#header-inner {background-position: right !important; width: 100% !important;}

12/31/13

The Internet and Physical Communication Media.

The Internet infrastructure consists both of hardware and software.

Hardware part of infrastructure consists also of physical medium. The physical medium can take many shapes & forms and does not have to be the same type for each transmitter-receiver pair along the path. Examples of physical media include twisted-pair copper wire, coaxial cable, multimode fiber-optic cable, terrestrial radio spectrum, and satellite radio spectrum.

Physical media fall into two categories: guided media and unguided media. With guided media, the waves are guided along a solid medium, such as fiber-optic cable, a tristed-pair copper wire, or a coaxial cable. With unguided media, the waves propagate in the atmosphere and in outer space, such as in a wireless LAN or a digital satellite channel.

Twisted-Pair Copper Wire.

The least expensive and most commonly used guided transmission medium is twisted-pair copper wire. Twisted pair consists of two insulated copper wires, each about 1 mm thick, arranged in a regular spiral pattern. When fiber-optic technology emerged in the 1980's, many people disparaged twisted pair because of its relatively low bit rates (speed), but twisted-pair was modernized for speed and did not give up so easily.

Coaxial Cable.

Like twisted pair, coaxial cable consists of two copper conductors, but the two conductors are concentric rather than parallel. With this construction and special insulation and shielding coaxial cable can have high bit rates. Coaxial cable can be used as a guided shared medium. Specifically, a number of internet devices can be connected directly to the cable, with each receiving whatever is sent by the other internet devices.

Fiber Optics.

An optical fiber is a thin, flexible medium that conducts pulses of light, with each pulse representing a bit (unit of information, 0 or 1). A single optical fiber can support tremendous bit rates (speed), up to tens or even hundreds of gigabits per second. They are immune to electromagnetic interference, have very low signal attenuation up to 100 kilometers, and are very hard to tap. These characteristics have made fiber optics the preferred long-haul guided transmission media, particularly for overseas links.

Terrestial Radio Channels.

Radio channels carry signals in the electromagnetic spectrum. They are attractive medium because they require no physical wire to be installed, can penetrate walls, provide connectivity to mobile user, and can potentially carry a signal for long distances. Environmental considerations determine path loss and shadow fading (which decrease the signal strength as the signal travels over a distance and around/through obstructing objects) and interference (due to other transmissions and electromagnetic signals).

Satellite Radio Channels.

A communication satellite links two or more Earth-based microwave transmitter/receivers, known as ground stations. Two types of satellites are used in communications: geostationary satellites and low-earth orbiting (LEO) satellites. Geostationary satellites permanently remain above the same spot on Earth. LEO satellites are placed much closer to Earth and do not remain permanently above one spot on Earth. They rotate around Earth (just as the Moon does) and may communicate with each other, as well as with ground stations.

Quantum Networks.

Quantum networks descend from the study of Quantum cryptography. The idea of a quantum network emerged after successful experiments on quantum teleportation. When two companies (one from Switzerland, 'idQuantique', and another from the USA, 'MagiQTech') released practical communication devices based upon the rules of quantum mechanics, the need for a secure network capable of utilizing quantum principles was realized. These networks are now known as quantum communication networks. In these networks, data are communicated as quantum states through the technique of entanglement via an optical fiber link.

Source: [3], Wikipedia.

Speed.

The speed at which information arrives at destination depends on the route it goes with (length of route, information splitting and joining to send simultaneously via multiple links, speeds of each of partial links [slow links form bottlenecks], transmission errors).

Internet as an idea.

Internet is also idea, in theory even human couriers may carry information (whole or part) from point A to B, and be part of the Internet physical medium links, and so on. If/when sending part of information, for example for security purposes (encrypted information without parts is often much harder to attack), i'd give the 'package' to someone who can do it well: martial artist or soldier, or spy, or appropriate security personnel, depending on the situation.

12/27/13

Every hacker should know perfectly....

every hacker should know....

.... 'C', and 'Assembler' languages perfectly.

if she/he does not remember, should relearn and deepen their understanding.

it's about 6 months to complete (if there's focus on this task).

12/25/13

When 'C' language is better than assembler, and when other option is true?

C is higher level language, it's easier for most of humans to write in C. Less errors, faster development and such.

Assembler can be used to optimize program (or it's parts, often bottlenecks) to the fullest for specific architecture.

C programmers however have this advantage: with general code, they do not depend on processor model. When new processor model is made, they just recompile their program with different parameters and they do not need to write everything anew.

C and Assembler are closely tied, it's best to use both as neccessary, using assembler on bottlenecks and blocks of code under special supervision, for example, for security reasons, and C for the rest.

12/21/13

Programming Language Translation.

From some viewpoint, compilation is nothing else than translation.

It's translation from high-level language such as C or Java to machine code, which can be run (perhaps it's little more complex, but that's the essence).

Can for example, Pascal Language code be compiled to Java or other, seemingly unrelated one?

I think yes, it can.

Just translate it to data structure in computer memory, then transform data structure to the one compatible with another, target language, then generate output (code in that language). It might be hard to understand, but still not so unknown language.

Shellcode, Assembler & Machine Code.

In computer security, a shellcode is a small piece of code used as the 'payload' in the exploitation of a software vulnerability.

It is called 'shellcode' because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.

Modern 'Intrusion Detection Systems' (IDS) have means of detecting common shellcodes being passed to defended machine. But such code can be disguised.

Shellcode is (perhaps always) an assembler program that is translated to encoded form.

Assembler programs use mnemonics and macros. Assemblers are tool for humans, they allow to write code easier, instead of looking at strange language. (strings of binary numbers for example).

Example:

 photo shellcode_casm_zpse03cc467.png

Code is slightly different after compilation and disassembly, probably optimized for specific computer system. It's equivalent, it still does it's job of spawning command shell. Perhaps there's difference between 'xor' and 'xorl' instructions (many things can be affected, from flags to speed of such instruction). Or just different notation, different mnemonics for the same processor instructions.


-------------


(x86 assembler program. ran & analyzed.):

// clear eax register

  xorl %eax,%eax

// push /bin//sh + string terminator (0) on stack, from end to beginning, because of architecture.

  pushl %eax
  pushl $0x68732f2f
  pushl $0x6e69622f

// prepare registers for function call.

  movl %esp,%ebx

// push function parameters on stack in preparation for function call.

  pushl %eax
  pushl %ebx

// prepare registers for function call.

  movl %esp,%ecx
  xorl %edx,%edx

// call function execve.

  movb $0xb, %al
  int $0x80

-------------


can be encoded as hexadecimal number character string:

31 c0 50 68 2f 2f 73 68 68 2f 62 69 6e 89 e3 50 53 89 e1 31 d2 b0 0b cd 80

'Perhaps' there are machines that can use this hexadecimal number string as language to program them, as their machine code that can be executed on them without translation or compilation.

Virtual or not.

If not, then perhaps they can be realized....

I do not see technical difficulties with this, for there are programmable processors for example....

Even if my knowledge of hardware is limited, from programmer's viewpoint any device can be programmed.

thus, machine code is even closer to hardware (lower-level) than assembler code, which for example uses macros, and is compiled to machine-dependent machine code.

Source: Wikipedia.

see also, if You wish or need ... : 'Buffer Overflow' Hacking Attack.

Shell-storm: (one of shellcode databases).

(shellcode is small in size, thus easy to analyze. it's better to use someone's work this way than to create it anew, because programmer's time also costs).

12/15/13

Hacking Theory & Practice.

True hacking skill is not to only know theory, but also do it, when your computer(s) break and software dynamically fails.

Everyone should decide when and if to insure their IT infrastructure. And how.

12/14/13

Common Problems in Software Company.

I've worked in few companies, about 10-100 people each, often cooperating with other teams, often in another city or country. Roles of programmer analyst and programmer. In consultant role i never did at all.

Process looked like this:

If company had customer(s), it could survive.

Role names might not be accurate, and depending on company size, some people could do well in few roles at once.

Main Architect, or Technical Leader was responsible for whole project from technological viewpoint, but still participated in meetings with clients.

There were talks between client(s) representative(s) and Analysts. Some documents (requirements and more) were made, it took a while.

Documents were passed to Analysts and Designers, who translated the requirements of Clients to technical talk, and abstract technical designs (in my opinion this should be contracts and automated tests).

Programmers, each of them understanding software analysis to some extent could communicate well with analysts. They did the implementation part. System which was developed on developer machines, each of them solving different project using similar (but not always) tools.

Periodically the system was committed (put into and more) into code repository (where everyone with access could store it or take it from there, in a safe and reliable way), not without clashes and problems.

Then it either went into integration (often programmers did the job of joining parts of code for integrator), or was passed to someone responsible for making sure that parts of whole system (car analogy: tires, windows, different spoiler variants etc...), the integrator.

Then tests, and feedback, bugfixing (correcting errors).

Each phase lasted a predetermined amount of time.

After succesful tests, system was moved from testing or integration environment to 'production environment', where it was considered 'live', and users could use it.

Then new iteration (cycle) began, and problems accumulated. No one wants coders to start always from scratch, but reality changes. To adjust code is much harder than to write it from beginning, as there are problems with understanding each others' code, especially if it's errorful, tangle of dependencies of kinds many programmers even not have clue about. If code has errors, it's often good to isolate such before solving. One at once is best. Automated tests help a lot in this case, for there are ways to ensure that code that breaks it is never allowed in repository (or someone responsible can be blamed, and we can revert to previous version), and this saves everyone stress and costs.

In the new iteration (development cycle in this case), analysts went to customers and got feedback, perhaps were paid, and change requests were debated. New words in dictionary, new technical designs. System to rebuild anew.

The more code would be reusable, the more quality it had, the easier it would be to manage changes and erosion which is cause of eventual fall of many projects.

Rest of the cycle was repeated, and programmers were put under time stress, more complex software, staff changes and different ways of thinking of new employees, at some point not many understood what problems they are solving, and how to not get fired for stupidity.

Simple network packet capture tool.

Simplest tool i could find for such task is linux network packet capture tool called tcpdump.

It can capture packets coming into local network device (for example: computer connected to the Internet) then display them or save to file. Such data can then be analyzed, for example to detect suspicious packets, or to debug internet protocols.

For example:






Or its source code can be examined and analyzed for inspiration, then custom version can be made.

But not without crediting authors.

12/10/13

Heap Data Structure.

Heap is a data structure, that has uses in sorting and in priority queues.

For more details of algorithms & data structures (they form programs after all) please see literature [4], perhaps more.

Heap is a data structure that can be considered as a full binary tree. It can be implemented in a table (array). Tree is full at every level, perhaps excluding lowest (leaves).

Having a tree node indexed by variable i, we can find parent's position in a table, or/and sons (LEFT, RIGHT):

PARENT(i) = i/2 (round down).
LEFT(i) = (2*i).
RIGHT(i) = (2*i)+1.

On most computers these calculations are fast, using bitwise shift operators.

Heaps also have a property called 'heap property' which means that every (and any) node's value is not greater than parent node's value (at every level).

A[PARENT(i)] >= A[i].

We define node's height as amount of edges (connections), on longest simple line between this node and leaf.

We define tree's height as root's height (tree's root is highest tree node).

12/8/13

Heap Overflow type Attacks.

Attacks on applications are one of most commonly used by hackers.

Using errors in programs, intruder can gain privileges at which it (program) was run.

Existence of errors contained in programs gives possibility of accessing data or process memory.

We'll explore how this kind of abuse can be exploited.




'buffer overlov', in this case buffers are on heap (in heap segment).


 photo fnovw_zps1c25afa5.png

'file name overwrite to access private data'.

(perhaps encrypted) system passwords are in /etc/shadow.
root privileges (can check for +s permissions flag) are required to read from /etc/shadow.

unneccessary lines (such as debug printf) are danger to leave, for they give out information about hacker.



for more details please see Literature: [5], [14], perhaps more.


see also, if You wish or need ... : 'Heap Overflow' Hacking Attack.

12/7/13

Cipher Block Chaining (CBC).

Block ciphers encrypt only fixed-size blocks. If we want to encrypt something that isn't exactly one block large, we have to use a 'block cipher mode'.

CBC, or cipher block chaining, is one of most widely used such block cipher modes.

If we have plaintext of length equal to exactly m * block size length, then we can use CBC. This property can be ensured using proper 'padding'.

The standard formulation of CBC is as follows:

Ci = E(K, Pi XOR Ci-1) for i = 1 , .... , m .

where:

Ci : i-th ciphertext block to compute.
E : Encryption function.
K : Cryptographic key.
Pi : i-th plaintext block to encrypt.
XOR : bitwise arithmetic exclusive alternative operation.
i : index (for iteration).
m : number of fixed side ciphertext blocks.

Padding is filling ciphertext block with numbers in a way that ensures that block is fully filled and that this padding can be reversed. For example we can append 128 number to the end of ciphertext block then fill the rest with zeros.

Using CBC also helps to ensure that in case of two the same plaintext blocks, ciphertext blocks differ. It increases security.

One of problems that arise, when using CBC is protecting first n-bit block(s) from unautorized decryption. Solution to this is to use Initialization Vector (IV) which can be XOR-ed with first block(s). Initialization Vector can use random number or nonce (number used only once), or other less reliable solutions. With nonce-generated IV, messages received should be reejected if they have nonce used before. Nonce(s) used for message(s) should be agreed before transmission, between sender and receiver, somehow. Perhaps downloaded (preferably using digital signature for security), perhaps exchanged offline.

12/5/13

Hacking, Cryptography & Prime Number Trade.

Every hacker/cryptograph should count prime numbers by herself/himself.

Only way to trust tools you use is to create them on on your own.

At some point however, it's so slow that prime numbers trade should be involved, but not without checking and counting anyway.

XOR operations.

XOR stands for 'Exclusive Or', or 'Exclusive Alternative'.

It's used often in Information Technology Sector.

It can be used as Logical Operator or (Bitwise) Arithmetic Operator.

As Logical Operator, it evaluates to truth when and only when logical operands (input data) are different.

For example:

TRUE XOR TRUE = FALSE
TRUE XOR FALSE = TRUE
FALSE XOR TRUE = TRUE
FALSE XOR FALSE = FALSE

As Arithmetic Operator, it 'sums' (more appropriately: XORs) two bits (zeros or ones), resulting in 0 or 1, as follows:

1 XOR 1 = 0
1 XOR 0 = 1
0 XOR 1 = 1
0 XOR 0 = 0

More than one bit can be used, each is evaluated separately, for example:

11 XOR 11 = 00
10 XOR 11 = 01
01 XOR 11 = 10
00 XOR 11 = 11

etc..

Please note that XOR operation is reversible. That is, XORing operand 1 twice with the operand 2 will yeld operand 1 in the result.

For example:

111 XOR 010 XOR 010 = 111, because:

111 XOR 010 = 101

and

101 XOR 010 = 111.

12/4/13

Sample Cipher using Stitie Space.

To create 'public' key of a pair, proceed as follows:

1. Divide n-bit blocks into k-bit blocks, where k<n.
2. Select up to n2 k-bit common input blocks, where n is cryptographic security level of cipher and k<n and k divides n (it's not ideal cipher, just one of key pairs under it).If n2 > 2k then use 2k common input blocks.
3. Select large prime numbers (equal amount to selected k-bit blocks in point 2), call them 'pn1', 'pn2', ... . They should not be sequential, and each of key pairs should have different sets.
4. Assign primes selected above to the common input blocks selected above.
5. Prepare beginning protocol of a cipher, selected or randomly chosen but remembered bits to use in first block(s) of ciphertext. This is secret shared by 'private' and 'public' key pair. Different key pairs have different bits.
6. Select minimum and maximum threshold of common k-bit blocks or their concatenations considered. For each selected common k-bit block or concatenation, precalculate a number, a product of primes assigned to selected common k-bit blocks. Assign a 'reserved' block to each of them.
7. Prepare functions, complex or not, and assign them to prime products computed above.
8. Prepare ending protocol of a cipher, mentioning which common input blocks should be processed differently. These are blocks bitwise equal to 'reserved' blocks assigned to products of primes mentioned above.
9. Whole ciphertext, including beginning and ending protocols should be malformed so it's hard to guess them easily. Develop such methods for each of key pairs independently.

This key can be used as follows:

1. Create beginning protocol block(s) of a cipher as designed above.
2. Add all values that belong to ending protocol there, and insert it in selected place (any place in the ciphertext to be processed, after the beginning protocol).

repeat in rounds (as many times for each block as neccessary):

3. For each concatentation of selected common k-bit input blocks in n-bit block (according to selected minimum and maximum concatenations threshold), substitute it for 'reserved' block, assigned to a product of primes.
4. For rest of k-bit input blocks in n-bit block, transform them somehow, with functions, complex or not, selected depending on last product of primes before that block. These functions are a secret of this 'public' key.
5. If this is first n-bit block, XOR beginning protocol with beginning n-bit block(s) before proceeding onward, but only once, not per round.
6. If this is not first n-bit block, XOR it with previous block.

end of repeat in rounds.

7. Malform whole ciphertext somehow.

To create 'private' key of a pair, proceed as follows:

1. Add 'public' key secrets to the 'private' key.
2. Add properly indexed primes and products to the 'private' key.
3. Add reversed functions to the 'private' key.

This key can be used as follows:

Reverse order of operations then decipher using reversed functions, accounting for beginning and ending protocol. Proceed from first block of ciphertext to last. Because we know all secrets, we can proceed fast without need to guess through trapdoor function, which is time-wise costly.

This key pair can be generated by Stitie Space, as mentioned few posts earlier, with few improvements.

Succesful use of this cipher depends on amount and size of prime numbers at users disposal (and opponent's).

Public key files should be encrypted, signed and certified. Software for encryption using such keys should not be open-source, and it's binary executable should be obfuscated. To protect secrets of public keys and its ciphers.

Critic is welcome and requested.

Trapdoor function.

A trapdoor function is a function that is easy to compute in one direction, yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information, called the 'trapdoor'. Trapdoor functions are widely used in cryptography.

In mathematical terms, if f is a trapdoor function there exists some secret information y, such that given f(x) and y it is easy to compute x. Consider a padlock and its key. It is trivial to change the padlock from open to closed without using the key, by pushing the shackle into the lock mechanism. Opening the padlock easily, however, requires the key to be used. Here the key is the trapdoor.

An example of a simple mathematical trapdoor is '6895601 is the product of two prime numbers. What are those numbers?' A typical solution would be to try dividing 6895601 by several prime numbers until finding the answer. This is slow solution, which are rather unpractical for most needs.

However, if one is told that 1931 is part of the answer, one can find the answer by entering '6895601 / 1931' into any calculator. This example is not a sturdy trapdoor function--modern computers can guess all of the possible answers within a second--but this sample problem could be improved by using the product of two much larger primes.

Source: Wikipedia.

See also: One-way compression in Cryptography (it's not so related as it might seem at first).

12/3/13

Attacks on Block Ciphers.

def. A secure block cipher is one for which no attack exists.

def. An attack on a block cipher is a nontrivial method of distinguishing the block cipher from an ideal block cipher.

Lowering probability of breaking ciphers.

There can be probabilistic attack on cipher.

It differs from brute force attack such way, that we try all possible combinations of possible keys, or fraction of such number in selected order. We start from those which are most probable to occur, and end with least probable ones.

How we can lower probability of breaking cipher that way, thus delay the inevitable perhaps?

By using disinformation methods, including new ciphers that secure secrets of old.

The Ideal Block Cipher.

def. Block cipher is considered Ideal when and only when:

1. For each key value block cipher is random permutation, a 'lookup table' of 2n elements of n bits each.
2. Different permutations for the different key values should be chosen independently.
3. It consists of all possible 'lookup tables', thus is no longer random.

Basic Idea of making Asymetric Key-Pair Generator using Stitie Space.

To create one-way compressed block cipher, proceed as follows:

1. Create Stitie Space (part of it can be used, for example 8 x 9 x 12 nodes for 864 bits).
2. Assign mathematical function, complex or not, at each node (use 'strategy' pattern).
3. Partition Stitie Space somehow, and compress 3D Block Cipher that is Stitie Space by joining functions at nodes somehow (for example by substituting variable for a function that computes it, taken from another node). This step can be repeated as many times as neccessary for security.

Private key is such Stitie Space and a secret that decides how Stitie Space is partitioned, and how functions at nodes are joined. It can be determined somehow, more or less randomly or not. Please note that each of blocks can be encrypted little differently, for example by adding encrypted byte number to encrypted byte.

Please note that such private key can be serialized (reduced to a number or color).

Please also note that functions used can depend both on key and plaintext data.

12/2/13

One-way compression in Cryptography.

In cryptography, a one-way compression function is a function that transforms a fixed-length input into a fixed-length output.

The transformation is "one-way", meaning that it is difficult given a particular output to compute inputs which compress to that output. One-way compression functions are not related to data compression, which by definition is invertible.

A compression function mixes two fixed length inputs and produces a single fixed length output of the same size as one of the inputs. This can also be seen as that the compression function transforms one large fixed-length input into a shorter, fixed-length output. That's how, for example, hash functions can be produced from the Block Ciphers.

See also: Trapdoor function (it's not so related as it might seem at first).

12/1/13

Public Cryptographic Algorithms, Key Lengths & Security.

Quality Cryptographic Algorithm should not rely on it's secrecy. In fact, best Cryptographic Algorithms are known and thoroughly tested.

Small-sized-length keys can be computed by supercomputers, thus broken by antiterroristic organizations easily. But longer-length keys are dangerous.

For more details, see Literature: [8], [3].

Block Ciphers.

A block cipher is an encryption function for fix-sized blocks.

Given n-bit sized block 'p', encryption function Ek(p) will encrypt that block using key 'k'.

It can be compared to a lookup table where for each pair (k,p) encrypted block 'c' of size equal to size of block 'p' can be produced.

A n-bit block cipher can be compared to lookup table of size 2n, with each element consisting of n bits.

Such cipher's encryption can be reversed.

For more details, see Literature: [8], [3].

See also: Block Cipher Modes.

11/30/13

Complexity & Security.

According to experts, 'Complexity is worst enemy of security'.

To deliver secure system, every part must be designed to be robust (able to cope with errors during execution or to continue to operate despite abnormalities in input, calculations, etc.) from start, and design of whole system must also be robust ('Correctness must be a local property').

Source: [8], Wikipedia.

11/29/13

How to test firewall configuration.

Scan on your own system for open ports.

How to hack web application.

1. Open ports in firewall can be scanned.
2. Telnet connections can be used to probe for installed software and its versions on attacked server. Or perhaps dedicated software, actively or passively.
3. If connection is not encrypted, protocol can be 'sniffed', understood and broken. Hacked client can be made, that can for example send packets that can overflow a buffer, and execute code remotely. If there's open source software on server, it's weaknesses are known and this type of attack is easier to execute.
4. If connection is encrypted, customer or user can be convinced to use 'custom user interface', this way protocol can be broken also. Or hacker can turn off secure connection himself and attempt to break protocol that way.

this opens way for many more moves such as:

1. Intercepting communication, malforming it, pretending to say something instead of someone (for p2p communication).
2. Committing transactions to selected server requests, on behalf of other users.

Performance & Security of Computer Systems.

Every line of code or processor instruction cost. The more efficient algorithm, the less operations (or 'algorithmic steps') are needed to achieve certain goal. Cost is measured by function, for example linear or linear-algorithmic or faster or much faster rising... that is, the more data to handle, the more it matters.

For example... we want to calculate function of 120 variables. Our algorithmic cost is: n2... the total cost of computing this result is 14400 steps. If algorithmic cost was for example: (3 / 2) * n, the cost of computing such function would be 180. With larger values, algorithmic cost matters much more than buying more computers and their speeds.

Customers or system designers can decide where to put these processor cycles and memory... into pretty graphics, security (for example, securing broadband connections with encryption on-the-fly) or something else. However, half secure system is much easier to break according to experts, than well done one... so it's best to focus on whole security in all aspects than do it half way. Cost-wise it's also more efficient.

For more see Literature [7], [4], perhaps more.

Cryptographic System Security Level.

Any cryptographic system can be attacked succesfully with enough of effort. The real question is how much work it takes to break a system.

Such workload can be measured by number of steps, be it computing a single encryption or merely looking something up in a table or perhaps something else. Step can be executed by a computer in a very short time, to the extent where a factor of a million is not terribly important.

This concept of security level is only approximate, we only measure the amount of work the attacker has to do, and ignore things like memory or interactions with the attacked system. It's useful approach because of it's simplicity (better to isolate problems and solve one at once).

11/24/13

Terminal Symbols and 'words'.

Terminal symbols are 'words' used in programming languages.

They can consist of one or more symbols and are usually separated by spaces.

Nonterminal symbols (or productions) can be used to produce structured sets of nonterminal symbols and / or terminal symbols.

Both terminal and nonterminal symbols are used in grammars, parsers, compilers and such (interpreters, translators, perhaps more).

There are also data 'words'.

Data Search & Dragonfly.

Regular Expressions can be used to search for patterns in data.

Exclusions (there's one when no dictionary 'word' matches any part of data searched) can help to find encrypted data. After decrypting they can be catalogued and indexed for Regular Expression searches.

Defensive Dragonfly should let users be alerted about certain data patterns passing through their internets.

This method can be used to effectively and reliably uncover facts (hidden meanings), at least in the Internet.


Basic Regular Expressions Tutorial:

Sequences of symbols (letters, digits and many others) can form Character Strings that can be used as part of Regular Expression pattern.

For example:

'Mat' regular expression pattern can be found in Character String: 'I liked this Matrix film', but does not match it (it would have to be exact to be a match).

To find a word in a character string add '.*' at beginning and at the end to make it match it.

For example:

'.*Mat.*' matches 'I like this Matrix film'.


Dot symbol '.' matches any symbol and can be used in a pattern.

For example:

'Al...' regular expression pattern matches Character Strings 'Aloha', 'Alice' and other five symbol Character Strings starting with letters 'Al'.


Question symbol '?' means 0 or 1 occurances of a symbol and can be used in a pattern.

For example:

'Ann?' matches either 'An' or 'Ann' Character Strings, while 'An.?' matches 'An' or 'Ann' or 'Ana' or 'An1' or many other Character strings.


Plus symbol '+' means 1 or more occurances of a symbol.

Asterisk symbol '*' means 0 or more occurances of a symbol.

Brackets '(' and ')' can be used to group symbols.

For example:

'(an)*as' matches character sequences 'ananas', 'anas', 'as', 'anananas' and many other similar ones.


There are other 'special symbols' used in regular expressions, but that's basics and a way of thinking.

Check implementation details for more, for regular expressions can be extended as for example in Java (numbered groups).


Basic Exclusions Tutorial:

We have character sequence string: 'I liked this Matrix film'.

We have regular expression patterns for 'Mat...' and 'film'.

This way we can find words 'Matrix' and 'film' in input sequence, and 'I liked this ' and ' ' character sequences as exclusions.

If it was encrypted data, we could find it this way and decrypt for further processing, which could be easily automated.

If we wished to find 'Matrix film' character sequence we'd have to define pattern 'Matrix film'. This would not find these words seperately.


See also: Dragonfly & Windshield, Internet, the Internet, and Intranets.

11/23/13

Phishing.

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

(Source).

11/22/13

Clock Desynchronization Attack.

Correctness of 'whole' program execution depends on order of instructions executed.

If hacker can hack processor clocks (for example in distributed system), he can introduce subtle imbalances in a system, making it behave nondeterministically...

Such errors can or can't cause program to crash or provide wrong results.

There is example of computer program that worked well until processor was upgraded, speed changed, and 'whole' program stopped working because of bad synchronization.

Such attack is more dangerous than it seems, and often more stupid than Nuclear Bomb. But it should be learned and mastered to counter such.

11/21/13

Disguised Communication Hubs.

Any server can act as relay for communication.

It can look as computer game, or anything else.

Critical data packets can be hidden among other.

11/19/13

Cryptographic Attacks.

Introduction & Summary.

There are many types of Cryptographic Attacks. There can be attacks whose goal is to decrypt message, find cryptographic key, or weakness in 'the secure system', or other. Some of them are more, some less, theoretical.


Ciphertext-Only Attack.

This is the situation in which Alice (message sender) and Bob (message receiver) are encrypting their data, and all attacker gets to know is the ciphertext. This is the most difficult type of attack, because of the least amount of information.


Known Plaintext Attack.

A known plaintext attack is one in which attacker knows both the plaintext (undisguised message) and the ciphertext (encrypted message). The object, of course is to find the encryption key (for example, to decrypt more messages incoming from message sender).

Plaintext messages are sometimes easy to guess.

Also another source of plaintext message is autoresponder message. When employee goes on vacations, and autoresponder produces unencrypted message to some users, and encrypted to others. They can be 'overheard' in the public Internet sometimes. Even if message is encrypted with regard of the all of the users, all of them 'know' both plaintext (they decrypted it) and ciphertext.

Many messages in the Internet are partially predictable (for example, email messages' data headers are known and guessable).

The more information the hacker has, the easier for him/her is to make succesful attack on cipher, allowing him to decrypt more than legally allowed, and get into more troubles.


Chosen Plaintext Attack.

Chosen plaintext attack is when attacker can choose the plaintext, without the need to guess it. This is a more powerful type of attack than a known plaintext attack.

Attacker can perhaps choose any number of plaintexts and get the corresponding ciphertexts.

Quite often Alice will get information from some outside source (e.g., one that can be influenced by the attacker) and then forward that information to Bob in encrypted form.

There are two variations of this attack:

* Offline attack: where list of all the plaintexts attacker wants to be encrypted before he/she gets corresponding ciphertexts is prepared in advance.
* Online attack: attacker can choose new plaintexts depending on ciphertexts he/she already received.

Online attack is more powerful version of Chosen Plaintext attack.


Chosen Ciphertext Attack.

The term 'chosen ciphertext' is a misnomer. It should really be called a 'chosen ciphertext and plaintext attack,' but that is too long.

In a chosen plaintext attack, attacker gets to choose both plaintext values and ciphertext values. For every plaintext that attacker chooses he/she gets the corresponding ciphertext, and for any ciphertext attacker chooses, he/she gets the corresponding plaintext.

Obviously the chosen ciphertext attack is more powerful than a chosen plaintext attack as attacker has more freedom. The goal still is to recover the key, for the key allows for more than just message encryption and message decryption. For example, there are certificates and digital signatures that use the cryptographic keys, and more. For key can be more complex than simple algorithm, that acts exactly same way for every purpose it's intended for.


Distinguishing Attacks.

The attacks described above recover the plaintext or the encryption key. There are attacks that do not recover a message, but reveal some partial information about the message. There are too many forms of attack to list here, and new forms of attack are thought up all the time. So what should we defend against?

The best solution is to define a distinguishing attack. A distinguishing attack is any nontrivial method that detects a difference between the ideal cipher and the actual cipher.


Birthday Attack.

Birthday attacks are named after the birthday paradox. If you have 23 people in a room, the chance that two of them will have the same birthday exceeds 50%. That is a suprisingly large probability, given that there are 365 possible birthdays.

Following this logic, hackers can monitor internet traffic and use it to penetrate the defenses of 'the secure system' somehow. When they find data packet having same MAC values (message authentication code values) as one of previously 'overheard' (or 'sniffed') data packets, they can insert that previous data packet in it's place, for example confirming financial transaction that never occured in reality.


Meet in the Middle Attack.

Meet-in-the-middle attacks are the cousins of birthday attacks (together we call them collision attacks). They are more common and more 'useful' than birthday attacks.

Instead of waiting for a key to repeat, hacker can build a table of keys that he/she has chosen for himself/herself. Then these keys can be used in conversation between parts of the system, to learn more about such, and prepare for complete attack routine.

For example: Trudy (Intruder) prepares many cryptographic keys. Once they appear in internet traffic with attacked system, in MAC codes (message authentication codes), they can be added to hacker's database, with association to these keys. Then this line of attack can be developed.


Increasing protection against collision attacks.

For a security level of n bits, every cryptographic value should be at least 2n bits long.

If possible, change block size, or at least key length.

An n-bit security level means that systems are designed to withstand attackers that can perform 2n operations in their attack.


Other Types of Cryptographic Attacks.

So far we have mostly talked about attacking encryption functions. Other functions, such as authentication, digital signatures, etc... can (but should not, most of times) also be attacked.


(More will be added later perhaps).

11/18/13

Digital Signatures & Public Key Infrastructure.

Digital signatures are the public-key equivalent of message authentication codes. The signature works just like a MAC (Message Authentication Code), except that it can be verified with public key. It's just something derived from message for verification, signed with asymmetric key.


Public-key cryptography makes key management simpler, but Alice (message sender) still has to find Bob's (message receiver's) public key. How she can be sure it is Bob's key, and not somebody else's? Maybe Eve (Eavesdropper), sometimes called Trudy (Intruder) created a key pair and published the key while impersonating Bob.

The general solution is to use PKI, or public key infrastructure.

The main idea is to have central authority called the certificate authority, or CA. Ech user takes his public key to the CA and identifies himself to the CA. The CA then signs the user's public key using a digital signature. The signed message, or certificate states: 'I, the CA, have verified that public key PBob, belongs to Bob.' The certificate will often include an expiration date and other useful information.

Question is: which CA to trust, and to which extent.

For more details, including CA Hierarchy, please see Literature: [8]; fewer details (but still more than in this post) are also available in: [3].

See also: Message Authentication, When to use symmetric keys, and when public+private key pair?

How code quality can be measured.

Code can be optimized in many ways, to achieve different goals.

For example:

1. For execution speed (algorithmic cost reduction, bottleneck optimization, low-level optimization),
2. For resource use (memory, internet throughput, internet resources, printers etc...),
3. For lines of code (the less lines of code, the less errors),
4. For scalability (hardware cost is often less expensive than software costs.. it's cheaper to buy few computers than to invest into more years of development),
5. For change management costs (programmers' time are important costs, for it allows for quicker changes of software in response for reality changes),
6. For risk reduction (when costs of failure, such as in space program, are enormous),
7. For ease of technology change (when we do not wish to depend on certain vendor[s]).

and so on ....

See also: Code should be independent, Few thoughts on code quality (for professionals).

11/17/13

Benefits of REST.

'Representational State Transfer (REST) is an architectural style that abstracts the architectural elements within a distributed hypermedia system'.

'Hypermedia is used as a logical extension of the term hypertext in which graphics, audio, video, plain text and hyperlinks intertwine to create a generally non-linear medium of information'.

It can nicely order Internet Resources, for example to ease management of such.

(Source).

11/16/13

Internet, the Internet, and Intranets.

Internet is network of networks.

The public Internet (that is, the global network of networks mentioned above) is the network that one typically refers to as the Internet.

There are also many private networks, such as many corporate and government networks, whose hosts cannot exchange messages with hosts outside of the private network (unless the messages pass through so-called firewalls, which restrict the flow of messages to and from the network). These private networks are often referred to as intranets, as they use the same type of hosts, routers, links and protocols as the public Internet.

11/15/13

Petri Nets.

A Petri net (also known as a place/transition net or P/T net) is one of several mathematical modeling languages for the description of distributed systems. A Petri net is a directed graph consisting of two types of nodes: places (represented by circles) and transitions (represented by rectangles). They are joined by arcs (represented by arrows).

Arcs run from a place to a transition or vice versa, never between places or between transitions.

The places from which an arc runs to a transition are called the input places of the transition; the places to which arcs run from a transition are called the output places of the transition.

Graphically, places in a Petri net may contain a discrete number of marks called tokens. Any distribution of tokens over the places will represent a configuration of the net called a marking.

A transition of a Petri net may fire if it is enabled, i.e. there are sufficient tokens in all of its input places; when the transition fires, it consumes the required input tokens, and creates tokens in its output places. A firing is atomic, i.e., a single non-interruptible step.

Unless an execution policy is defined, the execution of Petri nets is nondeterministic when multiple transitions are enabled at the same time, any one of them may fire.

Since firing is nondeterministic, and multiple tokens may be present anywhere in the net (even in the same place), Petri nets are well suited for modeling the concurrent behavior of distributed systems.


There are many submodels of Petri Nets. I know of:

1. Elementary Net Systems.
2. Place/Transition-Nets.
3. Timed and Stochastic Petri Nets.
4. Coloured Petri Nets.


i think that when Modelling Concurrency, we can use Ideas of Active Components, or Transitions to describe Processess which rely on Input Data Preconditions called Tokens which are stored in Queues or other Buffers, also called Passive Components or Places.

there are people who develop Mathematical Apparatus that is used to analyze Properties of Concurrent Systems such as Reachability, Liveness, Boundedness. They are explained on Wikipedia.

i heard that there are automated tools that help to analyze, prove or disprove such qualities if given P/T Model.


See also: [6], Graphs, Elementary Net Systems Introduction, Introduction to Cooperating Processes & Synchronization, Petri Nets & Randezvous Concurrency, an Idiom.

11/14/13

Uses for Stitie Space Web Service.

Ideally it should work like this:

Supercomputer (more or less expensive), dedicated to Matrix (and other, including Ciphers) Calculations, with Simple Web Service Interface.

This way users can either login (with simple client) and manually upload data to be calculated, then wait and acquire results they paid for. Or they can automate leasing of computing power and resources with their own tools (programs will automatically order such calculations when needed).

This can be useful for Mathematicians to relieve them of simplest, menial tasks.

Information Technology Paradigms.

I think that 'Paradigm' is word for 'Way of Thinking', or 'Viewpoint'.

Is there single best and only approach to Programming or Information Technology?

I think no, for there are many standards, or 'branches' in this field of knowledge. And many languages, libraries, etc.. Each serves different purpose, and good ones can work with others (for example by serving a 'Web Service').

For example, when i use word 'Channel', i mean something differing from 'Channel' defined in many other language(s).

Everything depends on context.

Code should be independent.

Programmers should write code that way, to let others understand it.

I'd fire programmers who tried to be unfirable by 'obfuscating' their code and making themselves 'priceless' to company. Immediately.

See also: Obfuscator, Few thoughts on code quality (for professionals).

11/13/13

Packet Registry, Streams & Channels.

What's the difference between stream and channel? Channel channels streams of data. Streams can 'overflow' and form larger channels. Which is larger? Whichever you wish.

See: Splitting and Joining Information Flow.

When we split information into a streams or channels, we should address problem of lost packets somehow.

That's why we can use Packet Registry, where arrived packets are kept. If stream(s) or channel(s) is (or are) lost, we can dynamically create new stream(s) and/or channel(s), retransmitting lost packets via them.




Vertical boxes form Packet Registry. Glowing boxes are data packets. When they are arriving they are part of a data stream. Then they are placed in Packet Registry.

Movie & Source Code

Classic Concurrency Problems.

1. Mutual Exclusion.

Let's assume that two processess want to access critical section of code. They are acting as such:

process P;

begin
  while true do
  begin
    personal_affairs;
    begining_protocol;
    critical_section;
    ending_protocol;
  end
end;

Critical section is this program fragment, that can be executed by at most one process at once.

We assume that each process which enters critical section, will leave it in finite time.

See also: Petersen's Algorithm.

2. Producers & Consumers.

There are P>0 processes in system, which produce certain data, and K>0 processes which receive data from producers. Between producers and consumers there can be buffer with capacity B, whose task is balancing temporary differences during processes execution time. Processes that produce data we'll call producers, and processes receiving data --- consumers. Task is about synchronizing work of producers and consumers, such as that:

* Consumer would wait for data receive in situation when buffer is empty.
* Producer, when putting data in buffer would not overwrite data already written, but not received yet by consumer. It requires stopping temporarily producer in situation when there is no empty space in buffer.
* If many consumers wait for when data arrives in buffer, and if constantly new data is produced, then each waiting consumer will get something from buffer.
* Won't happen such situation, that certain consumer will wait infinitely for getting data, if data arrives in buffer constantly.
* If many producers wait for buffer's free space, and consumers constantly get something from buffer, then each of waiting producers will be able to put something into buffer. There won't happen situation such as certain producer will wait infinitely, if constantly something is taken from buffer.

There are variants to this problem:

* Buffer might be infinite.
* Cyclic buffer with finite space.
* No buffer at all.
* Many producers or only one.
* Many consumers or only one.
* Data might be produced and consumed at quicker rate (more than one unit at once).
* Data has to be read in writing order, or not.

Producers and consumers problem is abstraction of many situations existing in computer systems, for example: keyboard data write to buffer by keyboard device driver, and it's read by operating system.

3. Readers and Writers.

There are C>0 processes working in system. They read certain data. There are P>0 processes which write data. Processes writing data we'll call writers, processes reading data --- readers. Moment when processes have access to data, we'll call 'reading room visit' or 'reading room stay'.

Let's notice that many processes can read data at once. If someone wants to modify that data, then it's reasonable to block access to this data for all other processes for the time of read. It prevents read of inconsistent data (for example, partially modified data). Overall schema for processes work is such:

process Reader;

begin
  repeat
    personal_affairs;
    begining_reader_protocol;
    READ;
    ending_reader_protocol;
  until false
end

process Writer;

begin
  repeat
    personal_affairs;
    begining_writer_protocol;
    WRITE;
    ending_writer_protocol;
  until false
end

Beginning and ending protocols of selected processes should be written in a way, that allows for these conditions to be met:

* Many readers should have simultaneous access to reading room.
* If in reading room there's writer, then no one else does not write or read.
* Each reader, which wishes for data read, at some point will read them.
* Each writer, which wishes for data modification, at some point will write such modifications.

There are variants to this problem:

* In reading room many readers can spend their time at once.
* Reading room may have limited capacity.
* Writers may have priority over readers (but then we'll resign from readers liveness).
* Readers may have priority over writers (but then we'll resign from writers liveness).

4. Five Philosophers.

This problem does not have practical analogies, unlike previous classic problems, but it very well illustrates problems happening when concurrent programs are made.

Five philosophers dine by round table. Before each there's plate. Between plates lie forks. In middle of the table there's serving dish with fish. Each philosopher thinks. When he gets hungry, he reaches for forks laying at his right and left side, then starts eating. When he's done eating, he puts forks away and again devotes himself to thinking.

Scheme of such philospoher is such then:

process Philospher (i: 0..4);

begin
  repeat
    think;
    beginning_protocol;
    eating;
    ending_protocol;
  until false
end;

Task is to write beginning and ending protocols, such as following conditions would be met:

* Only one philospoher ate with the same fork at the same time.
* Each of the philosophers ate only and always with two (and always those which lay near his plate) forks.
* No philosopher would die of starvation.
* Also we want that each of the philosophers would act the same way.

Solution to this riddle is to use waiter to let only four philosophers at the dining table at the same time, and let fifth wait. When philosopher is done eating, he leaves table and joins queue and can only return to table when waiter allows him to do this.


See also, if You wish: Basics of Concurrent Programming.

Dragonfly Management System.

It should be simple.

It should let dragonflies act independently.

It should independently collect reports and resources when they are avaiable.

It should allow hackers to help users. This requires that involved internet devices allow for internet traffic pass, so we can help each other. Such traffic should not interfere with user's privacy (perhaps there can be secure channel for it).

(critic requested and welcome).

(channel channels streams... and it should survive overflows, if possible).

Distributed System.

def. Distributed System is a set of independent internet devices (which are also computers), connected with network, equipped with software designed for creating integrated computing environment. (And for recreating it often as neccessary, because internet devices leave and join networks constantly).

11/12/13

TCP Connections & UDP Connectionless Transport.

Internet is an extremely complicated system.

To provide structure to the design of the network, and it's protocols, designers organize protocols, the network hardware and software that implement the protocols in layers.

See: Internet seen by technical eyes (for computer enthusiasts).

Residing between the application and network layers, the 'Transport Layer' has critical role of providing communication services directly to the applications, in particular: TCP and UDP transport layer protocols.

Connectionless Transport, or UDP (User Datagram Protocol) has following properties:

* Finer application-level control over what data is sent, and when. This means that application can decide what services it needs, and implement them on their own. Even something similar to TCP's services, or more.
* No connection estabilishment. No 'reliable' data transfer service, no congestion control (no attempt for controlling network traffic).
* No connection state is maitained.
* Small packet overhead. This means that less data is sent between computers when UDP protocol is used. At least in theory, for many services are implemented anyway and it costs.

Connection-oriented Transport, or Transmission Control Protocol (TCP) has following properties:

* Connection-oriented. This means we can have separate connections (similar to telephone connections), so that multiple users or applications can isolate their communications from others, even if they are communicating between the same internet devices (computers, phones, etc). Even at the same time. Technically speaking, connection is estabilished between two internet devices (identified by IP Address) on certain ports. For example: between computer with IP address 192.168.1.84 on port 300 and telephone with IP address 192.168.1.108 on port 600. Each connection can have different properties (security, speed, perhaps more).
* Ordered packets. Sequence numbers allow receivers to discard duplicate packets and properly sequence reordered packets.
* Reliable data transfer. This means that data packets are retransmitted if they are lost on the way.
* Error-free data transfer. If data is malformed during transfer, a checksum allows to detect errors... then this data can be retransmitted if neccessary. Note that it's not enough to rely on this type of 'security' to prevent man-in-middle hack attack.
* Flow control. (speed matching service, so that data does not overflow receiver's buffer).
* Congestion control. (attempt for controlling network traffic).

Packet Flooding & DoS attacks.

A broad class of security threats can be classified as denial-of-service (DoS) attacks. As the name suggests, a DoS attack renders a network, host, or other piece of infrastructure unusable by legitimate users.

There are many forms of DoS attacks, including 'Packet Flooding':

* Bandwidth Flooding.

The attacker sends a deluge of packets to the targeted host - so many packets that the target's access link (router) becomes clogged, preventing legitimate packets from reaching the server.

* Connection Flooding.

The attacker establishes a large number of half-open or fully open TCP connections at the target host. The host can become so bogged down with these half-bogus connections that it stops accepting legitimate connections.

See also: Everyday tea for information problems, or DDOS attack (for everyone), TCP Connections & UDP Connectionless Transport.

11/11/13

Painting Cryptographic Keys.

It can be done easily with Stitie Space.

Just paint the Shape (which is also Form) in three or less dimensions, then dump it somehow.

It's easy to break this key, but it can be augmented with Mathematics and Programming.

Automated tool for such key creation can even be made (involing Maths & Arts).

Animations can be used as well.


Each node has data (state/color) and strategy (which is also code/data/state/color). Together they form a whole node's color.

Depending on color (of each of nodes, but also color of all nodes), which can be mixed and used any way Artist desires, whole cryptographic key is made.

The more complex Form, the harder key to break.

Message Authentication.

Message authentication is the way to ensure that message was not changed by someone during communication between sender and receiver. Encryption does not ensure that message won't be deleted or changed on the way during communication process.

Like encryption, message authentication uses a secret key that Alice (sender) and Bob (receiver) both know. We'll call it authentication key, to distinguish it from the encryption key.

Message Authentication Code (or MAC) is calculated using MAC function: message_authentication_code = mac_function(authentication_key, message).

To prevent tampering with messages, Message Authentication is combined with numbering messages sequentially. (For example: by adding sequential number to message when it's sent, then signing it with MAC).

This way we know if message was changed (by using Message Authentication Code), deleted (by checking sequence numbers), or if their order of arrival was modified (by checking sequence of numbers).

11/10/13

Security Aspects.

Should code be designed with Security in mind?

I think yes.. but it's not so bad if it is not such at first.

It should be clean and modularized, then security aspects can be added. With redesign if neccessary.

I'll check and share (You should as well before You trust this methodology).

Code Style.

Should code be hard to hack?

Yes and no.

It should be designed properly, clean, and easy to understand.

If neccessary, it can be encrypted or/and obfuscated.

See also: Obfuscator, Few thoughts on code quality (for professionals) .

Encryption & Decryption Functions.

Encryption function takes data (state/color in context of this blog), also known as plaintext message as first argument, and cryptographic key as second argument then produces ciphertext (encrypted, or disguised from being readable) message.

Decryption function takes ciphertext and cryptographic key as argument to reproduce original data (plaintext) from it.

A good encryption function makes it impossible to find the plaintext from the ciphertext without knowing the key.

See also: Basics of Cryptography (for everyone), More on Cryptography (Terminology).

Consequences of restarting AI.

AI is acronym for 'Artificial Intelligence'.

Perhaps something will start anew.

State perhaps will be zeroed, perhaps not.. for there's data persistence and databases.

If something will start anew, it will in different context (world will progress few steps onward in meantime).

Perhaps computer systems will synchronize data after restart, but some cycles of computing power in restarting computer will be lost.

Weakest Link.

'A security system is only as strong as its weakest link.'

What is weakest link depends on attacker's viewpoint and tools.

So weakest links have to be strenghtened first, with foremost priority.

Cryptographic system investment.

Is it worth to invest in cryptographic system designed by a beginner?

Probably not at first. It's not too easy task to design such a system that can withstand real attacks.

But it's worth to let it happen, be published and criticized (this includes attacks on it), so a designer can learn and improve. After decades of work it'll be stronger.

11/9/13

Threat Analysis.

def. Threat is a possible danger.

In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.

def. Threat analysis is the analysis of the probability of occurrences and consequences of damaging actions to a system.

I'll approach Threat Analysis this way:

1. List all possible threats that i can imagine or find in literature, that are directed toward beings or things i wish to protect,
2. Consider level of risk associated with each threat and assign it as a value (0: critical threat level; the higher: the less danger),
3. Describe all possible consequences i can imagine or find, for each threat.
4. Keep doing this repeatedly, as needs arise. ('Threats need to be attacked actively').

Perhaps i'll develop method for level of risk measurement later.

Cryptography as part of Secure System.

Usually computer system is not lacking in this department.

Compared to Bank Vaults with large steel doors and strong locks (locks can be compared to cryptography), computer systems seem to be tents with large door and strong locks. People love to argue about the exact key length of cryptographic systems, but fixing 'buffer overflow' in Web servers is much less fun. The result is predictable, the attackers find a 'buffer overflow' and never bother attacking cryptography.

There is, however one reason why cryptography is important to get right, even in systems that have other weaknesses. An attacker who breaks cryptography has a low chance of being detected.

It's like comparing it to real-life break in. If the burglar uses a crowbar to break in, you will at least see that a break-in has occured. If the burglar picks the lock, you might never find out that a burglary occured.

Many modes of attack leave traces, or disturb system in some way. An attack on the cryptography can be fleeting and invisible, allowing the attacker to come back again and again.

Complex systems are Vulnerable.

There are no complex systems that are secure.

Complexity is the worst enemy of security, and it almost always comes in forms of features or options.

If you want to build something secure, you have to keep it simple. It's easier to maintain it this way as well.

'Secrets and Lies' approach to Security.

Good security is always a mixture of prevention, detection and response.

The role for cryptography is always prevention part, which has to be very good to ensure that the detection and response parts (which can and should include manual intervention) are not overwhelmed.

See also: 'Dragonfly & Windshield'.

Deterministic & Nondeterministic Algorithms.

In computer science, a deterministic algorithm is an algorithm which, given a particular input, will always produce the same output.

Nondeterministic algorithms have their uses as well, for example, probabilistic algorithms.

Sometimes deterministic algorithm is too inefficient or insecure.

For example 1: We can spread data along the tree data structure randomly, thus have shorter routes between tree's root and leaf nodes (on average).

('Tree' is data structure with nodes and pointers, or 'arrows' leading from upper nodes to lower nodes. Each node might have 0, 1, or more pointers. Root node is uppermost node, Leaf nodes are on bottom of data structure).

See 'Literature' for more details about the 'trees' and other data structures.

For example 2: Random numbers are used in cryptography, thus in security. If random number is generated nondeterministically, it's more secure to use it for creating cryptographic key.

What makes a paradigmatist.

Paradigmatists are such if they learn.

When they stop learning, they stop being paradigmatists.

Because they stop trying to understand someone else's paradigm (way of thinking, viewpoint) anymore.

11/8/13

Traditional Digital Art Form use in Stitie Machine.

3 (or less) -dimensional Art Forms can be used in Stitie Machine to form computer program that can be run.

Just paint Form as you wish or will.

Each color is associated with programming code (same color is same code.. so 'Color Picker' should be used carefully, but there's available great depth to colors), and it is designed to work like this.


Technical details:

Colors can be used as is needed, even duplicated in many pixels, for color depth can be deepened if neccessary.

Colors can show as the same, but have greater depth in fact.

Greater depth can also be displayed somehow... for example as complex icon (cheap solution)...., or deeper color with proper hardware (very expensive one).

Perhaps Forms can be 'imaged' in other ways as well.

See also: Stitie Machine.

What problems Painting Forms can solve?

Stitie Machine is Turing Machine.

Form, or Object Graph is in-memory model of running program.

Painting (using Mathematical Art) Form makes it appear in computer memory.

Then Form can be 'run' (or 'executed') to solve any problem computers can. Just with different resource use for different problems.

See also: Stitie Machine, and its implementations: Core 1.0 and Sunsail 1.1 .

See also: Stitie Turing Machine (including comments) and Combining State .

11/7/13

Combining State.

Two finite state automatons can be combined, resulting in one larger finite state automaton.

State can be represented as graph, with states (dots) and transition functions (arrows).

Just combine states from two graphs into state pairs using Cartesian Multiplier (each with each), represent each pair as single node, then connect state pairs with transition functions properly.

Then this complex automaton can be reduced, by removing duplicate transition functions (arrows).

This process (Combining State) can be repeated as many times as is needed.

(this has use in mapping 'Stitie Turing Machine' into Turing Machine).

Mathematics, Fractal Art & Stitie Machine.

Mathematical (functional) Art can define functions that can be used to 'paint' 'Forms & Shapes' in 'Stitie Machine(s)'.

It's very efficient to do it this way.

'Fractal Art' is also 'Functional Art', with stricter requirements.

System is Never Secure Forever (part 3).

According to experts (who are 'fanatical' about security), every system they analyzed has been broken in one way or another. There are always a few components that are good, but they invariably get used in insecure ways.

11/6/13

Pretty data.

I think that data structures in computer memory should be nice, pretty and tidy.

Unlike some constructs i've seen when i worked for Bank.

11/1/13

ACID.

In computer science, ACID (Atomicity, Consistency, Isolation, Durability) is a set of properties that guarantee that database transactions are processed reliably.


Atomicity: requires that each transaction is "all or nothing": if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged.

Consistency: Ensures that any transaction will bring the database from one valid state to another.

Isolation: The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other. Providing isolation is the main goal of concurrency control. Depending on concurrency control method, the effects of an incomplete transaction might not even be visible to another transaction.

Durability: Durability means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors.

See also, if You wish or need ... : Transactions, Source.

Databases and Database Management Systems.

Database is set of data.

Database Management System is system (software tool) for managing databases.

DBMS allows for:

1. defining data schema, or logic structure of database,
2. formulating data queries,
3. storing large amounts of data,
4. concurrent data access (including modifications) and security.

SOLID.

Single responsibility principle: a class should have only a single responsibility.

Open/closed principle: 'software entities … should be open for extension, but closed for modification'.

Liskov substitution principle: 'objects in a program should be replaceable with instances of their subtypes without altering the correctness of that program', without breaking the Contract. See also: Liskov's substitution principle, Design by Contract , and Design by Contract (in simpler words).

Interface segregation principle: 'many client-specific interfaces are better than one general-purpose interface.'

Dependency inversion principle: one should Depend upon Abstractions. Do not depend upon concretions.

Liskov's Substitution Principle.

Liskov's notion of a behavioral subtype defines a notion of substitutability for objects;

That is, if S is a subtype of T, then objects of type T in a program may be replaced with objects of type S without altering any of the desirable properties of that program
(e.g., correctness).

When this occurs, we can say that design or implementation adheres with the LSP (Liskov's Substitution Principle).

It is desirable for designs & implementations to adhere with LSP.

See also, if You wish or need, ... : Liskov substitution principle on Wikipedia, SOLID, Design by Contract.

Open / closed principle.

In object-oriented programming, the 'open/closed principle' states 'software entities' (classes, modules, methods, etc.) should be open for extension, but closed for modification.

Design by Contract.

Introduction.

Design by Contract is the Software Collaboration Method.

Contract (between class user and class author) should state under which condition class will provide it's services to class user.


Contract.

There are preconditions, postconditions and invariants that regulate contract.

Precondition is a condition that is required for something to happen. Precondition can be simple or complex, complex precondition consists of multiple simple or complex preconditions as well.

Postcondition is something that is guaranteed to happen if preconditions are met & program behaves correctly.

Invariants is something that is guaranteed to hold, at least in observable moments in time, or perhaps even all the time.


If class user provides 'correct' (or using alternative wording: 'legal') preconditions to object, methods will ensure that postconditions are met. Invariants are always met (though some disagree, for there's 'observable moment' argument), or contract is broken.


Examples for Preconditions:

- method arguments,
- concurrency requirements,
- perhaps more.


Examples for Postconditions:

- program's process(-es) will compute and provide results correctly,
- program will finish within the agreed time frame in at least 90% of situations,
- perhaps more.


Examples for Invariants:

- heat in Reactor will never go above the Critical Value,
- variable 'divisor' will never have '0' value,
- variable 'divisor' will never have '0' value during computations phase,
- perhaps more.


Inheritance (in simple words).

To not break contract, following conditions must be met:

1. subclasses must require no more than it's neccessary for superclass to work correctly (but can require less).

2. subclasses must meet all requirements of superclass (but perhaps can give more).

This is related with the Liskov's Substitution Principle (LSP).


Exceptions in Java.

When contract is broken during Runtime, an Exception should be thrown.


See also: SOLID, Conditions, Security Harness, Software Complexity, Application Design, Use Cases & Automatic Testing.

10/29/13

Network Card Promiscuous Mode.

Network cards can work either with Promiscuous mode (mixed mode, listening mode) on or off.

When Promiscuous mode is off, they receive only packets addressed to IP address of the internet device (for example: computer, or phone) they are interface to.

When Promiscuous mode is on, they receive all packets that they are aware of. This allows for packet sniffing (reading data from Local Area Network or the Internet).

10/27/13

Is new version of software always best?

Not always (usually not).

We should want simpler and cheaper software, without too much code.

Every version can be merged (combined) with any other version (or should). Software should be built from modules, that can be combined to meet user's demands, and nothing more.

More code equals more errors, vulnerabilities, and costs (money, time, computing resources and more).

Best to contact seller and order custom built version.

How trusted nodes (Internet devices) enhance Security?

Internet traffic goes via nodes.

It's better to route internet data packets via trusted ones (in case of 'sniffing', or intercepting data packets, more or less).

It also allows for faster transmission, for less retransmissions are needed (in case of internet packets being lost or changed), and thus to maneuver faster in the Internet.

See also: this post.

What is VPN?

Virtual Private Network.

Using IPSec (Internet Protocol Layer Security), a company can communicate securely in the nonsecure public Internet. IPSec is part of VPN.

For example: Consider a company that has a large number of travelling salespeople, each possessing a company laptop computer. Suppose the salespeople need to frequently consult sensitive company information (for example, pricing and product information) that is stored on a server in the company's headquarters. Further suppose that the salespeople also need to send sensitive documents to each other. VPNs can do it all.

10/24/13

How to hack ethically.

For hacking exercises you need 3 computers (2 communicating machines, and attacker machine). Virtual Machines can be used too.

This way no one gets hurt by hacking exercises, as they are performed in LAN (Local Area Network).

This can be done even without accessing internet, so people can feel more secure.

9/30/13

Network of Tiny Computers.

One of my goals, as far as IT Development goes is controlling network of tiny computers so it does no harm and works efficiently and securely.

If You look at Stitie Machine model, it's evident that it's such. Tiny objects (each of them computer or device controlled by computer), communicating in 3D space.

There's hacking involved for security and secure communication, concurrency mechanism for coordination, object oriented model for reality reflection.

Such tiny computers can change shapes & forms, coordinate, and maneuver strategically if neccessary.

See also: Stitie Machine, and its implementations: Core 1.0 and Sunsail 1.1 .

Stitie Machine Requirements.

Is Stitie Machine too resource expensive to work for now?

Yes, for most of uses. But it's future project, with time frame for more or less 30 years. By that time it should be useful and mature enough.

Earlier it will have glimpses of usefulness too.

For example when it can work in 3D HD resolution (1080 x 1080 x 1080). About 1 Terabyte of cheap and fast RAM on desktop is needed for this. Perhaps it's 8-10 years, judging from my very simple calculations.

I hope i'll have time for optimization (precaching sine, common primes, similar computations, and more), for it's too slow now.

I doubt i'll have hardware layer too, so i have to design for running this on virtual machine. Good thing is that it's pro to run software in dedicated vm. Supercomputers can handle such very easily and modestly. Business does not have to invest in too much of expensive and unneccessary hardware. Admins have easier time too this way, for vm management is easier than 'juggling laptops'.

Expert Systems.

In artificial intelligence, an expert system is a computer system that emulates the decision-making ability of a human expert.

Expert systems are designed to solve complex problems by reasoning about knowledge, like an expert, and not by following the procedure of a developer as is the case in conventional programming.

The first expert systems were created in the 1970s and then proliferated in the 1980s. Expert systems were among the first truly successful forms of AI software.

An expert system has a unique structure, different from traditional computer programming. It is divided into two parts, one fixed, independent of the expert system: the inference engine, and one variable: the knowledge base. To run an expert system, the engine reasons about the knowledge base like a human. In the 80s a third part appeared: a dialog interface to communicate with users. This ability to conduct a conversation with users was later called "conversational".

Source.


Why this is part of Dragonfly Algorithm?

Because 'Dragonfly' (defensive version) will use 'Expert System' to help user defend against hacker attack. More accurately, it'll be conversational system that supports decision making (version which is partly automated). It should be simple to use, but allow for detailed decision making if neccessary.

9/29/13

How to write Software on Stitie Machine (for computer enthusiasts).

You can write software where for 3d model You can add strategy (code) and state (data, color) to each of pixels. If it's samurai model then edge of katana blade is responsible for something else than eye, etc.

3D model can be made hacking tool or anything else (for example engine model can handle real engine). Advantages are such, that even if plane loses part of wing, it can be not only noticed (we know which of tiny computers on the plane's wing do not respond), but also rest of them still work (for example to handle the evacuation and more).


More advanced implementation hints:

How pixels can be grouped to cooperate, for example in katana's blade? Just like it's done in standard server/clients paradigm. Or servers/workers. We can even mix strategies from many servers in one destination pixel (worker). We can use shared services, for example memory. Or we can use peer-to-peer programming paradigm. P2P is similar to talking objects (sending messages like in classic approach to Object Oriented Paradigm).

Will there be Garbage Collection for Stitie Machine? For now i think no. It has to be handled manually. Argument is such that it's so low level mechanism that it can and should be handled manually, like in the Assembler, to allow for more tricks. Some programmers think that memory deallocation is so important that it has to be done with automated garbage collection. Others think opposite, that it's so important that it has to be done manually. These arguments contradict themselves.

See also: Stitie Machine, and its implementations: Core 1.0 and Sunsail 1.1 .

Brute Force attack on Random Seed.

This applies to the Real Random Seed generated with timing of keystroke.

If we can overhear and store timing of keystroke, we have approximate timing.

If we have seed generator, we can use brute force attack (try all permutations of bits as input for the known seed generator) in time window, with maximum (or perhaps not only) precisions, and we can guess the random seed.

For PreciseNumber notation, we have to know something about precision of seed too and perhaps choose window as well.

Dragonfly & Windshield.

Dragonflies are very alert, they can be used as observers.

I called remote packet sniffer 'Dragonfly'.

'Windshield' protects from the Wind, it can protect 'Dragonflies' too.

I called partly automated hacking tools 'Windshield' under which many things (and beings) can seek 'Shelter' and be more secure in the Internet if they wish.

There can be 'defensive' (installed by user, with agreement with hacker) and 'offensive' (installed by hacker) versions of 'Dragonfly'. But let's not overdo counterattacks and preemptive attacks. It's illegal.

I can imagine that 'offensive' version of 'Dragonfly' can have uses in Military, Police, and such. For antiterror.

Feel free to contact me (neomahakala108@gmail.com) for defensive version if you have problems with hackers that i can help You to solve. It's not ready yet, but it will be. For me it's precious opportunity to practice hacking and counterhacking this way. And You will see what i do, if You have defensive version. I do not wish to hack without agreement with user, i'll do it only if i have to protect someone.

Users will be able to turn defensive 'Dragonflies' on and off as they need (there will be cryptographic key needed. i'll design hardware key for final product). But hacker's support time will depend on agreement.

I won't send software via the Internet (it's insecure and pointless this way). It can be sent on usb pendrive via traditional mail, or (if user is very wary of postal service and couriers) picked up personally at agreed place and time.

Shapes, Forms, 108 Number & Strategic Botnet.

108 number has many nice mathematical properties. they can be used to draw shapes & forms for troop formations (i think). See also: reforming shapes.

Botnet (hacking network) using 108 units (hackers or machines) can maneuver very well, transitioning from form to form, each with unique properties (security of each of nodes and of all of them, speed of the information flow, security of information flow).

I call this form of 108 object graph nodes shortly: 'Form108'. It can give botnet strategy advantage.

See also: Stitie Machine, and its implementations: Core 1.0 and Sunsail 1.1 .

For now this computational model uses Java Virtual Machine, but it won't be that forever. My goal is to make processor model, and whole computer system that can lease its resources (mostly for computing precisely Mathematical Data), but it can switch to 'hacking mode' if need arises, allocating resources as neccesary. (For example 5% for defenses, 95% for mathematical computations and other paid services. Or in worst case, 100% for defenses).

For her, Buddhist Woman i Love.

but also,

For Anti-Terror.

(I wish for this to be Buddhist Project, but i respect other religions except for those who support Terror, Rape and such. I live in Poland but it should be International.)

See also: Hacking, Imagination and 3D Visualization, Formation of sixty, eighty four, Factorization Tree, Factoring Numbers.

9/28/13

Cryptography & Entropy (Randomness).

Uses for Randomness in Cryptography:

To generate (cryptographic) key material, we need a random number generater, or RNG. Generating good randomness is a vital part of many cryptographic operations.

Entropy:

The measure for randomness is called entropy. Note that the entropy of a value depends on how much you know. A random 32-bit word has 32 bits of entropy.

Idea for it (intuition) is such that if you have a 32-bit word that is completely random, then it has 32 bits of entropy. If the 32-bit word takes only four different values, and each value has a 25% chance of occuring, then the word has 2 bits of entropy. Entropy does not measure how many bits are in a value, but how uncertain you are about the value.

Suppose that you happen to know that the value has exactly 18 bits that are 0, and 14 bits that are 1. There are about 2^28.8 values that satisfy these requirements, and the entropy is also limited to 28.8 bits. In other words, the more you know about a value, the smaller its entropy is.

There are few definitions of entropy that mathematicians use, depending on what they are working on. When physicists talk about entropy, they use the word for a concept from thermodynamics that is only tangentially related.

Real Random:

The world is not ideal, and real random data is extremely hard to find, if at all. Many implementers seem too optimistic about randomness or entropy that can be extracted from various sources. Measured data is often predictable, and there are attacks that try to overhear or affect it, or more.

Some modern computers have a built-in real random number generator, it makes some of the attacks more difficult (such as overhearing time of keystroke used to generate number, or affecting result of random number generation). The random number generator is still only accessible to the operating system, so an application has to trust the operating system to handle the random data in a secure manner.

When more and more data is known about real random number generators, they are less and less useful.

Pseudorandom Data:

Alternative to using real random data (which is not always available, and risky sometimes to use), is to use pseudorandom data. Pseudorandom data is not really random at all. It is generated from a seed by deterministic (for same data, producing same results no matter how many times it's run) algorithm. If you know the seed, you can predict the pseudorandom data.

Pseudorandom Number Generators:

Traditional pseudorandom number generators, or PRNGs, are not secure against a clever adversary. They are designed to eliminate statistical artifacts, not to withstand an intelligent attacker.

In the context of cryptographic system, we have requirements. Even if the attacker sees a lot of the random data generated by the PRNG, she should not be able to predict anything about the rest of the output of the PRNG. We call such PRNG cryptographically strong. For cryptography, only such should be used.

In PRNGs, real random data is used for a single thing: to seed a PRNG. Perhaps once, perhaps many times.