Sunday, May 22, 2016

Exchange of Data using Applicability Statement 2

Applicability Statement 2 or AS2 is a specification using which data can be exchanged securely using even an unencrypted HTTP connection. It works like an envelope in which data can be embedded and transferred securely.

AS2 is suitably used for EDI transactions. EDI or Electronic Data Interchange is an electronic communication method using which two different companies or organizations can electronically exchange documents, such as purchase orders, invoices, shipping notices etc. AS2 can be used to make EDI transactions more secure.

Data Exchange using AS2

To exchange data using AS2, both the sender and the receiver need to use a communication software in their systems. Using the software, the sender first digitally signs the document, so that the document cannot be tampered with. After that, the signed document is encrypted and sent to the receiver. The encrypted document also contains a request of receipt from the receiver.

The receiver receives the signed and encrypted document. He first decrypts it and then, verifies the signature of the sender. After successful validation, a signed receipt is sent by the receiver back to the sender.

An HTTP POST is used to send the data to the receiver. The request URI identifies the process which will be used to unpack and handle the data and then to generate a reply. The receipt can be sent either with the HTTP Response body or by using a new HTTP POST operation.

So, to summarize, data exchange using AS2 typically follows the steps below :

  • The sender first signs the document using his private key and then, encrypts it using S/MIME.
  • The document also specifies that a signed receipt has to be sent back to the sender.
  • The signed and encrypted document is then sent through an HTTP connection. Please note that, though an HTTP connection is unsecure, the document remains secured as it is signed and encrypted using strong cryptographic keys.
  • The receiver receives the document and decrypts it using his private key.
  • The receiver verifies the signature using the public key of the sender.
  • On successful validation, the receiver creates a receipt and signs it using his private key. The signed receipt also contains the hash of the received message so that the sender can be sure that the sent document was successfully decrypted and validated by the receiver.

So, even though an HTTP connection is unsecured, secured document can be sent through it using AS2. This article just gives an overview of how data gets exchanged using AS2. Hope you liked it.

Friday, May 20, 2016

Point-to-Point Protocol

Point-to-Point Protocol or PPP is a layer 2 or data link layer protocol which is used to establish a direct connection between two nodes in a network. It can provide authentication, encryption and compression. This protocol is used to create a simple link between two peers in a network to transport packets.

PPP links are full duplex and deliver packets in order. This protocol can be used for communications between hosts, bridges, routers etc.

PPP Encapsulation

Data from different network layer protocols can be transferred using same PPP link. This becomes possible because of using encapsulation.

PPP puts the data in a frame and transfers it using a PPP link. A frame is a unit of transmission in the data link layer of the OSI protocol stack. PPP uses frames to mark the beginning and end of encapsulation.

A PPP frame contains the following three fields :

Protocol Field – Protocol field indicates the protocol used in the frame. The protocol can be a Link Control Protocol, Password Authentication Protocol, Challenge Handshake Authenication Protocol etc.

Information Field – It contains the datagram for the protocol specified in the protocol field. A datagram is a unit of transmission in the network layer and it is often encapsulated in one or more packets in the data link layer.

Padding – The information field may get padded by a number of octets in a frame.

How does PPP work

In a Point-to-Point Protocol, a PPP link is established for communication in five phases as mentioned below:

Link Dead Phase

A PPP link begins or ends with a Link Dead Phase. When the physical layer is ready to be used, PPP proceeds with this phase and then transits to the next phase Link Establishment Phase. On disconnection of a modem, the link returns back to this phase.

Link Establishment Phase

Configure packets are exchanged during this phase. These configuration options can be dependent on particular network layer protocol used or it can be independent of that. Two different protocols are used for that purpose :

Link Control Protocol

This protocol is used to agree upon the encapsulation format option, size of packets, misconfiguration errors etc. It can also negotiate parameters of authentication.

Network Control Protocol

This protocol is used to manage the specific needs of the network layer protocol being used. For example, assignment and management of IP addresses may be difficult for a circuit-switched point-to-point link. Network Control Protocol can be used to manage that.

In Link Establishment Phase, only Link Control Protocol packets are used to agree upon the configuration parameters. Configuration dependent on the network layer protcol is handled by Network Control Protocol packets in the Network Layer Protocol Phase.

Authentication Phase

If a peer needs to be authenticated, a PPP link needs to handle it before Network Control Protocol packets are exchanged. PPP uses Authentication Phase for that purpose.

There are two types of authentication protocols that can be used :

  • Password Authentication Protocol
  • Challenge Handshake Authentication Protocol

Password Authentication Protocol

In a Password Authentication Protocol or PAP, a peer is repeatedly requested for ID/password pair until authentication is accepted. On receiving invalid authentication parameters after multiple times, the link in terminated.

In PAP, passwords are transmitted in an unencrypted format over the PPP link. So, this protocol is not secure.

Challenge Handshake Authentication Protocol

A Challenge Handshake Authentication Protocol or CHAP relies on periodic peer validation, instead of relying on authentication only at the beginning of the link establishment.

It uses a challenge-response mechanism for authentication. The authenticator sends a challenge to the peer. The peer receives the challenge and calculates the response using a complex algorithm and the challenge. The response is then sent back to the authenticator. The authenticator receives the response and verifies it using the same algorithm and the input challenge.

In terms of security, CHAP is much more secure than PAP.

Network Layer Protocol Phase

Each network layer protocol like IP, IPX or AppleTalk must be separately configured by Network Control Protocol in a PPP link. Network Layer Protocol Phase takes care of that.

Link Termination Phase

This phase is used to terminate the PPP link. Upon closing the link, PPP informs the network layer protocol to take proper action.

Point-to-Point Protocol and Tunnels

A tunnel is created between two virtual network interfaces. PPP can assign IP addresses to these virtual network interfaces and these IP addresses are used to transfer data between the two networks on both sides of the tunnel.

Many protocols like SSH, SSL, L2TP, PPTP etc can be used to tunnel data over IP networks. PPTP or Point-to-Point Tunneling Protocol is a form of PPP between two hosts which use Microsoft Point-to-Point Encryption or MPPE for encryption and Microsoft Point-to-Point Compression or MPPC for compression.

This article gives some basic information on how Point-to-Point Protocol works. Hope it helped.

Wednesday, May 18, 2016

Quantum Computing and Modern Cryptosystem

Quantum Computers are computing systems that make use of Quantum Theory. They are different from digital computers and are much more powerful. Quantum Computers are still in nascent stage. But, once they are in use, they can break modern cryptosystem.

Let's understand what Quantum Computers actually are and how they can break modern cryptosystem.

Evolution of Quantum Computers

Until the 19th century, Newtonian theory dominated physics. But, in early 20th century, physicists discovered that the laws of classical mechanics do not apply at the atomic scale.

In 1900, German physicist Max Planck introduced Quantum Theory as per which energy exists in individual units called 'quanta'.

Further developments on Quantum Theory were made gradually, as per which :

  • Energy, like matter, consists of discrete units, rather than solely as a continuous wave.
  • An elementary particle like an electron or a photon, can behave like either a particle or wave.
  • Movements of elementary particles are random and unpredictable.
  • The more precisely the position of some elementary particle is determined, the less precisely its momentum can be known. In other words, the more precisely one value is measured, the more flawed will be the measurement of the other value.

Later, the theory of quantum superposition was developed. As per this theory, any two quantum states can be added together or superposed to create another valid quantum state. In fact, as long as we do not check to see the state an elementary particle is in, it can be in all possible states simultaneously.

To illustrate the above principle, a thought experiment called Schrodinger Cat was described by Erwin Schrodinger in 1935. As per this :

Suppose, a cat is pinned up in a steel chamber along with a device that contains a tiny bit of radioactive substance, an atom from which may decay in an hour. And, when the atom decays, it would shatter a small flask of hydrocyanic acid killing the cat.

So, it would mean, the cat will be alive as long as no atom decays. But, if it does, the cat will be killed by the poisonous hydrocyanic acid. But, we would not be knowing whether the cat is alive or dead as long as we break the steel chamber.

So, to draw an analogy, the cat will be in a state of superposition of being alive and being dead, as long as it is in the steel chamber. And, when we would break the steel chamber, the cat will be either alive or dead.

And, as per theory of entanglement, two elementary particles can be entangled with each other, so that there is a correlation between the states they are in. For example, two electrons can be entangled such that both of them always spin in opposite directions. Quantum state of each particle cannot be described individually, instead both the particles will be in a quantum state as a whole.

And, based upon the principle of superposition and entanglement, Quantum Computers are evolved.

In a digital computer, a bit can be in a state '0' or '1'. So, n bits can represent exactly one value of the possible 2n values. We can apply some operation on it and convert it into some other value.

In case of Quantum Computers, elementary particles like an electron or a photon is used. This elementary particle called 'qubit' can be in state '0', '1' or in superposition of '0' and '1'. So, it is possible that n qubits are in a superposition of 2n states simultaneously. We can apply some quantum operation on these n qubits and change its state.

And, this theory enables Quantum Computers to write programs in a completely different way, which is much more powerful than classical digital computers.

How Quantum Computers can break Modern Cryptosystem

Modern cryptosystem relies heavily on the fact that, it is computationally infeasible to factorize a large number into its prime factors. For example, in an RSA cryptosystem, an attacker can easily derive the secret keys if he can take one particular parameter and factorize it into its two prime factors.

But, in Quantum Computing, a large composite number can easily be factorized into its prime factors in real time.

Let's understand how it can be done.

Let's say,

N = a product of two prime numbers p and q
x = a number not divisible by p and q

Let's take the series :

x mod N, x2 mod N, x3 mod N, x4 mod N ...

As per Number Theory, these numbers in the series will repeat themselves after a period d and d will surely divide (p-1)(q-1)

So, in a Quantum Computer, we can perform the steps below :

  • We can take all the numbers of the above series and create a superposition of all the numbers.
  • We can then apply some quantum operation to reveal the period d. As said earlier, the numbers repeat themselves after a period d.
  • We can repeat the steps with different values of x, which would give different values of d.
  • If we can get enough different values of d, we can derive (p-1)(q-1), as d always divides (p-1)(q-1).
  • From (p-1)(q-1), we can calculate pq which is equal to N.

So, we can first reduce the problem of factorization into another problem and then use Quanum Theoy of superposition and entanglement to derive the unique prime factors, which in effect beak the modern cryptosystem.

This was just an introductory article to give some basic information on Quantum Computing. Hope you liked it.

Tuesday, May 17, 2016

Public Key Infrastructure and Blockchain

When two hosts want to transfer sensitive data between them, they use an encrypted communication. Both the hosts first connect to each other, authenticate themselves and after that an encrypted connection is established, using which sensitive data are transferred.

If a host wants to authenticate itself to the other host, it needs to prove its identity. Normally, public key cryptography is used for that purpose. Each host possesses a private-public key pair. And, to establish an encrypted connection, they share their public keys to each other.

But, one has to confirm that the shared public key indeed belongs to the sender. Public Key Infrastructure or PKI is an arrangement which is used for that purpose. It binds public keys with corresponding identities through registration and issuance of certificates and using centralized authority called Certificate Authority or CA. PKI consists of set of roles, policies and procedures to create, manage, distribute or revoke digital certificates.

Certification using Public Key Infrastructure

PKI consists of the following components :

  • Certificate Authority
  • Registration Authority
  • Central Directory
  • Certificate Management System
  • Certificate Policy

Certificate Authority

A Certificate Authority issues a digital certificate to an entity. The issued digital certificate is signed with the private key of the CA, so that it is not tampered with. When a host gets a digital certificate of another host, it checks with the corresponding CA to make sure it is an authentic one.

Registration Authority

When an entity requests for a digital certificate, the Registration Authority verifies the identity of the entity to make sure the digital certificate is not misissued.

Central Directory

A Central Directory is a central location where public keys are stored and indexed, so that they can be retrieved at the time of verification of digital certificates.

Certificate Management System

A Certificate Management System manages access to stored certificates and the delivery of the certificates to be issued.

Certificate Policy

It consists of policies of digital certificates.

Blockchain in Decentralized Public Key Infrastructure

There are several disadvantages of relying on a centralized authority in a PKI. A digital certificate can be misissued by a CA for a number of reasons and when that happens, security gets heavily compromised.

To counter the disadvantages of using a centralized authority, a Decentralized Public Key Infrastructure can be used with Blockchain.

What is a Blockchain ?

A blockchain is a distributed database that maintains a continuously growing list of data records that cannot be tampered.

The blockchain was the main technical innovation behind Bitcoin. There a blockchain is used as a public ledger of all transactions made with Bitcoins.

A blockchain consists of a number of blocks that are linked with each other with each block linked with its previous block. And, each block consists of a batch of timestamped transactions and a hash of previous block. As the blocks are linked with each other forming a chain, hence the name of the database.

When new transactions are broadcast to all nodes, each node collect the transactions in a block. All the nodes verify the transactions present in the block and notify one another about their acceptance. When the majority of the nodes agree, the next block is created, linking it with the previous one.

How can a Blockchain be used in a Decentralized Public Key Infrastructure ?


Blockchain can be used in a Decentralized PKI where each block may contain a number of digitally signed transactions. When an entity is registered with a public key, it can sign it with its secret key and submit it to the blockchain. All the nodes in the blockchain can participate in registration, issuance and validation of a public key of an entity. And, when most of the nodes in the blockchain approves a transaction, it can get added in the next block created.

Registration of a Public Key

When an entity wants to register its public key, it signs the key with its secret key and submits it to the blockchain. All the nodes of the blockchain are notified. Each of them then iterates through the blockchain and verifies the key is not previously registered and the transaction is valid. When a majority of the nodes verifies the transaction successfully, it is approved and a blockminer can then add it to the next block created.

Verification of a Public Key

When a user wants to verify whether a public key belongs to the identity, it traverses through the blockchain and looks up for id and public key pair of each transaction. As each transaction is digitally signed and registered after successful verification, it is very difficult to tamper with a public key of an entity and thus, it ensures security.

Update of a Public Key

When an entity wants to update its public key, it submits its id and the old key and the new key to the blockchain. All the nodes of the blockchain verifies that the old public key corresponds to the entity and notifies their approval. When the majority of the nodes approve, a new block is created with the updated value of the public key.

Monday, May 16, 2016

Dynamic Domain Name System and Transaction Signature

When we want to visit a website, we simply type the URL of the website in the address bar of the browser and the webpage loads. We do not need to memorize the IP address of the website. When we type a URL, our computer makes a DNS query with the URL to the DNS Server and the corresponding DNS Server responds with a DNS record containing the proper IP address. And, using this IP address our browser opens the website in the browser.

Dynamic DNS is a method to update these DNS records in a Domain Name System automatically without manual intervention. And, Transaction Signature or TSIG is a protocol which is used to secure Dynamic DNS updates.

Why Dynamic DNS ?

In the initial stages of the internet (ARPANET), addressing of hosts in the network used to be done using static address translation tables maintained manually in the form of host file in a computer. This host file used to map hostnames with IP addresses. But later, it became inconvenient and Domain Name System was developed.

Domain Name System started distributing the same address information automatically using recursive queries to remote distributive databases configured for each network or domain.

At that time, IP addresses used to be statically assigned to hosts and would rarely change. So, this method was sufficient. But later, rapid growth of the internet made this mechanism highly inefficient.

To reduce the burden of network administrators or of manually configuring the IP addresses of hosts, Dynamic Host Configuration Protocol or DHCP was introduced. In this protocol, hosts contact the DHCP Servers when they boot up and get IP addresses dynamically assigned to them.

As hosts can have IP addresses dynamically assigned to them now, DNS records in DNS Servers needed automatic updates. And, Dynamic Domain Name System or DDNS was developed for that purpose.

Using DDNS, host computers dynamically notify their respective DNS Servers of the IP addresses they received from the DHCP Servers or through self-configuration.

But, these DDNS updates need to be secured from attackers. And, to safeguard them Transaction Signature or TSIG is used. TSIG is a protocol which authenticates DDNS updates coming from an approved DNS Client or from an approved recursive name server.

How does Transaction Signature Work ?

TSIG uses shared secret keys to establish a trust relationship between two entities in a DNS communication. It uses a new record type called TSIG RR which is dynamically computed to cover a particular DNS transaction.

A TSIG RR is related to one DNS request/response and thus, it is discarded once it has been used to authenticate a DNS message. It contains name of the hosts amd the secret key shared between them along with other information.

When a DNS communication is done between a DNS Client and a DNS Server, it typically follows the steps below :

  • When a DNS Client wants to send a DNS request to a DNS Server, it computes the message digest of the request message and adds the digest in the TSIG record. It also keeps a copy of the message digest with it for its own reference.
  • The DNS Server receives the signed request from the DNS Client. It generates a response and signs the response using the same algorithm and the secret key shared between them. A DNS Server does not generate a signed response for an unsigned request.
  • The DNS Client receives the signed response from the DNS Server and extracts the TSIG. It calculates the keyed digest in the same way as the DNS Server and verifies it.

Security of TSIG

Transaction Signature makes DDNS updates more secure. As long as the shared secret key is not compromised, it provides strong authentication. To safeguard the secret keys, they should not be stored in an unencrypted form and should be changed periodically.

This article was meant to give some basic information on Dynamic DNS and Transaction Signature. Hope it helped.

Saturday, May 14, 2016

Entropy, Randomness and Modern Cryptosystems

We use encryption technologies to keep our secret data safe and secure. But, there are a number of pitfalls associated with this.

We take a secret plaintext message and encrypt it using a strong secret encryption key to generate the ciphertext. The purpose is, an adversary should not be able to retrieve the secret plaintext message from the ciphertext, provided he does not know the secret key. But, no modern encryption algorithm is absolutely secure. Many a times attackers manage to extract meaningful information about the plaintext message from the ciphertext. Entropic Security is a security definition which is used to indicate how difficult it is for an attacker to extract meaningful information about the plaintext from the ciphertext when he does not know the secret key.

What is Entropy ?

In cryptography, a cryptosystem is said to be semantically secure if it is computationally infeasible for an attacker to extract any knowledge of the plaintext based on the ciphertext and its length.

Some encryption schemes, such as RSA without encryption padding and many block ciphers used in Electroninc Codebook or ECB more or with a constant initialization vector cannot be called semantically secure. They always produce the same ciphertext for a given plaintext and key, even over separate executions of the encryption algorithm. So, an attacker can use this knowledge to do some statistical analysis on the ciphertext and gain much knowledge on the plaintext.

Entropic security of an encryption scheme is similar to semantic security when the message spaces have highly entropic distribution. In other words, an encryption is said to be entropically secure if it is computationally infeasible for an adversary to extract any information about the plaintext from the corresponding ciphertext.

In Information Theory, an entropy is a measure of unpredictability of information content in a message. In other words, it is the expected value of the information contained in each message. Randomness is a measure of uncertainty in an outcome and thus is applied to the concept of information entropy.

Entropy and Modern Cryptosystems

Modern cryptosystems rely heavily on randomly generated keys. We randomly generate a secret key and encrypt secret data using that key.

For example, in SSL communications, we generate a very large random number and utilize that to encrypt the communication. These random keys are generated based on specific information from some predefined sources. From some specific sources, entropy is collected and then it is utilized to generate the random keys. And, that is how entropy, randomness and modern cryptosystems are related to each other.

How is entropy generated

There are a number of ways entropy is generated and collected in a modern system. A number of them are mentioned below :

  • Linux kernel generates entropy from keyboard timings, mouse movements and IDE timings and make the random data available through the special files /dev/random and /dev/urandom.
  • Some software packages use userspace processes to gather random characters and utilize them.
  • Modern CPUs and hardware often use integrated generators to create high quality and high speed entropy and rovide that to the Operating System through /dev/hw_random.
  • Some companies manufacture entropy generation devices to generate high quality entropy in an efficient manner.
  • One can even collect entropy of a system from the computer's microphone or by building a sensor to measure the air turbulence inside a disk drive or even from webcams.

This article gives the basic information on entropy and how it is related to modern cryptosystems. Hope you enjoyed this.

Friday, May 13, 2016

How do NAT and VPN work ?

We often use NAT and VPN in an organization to access the remote network. Let's understand how they work actually.

What is NAT or Network Address Translation ?

Network Address Translation or NAT is a method by which IP addresses are mapped from one group to another, being transparent to the end users. NAT is usually used when a network's internal IP addresses cannot be used outside the network because of privacy reasons or because they are invalid outside the network.

For example, many a times small offices have multiple network nodes in the office, but they have a single IP address assigned to the remote access router by the Internet Service Provider. Using NAT, any network node in the network can access remote networks simultaneously using the single IP address assigned to the router.

In basic NAT, the IP addresses are mapped from one group to the other. In NAPT, the multiple IP addresses as well as their TCP/UDP ports are translated into a single network address and its multiple TCP/UDP ports. These two mechanisms are used together in a traditional NAT.

How does NAT work ?

In NAT, the IP addresses are translated typically in the following manner :

  • When an outgoing session is initiated from a private host, its private address is bound to the corresponding external address. In case of NAPT, the binding consists of a tuple of IP addresses and ports.
  • After the binding, a soft state is maintained for each connection using the binding, using which incoming and outgoing network packets will be looked up and translated.
  • For each incoming and outgoing network packet, the source IP, destination IP and checksum of the IP header is modified. For NAPT, the port addresses are also translated along with IP addresses and checksum.
  • Checksum modification per packet basis may be very much computation intensive. So, an efficient algorithm is used for that purpose. It calculates the arithmetic difference between the before-translation and after-translation addresses and add that to the checksum.
  • When the last session is terminated, the binding is also terminated.

What is VPN or Virtual Private Network ?

Using a Virtual Private Network or VPN, a private network can extend across a public network such as the internet in a secured way.

Normally, if a private network wants to extend, there are two ways it can do so :

  • Using a dial-up or leased line connection which creates a physical connection to a port on a remote access server. This solution is much expensive.
  • Using a VPN, which creates an encrypted connection over the intermediate network such as the internet. Remote users can connect to remote computers using VPN, as if they are physically connected to the network.

How does VPN work ?

There are mainly two types of VPN :

  • Remote Access VPN
  • Site-to-Site VPN

In Remote Access VPN, a point-to-point connection is established between the user's computer and the organization's server. The VPN Client on the user's computer connects to the VPN gateway of the organization's network and after proper authentication, a connection is established back to the remote user's computer. The user can then access the internal network resources as if the user's computer is connected to the network locally. Remote Access VPN often uses IPSec or SSL to secure the connection.

VPN often uses tunneling mechanism to transfer data in a secured way. In tunneling, a network packet is encapsulated and added with another header and sent across. The encapsulated packet travels through the network and after reaching the destination network, the packet is decapsulated and the payload is transferred to the final destination. The network packets are also encrypted to ensure security.

Several protocols can be used for tunneling. For example, a VPN can use Point-to-Point Protocol or PPTP, Layer 2 Tunneling Protocol or L2TP or Secure Socket Tunneling Protocol or SSTP running across the base IPSec connection.

On the other hand, a Site-to-Site VPN uses a gateway device to connect the entire network from one location to the other. In this case, the gateway handles the VPN connections, so end-node does not need VPN Clients.

Most of the Site-to-Site VPNs use IPSec. But, they can also use Multiprotocol Label Switching or MPLS to create VPNs.

Security and Privacy of VPN

VPN cannot make online connections anonymous, but they can enhance privacy and security in the following manner :

  • It uses encryption technique to encrypt the network packets, so that if an attacker sniffs the packets, he can only see the encrypted data.
  • It uses authentication to prevent unauthorized users from accessing the VPN.
  • It provides message integrity to detect modification of transmitted data.

Sunday, May 8, 2016

Elliptic Curve Cryptography and ECDH

Elliptic Curve Cryptography or ECC is a public key cryptography which uses properties of an elliptic curve over a finite field for encryption. ECC requires smaller keys compared to non-ECC cryptography to provide equivalent security. For example, 256-bit ECC public key provides comparable security to a 3072-bit RSA public key.

Let's understand how Elliptic Curve Cryptography works.

What is an Elliptic Curve ?

An elliptic curve is a set of points described by the equation :

y2 = x3 + ax + b

We can define a group G, such that elements of the group are points on the elliptic curve and apply that to generate a public-private keypair to do encryption.

Public-Private Keypair in Elliptic Curve Cryptography

If d is a random integer chosen from {1, 2, ..., n}, where n is the order of a subgroup (number of elements in the subgroup) and G is the base point (beginning and ending point) of the subgroup, then we can always apply scalar multiplication and find H, which is another element of the subgroup, such that

H = dG

The random integer d can be used as a private key and H as a public key.

Does this look confusing ?

Let's understand what the above statement actually means.

A group in Number Theory is a set with the following properties :

  • If a and b are any two elements of the group and + is a binary operation, then (a + b) is also a member of the group.
  • If a, b and c are any three elements of the group, then (a + b) + c = a + (b + c)
  • For any element a of the group, a + 0 = a
    0 is called identity element of the group.
  • For any element a of the group, there will always be another element b in the group, such that
    a + b = 0

We can define such a group G, such that elements of the group are points on the elliptic curve.

If P, Q and R are three points on the elliptic curve, then

P + Q + R = 0

This means, if we join any two points P and Q on the curve with a straight line, the straight line will intersect the curve at a third point called the inverse of R or -R. And, if we take a point symmetric to -R about the x-axis, we will get R, which is also a point on the curve. Here, 0 is a point on the curve called point of infinity.

Please note that, for any three points P, Q and R :

  • P + Q is a point on the curve
  • (P + Q) + R = P + (Q + R) = 0
  • P + 0 = P
  • And, for any point P on the curve, we will always get another point on the curve called inverse of P or -P, which is symmetric of P about the x axis. And,

    P + (-P) = 0

Hence, the points on the elliptic curve satisfy the properties of a group.

A subgroup H of a group G is defined as :

  • H is a group
  • members of H is a subset of G
  • H and G share the same binary operation

Scalar multiplication of a Point P on the curve has the property that, after a certain point the result will repeat itself.

For example,

We can take a point P on the curve and find out P, 2P, 3P ... , we will always get n such that nP = P.

So, if we look back at the theory of generating keypairs in Elliptic Curve Cryptography, we can always find a random number d as a private key and do scalar multiplication of d and the basepoint G of the subgroup to get another number H, which can be used as a public key.

H = dG

So, it turns up to be :

We can always find a point on the elliptic curve and multiply it with another number to get another point on the curve. But, even if we know the original point on the curve and the resultant point, it would be computationally infeasible to find out the number by which the original point was multiplied. And, this is the basic theory of Elliptic Curve Cryptography.

Elliptic Curve Cryptography in Diffie-Hellman Key Exchange

Elliptic Curve Cryptography can be used in Diffie-Hellman Key Exchange. In ECDH mainly the following steps are followed :

  • Alice and Bob generate their respective keypairs.

    HA = dAG
    HB = dBG

    dA and dB are the private keys of Alice and Bob respectively. And, HA and HB are the corresponding private keys.
  • Alice and Bob share their public keys and the common basepoint G
  • Alice calculates :
    S = dAHB
  • Bob calculates :
    S = dBHA
  • S = dAHB = dA(dBG) = dB(dAG) = dBHA S can now be used as the secret key using which the communication can be encrypted.

Applications of Elliptic Curve Cryptography

Elliptic Curve Cryptography is used in encryption, digital signatures, pseudo-random generators etc. They are also used in several integer factorization algorithms that have applications in cryptography, like Lenstra Elliptic Curve Factorization.

The article was meant to give some basic information on Elliptic Curve Cryptography. Hope you liked it.

Saturday, May 7, 2016

Why We Should Not Jailbreak Our Devices

Lots of users jailbreak Apple devices to add application and modification that are not authorized by Apple. Users often jailbreak their devices and install third party applications. Many of us know jailbreaking make our Apple devices less secure. But, what exactly are the security concerns ? And, how does jailbreaking make Apple devices vulnerable ?

Let's understand this.

What is Jail actually ?

Berkeley Software Distribution or BSD is a Unix Operating System derivative which was developed by Computer System Research Group of the University of California, Berkeley from 1977 to 1995. It shared the initial codebase of AT&T Unix Operating System. And later, BSD releases were incorporated in several open source development projects like FreeBSD, OpenBSD, NetBSD etc. It was later incorporated in some modern proprietary Operating Systems also. And. Apple OS X and iOS were some of them.

In FreeBSD, jail mechanism is an implementation of Operating System-level Virtualization. In this mechanism, the kernel of the Operating System allows existence of multiple user-space instances instead of just one. And, these instances are called jails.

Jails mainly solve the following purposes :

  • Each jail provides a virtual environment on the device with its own files, processes, users and superuser account.
  • Each jail runs separately from the other and they cannot influence each other while running, which gives an additional layer of security.
  • Each jail has a limited scope of execution and this enables several tasks to run with superuser access without having a complete control over the system. And, this enhances the security of the device to a great extent. Even if a particular jail gets hacked and the hacker gets root access, he will have limited access to the system files and can do no significant harm to the main system.

And, the same mechanism is used in Apple iOS devices also, as FreeBSD was incorporated in iOS.

What is Jailbreaking ?

Jailbreaking in iOS is the process of gaining unauthorized access or elevated privileges on a system. It basically modifies the iOS kernel and allows file system read and write access to an application.

Most of the jailbreaking tools apply some kernel patches to the iOS kernel and make some unauthorized changes to the kernel to remove the limitation and security features built by the manufacturer. And, this allows the users to install additional third party applications, extensions and patches from outside Apple's App Store.

Why one should not jailbreak

There are a number of reasons because of which one should not jailbreak iOS devices. A number of them are mentioned below :

  • Third party applications installed after jailbreaking are not quality controlled by Apple and may contain malicious code that makes the device vulnerable to hacking.
  • Some jailbreaking methods leave SSH enabled with a well-known default password, which an attacker can use for communicating with a Command & Control Server for malicious purposes.
  • Attackers can easily insert malicious files into or extract sensitive file from a jailbroken device. In fact, this vulnerability is widely used by a number of commonly known malware programs.
  • Attackers can use keyloggers or other malware programs to steal sensitive data from a jailbroken device.
  • Also, jailbreaking a device voids the warranty. This can be an issue if the user needs hardware repair or other technical support for the iOS device.

Security tips for already jailbroken devices

If a iOS device is already jailbroken, you can still take a couple of steps to counter its security vulnerabilities.

  • Change the root password of the jailbroken device. Many malware programs exploit the fact that very few jailbreakers change the root password of their devices.
  • Install anti-virus program in your device. Scan it regularly for suspicious activities. And, keep commonly used software in the device updated with recent security patches.
  • Be very careful about what applications you are installing in the jailbroken device. It is not at all advisable to install application from an untrusted sources, as they may contain malware which can cost you a lot.

So, be informed about various security concerns, so that you can protect your devices in a better way. And, stay safe, stay secured.