#header-inner {background-position: right !important; width: 100% !important;}

8/29/12

When and why security should be provided across multiple layers?

To provide better control over security.

IPSec protocol can be used to estabilish Virtual Private Networks, thus give secure access to everyone who has access (on organization level).

SSL VPN's allow more precise access control (and access to resources according to role / security level). They provide connections between endpoints, rather than securing communication across the entire organization.

Application layer security measures can take form of authentication / authorization (so different users can access network from the same device, to identify them and give appropriate service).

8/25/12

Phil Zimmermann and PGP (Case History)

Philip R. Zimmermann is the creator of Pretty Good Privacy (PGP). For that, he was the target of a three-year criminal investigation because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. After releasing PGP as shareware, someone else put it on the Internet and foreign citizens downloaded it. Cryptography programs in the United States are classified as munitions under federal law and may not be exported.

Despite the lack of funding, the lack of any paid staff, and the lack of a company to stand behind it, and despite government interventions, PGP nonetheless became the most widely used e-mail encryption software in the world. Oddly enough, the US government may have inadvertently contributed to PGP's spread because of the Zimmermann case.

The US government dropped the case in early 1996. The announcement was met with celebration by Internet activists. The Zimmermann case had become the story of an innocent person fighting for rights against the abuses of big government. The government's giving in was welcome news, in part because of the campaign for Internet censorship in Congress and the push by the FBI to allow increased government snooping.

After the government dropped its case, Zimmermann founded PGP Inc., which was acquired by Network Associates in December 1997. Zimmermann is now an independent consultant in matters cryptographic.

Pretty Good Privacy (PGP)

Written by Phil Zimmerman in 1991, Pretty Good Privacy (PGP) is an e-mail encryption scheme that has become a de facto standard.

Versions of PGP are available in the public domain; for example you can find the PGP software for your favorite platform as well as lots of interresting reading at the International PGP Home Page.

When PGP is installed, software creates a public key pair for the user. The public key can be posted on the user's Web site or placed in public key server. The private key is protected by the use of a password.

PGP gives the user option of digitally signing the message (for message authentication and message integrity), encrypting the message (confidentiality), or both digitally signing and encrypting.

PGP also provides a mechanism for public key certification, but the mechanism is quite different from the more conventional CA (Certification Authority). PGP public keys are certified by a web of trust. Users physically gather, exchange public keys, and certify each other keys by signing them with their private keys.

Although key-signing parties and PGP public key servers actually exist, by far the most common ways for users to distribute their public keys are by posting them on their personal Web pages and by advertising them in their e-mails.

8/24/12

How to implement linked list using arrays.

Pointers are useful but not every programming language allows to use them. I'll show how to implement Linked List using arrays and idea of pointer data type.

Linked List node consists of value and address pointing to another variable.

We need address space which can be implemented with 2D array (one column can be memory address, another can point to another (or same) variable written under another (or same) address.

Then we can build Linked List (consisting of 2-field arrays, first field being value contained in node, second field is pointer to next node or null).

Hint: If we have pointers we can construct objects in any language with arrays. Then we can make Finite State Objects, Stitie machine and so on..

8/23/12

How to create software model using 3D Art model?

Acquire 3D Art model. Create graph of objects (each pixel is one node). Then fill with details (document relations between objects). Name aggregates (groups of objects that form larger objects).

For example: Car has engine. Engine has parts, each part has single responsibility which can be implemented. Each part has parts.

See also: 'Ola AH' as a 4GL Programming Language, Object Relationships Modelling & Analysis .

How to Visualize Object Model in Stitie Machine?

Serialize each Finite State Object to RGB color value. Then generate output image. Number of serialization steps is equal to number of nodes in graph.

Stitie Stack Machine.

How to form model of Stack Machine using Stitie Machine?

Form stack, connect it with Finite State Object.

How to generate asymetric key pair safely.

Use computer that is not connected to internet (without network card) to generate asymetric key pair. Then copy public key to USB pendrive.

Obfuscator.

Obfuscator is program that transform binary code (program that can be ran) into binary code that is problematic to read and analyze after decompilation. It's useful for protecting source code in case of being stolen.

8/22/12

Attack on SSL session.

SSL acronym stands for Secure Socket Layer, which adds security services (including confidentiality, data integrity, and end-point authentication) to TCP protocol.

If we direct segments via node we control, then during public key exchange we can substitute public key(s) [for example in certificate] with our key(s) and talk to end-point (client or/and server) as if we were end-point.

8/20/12

Splitting and Joining Information Flow.

Node can split or join information streams. When information is sent via (along) multiple routes (channels) it forms stream. This process may involve synchronization. (For example node can send message along the stream once preconditions are met).


It is secure design, for in case of capturing single node, offender does not have all information from Stream.


Number can be split into primes. For example if we want to send 12 via stream, we can send 1 via channel named '3', and 2 via channel named '2' then multiply at destination. It can be more complex, we can involve addition and other operations... we can send expresssion trees via streams (it does not have to go via dedicated named channel, it can be more dynamic) and encrypt them for more security.


In simpler words: We can form graphs of nodes and channels, morph them in run time and direct somewhere. Mathematical operations such as addition and multiplication are in nodes, numbers go via them and are joined at nodes.


See also: Shapes & Forms, Reforming Shapes, Virtual Machine, Factoring Numbers, Distributed Transmission.

For example:

If we have number written as 3^n1*m1+2^n2*m2+.....3^nk*mk+2^(nk+1)*(mk+1), then we can simplify notation as follows:

(omitting 3^)
n1 as binary
(omitting *)
m1 as binary

let's send n1 via first channel, m1 via second channel

(omitting +2^)
n2 as binary
(omitting *)
m2 as binary

let's send n2 via thrid channel, m2 via fourth channel

let's repeat it for each partial sum then join at destination. It's faster and more secure than sending all these numbers uncompressed via single channel.

Weighted Graph

Nodes can have different weights (or are more important, or strategic). We can connect them using varied algorithms (for example connecting them to emphasize their weight (or importance, or strategic value). Then we can model graph.

It can be used to generate output (for example for search phrase [for example for search engine] or output language).

Hint: Tree can be modelled from graph by pulling one node and making it root (It will retain connections between siblings, i'd call it Basting Tree). You can imagine it.

Usual (more proper) definition of weighted graph is to associate a label (weight) with every edge in the graph. When using these words in this blog, i will always precise if graph associates weight(s) with nodes, edges, or both.

8/16/12

How to implement any algorithm using Stitie Machine?

Just design object model.. then implement it (write classes) and somehow create graph of objects. Inheritance can be achieved in 3D space. Just use more space (create superclass, initialize it then create subclass and link them in 3D) and design Finite State Objects so they pass commands to central FSO. There's very little probability that someone will want to implement infinite number of subclassess.

8/15/12

How to save Internet model using Stitie Machine?

same way. it's not without sense of humour.

How to save 3D Art model using Stitie Machine?

Just dump it.

Stitie Turing Machine

Stitie Machine can do everything that Turing Machine can, and more. It just seems more expensive to implement. But sometimes more complex operation is more efficient. Like using power function can be cheaper and quicker than adding recurrentially.

Turing Machine - created by Alan Turing abstract model of computer used to run algorithms, consisting of infinitely long 2D space divided into fields. This space can be one-sidedly infinite or two-sidedly infinite. Each field may be in one of N states. Machine always is posed over one of fields and is in one of M states. Depending on combination of machine's state and field's state machine saves new value in field, changes state, then it can move by one field to right or left. This operation is called command. Turing Machine is controlled by list consisting of any number of commands. Numbers N and M may be any, just finite. Sometimes state M+1 may be allowed, which allows end of machine's work. Command list for Turing Machine may be treated as her program.

Hint: Finite State Object can be designed to support Machine's position and state. Or one additional Finite State Objects can represent Machine, and know routes to all fields (which are Finite State Objects too). It may keep references to all fields (for example in map, with key being unambiguous route definition, value being reference to field). Or may not (in this case it just holds reference to one field, and all routes go through this field).

8/13/12

Reforming Shapes

How to reform geometrically (reshape) equilateral Triangle into Rectangle?

Best option is to do it on shortest path (it's quickest, safest and cheapest) move. In equilateral triangle with base at bottom, upper node (point) is exactly half way between lower nodes (on X axis, above Triangle base). So shortest path is to transform it into two points and move them to sides.

Photobucket

To reshape equilateral Triangle into Square we must move upper point upwards (until it reaches height equal to the original Triangle's side length) before transforming it into two points and moving them to the sides. Photobucket

(See also Shapes and Forms, Stitie Machine, Dragonfly Algorithm, Virtual Machine and comment to Few Thoughts on Java Code Quality. You can be creative.).

8/12/12

Virtual Machine

Finite State Object can be designed so it can support dynamic code loading.

Just use strategy design pattern, state design pattern and means of sending chain of them along unambiguosly and precisely defined route in graph of objects.

Graph of objects can be seen as in memory model of running program so it can work.

See also: Stitie Virtual Machine & Ola AH language, Stitie Machine (Maszyna Stanikowa Wysockiego), Shapes & Forms.

8/11/12

Improper Algorithms

Nonformally, algorithm is some strictly determined computational procedure, which for correct input data "produces" requested "output data" called "result" of algorithm's run. Algorithm is then chain of computational steps leading to transforming input data into output data.

Algorithm may be also treated as means of solving concrete computational problem. Determining problem is about precising requirements regarding relation between input data and output, and algorithm describes correct computational procedure, which ensures, that this relation becomes achieved.

Algorithm is proper, when for each instance of alorithmic problem it stops and gives correct result.

Algorithm is improper may never stop or after stopping, give incorrect result. Improper algorithms may be still useful, if their erroneous runs might be controlled.

JSESSIONID

In computer science, a session identifier, session ID or session token is a piece of data that is used in network communications (often over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary in cases where the communications infrastructure uses a stateless protocol such as HTTP. For example, a buyer who visits a seller's site wants to collect a number of articles in a virtual shopping cart and then finalize the shopping by going to the site's checkout page. This typically involves an ongoing communication where several webpages are requested by the client and sent back to them by the server. In such a situation, it is vital to keep track of the current state of the shopper's cart, and a session ID is one way to achieve that goal.

The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries.

JSP technology uses JSESSIONID as session identifier.

Everyday tea for information problems, or DDOS attack (for everyone).

Acronym DDOS stands for Distributed Denial of Service, it is used to remove someone's access to information.

In hacking world, it is method of sending packets from many internet devices to target, so that target will have to interpret them using available resources (such as computing power and memory) and will be overwhelmed. It often results with removing access to information if not more, often all internet and computer related tools.

8/7/12

ARP redirect attack (for computer enthusiasts).

ARP redirect is attack that allows hacker to change flow of network packets so that they pass through selected computer (or other network device) where they can be sniffed and/or modified.

Two internet devices can communicate only if they know their physical MAC addressess.

ARP protocol 'hides' physical addresses and lets application layer processes to work with IP addressess.

How IP address is resolved into physical address? It uses either ARP table or 'ARP query packet' that is sent to the internet device along with an indication that the internet device should send the packet to MAC broadcast address, namely FF-FF-FF-FF-FF-FF. The internet device encapsulates the ARP packet in link layer frame, uses the broadcast address for the frame's destination address, and transmits the frame into the subnet. ARP query is equivalent to a person shouting into crowded room out asking for someone address. The frame containing the ARP query is received by all other internet devices on the subnet, each internet device passes the ARP packet within the frame up to an ARP module in that node (internet device).

Trick is to insert intermediate node between two communicating nodes.

Each internet device sends message with it's IP and MAC addressess when it connects to network, so gateway knows knows where to direct packets. Hacker wanting to capture connection needs to 'convince' internet device that he's gateway, and gateway that he's internet device.

To implement this attack hacker can use following tools:

1. Libnet library.
2. Nemesis - tool that can be used to generate network layer, transport layer, link layer packets and inject them into internet.

To learn IP addressess of devices available in network, nmap tool can be used.


See also: Link Layer Addressing (MAC addresses).

8/6/12

Few thoughts on code quality (for professionals).

In my opinion java code of quality should have following properties:

1. Proper naming of classess, methods, variables and constants.
2. Single, properly defined and documented responsibility of each class and method. No unneccessary code (to remove code duplication you can use constants (final keyword, UPPERCASE_NAMES) and split methods with large chunks of code into few smaller methods so you can reuse them. To ensure single responsibility of method or class move some code into another method or class. Single responsibility class or method is more reausable and easier to document, read, test and modify. [or to break if someone wants to try firing quality coder].). Single responsibility of method may involve calling more than one instruction as long as it is considered atomic. For example: changeStateWithSideEffect(...);
3. Documented methods headers (first lines of methods and all information therein, including variable names) according to javadoc documentation.
4. Use of assert keyword, software contracts, preconditions, postconditions and invariants.

Later JUnit/Easymock automated tests can be added to build test harness.

It also should be properly formatted.

Commits should be commented.

Methods should be abstract, empty or final.

Ideally, methods should consists of three instructions. init(...); transform(...); return [(...)]; Complex instruction counts as single instruction;

There can be more requirements , but in practice it's almost perfect if these are used. Professionals after all have no time to comment code, or they want to be priceless and unfirable by bosses.


See also: Design by Contract, Code Reuse.

8/5/12

Internet seen by technical eyes (for computer enthusiasts).

Internet is network of networks. Computers running programs (and other Internet Devices) can connect and communicate. It's like graph (nodes and connections - or dots and lines that connect them).

Network Edge consists of devices that we are most familiar with (computers, PDAs, cellphones, tablets and other MIDs [Mobile Internet Devices]) that we use on daily basis. They are connected together into networks that are also interconnected (via Network Core - hierarchy of ISPs [Internet Service Providers] ).

Software running on Internet Devices communicate using protocols. Protocols organize the way software interacts, order and structure of messages exchanged.


Protocols are separated into Layers, each Layer providing certain services to the infrastructure.


Five-layer Internet protocol stack consists of:

Application Layer (communication/interaction between applications).

Transport Layer (makes sure that right program running on device receives right information, and provides additional services such as 'guaranteed' delivery of messages, information flow speed control, and other internal technical services such as congestion control and breaking application-layer messages into segments. Depending on transport layer protocol (TCP or UDP) some services may be provided, some might be not).

Network Layer (responsible for moving information packets from source device to destination device [possibly with more than one Internet Device on the path to traverse through]. The internet network layer includes IP Protocol, which defines the how transmitted information is categorized, and how systems react on this information. The Internet's network layer also contains routing protocols that determine routes that information packets [in this layer named datagrams] between sources and destinations.

Link Layer (responsible for moving packets [named 'frames' in this layer] from one Internet Device [router is also Internet Device] to another in one hop).

Physical Layer (while the job of the link layer is to move entire frames from one network element to an adjacjent network element, the job of physical layer is to move the individual bits [of information] within the frame from one node to next. The protocols in this layer depend on actual transmission medium of the link [for example, twisted-pair copper wire, fiber optics]).

Basics of Cryptography (for everyone).

Messages can be encrypted (it's data disguised) so that intercepted message cannot be decrypted (understood) by an interceptor.

Suppose that Alice (sender) wants to send a message to Bob (receiver). She can use encryption algorithm (word 'algorithm' can be explained as solving of problem using computer) so that encrypted message (known as ciphertext) looks unintelligible to any intruder.

In many modern cryptographic systems it does not matter that encryption technique can be known to everyone.

Historical Cryptographic systems include:

Caesar cipher (a cipher is a method for encrypting data).

For English text, the Caesar cipher would work by taking each letter in the plaintext (unencrypted text) and substituting it with the letter that is k letters later (allowing wrap-around; that is, havilng the letter 'z' followed by letter 'a') in the alphabet. For example if k = 3, then the letter 'a' in plaintext becomes 'd' in ciphertext; 'b' in plaintext becomes 'e' in ciphertext and so on.


An improvement on Caesar cipher is monoalphabetic cipher.

It also substitutes one letter of the alphabet with another letter of the alphabet. However, rather than substituting according to regular pattern (for example, substituting by shifting all letters in message by k places in alphabet, forward), any letter can be substituting by any other letter, as long as each letter has unique substitute letter and vice versa.

For example, monoalphabetic cipher (key to it) can look like this:

a b c d e f g h i j k l m n o p q r s t u v w x y z
h n m r t l o a s v p f c b g k y d i e x j z u q w

The plaintext message "bob, i love you. alice" becomes "ngn, s fgjt qgx. hfsmt".

Five hundred years ago, techniques improving on monoalphabetic encryption, known as polyalphabetic encryption were invented. The idea behind polyalphabetic encryption is to use multiple monoalphabetic ciphers, with a specific monoalphabetic cipher to encode a letter in specific position in the plaintext message.

8/2/12

Stitie Machine (Maszyna Stanikowa Wysockiego)

Finite State Objects (FSOs) are Finite State Automatons implemented as objects (variables represent state, methods represent transitions. transitions can have side effects).

FSOs can be arranged in 3D space (FSOs are nodes in graph, connected horizontally, vertically and diagonally. I call such arrangement Stitie Cube - see illustration next to this paragraph.).







Stitie Machine is Finite State Object with ability to route command chain along unambiguously defined and precisely formed route(s) in 3D Space connected exactly like in the Stitie Cube.

Stitie Space is a recurrential definition : Stitie Space can consist of any number of nodes (FSOs), as long as they are connected horizontally, vertically and diagonally.


'Stitie Space' is 3D Object Matrix.












'Stitie Space' above this paragraph has resolution of 4x4x4, because it consists of 4x4x4 Nodes.

it has 3x3x3 Stitie Cubes.

* spheres represent nodes, in which state & code (strategy) can be stored & executed,
* lines represent bi-directional arrows, show how state & strategies can flow between nodes.


How this graph (three-dimensional matrix) of objects can be manipulated using 3D Art mathematics? Just understand that object's state can be represented as chain of 0's and 1's (Serialized to binary number). So can be color represented as number too. It's easy to see now that objects can be pixels with their state represented as color. And we can have animation of objects.


This is in-memory model of Virtual Machine, and if we have in memory model i am sure that it can be implemented on hardware level or/and in network (for example: Webservices as nodes and internet links as connections). Later i will write why i called it Virtual Machine.


See also, if You wish: Finite State Automatons and Regular Expression Basics, Stitie Machine 1.1 'Sunsail', Stitie Machine 1.0 'Core', Virtual Machine, Agile Transformation of Information State.