Lecture 2 : Authentication & Basic Cryptography

What is authentication?
Authentication involves determining whether a user is, in fact, who he or she claims to be.
There are three factors of authentication to consider:
* Something you know, such as a user ID and password
* Something you have, such as a smart card
* Something you are, refers to a physical characteristic, verified using biometric technology.
These factors can be used alone, or they can be combined to build a stronger authentication strategy in what is known as two-factor or multifactor authentication.
We need to make sure that the message comes from apparent or known sources or author, and the content have not been altered at all.

Password
Authentication is commonly done through the use of logon passwords.
To get a good protection, we need to have a good password which it is hard to guess but easy to remember.
Characteristics of good password:
* Not shorter than six character
* Not patterns from the keyboard
* Avoid using words from dictionary
* Contain 3 out of these 4 elements : uppercase letters, lowercase letters, numbers and special characters
* Avoid write passwords somewhere such as handphone
* The password must be difficult to guess.

How to protect your own password?
* Never share your password with anyone
* Use different passwords for different systems.
* Don't use personal information that others can easily obtain or guess.
* Change your password often : at least every 30 to 60 days.

There are some techniques used for guessing passwords such as :
* Try default passwords
* Try all the short words
* Try all the words in an electronic dictionary
* Collect information about the user’s hobbies, family names, birthday, etc.
* Try user’s phone number, social security number, street address, etc.
* Try all license plate numbers
* Use a Trojan horse
* Tap the line between a remote user and the host system.

Cryptography Concept
Cryptography is a method that used to encrypt data with a specific code (key) that only the sender knows.
The sender then sends the key to the receiver and the receiver decrypts the data by using the key.
These secure the privacy of the data, even others manage to get the data they will not understand what they see.

Cryptography Algorithms
Cryptography algorithms is a type of operations used for transforming plaintext (original message) to ciphertext (coded message).
The number of keys used is:
a) Symmetric (single key or private-key encryption)

b) Asymmetric (two-keys, or public-key encryption)

This is the way in which the plaintext is processed.

Methods use in Cryptography Algorithm
a) Substitution
* Monoalphabetic substitution : It formed by shifting the letters of the original alphabet.
* Polyalphabetic substitution : Extension of monoalphabetic substitution system which use Vigenere Tableau.
b) Transposition
* Unkeyed transposition : Rearrange letters by using matrix
* Keyed transposition : Rearrange letters by using matrix where the size of matrix is determined by the length of the key used.

Caesar Ciphers
In this cipher each of the letters A to W is encrypted by being represented by the letter that occurs three places after it in the alphabet.
Although Caesar used a ‘shift’ of 3, a similar effect could have been achieve using any number from 1 to 25.
The encryption key and decryption key are both determined by a shift but the encryption and decryption rules are different.
We could have changed the formulation slightly to make the two rules coincide and have different encryption and decryption keys.
* A shift of 26 has the same effect as a shift of 0 and, for any shift from 0 to 25.
* Encryption with that shift is the same as decryption with the new shift obtained by subtracting the original shift from 26.

Let's find the message behind this cipher text:
YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GD SJCY BJJP

Vigenere Ciphers
Vigenere Ciphers is the modification of the Substitution Cipher. The alphabet is re-scrambled for each letter of the plaintext message.
The strength of the Vigenere Cipher is that the same letter can be encrypted in different ways.
The left-hand (key) column of this square contains the English alphabet and for each letter, the row determined by that letter contains a rotation of the alphabet with that letter as the leading character.

Digital Signature
The digital signature for a message from a particular sender is a cryptographic value that depends on the message and the sender.
A digital signature provides data integrity and proof of origin (non-repudiation).
It is the provision of a means of settling disputes between sender and receiver that distinguishes the digital signature mechanism from the MACing process.

Public Key Infrastructure (PKI)
Three key players in PKI system:
* The certificate owner : who applies for the certificate.
* CA : which issues the certificate that binds the owner’s identity to the owner’s public key value.
* The relying party : who uses on the certificate.

RSA
By Rivest, Shamir & Adleman of MIT in 1977 .
Best known & widely used public-key scheme .
RSA use to encrypt a message and to decrypt the ciphertext.

RSA Security
There are some possible approaches to attacking RSA :
* Brute force key search.
* Mathematical attacks (based on difficulty of computing)
* Timing attacks (on running of decryption)
* Chosen ciphertext attacks (given properties of RSA)

Methods of Attacks in Encryption Systems
Four general attacks can be perform against encrypted information:
* Ciphertext : Only attack guessing the plaintext or using frequency analysis
* Known Plaintext : Guess using known pliantext.
* Chosen : Plaintext
* Chosen : Ciphertext attack

There are also specific attacks that can be launched against encryption systems:
* Brute-Force attack : Exhaustive key search - trying every possible combination.
* Replay attacks : Taking encrypted information and playing it back at a later point in time.
* Man-in-the-middle attacks
* Fault in Cryptosytem

Lab 1 : Introduction to Virtualization & VMware

14 Julai 2009 is our first lab with our lecturer Encik Zaki Mas'ud. The lab is about Introduction to Virtualization & VMware and all student should be able to:
* Understand What is Virtualization
* Install VMware Workstation
* Understand the VMware Workstation Configuration
* Creating disk image on VMware Workstation
* Installing Windows Server 2003 on disk image

This lab have three task and one review question. Task 1 is about VMware Workstation Installation.
VMware Workstation can be downloaded from http://www.vmware.com/download/ws/ and follow the step by step to installation Wizards.
1. Double Click on the VMware launcher to start the installation Wizards.
2. Click on [Next].
3. Choose Typical setup type
4. Choose the location for VMware Workstation installation. Click on [Next].
5. Configure the shortcuts for the VMware Workstation and click [Next].
6. Click on [Install], this will take several minutes to finish.
7. Enter the Serial Number for the VMware workstation.
8. Click [Finish], and restart the Computer.

In task 2 we learn about how to creating disk image on VMware Workstation and Installing Windows Server 2003 on virtual machine in task 3.

Okay, now let's do some review question:

1.List four advantages of using virtual machine in your practical session in class.

* Ease of use and easy to understand.
* Instructors can train students by using a variety of configurations, quickly and easily.
* Virtual machines are easy to move between physical machines.
* Virtual machines allow you to isolate each application in its own sandbox environment.

2.How to create a new virtual machine called linuxserv and how to install it with Fedora Core 9?

Create a new virtual machine called linuxserv
a) From the home tab click on [New Virtual Machine].
b) Choose the typical configuration to proceed.
c) Choose the type of OS to be installed on the virtual machine.
d) Name the virtual machine and specify the location where the disk image for the virtual machine will be stored in the hard disk. Name the virtual machine as linuxserv.
e) For the network type select [Use host-only Networking], this selection will create LAN between the other virtual machine.
In order to make the virtual machine connected to the real network select [Use bridged networking]. This setting can be changed once the virtual machine is created.
f) Specify the disk capacity of the virtual machine. Initially the size of the disk image you created is small and as you installed your virtual machine with OS and other software,the size will increase up to the storage capacity set in this configuration.
g) Select [Allocate disk space now] and click [Finish] to start creating your virtual machine. This will take several minutes.

Install it with Fedora core 9
a) Place the Fedora core 9 installer CD in your CDROM drive.
b) From the command menu click on [start the virtual machine] or you can click on the start button on the toolbar, your virtual machine is starting and will be booting from your CDROM drive.
c) Once the linuxserv booting you will see the familiar Fedora core 9 installation page, from this point onward you can follow the Fedora core 9 installation step.
d) After the installation process is finish, you will see the Fedora core 9 login page.
e) Click on the console to start using the Fedora core 9, to get the mouse pointer back to your host desktop, type CTRL + ALT on the keyboard.
f) Try taking the snapshot of your OS by clicking on the [snapshot] button on the toolbar. If anything happened to your OS you can simply click the [Revert] button and choose your previous state.
g) Manage the size of your console screen by click on the [Quick switch] and [Full Screen] view option button on the toolbar.

3.Explain in details how a corrupted virtual machine can be recover back to its original state?

It depends to how it corrupted. If you have backup, you can restore it from system state otherwise, try to use P2V Converter and clone it again and boot it up to see how it works, if not use any LiveCD and boot it up and extract all the data and reload the OS and transfer data. Depends what you want to be restore but it could be fixable if using the right tool.

p/s : More details, refer to others references.^_^

Lecture 1: Introduction To Information Security

13th of July, 2009 was our first IT security lecture class. Before start the lecture, we have some quiz which is in puzzle form. First quiz in first lecture. All answer of quiz is related to general internet security knowledge.
The first lecture today is introduction to information security which included security architecture, security principles, security policy, security attacks, method of defense, security services and security mechanisms.

What is Security?
Security can be defined as "the state of being free from unacceptable risk". The risk concerns the following categories of losses:
* Confidentiality of Information.
* Integrity of data.
* Assets.
* Efficient and Appropriate Use.
* System Availability.

Security Architecture
* Defined by ITU-T Recommendation X.800 that called OSI Security Architecture.
* Useful to managers as a way of organizing the task of providing security.
* Focuses on security attacks, security mechanisms and security services.


Security Principles:

a) Confidentiality
* Confidentiality refers to the privacy of personal or corporate information. This includes issues of copyright. Prevention of unauthorized disclosure of information.

b) Integrity
* Integrity refers to the accuracy of data. Loss of data integrity may be gross and evident.
* Prevention of unauthorized modification of information.

c) Availability
* Availability is concerned with the full functionality of a system and its components.
* Prevention of unauthorized withholding of information or resources

Security Policy
* Set of rules to apply to security relevant activities in a security domain.
* Level of security policy: objectives, organizational and system
* Key aspects of security policy: authorization, access policy and accountability

Security Attacks/Threats
Security Attacks is any attack that compromises the security of information owned by an organization.
1) Passive attacks
* An attack such as listening to communications then attacking the encryption schemeb off line may be done.
* Eavesdropping.

A passive attack is characterized by the interception of messages without modification. There is no change to the network data or systems. The message itself may be read or its occurrence may simply be logged.

Identifying the communicating parties and noting the duration and frequency of messages can be of significant value in itself. From this knowledge certain deductions or inferences may be drawn regarding the likely subject matter, the urgency or the implications of messages being sent. This type of activity is termed traffic analysis because there may be no evidence that an attack has taken place, prevention is a priority.

2) Active attacks
* A common attack of this type is the man in the middle attack.
* During this attack the attacker may try to convince the victim that they are communicating with another party when they are really communicating with the attacker.
* The attacker may use the attack to gain passwords or other vital information.

a) Masquerade attacks, as the name suggests, relate to an entity (usually a computer or a person) taking on a false identity in order to acquire or modify information, and in effect achieve an unwarranted privilege status. Masquerade attacks can also incorporate other categories.

b) Message replay involves the re-use of captured data at a later time than originally intended \ in order to repeat some action of benefit to the attacker: For example, the capture and replay of an instruction to transfer funds from a bank account into one under the control of an attacker. This could be foiled by confirmation of the freshness of a message.

c) Message modification could involve modifying a packet header address for the purpose of directing it to an unintended destination or modifying the user data.

d) Denial-of-service attacks prevent the normal use or management of communication services, and may take the form of either a targeted attack on a particular service or a broad, incapacitating attack. For example, a network may be flooded with messages that cause a degradation of service or possibly a complete collapse if a server shuts down under abnormal loading. Denial-of-service attacks are frequently reported for internet- connected services.

Security Services
a) Non-Repudiation
* protection against denial by one of the parties in communication

b) Access Control
* prevention of unauthorized use of a resource

c) Data Integrity
* is the provision of the property that data has not been altered or destroyed in an unauthorized manner
* nor have data sequences been altered to an extent greater than can occur non-maliciously.

d) Data Origin Authentication
* is the provision of the property that the claimed origin of received data is corroborated.

e) Data Confidentiality
* is the provision of the property that information is not made available or
* disclosed to unauthorized individuals, entities, or processes.

Security Mechanisms
Security mechanism exists to provide and support security services and was defined by X.800.
Security mechanism is a mechanism that is designed to:
a) Detect.
b) Prevent.
c) Recover from security attack.