Cryptography And Computer Security : Process Of Preventing
Computer security is the most – primary concern these days for any organization. Computer security is a process of preventing, detecting the system from any unauthorized use or any Threat. Computer Security has become an integral part of computer and Information Technology. At present we all keep our all details digital on our system or on server, due to increase use of Internet and several other threats computer has become prone to any kind of problems related to security (Christian W. Pst, Jeffrey .Hr, Matt. B, Dieter .G,2012).
Concerns in computer security
Confidentiality of Data in computer systems- Confidentiality comes at the top of the priority of the security requirements. To maintain the confidentiality of the Computer , there should be provision that no unauthorized person can access information..
Integrity of data in computer Systems- There should be provision that only authorized person can bring any updating in the system.
Availability- The information on the system should be available to the user whenever it is required and there should be no information loss.
Authentication- There should be proper mechanism to control and check whether the information flow is at between correct ends or not.
Computer Threats-
According to the reports of the cyber security cell our systems are now more prone to unauthorized intrusions. These intrusions can be trying to access information without permission, introduction of Malicious programs in the system such as virus in our system attack by Hackers and other threats.
According to the report published by research centres the most high Threats for year 2015-2016 are-
Mobile Security & Smartphone Vulnerability Threats-
As most of the websites are giving information in their specialized version for Smart Mobiles and Mobile devices like Tablets etc. , and as they are easy to carry and access information most of the people are using mobiles these days for their work. At present attacks on the mobile systems is the primary threat now.
In this type of Security attack the Hacker or attacker attacks Emails or Malicious websites to collect personal details of the individuals. It is also called Social Engineering Attack as in this type of security threat the attacker take use of Human Interaction for obtaining information about personal, organization or the system architecture.
Identity Theft
Another Threat that has become predominant is theft of identity, by unauthorized accessing of ID , password and other details. In this type of attack the attacker imposes ownself by collecting personnel information and uses them in their own purposes. For example after getting Bank account details one can transfer money and other, this is most dangerous threat.
Our selected Mitigation for Attack
Mitigation of the Mobile Attacks-
In order to Mitigate the Mobile attacks following practices should be performed-
- By using advance security software in mobiles.
- By using advance password methods.
- By using Advance techniques of Locking.
- By applying auto scan and clean up property.
- By applying filters on web use.
- By restricting popups and other threats.
- Regular scanning and check.
Conclusion-Computer security has become a major issue these days. There are several attacks these days which has increased our problems even more. In this digital age we cannot survive without computer systems. In order to mitigate the security problems , first and very first is to be alert and to work on systems by taking security concerns. It is required to use advance software’s for the security of the system. Using Spywares these days is also essential. Besides software’s it is also necessary to get updated of the latest threats, their types and their impact. One should not pass personal details on websites without conforming each details. One should also use digital signatures, retina password, Finger password instead of simple passwords.
Implementation-
[email protected]:~# ssh [email protected]
[email protected]‘s password:
Linux kali 3.7-trunk-amd64 #1 SMP Debian 3.7.2-0+kali6 x86_64
The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
[email protected]:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
eb:63:b6:89:a3:74:dd:76:9f:ea:7f:1e:d4:d4:ba:9b [email protected]
The key’s randomart image is:
+–[ RSA 2048]—-+
| |
| .|
| o|
| o.|
| S …|
| . o .. |
| . . o o . .. |
| . ..o+o . . +o|
| …++o .ooEo.|
+—————–+
Check the key files and estimate the number of decimal digits of the keys and write your estimates.
Implementation-
[email protected]:~ openssl rsa -text -noout -in id_rsa
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDo2xko99piegEDgZCrobfFTvXUTFDbWT
ch4IGk5mk0CelB5RKiCvDeK4yhDLcj8QNumaReuwNKGjAQwdENsIT1UjOdVvZOX2d41/p6J
gOCD1ujjwuHWBzzQvDA5rXdQgsdsrJIfNuYr/+kIIANkGPPIheb2Ar2ccIWh9giwNHDjkXT
JXTVQ5Whc0mGBU/EGdlCD6poG4EzCc0N9zk/DNSMIIZUInySaHhn2f7kmfoh5LRw7RF3c2O
5tCWIptu8u8ydIxz9q5zHxxKS+c7q4nkl9V/tVjZx8sneNZB+O79X1teq7LawiYJyLulUMi
OEoiL1YH1SE1U93bUcOWvpAQ5 [email protected]
[email protected]:- echo”AAAAB3NzaC1yc2EAAAADAQABAAABAQDDo2xko99piegEDgZC” | openssl base64 -d | hd
00000000 00 00 00 07 73 73 68 2d 72 73 61 00 00 00 03 01 |….ssh-rsa…..|
00000010 00 01 00 00 01 01 00 c3 a3 6c 64 a3 df 69 89 e8 |………ld..i..|
00000020 04 0e 06 42 |…B|
Encrypt a file (text or binary) using 2 key sizes and include your results and note the observation
Implementation-
[email protected]:~ openssl genrsa -out private.pem 1024
[email protected]:-openssl rsa -in private.pem -out public.pem -outform PEM –pubout
[email protected]:- $ echo ‘Sky has no limit’ > bob.txt
$ openssl rsautl -encrypt -inkey public.pem -pubin -in bob.txt -out bob.ssl
$ openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt
$ cat decrypted.txt
Sky has no limit.
Explain why GPG encryption and decryption are quite fast.
GPG encryption technique uses the two keys for encryption , instead of one. It compress4s the message and also make it more secure. It creates one –time only session key, uses the session key to encrypt the message. It provides high level signature facility. It uses the combination of best conventional and modern cryptography techniques.
Create a file of close to 1 GB and encrypt and decrypt it and note the time taken. Comment on the reason why this much time has taken. Calculate how long it would take to do the encryption/decryption of a 10 GBs of data.
root @kali:- fallocate -l 10G gentoo_root.img
[email protected]: time openssl < opensslcmds.txt-
Export your public key and discuss the reason why your exported key should be in ASCII format.
Solution-
The Public key is kept in ASCII format beacouse it provides convenience in transferring information on Web Pages and emails.
Encrypt a file and output the cipher text in ASCII format. Explain when you need cipher text in ASCII format.
Solution – ASCII is most well understood and accepted coding format, so in order to send data on any kind of platform and in case of requirement of high security the ASCII Code is best.
h) You should work with your class fellow to do this experiment and record your observation in the form of commands being used or procedure being followed and include your results.
Exchange your public key and your friend’s public key using email.
Implementation
alice% gpg –list-keys
/users/alice/.gnupg/pubring.gpg
Import your friend’s public key into your key ring.
alice% gpg –import blake.gpg
gpg: key 9E98BC16: public key imported
gpg: Total number processed: 1
gpg: imported: 1
alice% gpg –list-keys
/users/alice/.gnupg/pubring.gpg
III. Encrypt a file using your friend’s public key and send the encrypted file to your friend.
alice% gpg –output doc.gpg –encrypt –recipient [email protected] doc
Ask your friend to decrypt the encrypted file.
blake% gpg –output doc –decrypt doc.gpg
Write a reflection report in 100 words about the role cryptography can play in ensuring right to privacy of individuals.
The role cryptography can play in ensuring right to privacy of individuals.
These days we are living in IT age , all our documents, information has become digitized, This has brought a wider change in information processing but with this the information has become prone to hacking and other risks. Security of data is has become the primary concern for every organization at present. To make our information more secure a most promising technique “Cryptography “ is implied. Technically the Cryptography implies converting the information in a secured format of specialized codes. The whole data is converted in a specialized format, this is called encryption and reconverting the encrypted data in the original form is termed as Decryption. These days Cryptography technique uses the techniques such as Microdots, merging words with images, hiding information in storage and other advance methods. The goal of the Cryptography is to provide confidentiality, Integrity and most importantly the non-Repudiation. So from the above discussion we can conclude that cryptography no doubt provides the insurance to the right of privacy to an individual (Prakash C. G, 2015).
Christian W. Pst, Jeffrey .Hr, Matt. B, Dieter .G,(2012), Insider Threats in Cyber Security, Springer Publication
Joseph. M. K, (2015), Guide to Computer Network Security, Springer Publication
Behrouz A .F, Debdeep .M, (2014), Cryptography and Network Security (SIE),
McGrew Hill Publication
Prakash C. G, (2015), Cryptography and Network Security, PHI Publication
Willie L. P, David.S, (2013), Kali Linux Cookbook, Pact Publisher