Lecture 2 : Authentication and Basic Cryptography

In this lecture, our lecturer showed us on the authentication and the basic cryptography. I’ve learned on the basic ideas of authentication, passwords, cryptography concepts and algorithms, digital signature, Public Key Infrastructure a.k.a PKI, RSA algorithm, and the methods of attack in encryption systems.

Authentication is a type of security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. Basic requirements to achieve total authentication is that messages come from apparent source or author, unaltered contents, and sent at a certain time or sequence.

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource. To better protect passwords, do not let anyone know about them and do not write on anywhere you can dream of. The criteria in choosing a good password are that the password is hard to guess but easy to remember, not shorter than six characters, not patterns from the keyboard, etc.

Encryption is the process of encoding a message so that its meaning is hidden while decryption is the reverse process – transforming an encrypted message back to its original form.

A system to encrypt and decrypt messages is called cryptosystem. There are two types of cryptosystems which are asymmetric and symmetric systems. The difference between these two systems is shown below:

When Symmetric algorithms are used, both parties share the same key for en- and decryption. To provide privacy, this key needs to be kept secret. Once somebody else gets to know the key, it is not safe anymore. Symmetric algorithms have the advantage of not consuming too much computing power.

Asymmetric algorithms use a pair of keys. One is used for encryption and the other one for decryption. The decryption key is typically kept secret, thus called private key, while the encryption key is spread to all who might want to send encrypted messages, therefore inherits the name public key. Those who possess the public key are able to send encrypted messages to the owner of the private key. The private key can't be reconstructed from the public key.

There are two methods of cryptography algorithms namely substitution algorithms which consists of monoalphabetic and polyalphabetic substitutions, and transposition algorithms consisting of keyed and unkeyed transposition.

One of the earliest creations of substitution ciphers is the Caesar cipher, which uses shifts of alphabets to replace with another. 1-25 shifts can be done using Caesar cipher. The second substitution cipher is the random (monoalphabetic) cipher whereby alphabet is written in a chosen order underneath the alphabet written in strict alphabetical order.

The Vigenere Cipher is a method of encrypting plaintext by using a series of different Caesar Ciphers based on the letters of a keyword, which is known as the simple form of polyalphabetic substitution.

The Vigenere Tableau

One way of decoding monoalphabetic substitution ciphers is conducting the frequency analysis and attack. There are some differences of the frequency analysis results between English language and Malay language. Breaking Vigenere Cipher isn’t easy and it was secure until after 301 years that Charles Babbage had successfully attacked the cipher. The main weakness of the Vigenere cipher is the repeating nature of the key itself.

Block and stream ciphers are two categories of ciphers used in classical cryptography. Block and stream ciphers differ in how large a piece of the message is processed in each encryption operation. Generally, block ciphers are more efficient for computers while stream ciphers are easier for humans t do by hand.

A Message Authentication Codes (MAC) algorithm is a short piece of information used to authenticate a message. A MAC algorithm, a.k.a keyed hash function, accepts as input a secret key and an arbitrary-length to be authenticated, and outputs a MAC.

The overview of the hash function is shown below:

A message sometimes can contain a digital signature which contains a cryptographic value. This is to provide data integrity and non-repudiation. Digital signatures can be generated from RSA algorithm.

Certification authority is a free body organization which issues digital certificates to websites which needs security certification in terms of user identity by assigning public and private keys. However, there are certain attacks that can be done on digital certificates by impersonating identities.

To facilitate the use of public cryptography, the Public Key Infrastructure is introduced. The following processes needs to be taken upon establishment of PKI:

• Key pairs for CAs are generated
• Key pairs for users are generated
• Users requests certificates
• Users’ identities verified
• Users’ key pairs verified
• Certificate produced and checked
• Certificates removed/updated when necessary
• Certificates revoked

Methods of attack are divided into two namely untargeted and targeted attacks. What I’m interested to know about in one of the methods of attack is the brute force attack, which is the exhaustive key search to try whatever combinations possible. Other attacks such as the replay attacks take encrypted information to be replayed at a later time period.

Lab 1 : Virtualization

In this lab tutorial, we are taught about virtualization. What I personally understand about virtualization is that you create hardware emulation as a platform/environment for an operating system to be installed on. Any kind of guest software can be installed on this so-called hardware emulation, commonly referred to as a virtual machine.

The main advantage of virtualization is that you can have a certain degree of flexibility, portability and interoperability in the sense that any kind of software can be virtually compatible with any hardware environment created by this virtualization platform.

The concept of virtualization is not limited to just virtual machines. Virtual servers can now be created with virtualization software.

The term Virtual Machine is clearly defined as an efficient and isolated duplicate of a real machine. A real machine has the characteristics of having a processor, memory, network connections and peripheral ports. A virtual machine is capable of emulating a real machine that has these characteristics.

The benefits of using a virtual machine include:

• Hardware utilization due to the usage of multiple virtual machines inside a single hardware.
• The decreasing of the operating cost and capital by sharing in number of virtual machines.
• High availability of virtual machines and security.
• Virtual machines can be used from anywhere inside the intranet.

The VMware Workstation is the commercial virtualization software that is capable of creating and running multiple virtual machines at the same time. In addition to that, VMware Workstation enables the conversion of existing physical PC into a virtual machine. VMware is also capable of running Windows or Linux-based virtual machines or others on the same PC. Virtual machines can share files with each other using drag-and-drop functionality. One organization can also speed up deployment of operating systems by just cloning virtual machines as installing operating systems and applications can be time-consuming. If one desires, one may also reduce the size of virtual machines and insert them into removable storages and take them wherever he/she wants to. The preservation of a current state of a virtual machine can also be done by taking a snapshot, just in case there are any crashes or errors happening to the particular virtual machine.