What is authentication?
Authentication involves determining whether a user is, in fact, who he or she claims to be.
There are three factors of authentication to consider:
* Something you know, such as a user ID and password
* Something you have, such as a smart card
* Something you are, refers to a physical characteristic, verified using biometric technology.
These factors can be used alone, or they can be combined to build a stronger authentication strategy in what is known as two-factor or multifactor authentication.
We need to make sure that the message comes from apparent or known sources or author, and the content have not been altered at all.
Password
Authentication is commonly done through the use of logon passwords.
To get a good protection, we need to have a good password which it is hard to guess but easy to remember.
Characteristics of good password:
* Not shorter than six character
* Not patterns from the keyboard
* Avoid using words from dictionary
* Contain 3 out of these 4 elements : uppercase letters, lowercase letters, numbers and special characters
* Avoid write passwords somewhere such as handphone
* The password must be difficult to guess.
How to protect your own password?
* Never share your password with anyone
* Use different passwords for different systems.
* Don't use personal information that others can easily obtain or guess.
* Change your password often : at least every 30 to 60 days.
There are some techniques used for guessing passwords such as :
* Try default passwords
* Try all the short words
* Try all the words in an electronic dictionary
* Collect information about the user’s hobbies, family names, birthday, etc.
* Try user’s phone number, social security number, street address, etc.
* Try all license plate numbers
* Use a Trojan horse
* Tap the line between a remote user and the host system.
Cryptography Concept
Cryptography is a method that used to encrypt data with a specific code (key) that only the sender knows.
The sender then sends the key to the receiver and the receiver decrypts the data by using the key.
These secure the privacy of the data, even others manage to get the data they will not understand what they see.
Cryptography Algorithms
Cryptography algorithms is a type of operations used for transforming plaintext (original message) to ciphertext (coded message).
The number of keys used is:
a) Symmetric (single key or private-key encryption)
b) Asymmetric (two-keys, or public-key encryption)
This is the way in which the plaintext is processed.
Methods use in Cryptography Algorithm
a) Substitution
* Monoalphabetic substitution : It formed by shifting the letters of the original alphabet.
* Polyalphabetic substitution : Extension of monoalphabetic substitution system which use Vigenere Tableau.
b) Transposition
* Unkeyed transposition : Rearrange letters by using matrix
* Keyed transposition : Rearrange letters by using matrix where the size of matrix is determined by the length of the key used.
Caesar Ciphers
In this cipher each of the letters A to W is encrypted by being represented by the letter that occurs three places after it in the alphabet.
Although Caesar used a ‘shift’ of 3, a similar effect could have been achieve using any number from 1 to 25.
The encryption key and decryption key are both determined by a shift but the encryption and decryption rules are different.
We could have changed the formulation slightly to make the two rules coincide and have different encryption and decryption keys.
* A shift of 26 has the same effect as a shift of 0 and, for any shift from 0 to 25.
* Encryption with that shift is the same as decryption with the new shift obtained by subtracting the original shift from 26.
Let's find the message behind this cipher text:
YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GD SJCY BJJP
Vigenere Ciphers
Vigenere Ciphers is the modification of the Substitution Cipher. The alphabet is re-scrambled for each letter of the plaintext message.
The strength of the Vigenere Cipher is that the same letter can be encrypted in different ways.
The left-hand (key) column of this square contains the English alphabet and for each letter, the row determined by that letter contains a rotation of the alphabet with that letter as the leading character.
Digital Signature
The digital signature for a message from a particular sender is a cryptographic value that depends on the message and the sender.
A digital signature provides data integrity and proof of origin (non-repudiation).
It is the provision of a means of settling disputes between sender and receiver that distinguishes the digital signature mechanism from the MACing process.
Public Key Infrastructure (PKI)
Three key players in PKI system:
* The certificate owner : who applies for the certificate.
* CA : which issues the certificate that binds the owner’s identity to the owner’s public key value.
* The relying party : who uses on the certificate.
RSA
By Rivest, Shamir & Adleman of MIT in 1977 .
Best known & widely used public-key scheme .
RSA use to encrypt a message and to decrypt the ciphertext.
RSA Security
There are some possible approaches to attacking RSA :
* Brute force key search.
* Mathematical attacks (based on difficulty of computing)
* Timing attacks (on running of decryption)
* Chosen ciphertext attacks (given properties of RSA)
Methods of Attacks in Encryption Systems
Four general attacks can be perform against encrypted information:
* Ciphertext : Only attack guessing the plaintext or using frequency analysis
* Known Plaintext : Guess using known pliantext.
* Chosen : Plaintext
* Chosen : Ciphertext attack
There are also specific attacks that can be launched against encryption systems:
* Brute-Force attack : Exhaustive key search - trying every possible combination.
* Replay attacks : Taking encrypted information and playing it back at a later point in time.
* Man-in-the-middle attacks
* Fault in Cryptosytem
