11/30/13

Complexity & Security.

According to experts, 'Complexity is worst enemy of security'.

To deliver secure system, every part must be designed to be robust (able to cope with errors during execution or to continue to operate despite abnormalities in input, calculations, etc.) from start, and design of whole system must also be robust ('Correctness must be a local property').

Source: [8], Wikipedia.

11/29/13

How to test firewall configuration.

Scan on your own system for open ports.

How to hack web application.

1. Open ports in firewall can be scanned.
2. Telnet connections can be used to probe for installed software and its versions on attacked server. Or perhaps dedicated software, actively or passively.
3. If connection is not encrypted, protocol can be 'sniffed', understood and broken. Hacked client can be made, that can for example send packets that can overflow a buffer, and execute code remotely. If there's open source software on server, it's weaknesses are known and this type of attack is easier to execute.
4. If connection is encrypted, customer or user can be convinced to use 'custom user interface', this way protocol can be broken also. Or hacker can turn off secure connection himself and attempt to break protocol that way.

this opens way for many more moves such as:

1. Intercepting communication, malforming it, pretending to say something instead of someone (for p2p communication).
2. Committing transactions to selected server requests, on behalf of other users.

Performance & Security of Computer Systems.

Every line of code or processor instruction cost. The more efficient algorithm, the less operations (or 'algorithmic steps') are needed to achieve certain goal. Cost is measured by function, for example linear or linear-algorithmic or faster or much faster rising... that is, the more data to handle, the more it matters.

For example... we want to calculate function of 120 variables. Our algorithmic cost is: n2... the total cost of computing this result is 14400 steps. If algorithmic cost was for example: (3 / 2) * n, the cost of computing such function would be 180. With larger values, algorithmic cost matters much more than buying more computers and their speeds.

Customers or system designers can decide where to put these processor cycles and memory... into pretty graphics, security (for example, securing broadband connections with encryption on-the-fly) or something else. However, half secure system is much easier to break according to experts, than well done one... so it's best to focus on whole security in all aspects than do it half way. Cost-wise it's also more efficient.

For more see Literature [7], [4], perhaps more.

Cryptographic System Security Level.

Any cryptographic system can be attacked succesfully with enough of effort. The real question is how much work it takes to break a system.

Such workload can be measured by number of steps, be it computing a single encryption or merely looking something up in a table or perhaps something else. Step can be executed by a computer in a very short time, to the extent where a factor of a million is not terribly important.

This concept of security level is only approximate, we only measure the amount of work the attacker has to do, and ignore things like memory or interactions with the attacked system. It's useful approach because of it's simplicity (better to isolate problems and solve one at once).

11/24/13

Terminal Symbols and 'words'.

Terminal symbols are 'words' used in programming languages.

They can consist of one or more symbols and are usually separated by spaces.

Nonterminal symbols (or productions) can be used to produce structured sets of nonterminal symbols and / or terminal symbols.

Both terminal and nonterminal symbols are used in grammars, parsers, compilers and such (interpreters, translators, perhaps more).

There are also data 'words'.

Data Search & Dragonfly.

Regular Expressions can be used to search for patterns in data.

Exclusions (there's one when no dictionary 'word' matches any part of data searched) can help to find encrypted data. After decrypting they can be catalogued and indexed for Regular Expression searches.

Defensive Dragonfly should let users be alerted about certain data patterns passing through their internets.

This method can be used to effectively and reliably uncover facts (hidden meanings), at least in the Internet.


Basic Regular Expressions Tutorial:

Sequences of symbols (letters, digits and many others) can form Character Strings that can be used as part of Regular Expression pattern.

For example:

'Mat' regular expression pattern can be found in Character String: 'I liked this Matrix film', but does not match it (it would have to be exact to be a match).

To find a word in a character string add '.*' at beginning and at the end to make it match it.

For example:

'.*Mat.*' matches 'I like this Matrix film'.


Dot symbol '.' matches any symbol and can be used in a pattern.

For example:

'Al...' regular expression pattern matches Character Strings 'Aloha', 'Alice' and other five symbol Character Strings starting with letters 'Al'.


Question symbol '?' means 0 or 1 occurances of a symbol and can be used in a pattern.

For example:

'Ann?' matches either 'An' or 'Ann' Character Strings, while 'An.?' matches 'An' or 'Ann' or 'Ana' or 'An1' or many other Character strings.


Plus symbol '+' means 1 or more occurances of a symbol.

Asterisk symbol '*' means 0 or more occurances of a symbol.

Brackets '(' and ')' can be used to group symbols.

For example:

'(an)*as' matches character sequences 'ananas', 'anas', 'as', 'anananas' and many other similar ones.


There are other 'special symbols' used in regular expressions, but that's basics and a way of thinking.

Check implementation details for more, for regular expressions can be extended as for example in Java (numbered groups).


Basic Exclusions Tutorial:

We have character sequence string: 'I liked this Matrix film'.

We have regular expression patterns for 'Mat...' and 'film'.

This way we can find words 'Matrix' and 'film' in input sequence, and 'I liked this ' and ' ' character sequences as exclusions.

If it was encrypted data, we could find it this way and decrypt for further processing, which could be easily automated.

If we wished to find 'Matrix film' character sequence we'd have to define pattern 'Matrix film'. This would not find these words seperately.


See also: Dragonfly & Windshield, Internet, the Internet, and Intranets.

11/23/13

Phishing.

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

(Source).

11/22/13

Clock Desynchronization Attack.

Correctness of 'whole' program execution depends on order of instructions executed.

If hacker can hack processor clocks (for example in distributed system), he can introduce subtle imbalances in a system, making it behave nondeterministically...

Such errors can or can't cause program to crash or provide wrong results.

There is example of computer program that worked well until processor was upgraded, speed changed, and 'whole' program stopped working because of bad synchronization.

Such attack is more dangerous than it seems, and often more stupid than Nuclear Bomb. But it should be learned and mastered to counter such.

11/21/13

Disguised Communication Hubs.

Any server can act as relay for communication.

It can look as computer game, or anything else.

Critical data packets can be hidden among other.

11/19/13

Cryptographic Attacks.

Introduction & Summary.

There are many types of Cryptographic Attacks. There can be attacks whose goal is to decrypt message, find cryptographic key, or weakness in 'the secure system', or other. Some of them are more, some less, theoretical.


Ciphertext-Only Attack.

This is the situation in which Alice (message sender) and Bob (message receiver) are encrypting their data, and all attacker gets to know is the ciphertext. This is the most difficult type of attack, because of the least amount of information.


Known Plaintext Attack.

A known plaintext attack is one in which attacker knows both the plaintext (undisguised message) and the ciphertext (encrypted message). The object, of course is to find the encryption key (for example, to decrypt more messages incoming from message sender).

Plaintext messages are sometimes easy to guess.

Also another source of plaintext message is autoresponder message. When employee goes on vacations, and autoresponder produces unencrypted message to some users, and encrypted to others. They can be 'overheard' in the public Internet sometimes. Even if message is encrypted with regard of the all of the users, all of them 'know' both plaintext (they decrypted it) and ciphertext.

Many messages in the Internet are partially predictable (for example, email messages' data headers are known and guessable).

The more information the hacker has, the easier for him/her is to make succesful attack on cipher, allowing him to decrypt more than legally allowed, and get into more troubles.


Chosen Plaintext Attack.

Chosen plaintext attack is when attacker can choose the plaintext, without the need to guess it. This is a more powerful type of attack than a known plaintext attack.

Attacker can perhaps choose any number of plaintexts and get the corresponding ciphertexts.

Quite often Alice will get information from some outside source (e.g., one that can be influenced by the attacker) and then forward that information to Bob in encrypted form.

There are two variations of this attack:

* Offline attack: where list of all the plaintexts attacker wants to be encrypted before he/she gets corresponding ciphertexts is prepared in advance.
* Online attack: attacker can choose new plaintexts depending on ciphertexts he/she already received.

Online attack is more powerful version of Chosen Plaintext attack.


Chosen Ciphertext Attack.

The term 'chosen ciphertext' is a misnomer. It should really be called a 'chosen ciphertext and plaintext attack,' but that is too long.

In a chosen plaintext attack, attacker gets to choose both plaintext values and ciphertext values. For every plaintext that attacker chooses he/she gets the corresponding ciphertext, and for any ciphertext attacker chooses, he/she gets the corresponding plaintext.

Obviously the chosen ciphertext attack is more powerful than a chosen plaintext attack as attacker has more freedom. The goal still is to recover the key, for the key allows for more than just message encryption and message decryption. For example, there are certificates and digital signatures that use the cryptographic keys, and more. For key can be more complex than simple algorithm, that acts exactly same way for every purpose it's intended for.


Distinguishing Attacks.

The attacks described above recover the plaintext or the encryption key. There are attacks that do not recover a message, but reveal some partial information about the message. There are too many forms of attack to list here, and new forms of attack are thought up all the time. So what should we defend against?

The best solution is to define a distinguishing attack. A distinguishing attack is any nontrivial method that detects a difference between the ideal cipher and the actual cipher.


Birthday Attack.

Birthday attacks are named after the birthday paradox. If you have 23 people in a room, the chance that two of them will have the same birthday exceeds 50%. That is a suprisingly large probability, given that there are 365 possible birthdays.

Following this logic, hackers can monitor internet traffic and use it to penetrate the defenses of 'the secure system' somehow. When they find data packet having same MAC values (message authentication code values) as one of previously 'overheard' (or 'sniffed') data packets, they can insert that previous data packet in it's place, for example confirming financial transaction that never occured in reality.


Meet in the Middle Attack.

Meet-in-the-middle attacks are the cousins of birthday attacks (together we call them collision attacks). They are more common and more 'useful' than birthday attacks.

Instead of waiting for a key to repeat, hacker can build a table of keys that he/she has chosen for himself/herself. Then these keys can be used in conversation between parts of the system, to learn more about such, and prepare for complete attack routine.

For example: Trudy (Intruder) prepares many cryptographic keys. Once they appear in internet traffic with attacked system, in MAC codes (message authentication codes), they can be added to hacker's database, with association to these keys. Then this line of attack can be developed.


Increasing protection against collision attacks.

For a security level of n bits, every cryptographic value should be at least 2n bits long.

If possible, change block size, or at least key length.

An n-bit security level means that systems are designed to withstand attackers that can perform 2n operations in their attack.


Other Types of Cryptographic Attacks.

So far we have mostly talked about attacking encryption functions. Other functions, such as authentication, digital signatures, etc... can (but should not, most of times) also be attacked.


(More will be added later perhaps).

11/18/13

Digital Signatures & Public Key Infrastructure.

Digital signatures are the public-key equivalent of message authentication codes. The signature works just like a MAC (Message Authentication Code), except that it can be verified with public key. It's just something derived from message for verification, signed with asymmetric key.


Public-key cryptography makes key management simpler, but Alice (message sender) still has to find Bob's (message receiver's) public key. How she can be sure it is Bob's key, and not somebody else's? Maybe Eve (Eavesdropper), sometimes called Trudy (Intruder) created a key pair and published the key while impersonating Bob.

The general solution is to use PKI, or public key infrastructure.

The main idea is to have central authority called the certificate authority, or CA. Ech user takes his public key to the CA and identifies himself to the CA. The CA then signs the user's public key using a digital signature. The signed message, or certificate states: 'I, the CA, have verified that public key PBob, belongs to Bob.' The certificate will often include an expiration date and other useful information.

Question is: which CA to trust, and to which extent.

For more details, including CA Hierarchy, please see Literature: [8]; fewer details (but still more than in this post) are also available in: [3].

See also: Message Authentication, When to use symmetric keys, and when public+private key pair?

How code quality can be measured.

Code can be optimized in many ways, to achieve different goals.

For example:

1. For execution speed (algorithmic cost reduction, bottleneck optimization, low-level optimization),
2. For resource use (memory, internet throughput, internet resources, printers etc...),
3. For lines of code (the less lines of code, the less errors),
4. For scalability (hardware cost is often less expensive than software costs.. it's cheaper to buy few computers than to invest into more years of development),
5. For change management costs (programmers' time are important costs, for it allows for quicker changes of software in response for reality changes),
6. For risk reduction (when costs of failure, such as in space program, are enormous),
7. For ease of technology change (when we do not wish to depend on certain vendor[s]).

and so on ....

See also: Code should be independent, Few thoughts on code quality (for professionals).

11/17/13

Benefits of REST.

'Representational State Transfer (REST) is an architectural style that abstracts the architectural elements within a distributed hypermedia system'.

'Hypermedia is used as a logical extension of the term hypertext in which graphics, audio, video, plain text and hyperlinks intertwine to create a generally non-linear medium of information'.

It can nicely order Internet Resources, for example to ease management of such.

(Source).

11/16/13

Internet, the Internet, and Intranets.

Internet is network of networks.

The public Internet (that is, the global network of networks mentioned above) is the network that one typically refers to as the Internet.

There are also many private networks, such as many corporate and government networks, whose hosts cannot exchange messages with hosts outside of the private network (unless the messages pass through so-called firewalls, which restrict the flow of messages to and from the network). These private networks are often referred to as intranets, as they use the same type of hosts, routers, links and protocols as the public Internet.

11/15/13

Petri Nets.

A Petri net (also known as a place/transition net or P/T net) is one of several mathematical modeling languages for the description of distributed systems. A Petri net is a directed graph consisting of two types of nodes: places (represented by circles) and transitions (represented by rectangles). They are joined by arcs (represented by arrows).

Arcs run from a place to a transition or vice versa, never between places or between transitions.

The places from which an arc runs to a transition are called the input places of the transition; the places to which arcs run from a transition are called the output places of the transition.

Graphically, places in a Petri net may contain a discrete number of marks called tokens. Any distribution of tokens over the places will represent a configuration of the net called a marking.

A transition of a Petri net may fire if it is enabled, i.e. there are sufficient tokens in all of its input places; when the transition fires, it consumes the required input tokens, and creates tokens in its output places. A firing is atomic, i.e., a single non-interruptible step.

Unless an execution policy is defined, the execution of Petri nets is nondeterministic when multiple transitions are enabled at the same time, any one of them may fire.

Since firing is nondeterministic, and multiple tokens may be present anywhere in the net (even in the same place), Petri nets are well suited for modeling the concurrent behavior of distributed systems.


There are many submodels of Petri Nets. I know of:

1. Elementary Net Systems.
2. Place/Transition-Nets.
3. Timed and Stochastic Petri Nets.
4. Coloured Petri Nets.


i think that when Modelling Concurrency, we can use Ideas of Active Components, or Transitions to describe Processess which rely on Input Data Preconditions called Tokens which are stored in Queues or other Buffers, also called Passive Components or Places.

there are people who develop Mathematical Apparatus that is used to analyze Properties of Concurrent Systems such as Reachability, Liveness, Boundedness. They are explained on Wikipedia.

i heard that there are automated tools that help to analyze, prove or disprove such qualities if given P/T Model.


See also: [6], Graphs, Elementary Net Systems Introduction, Introduction to Cooperating Processes & Synchronization, Petri Nets & Randezvous Concurrency, an Idiom.

11/14/13

Uses for Stitie Space Web Service.

Ideally it should work like this:

Supercomputer (more or less expensive), dedicated to Matrix (and other, including Ciphers) Calculations, with Simple Web Service Interface.

This way users can either login (with simple client) and manually upload data to be calculated, then wait and acquire results they paid for. Or they can automate leasing of computing power and resources with their own tools (programs will automatically order such calculations when needed).

This can be useful for Mathematicians to relieve them of simplest, menial tasks.

Information Technology Paradigms.

I think that 'Paradigm' is word for 'Way of Thinking', or 'Viewpoint'.

Is there single best and only approach to Programming or Information Technology?

I think no, for there are many standards, or 'branches' in this field of knowledge. And many languages, libraries, etc.. Each serves different purpose, and good ones can work with others (for example by serving a 'Web Service').

For example, when i use word 'Channel', i mean something differing from 'Channel' defined in many other language(s).

Everything depends on context.

Code should be independent.

Programmers should write code that way, to let others understand it.

I'd fire programmers who tried to be unfirable by 'obfuscating' their code and making themselves 'priceless' to company. Immediately.

See also: Obfuscator, Few thoughts on code quality (for professionals).

11/13/13

Packet Registry, Streams & Channels.

What's the difference between stream and channel? Channel channels streams of data. Streams can 'overflow' and form larger channels. Which is larger? Whichever you wish.

See: Splitting and Joining Information Flow.

When we split information into a streams or channels, we should address problem of lost packets somehow.

That's why we can use Packet Registry, where arrived packets are kept. If stream(s) or channel(s) is (or are) lost, we can dynamically create new stream(s) and/or channel(s), retransmitting lost packets via them.




Vertical boxes form Packet Registry. Glowing boxes are data packets. When they are arriving they are part of a data stream. Then they are placed in Packet Registry.

Movie & Source Code

Classic Concurrency Problems.

1. Mutual Exclusion.

Let's assume that two processess want to access critical section of code. They are acting as such:

process P;

begin
  while true do
  begin
    personal_affairs;
    begining_protocol;
    critical_section;
    ending_protocol;
  end
end;

Critical section is this program fragment, that can be executed by at most one process at once.

We assume that each process which enters critical section, will leave it in finite time.

See also: Petersen's Algorithm.

2. Producers & Consumers.

There are P>0 processes in system, which produce certain data, and K>0 processes which receive data from producers. Between producers and consumers there can be buffer with capacity B, whose task is balancing temporary differences during processes execution time. Processes that produce data we'll call producers, and processes receiving data --- consumers. Task is about synchronizing work of producers and consumers, such as that:

* Consumer would wait for data receive in situation when buffer is empty.
* Producer, when putting data in buffer would not overwrite data already written, but not received yet by consumer. It requires stopping temporarily producer in situation when there is no empty space in buffer.
* If many consumers wait for when data arrives in buffer, and if constantly new data is produced, then each waiting consumer will get something from buffer.
* Won't happen such situation, that certain consumer will wait infinitely for getting data, if data arrives in buffer constantly.
* If many producers wait for buffer's free space, and consumers constantly get something from buffer, then each of waiting producers will be able to put something into buffer. There won't happen situation such as certain producer will wait infinitely, if constantly something is taken from buffer.

There are variants to this problem:

* Buffer might be infinite.
* Cyclic buffer with finite space.
* No buffer at all.
* Many producers or only one.
* Many consumers or only one.
* Data might be produced and consumed at quicker rate (more than one unit at once).
* Data has to be read in writing order, or not.

Producers and consumers problem is abstraction of many situations existing in computer systems, for example: keyboard data write to buffer by keyboard device driver, and it's read by operating system.

3. Readers and Writers.

There are C>0 processes working in system. They read certain data. There are P>0 processes which write data. Processes writing data we'll call writers, processes reading data --- readers. Moment when processes have access to data, we'll call 'reading room visit' or 'reading room stay'.

Let's notice that many processes can read data at once. If someone wants to modify that data, then it's reasonable to block access to this data for all other processes for the time of read. It prevents read of inconsistent data (for example, partially modified data). Overall schema for processes work is such:

process Reader;

begin
  repeat
    personal_affairs;
    begining_reader_protocol;
    READ;
    ending_reader_protocol;
  until false
end

process Writer;

begin
  repeat
    personal_affairs;
    begining_writer_protocol;
    WRITE;
    ending_writer_protocol;
  until false
end

Beginning and ending protocols of selected processes should be written in a way, that allows for these conditions to be met:

* Many readers should have simultaneous access to reading room.
* If in reading room there's writer, then no one else does not write or read.
* Each reader, which wishes for data read, at some point will read them.
* Each writer, which wishes for data modification, at some point will write such modifications.

There are variants to this problem:

* In reading room many readers can spend their time at once.
* Reading room may have limited capacity.
* Writers may have priority over readers (but then we'll resign from readers liveness).
* Readers may have priority over writers (but then we'll resign from writers liveness).

4. Five Philosophers.

This problem does not have practical analogies, unlike previous classic problems, but it very well illustrates problems happening when concurrent programs are made.

Five philosophers dine by round table. Before each there's plate. Between plates lie forks. In middle of the table there's serving dish with fish. Each philosopher thinks. When he gets hungry, he reaches for forks laying at his right and left side, then starts eating. When he's done eating, he puts forks away and again devotes himself to thinking.

Scheme of such philospoher is such then:

process Philospher (i: 0..4);

begin
  repeat
    think;
    beginning_protocol;
    eating;
    ending_protocol;
  until false
end;

Task is to write beginning and ending protocols, such as following conditions would be met:

* Only one philospoher ate with the same fork at the same time.
* Each of the philosophers ate only and always with two (and always those which lay near his plate) forks.
* No philosopher would die of starvation.
* Also we want that each of the philosophers would act the same way.

Solution to this riddle is to use waiter to let only four philosophers at the dining table at the same time, and let fifth wait. When philosopher is done eating, he leaves table and joins queue and can only return to table when waiter allows him to do this.

Dragonfly Management System.

It should be simple.

It should let dragonflies act independently.

It should independently collect reports and resources when they are avaiable.

It should allow hackers to help users. This requires that involved internet devices allow for internet traffic pass, so we can help each other. Such traffic should not interfere with user's privacy (perhaps there can be secure channel for it).

(critic requested and welcome).

(channel channels streams... and it should survive overflows, if possible).

Distributed System.

def. Distributed System is a set of independent internet devices (which are also computers), connected with network, equipped with software designed for creating integrated computing environment. (And for recreating it often as neccessary, because internet devices leave and join networks constantly).

11/12/13

TCP Connections & UDP Connectionless Transport.

Internet is an extremely complicated system.

To provide structure to the design of the network, and it's protocols, designers organize protocols, the network hardware and software that implement the protocols in layers.

See: Internet seen by technical eyes (for computer enthusiasts).

Residing between the application and network layers, the 'Transport Layer' has critical role of providing communication services directly to the applications, in particular: TCP and UDP transport layer protocols.

Connectionless Transport, or UDP (User Datagram Protocol) has following properties:

* Finer application-level control over what data is sent, and when. This means that application can decide what services it needs, and implement them on their own. Even something similar to TCP's services, or more.
* No connection estabilishment. No 'reliable' data transfer service, no congestion control (no attempt for controlling network traffic).
* No connection state is maitained.
* Small packet overhead. This means that less data is sent between computers when UDP protocol is used. At least in theory, for many services are implemented anyway and it costs.

Connection-oriented Transport, or Transmission Control Protocol (TCP) has following properties:

* Connection-oriented. This means we can have separate connections (similar to telephone connections), so that multiple users or applications can isolate their communications from others, even if they are communicating between the same internet devices (computers, phones, etc). Even at the same time. Technically speaking, connection is estabilished between two internet devices (identified by IP Address) on certain ports. For example: between computer with IP address 192.168.1.84 on port 300 and telephone with IP address 192.168.1.108 on port 600. Each connection can have different properties (security, speed, perhaps more).
* Ordered packets. Sequence numbers allow receivers to discard duplicate packets and properly sequence reordered packets.
* Reliable data transfer. This means that data packets are retransmitted if they are lost on the way.
* Error-free data transfer. If data is malformed during transfer, a checksum allows to detect errors... then this data can be retransmitted if neccessary. Note that it's not enough to rely on this type of 'security' to prevent man-in-middle hack attack.
* Flow control. (speed matching service, so that data does not overflow receiver's buffer).
* Congestion control. (attempt for controlling network traffic).

Packet Flooding & DoS attacks.

A broad class of security threats can be classified as denial-of-service (DoS) attacks. As the name suggests, a DoS attack renders a network, host, or other piece of infrastructure unusable by legitimate users.

There are many forms of DoS attacks, including 'Packet Flooding':

* Bandwidth Flooding.

The attacker sends a deluge of packets to the targeted host - so many packets that the target's access link (router) becomes clogged, preventing legitimate packets from reaching the server.

* Connection Flooding.

The attacker establishes a large number of half-open or fully open TCP connections at the target host. The host can become so bogged down with these half-bogus connections that it stops accepting legitimate connections.

See also: Everyday tea for information problems, or DDOS attack (for everyone), TCP Connections & UDP Connectionless Transport.

11/11/13

Painting Cryptographic Keys.

It can be done easily with Stitie Space.

Just paint the Shape (which is also Form) in three or less dimensions, then dump it somehow.

It's easy to break this key, but it can be augmented with Mathematics and Programming.

Automated tool for such key creation can even be made (involing Maths & Arts).

Animations can be used as well.


Each node has data (state/color) and strategy (which is also code/data/state/color). Together they form a whole node's color.

Depending on color (of each of nodes, but also color of all nodes), which can be mixed and used any way Artist desires, whole cryptographic key is made.

The more complex Form, the harder key to break.

Message Authentication.

Message authentication is the way to ensure that message was not changed by someone during communication between sender and receiver. Encryption does not ensure that message won't be deleted or changed on the way during communication process.

Like encryption, message authentication uses a secret key that Alice (sender) and Bob (receiver) both know. We'll call it authentication key, to distinguish it from the encryption key.

Message Authentication Code (or MAC) is calculated using MAC function: message_authentication_code = mac_function(authentication_key, message).

To prevent tampering with messages, Message Authentication is combined with numbering messages sequentially. (For example: by adding sequential number to message when it's sent, then signing it with MAC).

This way we know if message was changed (by using Message Authentication Code), deleted (by checking sequence numbers), or if their order of arrival was modified (by checking sequence of numbers).

11/10/13

Security Aspects.

Should code be designed with Security in mind?

I think yes.. but it's not so bad if it is not such at first.

It should be clean and modularized, then security aspects can be added. With redesign if neccessary.

I'll check and share (You should as well before You trust this methodology).

Code Style.

Should code be hard to hack?

Yes and no.

It should be designed properly, clean, and easy to understand.

If neccessary, it can be encrypted or/and obfuscated.

See also: Obfuscator, Few thoughts on code quality (for professionals) .

Encryption & Decryption Functions.

Encryption function takes data (state/color in context of this blog), also known as plaintext message as first argument, and cryptographic key as second argument then produces ciphertext (encrypted, or disguised from being readable) message.

Decryption function takes ciphertext and cryptographic key as argument to reproduce original data (plaintext) from it.

A good encryption function makes it impossible to find the plaintext from the ciphertext without knowing the key.

See also: Basics of Cryptography (for everyone), More on Cryptography (Terminology).

Consequences of restarting AI.

AI is acronym for 'Artificial Intelligence'.

Perhaps something will start anew.

State perhaps will be zeroed, perhaps not.. for there's data persistence and databases.

If something will start anew, it will in different context (world will progress few steps onward in meantime).

Perhaps computer systems will synchronize data after restart, but some cycles of computing power in restarting computer will be lost.

Weakest Link.

'A security system is only as strong as its weakest link.'

What is weakest link depends on attacker's viewpoint and tools.

So weakest links have to be strenghtened first, with foremost priority.

Cryptographic system investment.

Is it worth to invest in cryptographic system designed by a beginner?

Probably not at first. It's not too easy task to design such a system that can withstand real attacks.

But it's worth to let it happen, be published and criticized (this includes attacks on it), so a designer can learn and improve. After decades of work it'll be stronger.

11/9/13

Threat Analysis.

def. Threat is a possible danger.

In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.

def. Threat analysis is the analysis of the probability of occurrences and consequences of damaging actions to a system.

I'll approach Threat Analysis this way:

1. List all possible threats that i can imagine or find in literature, that are directed toward beings or things i wish to protect,
2. Consider level of risk associated with each threat and assign it as a value (0: critical threat level; the higher: the less danger),
3. Describe all possible consequences i can imagine or find, for each threat.
4. Keep doing this repeatedly, as needs arise. ('Threats need to be attacked actively').

Perhaps i'll develop method for level of risk measurement later.

Cryptography as part of Secure System.

Usually computer system is not lacking in this department.

Compared to Bank Vaults with large steel doors and strong locks (locks can be compared to cryptography), computer systems seem to be tents with large door and strong locks. People love to argue about the exact key length of cryptographic systems, but fixing 'buffer overflow' in Web servers is much less fun. The result is predictable, the attackers find a 'buffer overflow' and never bother attacking cryptography.

There is, however one reason why cryptography is important to get right, even in systems that have other weaknesses. An attacker who breaks cryptography has a low chance of being detected.

It's like comparing it to real-life break in. If the burglar uses a crowbar to break in, you will at least see that a break-in has occured. If the burglar picks the lock, you might never find out that a burglary occured.

Many modes of attack leave traces, or disturb system in some way. An attack on the cryptography can be fleeting and invisible, allowing the attacker to come back again and again.

Complex systems are Vulnerable.

There are no complex systems that are secure.

Complexity is the worst enemy of security, and it almost always comes in forms of features or options.

If you want to build something secure, you have to keep it simple. It's easier to maintain it this way as well.

'Secrets and Lies' approach to Security.

Good security is always a mixture of prevention, detection and response.

The role for cryptography is always prevention part, which has to be very good to ensure that the detection and response parts (which can and should include manual intervention) are not overwhelmed.

See also: 'Dragonfly & Windshield'.

Deterministic & Nondeterministic Algorithms.

In computer science, a deterministic algorithm is an algorithm which, given a particular input, will always produce the same output.

Nondeterministic algorithms have their uses as well, for example, probabilistic algorithms.

Sometimes deterministic algorithm is too inefficient or insecure.

For example 1: We can spread data along the tree data structure randomly, thus have shorter routes between tree's root and leaf nodes (on average).

('Tree' is data structure with nodes and pointers, or 'arrows' leading from upper nodes to lower nodes. Each node might have 0, 1, or more pointers. Root node is uppermost node, Leaf nodes are on bottom of data structure).

See 'Literature' for more details about the 'trees' and other data structures.

For example 2: Random numbers are used in cryptography, thus in security. If random number is generated nondeterministically, it's more secure to use it for creating cryptographic key.

What makes a paradigmatist.

Paradigmatists are such if they learn.

When they stop learning, they stop being paradigmatists.

Because they stop trying to understand someone else's paradigm (way of thinking, viewpoint) anymore.

11/8/13

Traditional Digital Art Form use in Stitie Machine.

3 (or less) -dimensional Art Forms can be used in Stitie Machine to form computer program that can be run.

Just paint Form as you wish or will.

Each color is associated with programming code (same color is same code.. so 'Color Picker' should be used carefully, but there's available great depth to colors), and it is designed to work like this.


Technical details:

Colors can be used as is needed, even duplicated in many pixels, for color depth can be deepened if neccessary.

Colors can show as the same, but have greater depth in fact.

Greater depth can also be displayed somehow... for example as complex icon (cheap solution)...., or deeper color with proper hardware (very expensive one).

Perhaps Forms can be 'imaged' in other ways as well.

See also: Stitie Machine.

What problems Painting Forms can solve?

Stitie Machine is Turing Machine.

Form, or Object Graph is in-memory model of running program.

Painting (using Mathematical Art) Form makes it appear in computer memory.

Then Form can be 'run' (or 'executed') to solve any problem computers can. Just with different resource use for different problems.

See also: Stitie Machine, and its implementations: Core 1.0 and Sunsail 1.1 .

See also: Stitie Turing Machine (including comments) and Combining State .

11/7/13

Combining State.

Two finite state automatons can be combined, resulting in one larger finite state automaton.

State can be represented as graph, with states (dots) and transition functions (arrows).

Just combine states from two graphs into state pairs using Cartesian Multiplier (each with each), represent each pair as single node, then connect state pairs with transition functions properly.

Then this complex automaton can be reduced, by removing duplicate transition functions (arrows).

This process (Combining State) can be repeated as many times as is needed.

(this has use in mapping 'Stitie Turing Machine' into Turing Machine).

Mathematics, Fractal Art & Stitie Machine.

Mathematical (functional) Art can define functions that can be used to 'paint' 'Forms & Shapes' in 'Stitie Machine(s)'.

It's very efficient to do it this way.

'Fractal Art' is also 'Functional Art', with stricter requirements.

System is Never Secure Forever (part 3).

According to experts (who are 'fanatical' about security), every system they analyzed has been broken in one way or another. There are always a few components that are good, but they invariably get used in insecure ways.

11/6/13

Pretty data.

I think that data structures in computer memory should be nice, pretty and tidy.

Unlike some constructs i've seen when i worked for Bank.

11/1/13

ACID.

In computer science, ACID (Atomicity, Consistency, Isolation, Durability) is a set of properties that guarantee that database transactions are processed reliably.


Atomicity: requires that each transaction is "all or nothing": if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged.

Consistency: Ensures that any transaction will bring the database from one valid state to another.

Isolation: The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other. Providing isolation is the main goal of concurrency control. Depending on concurrency control method, the effects of an incomplete transaction might not even be visible to another transaction.

Durability: Durability means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors.

See also, if You wish or need ... : Transactions, Source.

Databases and Database Management Systems.

Database is set of data.

Database Management System is system (software tool) for managing databases.

DBMS allows for:

1. defining data schema, or logic structure of database,
2. formulating data queries,
3. storing large amounts of data,
4. concurrent data access (including modifications) and security.

SOLID.

Single responsibility principle: a class should have only a single responsibility.

Open/closed principle: 'software entities … should be open for extension, but closed for modification'.

Liskov substitution principle: 'objects in a program should be replaceable with instances of their subtypes without altering the correctness of that program', without breaking the Contract. See also: Liskov's substitution principle, Design by Contract , and Design by Contract (in simpler words).

Interface segregation principle: 'many client-specific interfaces are better than one general-purpose interface.'

Dependency inversion principle: one should Depend upon Abstractions. Do not depend upon concretions.

Liskov's Substitution Principle.

Liskov's notion of a behavioral subtype defines a notion of substitutability for objects;

That is, if S is a subtype of T, then objects of type T in a program may be replaced with objects of type S without altering any of the desirable properties of that program
(e.g., correctness).

When this occurs, we can say that design or implementation adheres with the LSP (Liskov's Substitution Principle).

It is desirable for designs & implementations to adhere with LSP.

See also, if You wish or need, ... : Liskov substitution principle on Wikipedia, SOLID, Design by Contract.

Open / closed principle.

In object-oriented programming, the 'open/closed principle' states 'software entities' (classes, modules, methods, etc.) should be open for extension, but closed for modification.

Design by Contract.

Introduction.

Design by Contract is the Software Collaboration Method.

Contract (between class user and class author) should state under which condition class will provide it's services to class user.


Contract.

There are preconditions, postconditions and invariants that regulate contract.

Precondition is a condition that is required for something to happen. Precondition can be simple or complex, complex precondition consists of multiple simple or complex preconditions as well.

Postcondition is something that is guaranteed to happen if preconditions are met & program behaves correctly.

Invariants is something that is guaranteed to hold, at least in observable moments in time, or perhaps even all the time.


If class user provides 'correct' (or using alternative wording: 'legal') preconditions to object, methods will ensure that postconditions are met. Invariants are always met (though some disagree, for there's 'observable moment' argument), or contract is broken.


Examples for Preconditions:

- method arguments,
- concurrency requirements,
- perhaps more.


Examples for Postconditions:

- program's process(-es) will compute and provide results correctly,
- program will finish within the agreed time frame in at least 90% of situations,
- perhaps more.


Examples for Invariants:

- heat in Reactor will never go above the Critical Value,
- variable 'divisor' will never have '0' value,
- variable 'divisor' will never have '0' value during computations phase,
- perhaps more.


Inheritance (in simple words).

To not break contract, following conditions must be met:

1. subclasses must require no more than it's neccessary for superclass to work correctly (but can require less).

2. subclasses must meet all requirements of superclass (but perhaps can give more).

This is related with the Liskov's Substitution Principle (LSP).


Exceptions in Java.

When contract is broken during Runtime, an Exception should be thrown.


See also: SOLID, Conditions, Security Harness, Software Complexity, Application Design, Use Cases & Automatic Testing.