Category Archive Medium

ByJayanthi

Kerberos Authentication protocol

Reading Time: 3 minutes

We have already discussed about Cryptography and Caesar cipher‘. In this post we will explore more about Cryptography by discussing the application of Cryptography – ‘Kerberos authentication protocol’. In today’s insecure online and distributed environment we need stronger authentication mechanism than the classic username/password combination. 

Introduction:

‘Kerberos’ was developed in MIT as part of a project named ‘Athena’. Kerberos is a three headed dog in Greek mythology which was used to guard the underworld. The electronic version of Kerberos or the Kerberos authentication protocol is used to guard user’s online data and keep hackers at bay. The Internet being a place which does not hold the three tenets of Information Security – Confidentiality, Integrity and Availability – needed stronger cryptographic algorithms to ensure user’s online privacy. The Kerberos network authentication protocol was created to uphold the three tenets by making use of symmetric key cryptography. Recall: In Symmetric key cryptography, the same key that is used to encrypt data is used to decrypt data as well. 

The Kerberos authentication protocol is used to prove your identity in a client/server interaction by making use of “tickets”. Kerberos version 4 was created by Steve Miller and Clifford Neuman. Version 5 release 1.16.3 is the latest version  It was created by John Kohl and Clifford Neuman. Kerberos is freely downloadable from the MIT website under copyright permissions. It is also available as a professional product by many vendors. Kerberos is based on the Needham-Schroedar protocol.

 

Necessity of Kerberos:

Kerberos was created to overcome the following threats in an open distributed network environment:

  1. A user may masquerade as another user and access the privileges and rights on the new user’s workstation
  2. A user can change, modify and alter the network address of other workstations
  3. A user can also “snoop” and overhear conversations and gain an entry into servers(Stallings)

Description:

Here is an extremely high level working of the Kerberos authentication protocol ….the important terms to be aware of before we start discussing the working of Kerberos:

KDC – Key distribution center

TGS – Ticket Granting Service

  1. A user logs onto a client machine, enters his credentials and requests some services. Now, the username alone is transmitted to the  KDC server(the password is transformed into the key of a symmetric cipher and kept at the user’s machine) After matching username with the KDC database, the KDC server creates the TGT (Ticket Granting Ticket – which is encrypted by the user’s key)

     2.  The client receives the encrypted TGT.  Recall that Kerberos makes use of symmetric key cryptography. Hence, the encrypted TGT that is received is decrypted using the user’s key(the user’s key is stored in the user’s machine)

      3. The TGT stored on the machine will enable a session with the server for a specified amount of time

      4. In order to communicate with the server and request more services, the client will use the TGT and ask for a specific service from the KDC server

Conclusion:

This is just a simplified version of the Kerberos authentication protocol. It can be inferred from the above description of the Kerberos authentication protocol that the entire functioning is based on “tickets” and encryption and decryption using symmetric key cryptography. No passwords were sent in the entire client/server interaction. It is hoped that stronger authentication standards will be adopted by the industry.

Bibliography:

Kerberos. (n.d.). Retrieved May 7, 2014, from Wikipedia.org: http://en.wikipedia.org/wiki/Kerberos_(protocol)#Further_reading

Cryptography and Network Security. In W. Stallings.

What is kerberos and how does kerberos work, from https://www.slashroot.in/what-is-kerberos-and-how-does-kerberos-work

 

 

 

 

 

ByBala Manikandan

Java 8 – Default and Static Methods in Interfaces

Reading Time: 2 minutes

Before beginning this post, I would like state that this post assumes some knowledge of Java.

 

Prior to Java 8, all methods in an interface had to be ‘abstract’. However, in Java 8, default and static methods could also be defined in interfaces. These are discussed in the following sections.

Default Methods:

A default method in an interface is used to define the ‘default’ behaviour of an object of that interface type, in case a class implementing that interface does not override the method. Unlike other interface methods, default methods have a method body. A default method is declared using the keyword ‘default’:

interface TestInterface {
      default void defaultMethod() {  }      //a default method
}

 Flat 20% cashback on Motorola, Vivo and Lenovo Smartphones

Note that the above method uses curly braces, not a semicolon. Just like normal methods, statements can be included between the curly braces. Now consider another piece of code:

package bala;

interface TestInterface{
default void print(){
System.out.println(“Default”);
}
}
class Sample1 implements TestInterface{ //overrides print()

public void print(){
System.out.println(“Not Default”);
}
}
class Sample2 implements TestInterface{} //doesn’t override

public class Test {

public static void main(String[] args) {
TestInterface obj1 = new Sample1();
TestInterface obj2 = new Sample2();
obj1.print();
obj2.print();
}
}

 

 

The above code prints:

Not Default
Default

In the above code, both the classes, Sample1 and Sample2, implement the interface TestInterface, which contains a default method.

class Sample1 overrides the print() method but Sample2 doesn’t.  In the main() method, two objects of object types Sample1 and Sample2 are created, which then invoke the print() method. Since Sample1 has the overridden print() method, the code in the overridden version executes.

But the print() method is not overridden in Sample2,  so the code in the default method of TestInterface executes. This accounts for the above output.

Static Methods:

Recall the definition of static methods – they belong to the class rather to an instance of the class.

As in classes, static methods in interfaces are the methods that can be called using the interface name itself, rather than using an object reference variable. These methods also use curly braces. Their usage is very similar to the usage of static methods in classes, as demonstrated in the following code:

package bala1;

interface TestInterface2{

static void print(){
System.out.println(“Static method inside an interface”);
}
}
public class Test2 {

public static void main(String[] args) {
TestInterface2.print();
}

}

 

As expected, the above code prints:

Static method inside an interface

We have seen the newer features of Java 8(namely – default and static methods in interfaces) in this post! Join me as I uncover some more technical aspects of the world!

ByJayanthi

Which is more secure: SSL, TLS or HTTPS

Reading Time: 2 minutes

Data that is passed “as-is”(without encryption) is prone to attacks by hackers and people with malicious intent. In order to pass critical financial information without being eavesdropped, it is crucial to encrypt all data. Encrypting communication allows one to pass credit card numbers, banking information and other sensitive details between the client and server and it is more secure. Encryption between the client and server is done by SSL/TLS. Before seeing which is a more secure protocol,we will first understand the terms SSL,  TLS  and HTTPS.

SSL is ‘Secure Sockets Layer‘ and it is used to secure the connection between the client and server. It makes use of public key encryption(when a public key may be used encrypt and private key may be used to decrypt –  or it can work the other way around too) and it works at the transport layer of the OSI model. It provides data integrity, confidentiality for the connections between the client and server. 

 

 SSL is now known as TLS or ‘Transport layer security‘. It is again a cryptographic protocol that is used to encrypt all communication between client and server. SSL 3.0 officially became TLS and TLS 1.2 is the latest version.  TLS is backward compatible to secure older SSL connections. 

‘HTTPS’ is ‘Hyper text transfer protocol secure’. HTTP is the building block of the Internet. HTTPis ‘HTTP’ secured with SSL/TLS.  HTTPS is synonymous with security during transmission.  Connections can be understood to be encrypted by seeing the padlock at the left hand corner of the screen or by seeing ‘https’ instead of ‘http’.

Now coming to the original question of which is more secure TLS is more secure as SSL has given way to TLS. But since communication security is still understood as SSL, it can be said that SSL/TLS is more secure. 

 

Note: HTTP vs HTTPS image source: Google images

 

 

 

 

 

 

 

ByJayanthi

Wireless security

Reading Time: 3 minutes

Look around you and you see everything has become wireless and more mobile than 10 years ago. Wireless technologies have seen increased growth as being tied to desktops, landline phones have become passé. We see laptops with Wi-Fi connectivity that gives one the ultimate freedom to do business or do casual browsing on the go. In addition to this we also have numerous wireless devices such as the wireless mouse, wireless speakers, wireless headphones and wireless cameras. Another interesting development on the wireless front is the wireless POS terminal that again gives more convenience to the end user and the merchant. Given all these wireless developments, it is but necessary to secure them, using good policies and adopting latest standards.

We start our discussion on wireless security by first seeing the working of the WLAN, security issues with wireless networks followed by the countermeasures that seek to block these security issues.

Read More

ByJayanthi

What is Steganography?

Reading Time: 1 minute

Steganography is the procedure by which files or information can be transmitted secretly by embedding them in images or audio files. Cryptographic concepts can be used to supplement steganography by first encrypting the message and then hiding it in the image.

For the ordinary user only an image is visible but to the sender and receiver, a message is hidden in the picture which  can be unearthed only by using special steganographic tools.

Read More

ByJayanthi

Firewalls!

Reading Time: 3 minutes

Irrespective of our profession we have all encountered the term “firewalls” in our life. We are all glued to our laptops or mobile devices and are constantly engaged in business or personal conversations all the time.  These digital and electronic conversations will sooner or later bring the malicious part of the Internet into play. We come across viruses/malicious traffic/ worms/phishing scams all out to steal our personal and business information. Firewalls are a type of countermeasure to stop these elements.

Read More

ByJayanthi

Password cracking!

Reading Time: 3 minutes

“Password” is the simplest and easiest way to authenticate a user. It is also one of the most easily understood ways to authenticate a user. Recall, that authentication is the process of uniquely identifying a user and making sure that “they are who they are”. The username and password combination is the defacto method of identifying a user in all websites.

Read More

ByJayanthi

DMZ

Reading Time: 3 minutes

Introduction:

Ignorance may make us think that the Internet is a safe place – but the unseen forces that rule the Internet(such as hackers and other network detection tools) always seek to gain an entry into strategic business networks and home networks. The information security industry has borrowed the concept of ‘demilitarization’ from the army to bring in the concept of ‘DMZ’ or ‘Demilitarized zone’ to secure internal networks. DMZ  is a semi-secure area in the network that contains important resources.

Read More

ByJayanthi

Ransomware

Reading Time: 3 minutes

What is Ransomware?

Imagine logging onto your laptop one fine morning, checking mails and clicking on a few links and being confronted with this dialog:

 

Read More