Sunday, December 8, 2019

Cryptography and Computer Security Process of Preventing

Question: Define the Cryptography and Computer Security of Process of Preventing. Answer: Introduction Computer security is the most - primary concern these days for any organization. Computer security is a process of preventing, detecting the system from any unauthorized use or any Threat. Computer Security has become an integral part of computer and Information Technology. At present we all keep our all details digital on our system or on server, due to increase use of Internet and several other threats computer has become prone to any kind of problems related to security (Christian W. Pst, Jeffrey .Hr, Matt. B, Dieter .G,2012). Concerns in computer security Confidentiality of Data in computer systems- Confidentiality comes at the top of the priority of the security requirements. To maintain the confidentiality of the Computer , there should be provision that no unauthorized person can access information.. Integrity of data in computer Systems- There should be provision that only authorized person can bring any updating in the system. Availability- The information on the system should be available to the user whenever it is required and there should be no information loss. Authentication- There should be proper mechanism to control and check whether the information flow is at between correct ends or not. Statistics of Computer Security Threats Computer Threats- According to the reports of the cyber security cell our systems are now more prone to unauthorized intrusions. These intrusions can be trying to access information without permission, introduction of Malicious programs in the system such as virus in our system attack by Hackers and other threats. According to the report published by research centres the most high Threats for year 2015-2016 are- Mobile Security Smartphone Vulnerability Threats- As most of the websites are giving information in their specialized version for Smart Mobiles and Mobile devices like Tablets etc. , and as they are easy to carry and access information most of the people are using mobiles these days for their work. At present attacks on the mobile systems is the primary threat now. Phishing Attacks Social Engineering In this type of Security attack the Hacker or attacker attacks Emails or Malicious websites to collect personal details of the individuals. It is also called Social Engineering Attack as in this type of security threat the attacker take use of Human Interaction for obtaining information about personal, organization or the system architecture. Identity Theft Another Threat that has become predominant is theft of identity, by unauthorized accessing of ID , password and other details. In this type of attack the attacker imposes ownself by collecting personnel information and uses them in their own purposes. For example after getting Bank account details one can transfer money and other, this is most dangerous threat. Our selected Mitigation for Attack Mitigation of the Mobile Attacks- In order to Mitigate the Mobile attacks following practices should be performed- By using advance security software in mobiles. By using advance password methods. By using Advance techniques of Locking. By applying auto scan and clean up property. By applying filters on web use. By restricting popups and other threats. Regular scanning and check. Conclusion-Computer security has become a major issue these days. There are several attacks these days which has increased our problems even more. In this digital age we cannot survive without computer systems. In order to mitigate the security problems , first and very first is to be alert and to work on systems by taking security concerns. It is required to use advance softwares for the security of the system. Using Spywares these days is also essential. Besides softwares it is also necessary to get updated of the latest threats, their types and their impact. One should not pass personal details on websites without conforming each details. One should also use digital signatures, retina password, Finger password instead of simple passwords. 2. Generate keys of 2 different sizes for RSA encryption scheme and include these keys in the report. Implementation- root@bt:~# ssh root@10.0.0.3 root@10.0.0.3's password: Linux kali 3.7-trunk-amd64 #1 SMP Debian 3.7.2-0+kali6 x86_64 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@kali:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: eb:63:b6:89:a3:74:dd:76:9f:ea:7f:1e:d4:d4:ba:9b root@kali The key's randomart image is: +--[ RSA 2048]----+ | | | .| | o| | o.| | S ...| | . o .. | | . . o o . .. | | . ..o+o . . +o| | ...++o .ooEo.| +-----------------+ Check the key files and estimate the number of decimal digits of the keys and write your estimates. Implementation- root@kali:~ openssl rsa -text -noout -in id_rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDo2xko99piegEDgZCrobfFTvXUTFDbWT ch4IGk5mk0CelB5RKiCvDeK4yhDLcj8QNumaReuwNKGjAQwdENsIT1UjOdVvZOX2d41/p6J gOCD1ujjwuHWBzzQvDA5rXdQgsdsrJIfNuYr/+kIIANkGPPIheb2Ar2ccIWh9giwNHDjkXT JXTVQ5Whc0mGBU/EGdlCD6poG4EzCc0N9zk/DNSMIIZUInySaHhn2f7kmfoh5LRw7RF3c2O 5tCWIptu8u8ydIxz9q5zHxxKS+c7q4nkl9V/tVjZx8sneNZB+O79X1teq7LawiYJyLulUMi OEoiL1YH1SE1U93bUcOWvpAQ5 thebear@isgreat.com root@kali:- echo"AAAAB3NzaC1yc2EAAAADAQABAAABAQDDo2xko99piegEDgZC" | openssl base64 -d | hd 00000000 00 00 00 07 73 73 68 2d 72 73 61 00 00 00 03 01 |....ssh-rsa.....| 00000010 00 01 00 00 01 01 00 c3 a3 6c 64 a3 df 69 89 e8 |.........ld..i..| 00000020 04 0e 06 42 |...B| Encrypt a file (text or binary) using 2 key sizes and include your results and note the observation Implementation- root@kali:~ openssl genrsa -out private.pem 1024 root@kali:-openssl rsa -in private.pem -out public.pem -outform PEM pubout root@kali:- $ echo 'Sky has no limit' bob.txt $ openssl rsautl -encrypt -inkey public.pem -pubin -in bob.txt -out bob.ssl $ openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt $ cat decrypted.txt Sky has no limit. Explain why GPG encryption and decryption are quite fast. Solution- GPG encryption technique uses the two keys for encryption , instead of one. It compress4s the message and also make it more secure. It creates one time only session key, uses the session key to encrypt the message. It provides high level signature facility. It uses the combination of best conventional and modern cryptography techniques. Create a file of close to 1 GB and encrypt and decrypt it and note the time taken. Comment on the reason why this much time has taken. Calculate how long it would take to do the encryption/decryption of a 10 GBs of data. Implementation- root @kali:- fallocate -l 10G gentoo_root.img root@kali: time openssl opensslcmds.txt- Export your public key and discuss the reason why your exported key should be in ASCII format. Solution- The Public key is kept in ASCII format beacouse it provides convenience in transferring information on Web Pages and emails. Encrypt a file and output the cipher text in ASCII format. Explain when you need cipher text in ASCII format. Solution ASCII is most well understood and accepted coding format, so in order to send data on any kind of platform and in case of requirement of high security the ASCII Code is best. h) You should work with your class fellow to do this experiment and record your observation in the form of commands being used or procedure being followed and include your results. Exchange your public key and your friends public key using email. Implementation alice% gpg --list-keys /users/alice/.gnupg/pubring.gpg Import your friends public key into your key ring. alice% gpg --import blake.gpg gpg: key 9E98BC16: public key imported gpg: Total number processed: 1 gpg: imported: 1 alice% gpg --list-keys /users/alice/.gnupg/pubring.gpg III. Encrypt a file using your friends public key and send the encrypted file to your friend. alice% gpg --output doc.gpg --encrypt --recipient blake@cyb.org doc Ask your friend to decrypt the encrypted file. blake% gpg --output doc --decrypt doc.gpg Write a reflection report in 100 words about the role cryptography can play in ensuring right to privacy of individuals. The role cryptography can play in ensuring right to privacy of individuals. These days we are living in IT age , all our documents, information has become digitized, This has brought a wider change in information processing but with this the information has become prone to hacking and other risks. Security of data is has become the primary concern for every organization at present. To make our information more secure a most promising technique Cryptography is implied. Technically the Cryptography implies converting the information in a secured format of specialized codes. The whole data is converted in a specialized format, this is called encryption and reconverting the encrypted data in the original form is termed as Decryption. These days Cryptography technique uses the techniques such as Microdots, merging words with images, hiding information in storage and other advance methods. The goal of the Cryptography is to provide confidentiality, Integrity and most importantly the non-Repudiation. So from the above discussion we can conclude that cryptography n o doubt provides the insurance to the right of privacy to an individual (Prakash C. G, 2015). References Christian W. Pst, Jeffrey .Hr, Matt. B, Dieter .G,(2012), Insider Threats in Cyber Security, Springer Publication Joseph. M. K, (2015), Guide to Computer Network Security, Springer Publication Behrouz A .F, Debdeep .M, (2014), Cryptography and Network Security (SIE), McGrew Hill Publication Prakash C. G, (2015), Cryptography and Network Security, PHI Publication Willie L. P, David.S, (2013), Kali Linux Cookbook, Pact Publisher

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.