Lab Test

Venue : Makmal Sistem, Building FTMK.
Date : 22-10-2009
Time : 10.00 a.m. – 11.50 a.m.

As I posted on my previous post, that was the last week for lab session. Suppose that this week we would not have any lab session, but we were here in the Makmal Sistem for LAB TEST. This test was to test whether we understand what we have learnt for the previous lab sessions or not. So the questions were basically related to whatever we learned previously. I attempted on two questions related to file permission and IPSec. Hope that I would be able to score for this lab test. This would be the last time for us to use this lab for this subject, I would miss it….

Week 10 – Final week

Venue : BK7, Building FTMK.
Date : 21 - 10 -2009
Time : 9.00 a.m. – 10.50 a.m.

This week we were having the last lecture for this subject, and so this might be the last blog for lecture of this subject. Throughout this semester I have learnt a lot of new things about Internet Security, I’ll miss this subject, and all the memories can be found from the blogs which I have posted. As usual the lecture started at 9a.m. sharp. The last two topics that Mr. Zaki had covered were Intrusion Detection System and Legal And Ethical Issues In Computer Security.
The lecture began with the topic “Intruders”. The examples of intruders are significant issue hostile / unwanted trespass, user trespass and software trespass. The examples of intrusion are:

• remote root compromise
• web server defacement
• guessing / cracking passwords
• copying viewing sensitive data / databases
• running a packet sniffer
• distributing pirated software
• using an unsecured modem to access net
• impersonating a user to reset password
• using an unattended workstation

Intrusion Detection can be classified as Host-based and Network-based. Host-based IDS is to monitor single host activity; whereas Network-based IDS is to monitor the network traffic. The requirements of IDS are:

• run continually
• be fault tolerant
• resist subversion
• impose a minimal overhead on system
• configured according to system security policies
• adapt to changes in systems and users
• scale to monitor large numbers of systems
• provide graceful degradation of service
• allow dynamic reconfiguration

There are three types of Intrusion Detection Techniques, they are signature detection, anomaly detection and when potential detected sensor sends an alert and logs information. The next topic is SNORT, which is the lightweight IDS that is used for real time packet capture and rule analysis. The last topic for this chapter is Honeypot. It is the decoy system that emulates the entire networks.
So the lecture moved on to another chapter – “Legal and Ethical Issues in Computer Security”. What are the differences between law and ethics? They are shown in the table below:

Law	Ethic
Formal, documented	Described by unwritten principles
Interpreted by courts	Interpreted by individuals
Established by legislature representing everyone	Presented by philosophers, religions, professional group
Applicable to everyone	Personal choice
Priority determined by courts if two laws conflict	Priority determined by individual if two principles conflict
Enforceable by police and courts	Self-practice

Some examples for the ethics concept in Information Security are ethical differences across cultures, software license infringement, illicit use, misuse of corporate resources, ethics and education and deterrence to unethical and illegal behaviour (ignorance, accident and intent). The three ways protecting programs and data are trade secret, copyrights and patents. Although open-source software are free, they are protected by copyright protection also somehow. For example, one will be sued if he or she sells the copy of the open software.
The issues related to Information are information commerce, electronic publishing and database. On the other hand, employee and employers should know their rights in order to avoid the law problems. Some of the rights are ownership of a patent, ownership of a copyright, work for hire, licenses, trade secret protection and employment contracts. To examine a case for ethical issues, we can use the following methods:

• Understand the situation. Determine the issues involved.
• Know several theories of ethical reasoning
• List the ethical principles involved
• Determine which principles outweigh others.

The lecture ended at here. This was the last lecture for this semester, I’ll be missing this lecture subject in future… …^^

WEP Password Cracking

Venue : Makmal Sistem, Building FTMK.
Date : 15-10-2009
Time : 10.00 a.m. – 11.50 a.m.

This is the last lab session for this semester. The title for this lab was very interesting. It was about the password cracking for WEP. The tools needed for this lab were 1 wireless router which was accessed by several workstations. The workstations should be installed with Backtrack2. Backtrack2 is a very useful OS for hacking use. It was developed from Linux. It needs a lot of times for the cracking process. The more workstations we use, the fastest the cracking time. As the number of packets sent are directly proportional to the number of workstations available for the WLAN. To perform the hacking, I have learnt a lot of commands from Mr. Zaki. For example, “-airmon-ng”, “-airodunm-ng”, “-aireplay-ng” and so on. That was cool man! Due to the limited time, we could not see the final result of it, but we have learnt a lot from this lab. I will try that myself for sure. This reminds me to be careful when wanna use wireless connection next time…

Week 9

Venue : BK7, Building FTMK.
Date : 14 - 10 -2009
Time : 9.00 a.m. – 10.50 a.m.

Time flies, it’s week number 9! Once again, I would like to remind myself that this month is a critical month for me, so please do not play too much, concentrate to projects and assignments although it is quite tiring sometimes, after this I can play as much possible as I can. So, the lecture for this week was about two of the hottest topic in the field of networking, Wireless Security and Firewall.
Wireless connection has becoming very important because it is very convenient as compared to wired connection. For laptop, just switch on the wireless button then one can connect to the available access point easily. However, one of the weaknesses for wireless connection is that it is very easy to be attacked by others.
The first part of lecture today was basically some sort of revision which we have studied in networking subjects in the previous few semesters. There are two types of wireless mode; they are infrastructure mode and ad-hoc mode. There are two categories of infrastructure mode:

1. Basic Service Set (BSS) – All workstations are connected to one access point.
2. Extended Service Set – Two or more BSSs connect together to form a single subnet.

Now, for ad-hoc mode or sometimes known as peer-to-peer, are independent BSS. It means that the wireless workstations are connected together without connecting to the access point first. After knowing how actually a wireless network works, Mr. Zaki then continue the lecture which is more to the security part of the wireless network. There are three basic security services defined by IEEE for WLAN:

1. Authentication – to provide a security service for verification the identity of communicating client stations.
2. Integrity – to ensure that messages are not modified in transit between the wireless clients and the access point in an active attack.
3. Confidentiality – to provide “privacy achieved by a wired network”
   

Wireless network can be categorised into four types, they are 802.11a, 802.11b, 802.11g and 802.11n. The two security services provided in 802.11b are Authentication (Shared Key Authentication) and Encryption (Wired Equivalence Privacy). Based on what I have understood, the encryption is done by a mechanism called RC4. It is a symmetric key encryption which applying RSA encryption algorithm. The three processes for WEP sending are:

1. Compute Integrity Check Vector (ICV).
2. Encrypt plaintext via RC4.
3. Transmit the ciphertext.
   

The processes are reversed when the ciphertext in order to get the plaintext. There are several WEP safeguards such as shared secret key required, messages are encrypted and messages have checksum. The passive attack happens when attacker collects all traffic or attacker collect two messages (Encrypted with same key and same IV and statistical attack to reveal plaintext). On the other hand, active attack could happen if attacker knows the pair of complement plaintext and ciphertext or through bitflipping method. Although some vendors limited WEP keys, it also can be brute forced in several minutes. The ways to do brute force key attack are:

• Capture ciphertext.
• Search all 240 possible secret keys.
• Find which key decrypts ciphertext to plaintext.

The 802.11 safeguards are as follow:

• Security Policy and Architecture Design
• Treat it as untrusted LAN
• Discover unauthorized use
• Access point audits
• Station protection
• Access point location
• Antenna design

The problem of WEP has been fixed with the replacement of Wi-Fi Protected Access (WPA). No matter how good it was fixed, it still has its weaknesses. The two practical attacks of WPA are dictionary attack on pre-shared key mode and denial of attack.
The lecture then continued with a new chapter called firewall. The capabilities of firewall are:

• defines a single choke point that keeps unauthorized users out of the protected network
• provides a location for monitoring security events
• convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs

The limitations of firewall are:

• cannot protect against attacks bypassing firewall
• may not protect fully against internal threat
• improperly secure wireless LAN may be accessed from outside the org
• laptop, PDA, portable storage device infected outside then used inside
  

Basically, there are four types of firewall; they are packet filtering firewall, stateful inspection firewall, application-level gateway (application proxy) and circuit-level gateway. Besides that, throughout the lecture I have learnt about the firewall basing. The three types of firewall basing are bastion host, host-based firewall and personal firewall. The last topic for today lecture was about firewall locations. The diagram below shows how actually the firewall is placed:

Mid Term Examination

Venue : Makmal Sistem, Building FTMK.
Date : 8-10-2009
Time : 10.00 a.m. – 11.50 a.m.

The lab session this week was a bit different, we were not asked to do any practices the like previous weeks. We were having mid term examination. Oh my god!!! It has 4 questions all together we need to answer 3 questions. The first question was mainly about the cryptography, it was hard, my head nearly cracked when answering it. Then, I have chosen question 2 and 3 to do. They were questions for the theory part. I hope that I can score for this paper… …^^

Week 8 of Lecture

Venue : BK7, Building FTMK.
Date : 7 - 10 -2009
Time : 9.00 a.m. – 10.50 a.m.

Week 8, it’s already week 8, many assignments and projects to deal with, however we still need to attend lecture also. This is gonna be a busy month for us. Well, the lecture for this week was basically the continuation of last week’s lecture on the topic “Security in Networks” and a totally new chapter about “Security in Applications”.
Mr. Zaki started with the topic called Networks Security Control. The table below shows the summary of this topic:

Type of network security control	Explanation
Encryption	Link to Link Cover layer 1 and 2 OSL model. Decryption happens when entering receiving of the computer. End to End Provide security in layer 6 or 7. Protect data in every layer.
Strong Authentication	one entity proves its identity to another by demonstrating knowledge of a secret known to be associated with that entity Use cryptographic mechanisms to protect messages in protocol encryption, integrity mechanism and digital signature.
IPSec, VPN, SSH	IPSec – define standards means for handling encrypted data. It is implemented at IP layer and it provides AH and ESP. SSH - Secure remote login (encrypt data send over the network) SSL – It is to encrypt data over the transport layer. It serves as interface between applications and the TCP/PIP protocols to provide server authentication, optional client authentication and an encrypted communications channel between client and server.
Kerberos	Based on the idea that a central server provides authentication tokens, called tickets, to requesting applications.
Firewall	It is a network security device designed to restrict access to resources according to a security policy.
Intrusion Detection System	It is a device or software tools or hardware tools that monitor activity to identify malicious or suspicious events
Intrusion Prevention System	Network security device that monitors network and system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities
Honeypot	It is a decoy systems that are designed to lure a potential attacker away from critical systems

After that, Mr Zaki taught us about hacking under the topic “Hacking and Prevention”. The examples of 5 hacking phases are reconaisance, scanning, gaining access, maintaining access and covering track. The examples of hacking behaviors are:

• select target using IP lookup tools




• map network for accessible services




• identify potentially vulnerable services




• brute force (guess) passwords




• install remote administration tool




• wait for admin to log on and capture password




• use password to access remainder of network

Finally, Mr. Zaki taught us the new topic known as “Security in Applications”. To understand this chapter, we have to know the securities in Email and Web. The securities in Email are SMIME and PGP; while the securities in Web are SSL, SSH, SET, HTTPS and SFTP. The securities are basically the protocols that we have learnt before in other subjects in the previous semesters. The diagram below shows the way Email works:

I have learnt something quite interesting, initially email cannot carry non-text content until MIME was invented. So, the lecture ended sharp at 11a.m. Again, Mr. Zaki reminded us again about the mid term exam tomorrow, I was worrying… … :(

Lab 7

Venue : Makmal Sistem, Building FTMK.
Date : 10-9-2009
Time : 10.00 a.m. – 11.50 a.m.

The lab session is getting more interesting, it was about Security in Network this week. Mr. Zaki has proven to us the weaknesses of TELNET and FTP as he promised us during the lecture several weeks ago before Raya Holidays. The trick to prove it is by capturing the packets sent between client and server using a networking tool called “Wireshark”. Once again we were using virtual machine (VM Ware) in this lab session. First, we need to open two Windows Server 2003 simultaneously in VM Ware where the first one would serve as Server; and the second one would serve as Window. Both Widows were set with different IP address, for example I have use 192.168.1.1 for server and 192.168.1.2 for the client side.
As usual, the connectivity between them were tested by using the “Ping” command, if they are successfully to Ping each other we could proceed to the next steps. Now, install and run the Wireshark on the server side. After that we can try to TELNET the server from client. Surprisingly, Wireshark captured the password used to TELNET. Then, we tried also for FTP, Wireshark captured the username and the password used for FTP as well. So in this lab, we were taught on how to overcome the problem of unsecured in FTP by applying IPSec. IPSec is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. The data will be encrypted by IP Sec before they are sent using FTP. Throughout this lab I have learnt the lesson on not to use TELNET if possible because it is really not secured at all. On the other hand, IP Sec has to be implemented if one wants to use FTP service to ensure that all data are encrypted before sent. Before the lab session ended, Mr. Zaki reminded us that we need to pass up the lab report by next week, it’s gonna be a busy week for me as there are tones of assignment waiting for me… …

Authentication & Access Control

Venue : BK7, Building FTMK.
Date : 30-9-2009
Time : 9.00 a.m. – 10.50 a.m.

Same time, same location for today’s lecture to happen and it was once again conducted by our lovely lecturer, Mr. Zaki. Mr. Zaki has covered two chapters (Chapter 5 and half of Chapter 6) for the lecture this week. Chapter 5 was mainly about “Authentication & Access Control”. Authentication is the word that I used to hear for nearly three years since the day I learn subject related to networking. Sad to say that, I was not so clear about this important term in networking until this week, that was so disgraceful!!!
Basically AUTHENTCATION is the verification of identity of someone who generated some data. There are four classifications of identity verification:

1. By something known e.g. password
2. By something possessed e.g. Identity Card, passport…
3. By physical characteristics e.g. iris, retina, finger print…
4. By a result of involuntary action e.g. signature, typing style…

Next title was about password. In this topic we were exposed to some of the calculations regarding on password, below are some of the formulae to be used for calculation:

• Password population, N = r^s




• Probability of guessing a password = 1/N




• Probability of success, P = nt/N

Example, steps to calculate the time needed to get the right password are shown as below:

Information given,
Possibility of combinations for the password can be alphabets from a-z and numbers from 0-9.
So,
r = 36 (26 for alphabets + 10 for numbers);
length of password, s = 5;
capability of computer, n = 400MIBPS;

N = 36⁵
P = nt/N
therefore, 1=36⁵t/400
t = 151165.44 s.

The techniques or tips for guessing passwords are:

• Try default passwords.




• Try all short words.




• Try all the words in electronic dictionary.




• Collect information about the user’s hobbies, family names, birthday, etc.




• Try user’s phone number, social security number, street address, etc.




• Use Trojan horse.




• Tap the line between the host system.

There are a few password selecting strategies; they are user education, computer-generated passwords, reactive password checking and proactive password checking. The next interesting topic is Biometric. It is referred to technologies for measuring and analysing human body characteristics for authentication purposes. There are two methods for biometric, they are:

• Static – authentication based on a feature that is always present. For example: finger recognition, retinal scan, Iris scan, hand geometry and etc.




• Dynamic – authentication based on a certain behaviour pattern. For example: Signature recognition, Speaker recognition, Keystroke dynamics and etc.

The last topic for this chapter is about Access Control. It is the prevention of unauthorised use of a resource, including the prevention of use of a resource in an authorised manner. There are three elements for access control:

• Subject – it is the entity that can access objects and usually has 3 classes: owner, group and world.




• Object – access controlled resource such as files, directories, records, programs and etc.




• Access right – It is the ways which subject accesses an object such as read, write, execute, delete, create and search.

Another title that we must know for this topic is Access Control Matrix which is and abstract, formal security model of protection state in computer system, that characterises the rights of each subject with respect to every object in the system. Basically it is a table in which each row represents a subject, each column represents and object and each entry is the set of access rights for that subject to that object.

After that, Mr Zaki gave us a very brief summary about Chapter 6. It was all about Security in Networks. Mr Zaki skipped the first part for this chapter first because it is about the basic knowledge that we have learnt before in other subject related to networking. Mr Zaki emphasised on the topic Network Security Control. The titles covered for this topic are:

• Encryption.




• Strong Authentication.




• IPSec, VPN, SSH.




• Kerberos.




• Firewall – Mr. Zaki described it as road block.




• Instrusion Detection System (IDS) – Mr. Zaki described it as speed trap.




• Instrusion Prevention System (IPS) – Combination of firewall and IDS.

Before the lecture ended, Mr. Zaki reminded us that there will be a mid-term exam next week. Oh my god, I think I need to study hard in this coming weekend so that I know how to answer for the exam… … gambateh for myself ^^

Lab 6

Venue : Makmal Sistem, Building FTMK.
Date : 10-9-2009
Time : 10.00 a.m. – 11.50 a.m.

After studying networking for almost three years finally I have the chance to get exposed to the topic related to hacking. To me hacking is a cool stuff and full of mystery sometimes. It allows people to bypass a network security without authority rights. As what I have known so far, hacking are characterised into two main types, they are white hat hacking (for good purposes only) and black hat hacking (for bad purposes). The title for the lab session this week was web application security.
Basically, we were using two tools to complete the tasks in this lab – WebGoat and WebScarab. WebGoat is a simulation toolkit used to demonstrate how we can exploit the vulnerabilities of a poorly design web application; while WebScarab is a tool designed for people who needs to expose to the workings of HTTP/ HTTPS based application. It is whether to allow the developer to debug for difficult problems or to allow the security specialist to identify vulnerabilities in the application.
After finished setup and configuring WebGoat and WebScarab, we started to do the tasks in the lab module. Basically, there were three tasks in the lab module. The tasks were about the top three web vulnerabilities based on OWASP – Cross site scripting (XSS), injection flaws and malicious file execution. XSS happens when a web application accept any input and sends it to a web browser without encoding the content.
Injection flaw like SQL injection will cause web application to run an SQL code that was not the intention of the application. The attacker might manipulate the SQL statement to perform the injection. The SQL query below is one of the examples that can be applied in PHP:
$sql = "SELECT * FROM table user WHERE id = '" .$_REQUEST['id'] . "'";

The attacker can manipulate the statement by adding ‘OR1=1 -- or ‘OR ‘1'=’1’ --. It will return all the data from the table named user.

Finally, the last task was about Malicious File Execution. It is the web application vulnerabilities caused by failing to control application input. The lab this week was indeed very interesting, although we just practised it using simulation tool, if it is happened in real life, I guess it would not be so interesting any more. It makes me think that the web application was not very safe after all, who knows one of my accounts like facebook, Friendster, email and so on has been hacked before? If one day I want to become a hacker, I would go for white hat hacker for sure.

Program Security

Venue : BK7, Building FTMK.
Date : 9-9-2009
Time : 9.00 a.m. – 10.50 a.m.

The lecture for this week was about Program Security. Throughout this lecture, I have learnt several important facts about the security of a program such as the non-malicious errors, malicious code, control against the threats and so on. Basically, there are three types of non-malicious program error, and they are the buffer overflows, incomplete mediation – data exposed or uncontrolled and time of check to time of use. I would like to show some examples and give some brief explanations for each type of the non-malicious errors:

Types of error	Example/ Explanation
Buffer Overflows	Example: In C programming, instead of using strcpy(des, src), it would be better if we use strncpy(des, src, n). Explanation: To copy a string from a source to its destination, the case for buffer overflow will occur if the array size for destination is smaller than the array size for its source. For instance: src[10]; des[9]; The error will occur if we copy the whole string by using the coding strcpy(des, src). We can avoid the error by not copying the whole string, but just copying the string partially by using the coding strncpy(des, src, n). For example, strncpy(des, src, 7), where n = 7. In this case, we are copying the seven alphabets from the source (size = 10), to its destination (src = 9), so the buffer overflows can be prevented.
Incomplete Mediation	Example: The link below shows the use of get method in web application development:- http://www.testing.com/order.asp?cutID=115&part=666&qty=3&price=500&total=1500 Explanation: One of the disadvantages of get method is that it exposes too many values for data in the link. The values are to be passed to the databases or as the reference for the next targeted webpage. Just imagine, if the values are being changed by the user before they are passed and stored into databases, what are the possible consequences? To make everything clear, I would like to use the link above to explain. If the user changes the values of price and total to zero, he or she can purchase the item for free, does it make sense? So, it would be better if we use the post method to avoid the data to be exposed in a link.
Time of check to time of use	It is basically the process of executing the instruction. It would process all the data rather than putting them on clipboard.

Next, I have learnt about the Malicious Programs. The table below shows the examples of malicious codes and some of their descriptions:

Type of malicious code	Explanation
Trojan	A program which performs a useful function but also performs an unexpected action.
Virus	A code segment which replicates by attaching copies to existing executables.
Worm	A program which replicates itself and causes execution of the new copy.
Bacteria	Replicates until it fills all disk space, or CPU cycles.
Logic Bomb	Malicious code that actives on an event.
Trap door	Undocumented entry point written into code for debugging that can allow unwanted user.

For the trap door type, Mr Zaki told us about a real life story related to it – “The Salami Attack”. It was very interesting. The story is about a guy named Salami, who was once a programmer for a bank. He came out with a brilliant idea to make money through the program he wrote. He transferred the third decimal place of the value for every transaction to its own bank account through the coding he wrote. As I said just now, he was very brilliant because nobody would notice the third decimal place of a currency as the value is too small and very hard to be traced. However, no one in this world can escape from the punishment after committing a crime, he was caught for whatever he had done. People started to notice and investigate it when he bought houses, branded cars and so on using cash.
Finally, the lecture was end with the pillars of software security. Three of the pillars of software security are risk management, touchpoints and knowledge.

Lab 5

Venue : Makmal Sistem, Building FTMK.
Date : 27-8-2009
Time : 10.00 a.m. – 11.50 a.m.

The title for the lab session this week was Modern Cryptography (extended version). It continued from last week’s lab session actually. So after learning the RSA algorithm last week, this week we have learnt about DES algorithm. DES is a topic that we have learnt during the lecture last week; the difference is that we got to do DES practically this week.

After that, we were asked to do the review question. Luckily, Mr. Zaki guided us to do that, if not everyone will be fainted. We used Microsoft Office Excel to do the task and it was quite fun although the task is very complicated and quite frustrated sometimes. Before the lab session ended, Mr. Zaki told us for those who are interested in doing Final Year Project on this topic; we can let him know next semester. Developing an application to perform DES by using C++, vb .net or Java, sounds cool to me, I will consider it wisely… …

Modern Cryptography – Part 2

Venue : BK7, Building FTMK.
Date : 26-8-2009
Time : 9.00 a.m. – 10.50 a.m.

The lecture just now began with a brief re-cap for the topic DES which we have learnt last week. Soon after that, the lecture continued with the topic Message Authentication. Message Authentication can be used to protect against active attacks. The diagram below show how it actually works:

Next, Mr. Zaki taught us about the Hash Function. There are three methods for has function:

• Using conventional encryption


• Using public-key encryption


• Using secret value

The three algorithms used in hashing function are MD5, SHA-1 and SHA-256.Then, we learned about digital signatures. It is the provision of a means of settling disputes between sender and receiver that distinguishes the digital signature mechanism from the MACing process. The diagram below shows how digital signature works:

To create a digital signature using RSA:

The signature can be verified by anyone who knows the corresponding public key. Certification Authority (CA) is the next topic of this chapter. CA’s aim it to guarantee the authenticity of public key by signing a certificate containing user’s identity and public key with its secret key. In order to do so, all users must have an authentic copy of the Certification Authority’s public key. The lectures continued with the topic Key Management, the diagram below depicts the life cycle of a key:

The last two topics for today’s lecture ware RSA which was learnt during the lab session last week and methods of attacks. The four general attacks against encrypted information are:

• Ciphertext-only attack


• Known Plaintext


• Chosen-plaintext


• Chosen-ciphertext attack

Then the attacks that can be launched against encryption systems are:

• Brute-Force attack


• Exhaustive key search - trying every possible combination.


• Replay attacks


• Taking encrypted information and playing it back at a later point in time.


• Man-in-the-middle attacks


• Fault in Cryptosytem

Lab 4­

Venue : Makmal Sistem, Building FTMK.
Date : 13-8-2009
Time : 10.00 a.m. – 11.50 a.m.

The title for the lab session this week was “Modern Cryptography”. According to the contents, there are two types of cryptography will be learnt by us and they are RSA algorithm and DES algorithm. For this week, we have learnt about RSA Algorithm. RSA algorithm is one of the algorithms that used to find private and public key. There are several steps need to be gone through according to the lab manual. The most important step for this algorithm is to find modulo numbers with the formulae d = e-1 mod n. Owing to the power of -1for the e value, it could not be solved using the ordinary method. Mr. Zaki taught us the method to calculate it. However, there is still one thing I am not very understand, that is I could not get the same answer for modulo numbers by using calculator. After Mr. Zaki has explained a bit about that, I understood a bit, but I think I still need some time to digest it… …

Modern Cryptography – Part 1

Venue : BK7, Building FTMK.
Date : 12-8-2009
Time : 9.00 a.m. – 10.50 a.m.

After understanding the concept of basic cryptography through the two lectures previously, we have learnt something much deeper about the cryptography for today’s lecture. Yeah, the title of the slides today is “Modern Cryptography”. It was taught in the same place, and was being taught by the same lecturer, Mr Zaki. Topics to be covered in this chapter are:

• Modern Cryptography Algorithm


• Block and Stream


• DES


• AES


• MAC


• Digital Signature, RSA

However, Mr Zaki managed to cover until the topic AES only because everyone in the class felt dizzy and scared to continue after listening the algorithms used in DES and AES (p/s: that was really though and I do not think that I am able to remember them in a day, oh my god!). The lecture began with a brief explanation about Modern Cryptography Algorithm given by Mr Zaki. In modern cryptography, the ciphers use a sequence of binary digits such as ASCII most of the time. Basically, Exclusive OR (XOR or Å) is the method used to combine two bits since modern ciphers applying binary digits on their algorithm. The four results of XOR are:

• 0 Å 0 = 0


• 0 Å 1 = 1


• 1 Å 0 = 1


• 1 Å 1 = 0

After that, Mr Zaki explained about the differences between Stream Ciphers and Block Ciphers. Stream Ciphers is the process to convert one symbol of plaintext immediately into a symbol of ciphertext; whereas Clock Ciphers is the process to encrypt a group of plaintext symbols as one block. The next topic after this was Data Encryption Standards (DES). The algorithm for DES is very complicated, so how it works? First, divide the plaintext 64 bit blocks with a key of 56 bits(with 8 bit parity). Then, process through 16 round of Expansion, substitution, key mixing and permutation process. The diagram below depicts how it actually works:


The last topic for today is Advance Encryption Standard (AES). It is used to replace DES. Instead of using 64 bits, AES uses 128 bit data and 128 or 192 or 256 bit keys. Mr Zaki taught this topic by using a flash clip, so it was quite interesting although the algorithm is much complicated than DES. We need time to digest the two algorithms, so everyone asked Mr Zaki to stop there and continue next week. Hope that next week won’t have this kind of algorithms to learn any more before i can understand algorithms just now… ^^

Lab 3 – Classic Cryptography

Venue : Makmal Sistem, Building FTMK.
Date : 30-7-2009
Time : 10.00 a.m. – 11.50 a.m.

The lab session this week was about Classic Cryptography. Below are some of the things that I have learnt throughout the lab:

1. Symmetric and Asymmetric Cryptography.


2. Method to do Caesar Cipher.


3. Method to do Vigeneré Cipher.

Mr Zaki started the lab session by giving a brief introduction about Symmetric and Asymmetric Cryptography. After that, we were given two tasks, where task 1 was about Caesar Cipher and task two was about Vigeneré Cipher. Basically, we were applying what we have learnt from yesterday’s lecture and the previous week’s lecture. Hence, I think that this lab was very useful for us to understand the lecture clearer. Actually, there is a simpler way to do the task by using Microsoft Excel. Since we do not know the formula to break the Cipher text, we have to do it manually. However, Mr Zaki gave us the formula and taught us to do it after we have finished both of the tasks. I feel that the formula really helps a lot; the time to solve the tasks became shorter. Before the lecture ended, we were asked to do the self-review questions and submit it as lab report by next week. The third question was very challenging. It was about using kasiski to find the key for the Vigeneré cipher text. This was not taught in the lecture, oh my god, hope that I can to solve it... ...

Third lecture

Venue : BK7, Building FTMK.
Date : 29 -7-2009
Time : 9.00 a.m. – 10.50 a.m.

The story continues and it was about the second part of basic cryptography. First of all, the Mr Zaki gave the answer for the task given last week. Yes, I got it correctly; the answer is “THE FUEL PRICE WILL INCREASE TO RM FOUR BY NEXT WEEK”. After a brief discussion on how to get the answer, Mr Zaki continued to teach chapter 2, it was first begun with Simple Substitution Ciphers (Random). This method is a bit different from the Caesar Cipher method, as it is a more secure. Basically, the alphabets for the key are arranged randomly with respective to an ordered set of alphabets. For example:

Ordered Alphabet	A	B	C	D	E	F	G	H	I	J	K	L	M
Key	D	I	Q	M	T	B	Z	S	Y	K	V	O	F

Ordered Alphabet	N	O	P	Q	R	S	T	U	V	W	X	Y	Z
Key	E	R	J	A	U	W	P	X	H	L	C	N	G

No matter how secure this method was, the text still can be decrypted also due to the language characteristic. For instance, in English, ‘E’ is the most common letter used, followed by ‘T’, ‘R’, ‘N’, ‘I’, ‘O’, ‘A’ , ‘S’... Hence, the code can be broken using the Frequency Attack.

Next, Mr Zaki taught us another method which is known as Vigenère Ciphers. The key is created by using the table as shown below:

The last method is transposition which the letters are rearranged. Basically, there are two types of transposition, they are unkeyed single transposition and keyed single. There is a simple review question given on the last slide of the chapter. The question is to find the enciphering key for a cipher text. The cipher text given is
“FQJCB RWJWJ VNJAX BNKHJ WHXCQ NAWJV NFXDU MBVNU UJBBF NNC”
It took me some times to find out the original message and I got the answer “WHATS IN A NAME AROSE BY ANY OTHER NAME WOULD SMELL AS SWEET” .

Lab 2 – The goals of Information Technology Security

Date: 23-7-2009

The lab session for today is a bit “special” from the previous week. Although the lab session is cancelled because Mr Zaki has a course to attend, if I am not mistaken, we were required to download the lab module from eftmk and complete it at home during the lecture yesterday. We were told that this is a very simple lab module, so it won’t be any problem if we do it ourselves.
The lab this week was mainly about the three goals of the Information security which are confidentiality, integrity and availability as shown in the diagram below:

Basically, there were four tasks in this lab module. We used VM to complete the four tasks. Before that, I have taken a snapshot before start to do the tasks in case any unpredicted problems occur. The first task was about the use of NTFS to Secure Local Resources. Two main outcomes from this task were:

1. To check whether a drive is in NTFS format or not, type the command “chkntfs d:” in command prompt.


2. To convert a FAT disk to NTFS, type the command “convert d: /fs:ntfsd”.

The rest of the tasks were about data confidentiality, data availability and data integrity accordingly.

2nd Lecture

Venue: BK7, Building FTMK
Date : 22 -7-2009
Time: 9.00 a.m. – 10.50 a.m.

The lecture began today began at 9.00 a.m. sharp. Luckily, it was not begun with quiz like previous week, if not I will be fear to attend the lecture of this subject in future. Mr Zaki continued to teach us the second part of the first chapter. It began with the Sub-title “Security Attacks / Threats”. Basically, there are two types of attacks, they are passive attack and active attack. The examples of passive attack are release of message contents and traffic analysis; whereas the examples of active attack are Masquerade, replay, modification of message and denial of service.
After that, Mr Zaki explained about the methods of defense. There are six ways in order for us to deal with harm, they are prevent it, deter it, deflect it, detect it and recover. Then the types of controls are encryption, software controls, hardware controls, policies and physical controls. This chapter ends with the sub-topics Security Services and Security Mechanisms. The categories of security services are:

1. Authentication


2. Access Control


3. Data Confidentiality


4. Data Integrity


5. Non-Repudiation

Then, the two types of security mechanisms are Specific Security Mechanisms and Pervasive Security Mechanisms.
Soon after finished teaching chapter 1, the lecture continued with a very interesting topic – “Basic Cryptography”. Mr Zaki managed to teach the first part of this chapter only because of lacking of time. It started with a bit explanation about the Cryptography Concept, and we have been exposed with some terminologies in cryptography like plaintext, chiphertext, cipher, encipher, etc. There are two types of Cryptography Algorithms as depicted in the following diagrams:

1. Symmetric algorithms P=D(K,E(K,P))
   






2. Asymmetric algorithms P=D(Kd, E(Ke, P)

The two methods use in Cryptography Algorithm are Substitution and Transposition. This topic was very interesting because it is quite fun to find out the original message to be delivered behind the Ciphers sometimes. The earliest substitution cipher was invented by Julius Caesar during Gallic Wars. It is known as Caesar Ciphers. Then, Mr Zaki explained to us about the Simple Substitution Ciphers. Before the lecture ends, we were given a task. We were asked to decipher a cryptogram as shown below:
“YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GD SJCY BJJP”
It took me some times to find out the original message. The answer I got is “THE FUEL PRICE WILL INCREASE TO RM FOUR BY NEXT WEEK”. The answer will be discussed in the following lecture, hope that my answer is correct… ….

Lab 1

Venue : Makmal Sistem, Building FTMK.
Date : 16-7-2009.
Time : 10.00 a.m. – 11.50 a.m.

Today is the first lab session for the subject Network Information Technology Security. The lab started punctually at 10.00 a.m. Owing to the quiz yesterday, I feel a bit fear to attend the lab actually. I scared the first lab session will start with lab test. Luckily, it was not like what I have imagined before the lab started. It started with the first chapter – “Introduction to Virtualization & VMware”. Firstly, Mr Zaki explained the concept of virtualization and virtual machine (VM) for the introduction part. Based on my understanding, VM is a sort technology for us to open two or more operating system at the same time. For example, we can open Windows XP and Fedora Linux simultaneously by using VM.

Mr Zaki advised us to use VM if we want to do whatever researches in future. This is because the actual operating won’t be affected if the VM happens to be corrupted or crashed. There are three easy steps to install VM:

1. Install Virtual Machine Monitor (VMM), for example, VMWare Workstation.
   (p/s: other examples of VMM are like Connectix, UMLinux, Xen, etc.)


2. Create disk image.


3. Install the operating system you want, for example, Windows Server 2003.

As a conclusion, VM is a very good tool to use if we want to do researches or experiments, so I would take Mr Zaki’s advice to use VM whenever I want to do projects in future.

First Lecture of Network Information Technology Security.

Venue : BK7, Building FTMK.
Date : 15-7-2009.
Time : 9.00 a.m. – 10.50 a.m.

Today is the first lecture of Network Information Technology Security. Our lecturer, En. Mohd Zaki Bin M’sud began the lecture by giving us a surprise – the first quiz! That was not expected by us, we expected the lecturer to start the lecture in a normal way just like other subjects. Usually, the first lecture of most of the subjects will begin with a brief introduction about the biodata of the lecturer. Then, the lecturer will explain about the syllabus of that subject. We thought Mr. Zaki was joking only, but he distributed the quiz paper to us and asked us to complete it in 15 minutes. I was stunned for several minutes when I received the paper. This is because I did not study at all. Besides that, marks will be awarded for this quiz. Oh my god, I scared that I do not know how to answer even a single question!

Without further hesitation, I started to answer the questions. There were 12 questions in crossword puzzle form. According to Mr Zaki, the answers were basically the main terms for all chapters in our syllabus. Mr Zaki then emphasized that for those who do not how to answer question 7 will get zero mark for this quiz, thus, I tried very hard to seek for the answer of this question. It was related to the topic of cryptography. I was not familiar with this term actually.
After cracking my head for some times, I have found the “secret” of cryptography. I was quite excited and I got the answer “MY NAME” for question 7. I tried to fill in the answer, but it did not fit the given spaces. That was very weird, I thought the concept I discovered just now was wrong. But it was kind of impossible, because I could get the answer for question 2 by using the same method. I think and think and think for a while, suddenly the words from Mr Zaki just now “for those who do not know how to answer question 7 will get zero…” have inspired me to get the answer. Yeah, the answer was “MODHZAKI”, my lecturer’s name. No wonder he was so concerned on this question. Throughout this quiz, I have learnt a lot of important terms such as firewall, cryptography, worm, piracy, SNORT, etc. Luckily, I have got 10/12 for this quiz.

While marking the quiz, Mr Zaki explained the syllabus briefly to us. After that, he started to teach us the very first chapter for this subject. The first chapter was all about the introduction of Network Information Security. Throughout this lecture, I have learnt a lot of new knowledge for this subject. The lecturer this morning was quite interesting. I am looking forward for the next lecture.