Wednesday, February 10, 2016

Introduction to Cryptography and Steganography


Cryptography is an interesting art. Bear with me and you will see. In this post I will tell you a brief history of Cryptography and Steganography. Next post will be more technical.
Long long time ago ancient dynasties relies on different methods of communication in their region. They always were interested in new methods to hide their message from potential enemies. Interest of enemies in those important messages encouraged dynasties to develop new methods to secure their messages using codes and ciphers. Like everywhere else our story has two sides. One the other side enemy forces had some workers who were responsible for breaking the codes and revealing the secret message. The battle between inventors of new coding methodologies and code breakers always continued and this cause many more new methods of coding being invented. In new era the act of hiding the message in form of code is called encryption. The reverse method to retrieve the secret from the encrypted message is called decryption. The art of changing plain content to a secret message that is not understandable by others is called Cryptography. In cryptography only entities that has the key for that secret are able to decrypt the secret message(Which this is true only in best scenario).
The earliest method of secret messaging is related to 519–465 BC, when there was a war between Greece and Persian(Iran). According to Herodotus, the art of secret messaging saved Greece from being conquered by Xerxes, King of Kings, leader of Persians. After Xerxes build his new kingdom capital at Persepolis, gifts arrived from all over the empire and neighbor countries except from Athens and Sparta. This made Xerxes to say "We shall extend the Persian territory as far as God's heaven reaches. The sun will then shine on no land beyond our borders". Then he spent 5 years secretly to prepare the greatest army in the history to do a surprise attack. Long story short, one Greek betrayer who was not welcomed by his homeland was working in Persian army. He still had some feelings and loyalty to his country, therefore he decided to send a message to them and inform them about this surprise attack. He have to hide the message to avoid discovery by Xerxes people. Therefore he scraped his message on a wooden folding tablets and then he cover the message with wax. This avoids guards on the way to find out about the secret message. The message delivered safety to Greeks. Greeks prepared them self for the war and they won the war against Persians.
There was another method which used in the same era. In this method  head of a person as messenger shaved and then the message was written on his scalp, then they will wait for his hair to regrow. 
The art of hiding the existence of message known as Steganography. Previous mentioned stories were good examples of Steganography In cryptography the message is viewable by public but the content of it is not understandable to them. However in Steganography the message itself is hidden from view.
Ancient Chinese used to write their secret messages on silk and make them like a ball, then cover them in wax. A messenger have to swallow the waxed ball to hide the message. 
Part of Steganography is writing messages using invisible inks. In 16th century Giovanni Battista Della Porta an Italian scholar, explained his finding about writing secret message on boiled eggs. He made an ink using a mixture of vinegar and alum. Then he used the ink to write on the shell of the egg. The ink penetrates through the shell and leaves the message on hardened albumen of egg. The message is not appear on the shell and only will be appear after the shell is removed.
Eventhough Cryptography and Steganography are two different methodologies, they can be used together to increase the secrecy of message. For instance during the World War II, German spies in America, used photographic technics to shrink a page of text to size less than a millimeter. Then they used this dot at the end of their first sentence in their letters. After a while FBI found out about the microdots and then they were able to read the content of them and intercept the message of spies to Germany. Then Spies combined the art of cryptography with Steganography to scramble their text before converting it to microdot. Afterward the content of microdots were not understandable to Americans, However they were able to block the communication.

In next post I will explain the basics of cryptography and will give few examples of primitives methods of encryption. Please start following my blog using G+, FB, Twitter. I promise you will not regret and we will cover more about new techniques of cryptography.

            .-""-.
           / .--. \
          / /    \ \
          | |    | |
          | |.-""-.|
         ///`.::::.`\
        ||| ::/  \:: ;
        ||; ::\__/:: ;
         \\\ '::::' /
          `=':-..-'`

Sunday, February 7, 2016

Network Address Translation (NAT)

Public IP address are rare to find, specially classes A,B & C. Recently IP version 6 introduced to address this problem. However IPV6 adoption is slow and can't practically be helpful in near future. To address this problem network administrators usually use private IP addresses on local networks. Private IP addresses allow computers and other devices on the network to communicate with each other. But the disadvantage of these type of IP addresses is that they are not routable on the Internet. In other words, they are not accessible from outside their private network. For instance, if a device use a local IP address to communicate to a destination on internet, the destination expected to send its reply to source local IP address which it doesn't exist in internet and all replies would be lost. The solution to this problem is Network Address Translation(NAT). NAT devices which usually are firewalls sits at the boundary of local network and internet and they pick all the packets that are arriving or leaving the network. Then it will assign the NAT public address to the packets that are leaving the network and store their private address and assigned public address in NAT table. When a response coming back to NAT from internet, NAT will look up in NAT table and will find the IP address which is the actual recipient of packet on local network and will send the packet to that device.
                                   ,----, 
         ,--.                    ,/   .`| 
       ,--.'|   ,---,          ,`   .'  : 
   ,--,:  : |  '  .' \       ;    ;     / 
,`--.'`|  ' : /  ;    '.   .'___,/    ,'  
|   :  :  | |:  :       \  |    :     |   
:   |   \ | ::  |   /\   \ ;    |.';  ;   
|   : '  '; ||  :  ' ;.   :`----'  |  |   
'   ' ;.    ;|  |  ;/  \   \   '   :  ;   
|   | | \   |'  :  | \  \ ,'   |   |  '   
'   : |  ; .'|  |  '  '--'     '   :  |   
|   | '`--'  |  :  :           ;   |.'    
'   : |      |  | ,'           '---'      
;   |.'      `--''                        
'---'                                     
           

Saturday, February 6, 2016

Domain Name Service (DNS) & DNS Security


In previous lesson we discussed about IP addresses. Remembering the IP addresses is difficult. It's not easy to remember all IP addresses that we need for our daily use. Domain name service (DNS) allows us to use "easy to remember" names instead of memorizing IP addresses. For instance instead of remembering 173.194.44.230 we can use www.google.com 
DNS is like a phone book for the Internet. There is a name for each website and instead of a phone number there is an IP address exist for each website. DNS uses a distributed database system where each organisation is responsible to maintain data for their own domain. 
DNS has a hierarchical nature. There are root DNS server which provide high level information for individual DNS server to tell them what server is responsible for all .net domains or what server is responsible for all .com domains. Similar servers exists for each top level domains ( .com , .net , .org). Each of these servers then distribute authoritative for specific domains to the name servers  run by the organisations that owns the domain or their Internet Service Provider (ISP) . for instance yahoo.com runs its owns DNS servers. Yahoo DNS servers will have all information about yahoo sub domains such as www.yahoo.com or mail.yahoo.com

 .


Each organisation might use a relative extension after its domains. For example MIT is an educational institute which use .edu extension at its own domain ( mit.edu ) you can find a more detailed list of top level domain list at ICANN .
When a DNS server receive a request from a client on its network from a domain which its not authoritative for , It has two options: (A) Check the DNS cache. (B) Perform a hierarchical look up.
Each DNS server keep a cache of recently looked up domains. For better understanding I will give you an example. For example you are on the aol network and you try to access root25.com website. So first you need to enter root25.com in the web browser. then your computer will look up in the local DNS server. DNS server of your company runs by aol.com so its not authoritative for root25.com domain. However the DNS server might recently ask the same question from another DNS server for another user which trying to access the same website. So the first place it will look up is the cache (memory) to see if it has the answer. If it didn't find the answer in the cache, it will go to perform a hierarchical look up. 
hierarchical look up check with the root server to find the responsible DNS server for the ".com" domains. then it will contact one of those .com domain servers and ask which server is responsible for root25.com. Afterward it will contact that name server to find the specific IP address for www.root25.com .

There are some security threats related to DNS such as:

Network Ports



As we learned in the previous lessonIP addresses uniquely identify computers. Most of the times each computer has more than one services. For instance a computer can be a web server and a file server in the same time. For addressing this in addition to having a unique IP address we have a unique PORT for each service on a computer. 
Ports are used by transport protocol to uniquely identify different services and applications. Ports are like doors to a computer services, each port can point to one of services on the computer. The idea of "Port" first introduced by ARPANET, but in that time it was known as "Socket number".
The Internet Assigned Numbers Authority (IANA) created standards for using port numbers. Without knowledge of these ports user needs to ask the administrator about the details of port configuration. Using these standards are not compulsory. We can categories ports in two types:


  • Well known ports : are ports between 0 to 1024 which are assigned by IANA for special purposes.
    Some of these well known ports are:
    20/21  FTP
    22       SSH
    23       TELNET
    25       SMTP
    53       DNS
    80       HTTP
    443     HTTPS
    (For the complete list please refer here)
  • High number ports : are ports between 1025 to 65535 which are available for other services.
The important fact that we need to remember is that each transfer protocol has it's own ports. For instance a port number on UDP is different from the same port number on the TCP protocol. For easing the differentiate process of these ports we always bring the protocol type after them. 
For example : 22/udp or 22/tcp

TCP IP Networking Basics

Visualization of routing path in internet (Opte Project)
Basically computers are connected to each other through networks, we can divide the networks into two main categories of :

  • LAN (Local Area Networks) : LAN networks used for connecting computers in limited areas such as an office, a building or schools.
  • WAN (Wide Area Networks) : WAN networks connect LAN networks to each other. The most obvious example of these networks are Internet.
Networks other than having benefits of ease in connectivity and sharing data, they also have some security risks as well. These security risks derive from the fact, which you open a pathway from your computer to outside world. Therefore security professionals have to have a good understanding of networks and network protocols used to protect Confidentiality, Integrity, Availability of information in computer networks. 
TCP/IP is the most common standard for networking. TCP/IP protocols suit consist of four main protocols such as:
  • Internet Protocol (IP) : IP protocol is responsible for delivering packets from the source computer to the destination computer based on the IP addresses in  the packets headers. IP also break the data to smaller packages known as "Packet" for sending them over the network. The whole Internet network relay on the IP addresses. IP has two version. Version 4 which established in 1981 and still is in use but later because engineers felt there will be more demand for address spaces they introduce IP version 6 in 1998. But still IP V6 is not very adopted and its due to the fact that IP V4 and IP V6 are not compatible.

  • Transmission Control Protocol (TCP) :  TCP protocol is responsible for providing a reliable and guarantied packet delivery between computers. TCP protocol uses a "three way hand shake process" for establishing the connection between the computers. In this process the client send a "Synchronized packet (SYN)" to the server which want to connect to. Afterward the server will receive this package and in respond sends a "Synchronized/Acknowledge packet (SYN/ACK)". ACK packet is showing that, server received the packet successfully and the SYN packet is for establishing a connection to the client side. In the last step when client received the SYN will send an ACK packet to the server to finalize and establish the connection.
  • User Datagram Protocol (UDP) : UDP also like the TCP used for sending Datagrams (messages), the only different is that this method is not reliable because there is no hand shake exist for making the connection. Mostly UDP used in cases which guarantied delivery is not necessary.

  • Internet Control Message Protocol (ICMP) : ICMP protocol used by computers and systems in the networks to manage and control the fellow of data on the network. When there is a traffic problem in the network ICMP messages used to inform computers or routers. They also used when the destination unreachable.
At the end , if you are interested to know your public IP address you just need to search word "IP" in the Google search engine. You can also refer to IP2Location website which can show more information based on your IP address. In this website you can check the country, city and the ISP name of any IP address.

Friday, February 5, 2016

Information Security Key Principles (CIA Triangle)

CIA Triangle



Information security has three main principles which are come inform of CIA model which also known as CIA triad (Triangle). Each letter of CIA represents one of three principles of information security. These principles are:

  1. Confidentiality : In an easy definition it means "Keep the private information PRIVATE" and avoid disclosure of it to an unauthorized entity. For example: When nobody other than sender and receiver of an email can not read it , this means that email transfer confidentially on the network and it remains confidential in the send box of sender and in the inbox of receiver. The attacker might intercept none encrypted data from the network.
  2. Integrity : Means protecting the data from any unauthorized changes and modifications. Integrity might be voided by any kind of modification such as adding, removing , and changing. For example: When an email send from the sender and before the receiver receives it, another third party removes some of the lines of the email. In this case the integrity of the email is voided. An attacker might change the data stored in the database after accessing to the database.
  3. Availability : Means the authorized entity should be able to access the data needed time. There should not be any disruption in the availability of the data. For example: The student should be able to access to online subject selection system on a specific date . An attacker might interrupt the availability of this service by launching a Denial of Service (DoS) by sending to many request in the same time. 

This triangle has there main cores. However information security has three other main key concepts such as:
  • Accountability : Means each person should be responsible for the act that he/she did.
  • Authenticity : In authenticity the genuineness of the data is important. For checking genuineness of data the authenticity of both party should be validated against what they claimed to be. For example in emailing digital signatures used to claim the authenticity of email and its owner.
  • Non-repudiation : Means nobody can NOT deny the act they did. If an email sent, the sender can not claim that I didn't sent this email or the recipient can not claim that I didn't receive that email.

Friday, August 16, 2013

Welcome to root25.us

I started root25 back in 2012 and recently been very busy and couldn't update the websites at all. Today I decided to start posting articles to root25. root25.com will remain the master website and root25.us will be used only for sharing articles about information security. I hope you enjoy reading the articles and looking forward for your comments. Don't forget to follow root25 on G+, Twitter & fb.

-Amir