Monday, August 10, 2009

My Second Lecture -20072009-

Today lecture is mainly about authetication and basic crpytography. Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks, including the Interne, authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. In short, authentication can be said as verification that the digital content is authentic or official and certification of this to users accessing the content. On the othe hand, cryptography is the science of information security. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today's computer-centric world, cryptography is most often associated with scrambling plaintext into ciphertext (a process called encryption), then back again (known as decryption).

In contemporary world, more new technology have been invented to enhance security such as finger print recognition to start car and gait recognition. Gait recognition technology is a biometric method -- that is, a unique biological or behavioral identification characteristic, such as a fingerprint or a face. The ultimate goal is to detect, classify and identify humans at distances up to 500 feet away under day or night, all-weather conditions. Such capabilities will enhance the protection of U.S. forces and facilities from terrorist attacks.

The most important topic in this lecture is Password! To choose a secure and good password, there are guidelines to follow. 
• Do not use words that can be found in dictionary include foreign language.
• Do not use your user name or real name.
• Do not use your spouse’s name.
• Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.
• Any word in any “cracking dictionary”. There are lists of words that crackers use to try to crack passwords-passwords that a lot of people use. Some of these lists include: Abbreviations, Asteroids, Biology, Cartoons, Character Patterns, Machine names, famous names, female names, Bible, male names, Movies, Myths-legends, Number Patterns, Short Phrases, Places, Science Fiction, Shakespeare, Songs, Sports, Surnames.
• Choose a password that is at least six characters long. This should be long enough to discourage a brute-force attack.
• Use password that consists of combination of lower- and upper-case characters, numbers, and symbols.
• Think of an uncommon phrase, and take the first, second or last letter of each word. “You can't always get what you want” would yield “ycagwyw”. Throw in a capital letter and a punctuation mark or a number or two, and you can end up with “yCag5wyw”.

There are some tips to remember for protection of password.
• Do not reveal them to others.
• Do not write down or record password in any place. It is better to memorize it.
• Change password regularly.
• Do not use the same password for everything that need a password. Create different password.

There are two types of cryptography which are symmetric cryptography and asymmetric cryptography. 
Symmetric cryptography includes any form where the same key is used both to encrypt and to decrypt the text involved. One of the simplest forms is sometimes known as the Caesar cipher -- reputedly used by Julius Caesar to conceal messages, in which the process is simply one of shifting the alphabet so many places in one direction or another. Unlike the situation in asymmetric cryptography where there is a public element to the process and where the private key is almost never shared, symmetric cryptography normally requires the key to be shared and simultaneously kept secret within a restricted group. It's simply not possible for a person who views the encrypted data with a symmetric cipher to be able to do so without having access to the key used to encrypt it in the first place. If such a secret key falls into the wrong hands, then the security of the data encrypted using that key is immediately and completely compromised. Hence, what all systems in this group of secret key methods share is the problem of key management.

Some example of symmetric cipher can be found in this website.

http://www.ibm.com/developerworks/library/s-crypt02.html



Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely. Initially, a network user receives a public and private key pair from a certificate authority. Any other user who wants to send an encrypted message can get the intended recipient's public key from a public directory. They use this key to encrypt the message, and they send it to the recipient. When the recipient gets the message, they decrypt it with their private key, which no one else should have access to. The essential difference to symmetric cryptography is that this kind of algorithm uses two different keys for encryption and corresponding decryption.

Ceaser Cipher is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on. The method is named after Julius Caesar, who used it to communicate with his generals. The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the Vigenère cipher. 

There's an interesting website which can encipher and decipher message using Ceasar Cipher technique.

http://www.secretcodebreaker.com/caesar.html

The Vigenère cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution. This cipher is well known because while it is easy to understand and implement, it often appears to beginners to be unbreakable. 



No comments:

Post a Comment