Moreover, in today's hyperconnected world, where data is often an organization's most valuable
asset, the need to protect sensitive information from theft, alteration, or destruction is paramount.
Cybersecurity incident response serves as a bulwark against the violation of data confidentiality
and integrity, ensuring that critical assets remain intact and that potential breaches are contained
and remediated swiftly.

Overview of the Challenges and Threats in Incident Response

While the notion of incident response may appear simple, it is far from it in practise. Responders
to incidents are frequently placed in high-stakes, high-pressure circumstances when time is of the
importance and the opposition is elusive and resourceful. A number of difficulties and dangers
highlight the complexities of incident response:

Changing Threat Landscape: Cyber threats are continually changing, with attackers adopting
ever-more complex tactics, methods, and procedures (TTPs). To keep up with these
developments, incident response tactics must be constantly adapted and innovated.

Lack of Preparedness: Many organisations do not have complete incident response plans in
place and do not undertake frequent drills and exercises, leaving them ill-prepared to respond
effectively when an event arises.

Resource Constraints: Incident response necessitates a large investment in manpower,

equipment, and technology. Smaller organisations, in general

Legal and Regulatory Compliance: Navigating the complex landscape of legal and regulatory
requirements related to incident reporting, data breach notification, and evidence preservation
adds another layer of complexity to incident response efforts.

11
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

Human Error: Human error remains a significant factor in incidents, whether through inadvertent
data exposure or falling victim to phishing attacks, emphasizing the need for robust training and
awareness programs.

ENCRYPTION IN INCIDENT RESPONSE

One of the most important goals in cybersecurity incident response is to protect sensitive data
from unauthorised access and disclosure. Encryption emerges as a crucial and powerful
instrument in this endeavour, acting as a shield that renders data indecipherable to prying eyes.
This safeguard is not only a precaution; rather, it is an essential component of an organization's
strategy for mitigating the consequences of a security breach. We will look at how encryption
may be used successfully to safeguard sensitive data during incident response, as well as the
encryption protocols and standards that support this crucial component of cybersecurity.

Using Encryption to Protect Sensitive Data during Incident Response

 The use of encryption in incident response is based on the fundamental premise of

secrecy. When there is a cybersecurity event, data at rest, in transit, and in use might be
compromised. Encrypting this data ensures that it stays unintelligible and worthless
without the associated decryption keys even if it comes into the wrong hands.

 Data at Rest: Encrypting data at rest entails protecting information kept on devices such
as servers, databases, and laptop computers. Sensitive files and databases holding
essential information, such as customer records or intellectual property, can be encrypted
during incident response. If an attacker gains access to a system, they will come across
encrypted data, rendering it unusable without the encryption keys.
 • Data in Transit: Information that is being sent through networks or communication
channels is referred to as data in transit. To safeguard data during transmission,
encryption technologies such as Transport Layer Security (TLS) or Secure Sockets Layer
(SSL) are used. Even if attackers intercept the data, they will only see ciphertext,
rendering it unintelligible.

12
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

 • Data in Use: Encryption may also be used to safeguard data in use, which entails
securing data while it is being processed in memory or during calculations. This is
particularly relevant in cloud computing environments and for securing sensitive
processes during incident response.5

Encryption Protocols and Standards for Incident Response

To assist data protection in incident response scenarios, a variety of encryption techniques and
standards are available:

 AES (Advanced Encryption Standard): AES is a well-known symmetric encryption

method that is both secure and efficient. It is often used to encrypt data at rest, protecting
sensitive information during storage.

 RSA (Rivest-Shamir-Adleman): RSA is an asymmetric encryption technique used for

applications such as data encryption in transit and digital signature authentication. During
crisis response, it is critical for protecting communications and confirming the legitimacy
of digital identities.

 PGP (Pretty Good Privacy): PGP is a secure email communication mechanism. It protects
the confidentiality and integrity of email communications by combining symmetric and
asymmetric encryption methods.

5
‘Performance-Based Testing Enhances Value of Cyber Security Certifications’ (SANS Institute, 9 August
2021) <https://www.giac.org/research-papers/33059/> accessed 15 September 2023

13
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

 X.509 Certificate Standards: These standards govern digital certificates used for public
key infrastructure (PKI) implementations. Certificates play a critical role in
authenticating entities and securing communications.6

6
Computer Security Division ITL, ‘Cryptographic Standards and Guidelines: CSRC’ (CSRC)
<https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines> accessed 15 September 2023

14
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

DIGITAL SIGNATURES AND AUTHENTICATION

In the complex realm of cybersecurity, preserving the integrity and validity of data is critical.
Digital signatures and authentication procedures serve as strong sentinels in this endeavour,
protecting data from unauthorised modification and proving the validity of its origin. This talk
dives into the critical role that digital signatures play in ensuring data integrity and authenticity,
as well as the numerous authentication methods that use cryptographic techniques to build
confidence in the digital environment.

The Role of Digital Signatures in Verifying Data Integrity and Authenticity7

 Digital signatures are used to confirm the integrity and validity of digital messages,
documents, or transactions. At its essence, digital signatures are a way to ensure that data
was not altered during transmission and that it came from the intended sender. This
feature is critical in incident response and other areas where trust is essential:
 • Data Integrity: Digital signatures produce a unique fingerprint (hash) of the data being
signed using hashing methods. This hash is subsequently encrypted using the sender's
private key, resulting in the creation of a digital signature. The recipient can verify the
data's integrity after receiving the data and signature by calculating the hash and
decrypting the signature with the sender's public key. The data is considered intact if the
decrypted signature matches the computed hash.
 • Authentication: Digital signatures also verify the identity of the sender. The receiver
decrypts the signature using the sender's public key. If the decryption is successful, it
signifies that the signature was made with the sender's private key, validating the sender's
identity.

7
‘Digital Signature Overview’ (IBM) <https://www.ibm.com/docs/en/b2badv-communication/1.0.0?
topic=overview-digital-signature> accessed 15 September 2023

15
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

 • Non-Repudiation: One of the most important aspects of digital signatures is non-

repudiation. Once a digital signature is obtained the sender cannot deny having sent the
data, as only they possess the corresponding private key.

Authentication Methods Using Cryptographic Techniques8

In the digital arena, authentication is the process of authenticating the identity of a user, device,
or system. Cryptographic approaches play an important role in building confidence and
providing safe authentication:

 Password-Based Authentication: While not strictly cryptographic, passwords are

frequently used to ensure authentication in combination with cryptographic hashing
methods. Passwords are hashed and saved, and the hash of the input password is
compared to the stored hash during authentication.

 Public Key Infrastructure (PKI): PKI is a complete architecture for authentication that
employs both public and private keys. The public key and information about the
certificate holder are contained in digital certificates issued by trusted certificate authority
(CAs). Authentication entails validating the authenticity of the digital certificate and
ensuring it was issued by a trustworthy CA.

8
‘What Is Cryptographic Authentication and Why Are Leading Companies Moving Away from Risk-Based
Authentication?’ (RSS) <https://www.prove.com/blog/what-is-cryptographic-authentication-why-are-leading-
companies-moving-away-from-risk-based-authentication#:~:text=Cryptographic%20authentication
%20(AKA%20key%2Dbased,as%20the%20source%20of%20truth.> accessed 15 September 2023

16
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

 MFA combines two or more authentication elements, such as something the user knows
(password), something the user owns (smart card or token), and something the user is
(biometric data). To secure MFA implementations, cryptographic approaches are
frequently utilised.

 Biometric Authentication: For authentication, biometric data such as fingerprints, retina

scans, or face recognition can be employed. To prevent unauthorised access,
cryptographic techniques are used to safeguard the storage and transfer of biometric data.

17
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

BLOCKCHAIN FOR INCIDENT RESPONSE

Blockchain technology emerges as a game-changing ally in the dynamic area of cybersecurity,

where data integrity is vital. Blockchain, which began as the underpinning technology for
cryptocurrencies such as Bitcoin, has grown to find applications outside of the financial industry.
Because it is immutable and decentralised, it is an excellent choice for tamper-proof log
maintenance in incident response scenarios. In this session, we will look at how blockchain
technology may be used in incident response, focusing on its function in establishing tamper-
proof records. Additionally, we will dissect the benefits it brings and the challenges it poses in
the context of incident response.9

Utilizing Blockchain Technology for Tamper-Proof Logs10

 Immutable Records: Blockchain is simply a distributed ledger in which data is kept in the
form of a chain of blocks. Each block contains a cryptographic hash of the preceding
block, resulting in an immutable record chain. Because of its immutability, malevolent
actors find it extremely difficult to modify or erase information from the blockchain.

 Decentralisation: Rather than a single centralised authority, the blockchain is often

maintained by a network of nodes. Because there is no single point of failure or control,
this decentralisation improves the security of incident response records. Even if few
nodes are hacked, the rest of the network is still functional.

9
‘Blockchain-Based Incident Reporting System for Patient Safety and Quality in Healthcare’ (ME
HealthTech Events, 4 August 2021) <https://www.biihealthtech.com/blockchain-based-incident-reporting-
system-for-patient-safety-and-quality-in-healthcare/> accessed 15 September 2023

10
Dukes C, ‘Blockchain in Log Management: Secure & Transparent’ (Blockchain in Log Management: Secure
& Transparent, 5 April 2023) <https://www.logzilla.net/blogs/how-blockchain-can-benefit-log-
management#:~:text=In%20the%20context%20of%20log,%2C%20auditing%2C%20and
%20legal%20purposes.> accessed 15 September 2023

18
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

 Transparency: Blockchain transactions and data inputs are public and available to
authorised parties, increasing accountability and making audit trails easier to create. This
openness is critical for incident response.
 Timestamping: Each transaction in a blockchain is timestamped, providing a precise
chronological record of events. This feature is vital for establishing the order of events
during incident response and forensic analysis.

Benefits and Challenges of Blockchain in Incident Response11

Benefits:

Data Integrity: By nature, blockchain protects data integrity, making it almost difficult to alter or
erase logs. This is quite useful in ensuring the accuracy of incident response records.

Chain of Custody: Blockchain records can create an uninterrupted chain of custody for digital
evidence, increasing its credibility in court processes.

confidence and Transparency: Because all parties can independently verify the veracity of
documents, blockchain's transparency encourages confidence among incident response
stakeholders.

11
‘Exploring the Benefits & Challenges of Blockchain Adoption for Businesses’ (Times of India Blog, 3 July
2023) <https://timesofindia.indiatimes.com/blogs/voices/exploring-the-benefits-challenges-of-blockchain-
adoption-for-businesses/> accessed 15 September 2023

19
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

Data redundancy and resilience are ensured by the decentralised structure of blockchain, even in
the face of network failures or assaults.

Challenges:

• Scalability: Scalability concerns can arise in blockchain networks, particularly in public

blockchains such as Bitcoin or Ethereum, which may not be ideal for high-frequency incident
response tracking.

• Regulatory Compliance: The legal and regulatory frameworks around the use of blockchain in
incident response are constantly changing and may provide issues for organisations in some
areas.

• Complexity: Putting in place and maintaining a blockchain-based system can be difficult,

requiring specialised knowledge and resources.

• Cost: Establishing and sustaining a blockchain network may be expensive, particularly for
smaller organisations.

20
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

CASE STUDIES

In the realm of cybersecurity, real-world incidents often serve as poignant examples of the
effectiveness of cryptographic techniques in incident response. Here, we examine two case
studies where cryptographic methods played a pivotal role in mitigating the impact of security
breaches, safeguarding sensitive data, and ultimately ensuring the resilience of the affected
organizations.

Case Study 1: The Equifax Data Breach12

Equifax, one of the largest credit reporting agencies in the United States, had a catastrophic data
breach in 2017 that exposed the personal information of around 147 million people. This incident
might have been far worse if sensitive data had not been encrypted. Equifax had used robust
encryption to safeguard the personal and financial information held in its systems. While the
attackers were successful in infiltrating the network, they were unable to access the encrypted
data because they lacked the encryption keys. As a result, the corrupted data was rendered
unreadable and useless, minimising the potential impact.

Lessons Learned:

• Encryption should be used for data at rest as well as data in transit.

• Good key management practises are essential for preventing unauthorised access to encrypted
data.

• Prompt discovery of breaches is critical for minimising damage and limiting occurrences.

12
‘Equifax Data Breach FAQ: What Happened, Who Was Affected, What Was the Impact?’ (CSO Online, 12
February 2020) <https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-
was-affected-what-was-the-impact.html> accessed 15 September 2023

21
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

Case Study 2: The WannaCry Ransomware Attack13

The WannaCry ransomware assault struck devastation throughout the world in 2017, encrypting
data and demanding ransom payments in bitcoin for decryption keys. One of the high-profile
victims was the United Kingdom's National Health Service (NHS). While encryption was first
utilised against the victim organisations in this case, the incident response teams employed
cryptographic techniques to their benefit. They refused to pay the ransom and instead enlisted the
help of cybersecurity professionals who reverse-engineered the ransomware in order to produce
decryption tools. These methods enabled afflicted organisations to retrieve their data without
submitting to the demands of the attackers.

Lessons Learned:

 Through collaborative efforts and cryptographic research, ransomware assaults may be

minimised without paying ransoms. •
 Incident response plans should contain processes for dealing with ransomware, including
the potential development of decryption tools.
 Frequent data backups, when encrypted and securely kept, may limit the effect of
ransomware assaults dramatically.

CONCLUSION AND SUGGESTIONS

13
Kaspersky, ‘What Is WannaCry Ransomware?’ (www.kaspersky.com, 6 July 2023)
<https://www.kaspersky.com/resource-center/threats/ransomware-wannacry> accessed 15 September 2023

22
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

Cryptographic approaches serve as steadfast guards in the ever-changing world of cybersecurity

incident response, bolstering organisations' defences against the unrelenting onslaught of cyber
attacks. This study uncovered the varied role that cryptography plays in incident response, where
data integrity, secrecy, and authenticity are critical.

Cryptography creates a complicated tapestry of security, from the shield that protects sensitive
data at rest and in transit to digital signatures that authenticate the source of crucial information.
Blockchain technology emerges as a trusted beacon, creating tamper-proof logs that serve as the
foundation of incident response credibility.

These case studies, based on real-world situations, highlight the actual benefits of cryptography
approaches. They reveal how cryptographic methods, when thoughtfully implemented, can turn
the tide in the face of adversity, confounding cyber adversaries and enabling organizations to
recover swiftly and resolutely.

Cryptography shines as a light of hope in this digital era, when the resilience of organisations is
dependent on their capacity to successfully respond to cyber attacks. As we battle with the
expanding cyber threat scenario, one thing is certain: cryptographic approaches will remain
important in the incident response arsenal, assuring data integrity and security in an uncertain
world.

23
CRYPTOGRAPHY, NETWORK SECURITY AND LAW DOCTRINAL RESEARCH

BIBLIOGRAPHY

 Stallings, William. Cryptography and Network Security: Principles and Practice. [7 th edition].: [Pearson],
[1998].

 Drescher, Daniel, Blockchain Basics: A Non-Technical Introduction in 25 Steps : [2017])

 Luttgens, Jason T. Incident Response & Computer Forensics [2014].

 Kaspersky, ‘What Is WannaCry Ransomware? (www.kaspersky.com, 6 July 2023)

<https://www.kaspersky.com/resource-center/threats/ransomware-wannacry> accessed 15 September 2023
 Equifax Data Breach FAQ: What Happened, Who Was Affected, What Was the Impact?’ ( CSO Online, 12
February 2020) <https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-
was-affected-what-was-the-impact.html> accessed 15 September 2023
 Exploring the Benefits & Challenges of Blockchain Adoption for Businesses’ (Times of India Blog, 3 July
2023) <https://timesofindia.indiatimes.com/blogs/voices/exploring-the-benefits-challenges-of-blockchain-
adoption-for-businesses/> accessed 15 September 2023
 Dukes C, ‘Blockchain in Log Management: Secure & Transparent’ (Blockchain in Log Management:
Secure & Transparent, 5 April 2023) <https://www.logzilla.net/blogs/how-blockchain-can-benefit-log-
management#:~:text=In%20the%20context%20of%20log,%2C%20auditing%2C%20and%20legal
%20purposes.> accessed 15 September 2023
 Blockchain-Based Incident Reporting System for Patient Safety and Quality in Healthcare’ (ME
HealthTech Events, 4 August 2021) <https://www.biihealthtech.com/blockchain-based-incident-reporting-
system-for-patient-safety-and-quality-in-healthcare/> accessed 15 September 2023
 What Is Cryptographic Authentication and Why Are Leading Companies Moving Away from Risk-Based
Authentication?’ (RSS) <https://www.prove.com/blog/what-is-cryptographic-authentication-why-are-
leading-companies-moving-away-from-risk-based-authentication#:~:text=Cryptographic%20authentication
%20(AKA%20key%2Dbased,as%20the%20source%20of%20truth.> accessed 15 September 2023
 ‘Digital Signature Overview’ (IBM) <https://www.ibm.com/docs/en/b2badv-communication/1.0.0?
topic=overview-digital-signature> accessed 15 September 2023
 Computer Security Division ITL, ‘Cryptographic Standards and Guidelines: CSRC’ (CSRC)
<https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines> accessed 15 September 2023

24