Sunday, August 16, 2009

Lab 4 : Cryptography Extended

Caesar Cipher

A cipher or cryptosystem is a method for message concealment.
The key provides the means for efficient encipherment (encryption).

Plaintext – message in readable form
Ciphertext – encrypted message


example the plaintext encrypted to get the cipher text in


The term steganography is applied to the activity of hiding the existence of a
message.
Cryptanalysis gets extended to other contexts where the messages are hidden (or suspected to e hidden) in text, pictures, music, etc.

Symmetric (or classic secret-key) cryptology relies on the correspondents agreeing on key information over the key (secure) channel.

Asymmetric (public-key) requires two key steps
- one key for encipherment
- A second key for decipherment


Vigenere Cipher

Explanation
EACH column of this table forms a dictionary of symbols representing thealphabet: thus, in the A column, the symbol is the same as the letterrepresented; in the B column, A is represented by B, B by C, and so on.

To use the table, some word or sentence should be agreed on by twocorrespondents. This may be called the `key-word', or `key-sentence',and should be carried in the memory only.
In sending a message, write the key-word over it, letter for letter,repeating it as often as may be necessary: the letters of the key-wordwill indicate which column is to be used in translating each letter ofthe message, the symbols for which should be written underneath: thencopy out the symbols only, and destroy the first paper. It will now beimpossible for any one, ignorant of the key-word, to decipher the message,even with the help of the table.
RSA algorithm
The RSA algorithm is one of the earliest, yet most versatile public key algorithm
The original intent for this algorithm is for keyestablishment/transfer, signing/verification, data integrity, and encryption/decryption
To honour them, the method was referred to as the RSA Scheme. The system uses a private and a public key. To start two large prime numbers are selected and then multiplied together; n=p*q.
RSA takes advantage of the fact that prime numbers are easy to compute and factoring them is reasonably difficult

Friday, August 14, 2009

Lec 4: Operating System Security

In this chapter learn about operating system security. First the concept of a protection defines that the system component that enforces the access control in an operations system. A protection system consists of a protection state which describes the operations that are permitted in a system protection state operations which describe how the protection state may be changed. from this, we can determine the operations that individual processes perform

second, we identify that the today commercial operating system use protection systems that fail so truly enforce security goals. we defined a mandatory protection system which will enforce security in the face of attack

third, we outline the architecture of an access enforcement mechanism that would be implemented by a protection system. Such enforcement mechanisms can enforce a mandatory protection state correctly if they satisfy the guarantee required of the reference monitoring concept

Finally, we defined requirements for a secure operating system based on a reference monitor and mandatory protection style.

Monday, August 10, 2009

Lab 3: Authentication and Basic Cryptography

Encrypting a File or Folder

To encrypt a file or folder from the GUI, follow these steps:
a. Open Windows Explorer or My Computer.
b. Right-click the file or folder that you'd like to encrypt or unencrypt and select Properties.
c. On the General tab, click the Advanced button.
d. From the Advanced Attributes dialog box, mark (or clear) the Encrypt Contents to Secure Data check box to encrypt (or unencrypt) the file or folder that you selected. Click OK to close the Advanced Attributes dialog box and then click OK for the properties sheet to apply this setting. (When you encrypt a folder, you are prompted to select between applying this setting to the folder only and applying it to the folder, subfolders, and files.)
e. To share access to an encrypted file, click the Details button from the Advanced Attributes dialog box. You cannot share access to encrypted folders.
f. From the Encryption Details dialog box, click the Add button to add more users' EFS certificates to the encrypted file to share access with those users.
g. From the Select User dialog box, click the user whose EFS certificate you want to add for shared access to the encrypted file and click OK. You see only certificates for users who have encrypted a folder or file previously.
h. Click OK for the Encryption Details dialog box.
i. Finally, click OK for the Advanced Attributes dialog box and then click OK for the Properties window





Account Lockout Policy
You can access Group Policy settings by opening the Microsoft Management Console (MMC) and adding the Group Policy snap-in.
The Acount Lockout Policy controls settings related to users attempting to login and entering wrong passwords. While it is possible to set this up so that a person can sit there and try thousands of different passwords in an attempt to find the right one, this is highly unwise and a serious compromise of security. There are three settings for this policy and using them will greatly increase security.
Access the Account Lockout Policy from:
Computer Configuration -> Windows Settings -> Security Settings -> Account Policy -> Account Lockout Policy

The three settings that you can set are: Account Lockout Duration, Account Lockout Threshhold, and Reset Account Lockout After. I recommend setting Account Lockout Threshhold to "5 Invalid Login Attempts". When you do this, it will automatically set the other two settings to "30 Minutes". When you apply these settings, a user will become completely locked out of the system for 30 minutes if they enter the wrong password 5 times.

Password Policy
The Password Policy controls settings related to each user's passwords. It is important to enforce a password policy, because the chances of a user giving out their password (accidently or intentionally) is very high. Thus, requiring them to change their password reasonably often and have it conform to a set of standards that make it very difficult to crack is in your organization's best interests.

Access the Password Policy from:
Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

There are five settings here that you can set. They are: Enforce Password History, Maximum Password Age, Minimum Password Age, Minimum Password Length, and Password Must Meet Complexity Requirements. I recommend that you enforce a password history that is a minimum of 6. This means that a user must change their password six times before they can reuse a password.

For Maximum Password Age, I recommend between 30 and 40 Days - this forces users to change their password every number of days specified in this setting.

Minimum Password Age is also important, because it requires users to use their password a certain amount of time before changing it. A smart user could figure out your system and change their password six times in a row, thus bypassing the password change and compromising your network. I recommend a Minimum Password Age of 1 day, and preferably 7 days. For Minimum Password Length, most enterprises require a minimum length of 8, or sometimes 12. The longer the password, the harder it is to crack. You should definitely enforce Password Must Meet Complexity Requirements.

Sunday, August 9, 2009

Lec 3: Program Security

This chapter has covered development issues in computer security: the kinds and effects of security flaws, and in malicious code, and the techniques that can help to control threats. Malicious code receives a great deal of attention in the media; the colorful terminology certainly draws people to stories about it, and the large numbers of affected systems ensure that major malicious code attacks get very wide visibility. But it is important for us to realize that the seriousness of the threat and the degree of vulnerability should also cause people to pay attention.

The total amount of damage already done is not measurable, but it is certainly large. Many successful attacks go undetected—for now, at least. With the explosive growth in connectivity to massive public networks such as the Internet, the exposure to threats is increasing dramatically. Yet the public continues to increase its reliance on computers and networks, ignoring the obvious danger.

In this chapter, we considered two general classes of security flaws: those that compromise or change data and those that affect computer service. There are essentially three controls on such activities: development controls, operating system controls, and administrative controls. Development controls limit software development activities, making it harder for a developer to create malicious programs. These same controls are effective against inadvertent mistakes made by developers. The operating system provides some degree of control by limiting access to computing system objects.


Finally, administrative controls limit the kinds of actions people can take. These controls are important for more than simply the actions they prohibit. They have significant positive effects that contribute to the overall quality of a system, from the points of view of developer, maintainer, and user. Program controls help produce better software. Operating systems limit access as a way of promoting the safe sharing of information among programs. And administrative controls and standards improve system usability, reusability, and maintainability.

For all of them, the security features are a secondary but important aspect of the controls' goals. Program controls are part of the more general problem of limiting the effect of one user on another. In the next chapter, we consider the role of the operating system in regulating user interaction