Analysis of Wystan Hugh Auden’s Poetry

In addition, the contrast In words used within the poem (“Innocent behind”) are used to Juxtapose how W. H. Aden has put the Idea of Europe practically Ignoring the Holocaust with the Cirrus disaster – which is used to illustrate Addend’s opinions and views of what was happening during the asses in Second World War Britain. ‘Musse des Beaux Arts’ includes variations of language devices. The use of sibilance in the poem, “disappearing… Passionately… Sun shone”, highlights the contrast of the mood In Addend’s prose.

This makes it clear that the tone of the poem vanes throughout. For Instance, the first stanza opens with a drabber opening (“About suffering”) yet ends with the juxtaposition “innocent behind”. This shows the dissimilarities in the mood throughout the poem. Aden tends to use fronting to get his point across quicker. “About suffering they were never wrong, The Old Masters; how well they understood”. This sentence adds an effect by being grounded – It has deliberately been put back-to-front. It gets the theme of the poem across quickly and gives us judgment on the key themes.

Therefore, it announces the theme of the poem. However, one could argue that the theme of the poem is not about war. Alternatively, one can see how the poem Is about religion and Jesus – hence the reference to suffering. The mention of “martyrdom” links with how Jesus was believed to have died Tort our sly. The structure of the poem is very irregular. The first stanza is a lot longer than the second stanza. This is because Aden wants to state his case before he mentions what the poem is about. “On a pond at the edge of the wood: they never forgot”.

The SE of enjambment on the sentence highlights the continuation of the poem. Aden is Just setting up his hypothesis and uses both enjambment and end stopping to conjure up the idea of using the second verse as a quicker, punchier stanza. In conclusion, Addend’s ‘Musse des Beaux Arts’ identifies many themes and uses historical context to summarize his own view on Nazi Germany during the time of the poem’s composition. By using language and structural devices in an irregular way, he is able to highlight the contrast in tone and imagery throughout the text.

Read more

Encryption and Decryption Algorithm

Table of contents

Abstract

This paper shows the possibility of employing the characteristics of available algorithms with poly-alphabetic substitution techniques in a linear fashion, to produce ASCII values of the typed text and then putting in the translating, transposition techniques in order to get the encrypted text.

Before generating the cipher text, the algorithm will result in Message digest of the given text. This algorithm implements the model of symmetric Key cryptography. This algorithm can be implemented in any programming language such as C, C++, Java etc. In poly-alphabetic substitution the plain text’s letters are encrypted differently corresponding to their position.

The name poly-alphabetic proposes that can be more than one key so we have used two keys combination instead of one, in order that it produces the cipher text. We can also use three or more keys to make the encoding process more complex. In this paper have generated ASCII Codes of the plain text and then we have reversed it say it as reverse ASCII Codes and then we have produced two random keys named K1 and K2.

Then these K1 and K2 Keys are alternatively applied on Reverse ASCII codes in order to produce encrypted text. On the other hand Decrypting algorithm is used to generate the plain text again. Our technique generates random cipher text for the same plain text and this is the major asset of our technique.

Introduction

Related work:a. IntroductionNow-a-days need of security is essential to make data secure from the unauthorized user to access. Security is needed in many of the organizations like military, budgets of Government, it is also necessary to our general economy and many business applications also.

Business application involves the security among the data of the institute in which information about of the employees, manager workers and owner’s profit is itself stored and similarly, application i.e, utilised by the user’s according to their use also requires security. So security plays an indispensable role in our day to day life. Cryptography is one of the techniques for guarding data.Information Security is a set of thoughts for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital content.

The responsibilities of Information security include launching a set of business processes that will safeguard information assets regardless of how information is formatted or whether it is transit, is being processed or is at rest in storage.Important information or data cannot be sent across the internet without implementing any security mechanism, because this data can be seen by any intermediate person in order to change the message.So the command for Information Security across the networks is expeditiously increasing day-by-day.

Every business organisation has a burden to secure their data from being loss or theft. A message digest is a cryptographic hash function which includes a group of digits generated by a hash formula. Message digests are intended to secure the integrity of a piece of data or information to identify changes or alterations to any part of a message. Basic terms for secure communication are:Let us consider two parties that want to communicate secretly, A and B. If A wants to send something to B, some information, we call that information a plaintext.

After encrypting the plaintext a cipher text is produced. B knows the encryption method since he is the intended receiver and since he must use the same method together with his secret key to decrypt the cipher text and reveal the plaintext.b. Related Work:1. Avinash Sharma and his team have proposed a technique for encryption and decryption.

In this paper they have explained about encryption and decryption techniques using ASCII values and substitution approach. (IJASCSE Vol 1, Issue 3, 2012)2. R.Venkateshwaran in his paper shows the possibility of utilizing the features of Genetic techniques with poly substitution methods in a linear way, to produce ASCII values of the given text and then employ transition, substitution with the features of Cryptography. (International Journal of Computer Applications (0975 – 8887) Volume 3 – No.7, June 2010)3.

Sumith Chowdary and his team described about the algorithm in which randomly generated numbers are used with the help of modulus and remainder by making program in any language i.e. c, c++ and java. (IJARCCE Vol. 2, Issue 8, August 2013)

Basic Mechanism for cryptography

P=Plain text C=Cipher text X= Some Plain text Y=Cipher text of plain text K=Any Random key E(K,X): Encryption of X using key D(K,Y): Decryption of Y using K C=E[K,P] P=D[E,C]

History of Cryptography

The art of cryptography is considered to be born along with the art of writing. As civilizations period started, human beings got incorporated in tribes, groups, and kingdoms. This led to outgrowth of ideas such as power, battles, supremacy, and politics. These thoughts further furnished the natural need of people to communicate covertly with discriminative recipient which in turn assured the continuous evolution of cryptography as well. The roots of cryptography are found in Roman and Egyptian civilizations.

The word Cryptography has been derived from the Greek word kryptos (hidden) and graphing (writing).Cryptography is the technique with which a plain text can be converted to cipher text so that this cipher text is not understandable by anyone excluding the recipient. Cryptography, the science of encrypting and decrypting information can be traced back all the way to year 2000 BC in Egypt.

Here it was first used with the help of the standard hieroglyphics in order to communicate secretly. Julius Caesar (100-44 BC) used a simple substitution cipher which has been named after him today. During the first and the second war the command for confidentiality increased rapidly all kinds of new cryptographic techniques developed.

Objective of the Algorithm

The core objective of the research is to safeguard information stealing in what so ever manner it may be, with the use of appropriate technology. To secure information spilling and to provide a high-level integrity and authenticity to data or information using MD5 and Cryptographic algorithm that is sent over the network.

Integrity: Ensures that a message is unchanged from the time it sent from the sender and till it is opened by the receiver.Authenticity: It verifies whether the identity of user in the system is a true or genuine user.To check the integration of message/information MAC is verified.

Algorithm for Encryption

Decryption and MAC Generation:Algorithm encryption{Generate two random keys k1, K2.Take dataFind ASCII values for each character in the data.Reverse each ASCII value and store it.Add each key alternatively to each reversed ASCII value.//This is the encrypted data.}Algorithm decryption{Take the encrypted data and random numbers.Subtract the keys from the encrypted dataEach alternativelyReverse the obtained values.//

The reversed values will be ASCII codes of characters.Print the retrieved ASCII value’s corresponding characters.}Algorithm MD5{Firstly append padded bitsThen append lengthInitialise MD BufferLater process message in 16-word blocks.Display the output.}Encryption Process: The above figure (fig 1.1) depicts the procedure of encryption.Let the text be HELLO WORLD.Firstly, generate 2 random keys named k1 and k2.

For example let us assumeK1 =1123K2=1452Then translate the each character of message into its corresponding ASCII Code and the we reverse these ASCII codes. (This is shown in table1.1)Next, these keys k1, K2 are added alternatively to reverse ASCII numbers in order to generate cipher text.

MAC Generation: The MD5 hashing algorithm is a cryptographic technique that accepts a text of any length as input data and returns as output a constant-length digest parameter to be utilised for authenticating the true message.From past years, there has been exaggerated interest in generating a MAC produced from a Cryptographic hash code, like SHA-1, MD5, etc. Here in this, we have used MD5 algorithm for resulting a 128 bit hash-value.

Snapshots of the algorithm implementation

Home page: After entering some text: Click on encrypt button: Click on Decrypt button: If the text-box is empty: And if clicked encrypt then it results to a message:

Keywords and Abbreviations

  • Cryptography: The process of encrypting and decrypting text for securing it.Cryptanalysis: is the art of decoding or obtaining plain text from hidden messages over an insecure channel. It is also known as code cracking.Encryption: The technique of converting plain text into some other format with the help of a key is known as Encryption.
  • Decryption: The technique of altering cipher text or encrypted text into plain (original) text is called as Decryption with the help of same key or other key.Key: An amount of information used for encrypting and decrypting text.Cipher text: The message written in secret code and is not understandable by anyone.
  • Plain text: The original message given by end-user.Encryption Algorithm: An Algorithm for encrypting given text.Decryption Algorithm: An Algorithm for decrypting the encrypted text.MD5 Algorithm: An Algorithm for finding 128 bit Message digest for the given text.Abbreviations used:MAC: Message Authentication CodeASCII: American Standard Code for Information Interchange.MD5: Message Digest v5

Future scope

This algorithm is formulated for the sake of security.There are many future scope of substitution approach employing ASCII value for Encryption & Decryption. Firstly it is certified that any intermediate person don’t hack the data between the gap of plain text and cipher text. Secondly receiver receives the encrypted text as it’s same as the senders send the plain text. Thirdly in the contemporary world, new technologies ameliorate day by day so we can exaggerate changes in this algorithm according to the requirement.

This work can be further improvised upon in the future in many different ways.

Conclusion

There are many techniques such as RSA, IDEA, AES, DES, DIFFIE-HELLMAN algorithms and much more that can be utilized to modify a plain text into cipher text to transfer over the network so nobody else than an actual recipient can understand the message.

But Substitution and Transposition is the ground for every algorithm as each and every algorithm employs Transposition or Substitution or both of them. In this view we have introduced a new technique that is titled as substitution using ASCII Codes. This new method for text encryption and decryption behaves randomly so grouping of the same cipher text and breaks it by just guessing it becomes more difficult.

This technique of combining cryptography and Message digest can lead to new area of research on securing data by other mechanisms. This technique of text encrypts and decrypt employing ASCII algorithm is definitely an impelling process when compared with other cryptographic systems. This algorithm is very meteoric, procure and trust worthy.

References

  1. Stallings W. Cryptography and Network Security: Principles and Practice, 2/3e Prentice hall, 1999; 30-49.
  2. Vineet Sukhraliya, Sumit Chaudhary, Sangeeta Solanki, Title: Encryption and Decryption Algorithm using substitution array approach. IJARCCE Vol 2 Issue 8 August 2013.
  3. Avinash Sharma, Anurag Bhatnagar, Nikhar Tak, Anuradha Sharma, Jitendra Avasthi, Prerna Sharma Title: An Approach Of Substitution Method Based On ASCII Codes In Encryption Technique ,IJASCSE Vol 1, Issue 3, 20124.
  4. R. Venkateswaran Dr. V. Sundaram, Title: Text Encryption and Decryption with Poly Substitution Method and Combining the Features of Cryptography. IJCA Vol 3 – No. 7 June 2010.
  5. https://en.wikipedia.org/wiki/Cryptography
  6. https://en.wikipedia.org/wiki/MD5XII

Read more

The Art of War

Sun-Tzu Wu is the reputed author of the Chinese classic Ping-fa (The Art of War), written approximately 475-221 B. C. Penned at a time when China was divided into six or seven states that often resorted to war with each other in their struggles for supremacy, it is a systematic guide to strategy and tactics for rulers and commanders. In doing business on the Internet during this time of rampant computer viruses and hacker attacks it may be wise for us to follow some of his tactical principles in order to insure the safety of ourselves and our future clients.

Know your enemy and know yourself; in a hundred battles, you will never be defeated. When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every battle.

In a chilling article entitled Big Brother is Watching Bob Sullivan of MSNBC recounts a tale during a recent visit to London: Only moments after stepping into the Webshack Internet cafe in London”s Soho neighborhood, “Mark” asked me what I thought of George W. Bush and Al Gore. “I wouldn”t want Bush running things,” he said. “Because he can”t run his Web site.” Then he showed me a variety of ways to hack Bush”s Web sites. That was just the beginning of a far-reaching chat during which the group nearly convinced me Big Brother is in fact here in London. “I don”t know if he can run the free world,” Mark said. “He can”t keep the Texas banking system computers secure.

So-called “2600” clubs are a kind of hacker “boy scout” organization – there are local 2600 chapters all around the globe. It is in this environment, and this mindset, that London”s hackers do their work. They do not analyze computer systems and learn how to break them out of spite, or some childish need to destroy: Mark and friends see themselves as merely accumulating knowledge that could be used in self-defense if necessary. They are the citizen”s militia, the Freedom Fighters of the Information Age, trying to stay one step ahead of technology that could one day be turned against them.

Jon-K Adams in his treatise entitled Hacker Ideology (aka Hacking Freedom) states that hackers have been called both techno-revolutionaries and heroes of the computer revolution. Hacking “has become a cultural icon about decentralized power.” But for all that, hackers are reluctant rebels. They prefer to fight with code than with words. And they would rather appear on the net than at a news conference. Status in the hacker world cannot be granted by the general public: it takes a hacker to know and appreciate a hacker. That’s part of the hacker’s revolutionary reluctance; the other part is the news media’s slant toward sensationalism, such as, “A cyberspace dragnet snared fugitive hacker.” The public tends to think of hacking as synonymous with computer crime, with breaking into computers and stealing and destroying valuable data. As a result of this tabloid mentality, the hacker attempts to fade into the digital world, where he-and it is almost always he-has a place if not a!

In his self-conception, the hacker is not a criminal, but rather a “person who enjoys exploring the details of programmable systems and how to stretch their capabilities.” Which means that he is not necessarily a computer geek. The hacker defines himself in terms that extend beyond the computer, as an “expert or enthusiast of any kind. One might be an astronomy hacker” (Jargon File). So in the broadest sense of his self-conception, the hacker hacks knowledge; he wants to know how things work, and the computer-the prototypical programmable system-simply offers more complexity and possibility, and thus more fascination, than most other things.

>From this perspective, hacking appears to be a harmless if nerdish enthusiasm. But at the same time, this seemingly innocent enthusiasm is animated by an ideology that leads to a conflict with civil authority. The hacker is motivated by the belief that the search for knowledge is an end in itself and should be unrestricted. But invariably, when a hacker explores programmable systems, he encounters barriers that bureaucracies impose in the name of security. For the hacker, these security measures become arbitrary limits placed on his exploration, or in cases that often lead to confrontation, they become the focus of further explorations: for the hacker, security measures simply represent a more challenging programmable system. As a result, when a hacker explores such systems, he hacks knowledge, but ideologically he hacks the freedom to access knowledge.

Political hackers are another group considering themselves modern freedom fighters. “Hacktivists” have officially moved from nerdish extremists to become the political protest visionaries of the digital age, a meeting at the Institute of Contemporary Arts in London was told on Thursday.

Paul Mobbs, an experienced Internet activist and anti-capitalist protestor, will tell attendees that the techniques used by politically minded computer hackers — from jamming corporate networks and sending email viruses to defacing Web sites — has moved into the realm of political campaigning. Mobbs says that the term “Hacktivism” has been adopted by so many different groups, from peaceful Net campaigners to Internet hate groups, that it is essentially meaningless, but claims that Internet protest is here to stay. “It has a place, whether people like it or not,” says Mobbs.

Steve Mizrach in his 1997 dissertation entitled Is there a Hacker Ethic for 90s Hackers? delves into this subject in great detail. He describes the divergent groups of hackers and explains their modus operandi:

I define the computer underground as members of the following six groups. Sometimes I refer to the CU as “90s hackers” or “new hackers,” as opposed to old hackers, who are hackers (old sense of the term) from the 60s who subscribed to the original Hacker Ethic.

§ Hackers (Crackers, system intruders) – These are people who attempt to penetrate security systems on remote computers. This is the new sense of the term, whereas the old sense of the term simply referred to a person who was capable of creating hacks, or elegant, unusual, and unexpected uses of technology. Typical magazines (both print and online) read by hackers include 2600 and Iron Feather Journal.

§ Phreaks (Phone Phreakers, Blue Boxers) – These are people who attempt to use technology to explore and/or control the telephone system. Originally, this involved the use of “blue boxes” or tone generators, but as the phone company began using digital instead of electro-mechanical switches, the phreaks became more like hackers. Typical magazines read by Phreaks include Phrack, Line Noize, and New Fone Express.

§ Virus writers (also, creators of Trojans, worms, logic bombs) – These are people who write code which attempts to a) reproduce itself on other systems without authorization and b) often has a side effect, whether that be to display a message, play a prank, or trash a hard drive. Agents and spiders are essentially ‘benevolent’ virii, raising the question of how underground this activity really is. Typical magazines read by Virus writers include 40HEX.

§ Pirates – Piracy is sort of a non-technical matter. Originally, it involved breaking copy protection on software, and this activity was called “cracking.” Nowadays, few software vendors use copy protection, but there are still various minor measures used to prevent the unauthorized duplication of software. Pirates devote themselves to thwarting these things and sharing commercial software freely with their friends. They usually read Pirate Newsletter and Pirate magazine.

§ Cypherpunks (cryptoanarchists) – Cypherpunks freely distribute the tools and methods for making use of strong encryption, which is basically unbreakable except by massive supercomputers. Because the NSA and FBI cannot break strong encryption (which is the basis of the PGP or Pretty Good Privacy), programs that employ it are classified as munitions, and distribution of algorithms that make use of it is a felony. Some cryptoanarchists advocate strong encryption as a tool to completely evade the State, by preventing any access whatsoever to financial or personal information. They typically read the Cypherpunks mailing list.

§ Anarchists – are committed to distributing illegal (or at least morally suspect) information, including but not limited to data on bombmaking, lockpicking, pornography, drug manufacturing, pirate radio, and cable and satellite TV piracy. In this parlance of the computer underground, anarchists are less likely to advocate the overthrow of government than the simple refusal to obey restrictions on distributing information. They tend to read Cult of the Dead Cow (CDC) and Activist Times Incorporated (ATI).

§ Cyberpunk – usually some combination of the above, plus interest in technological self-modification, science fiction of the Neuromancer genre, and interest in hardware hacking and “street tech.” A youth subculture in its own right, with some overlaps with the “modern primitive” and “raver” subcultures.

So should we fear these geeky little mischief-makers?

The New York Post revealed recently that a busboy allegedly managed to steal millions of dollars from the world”s richest people by stealing their identities and tricking credit agencies and brokerage firms. In his article describing this event Bob Sullivan says, “Abraham Abdallah, I think, did us all a favor, for he has exposed as a sham the security at the world”s most important financial institutions.” The same two free e-mail addresses were used to request financial transfers for six different wealthy Merrill Lynch clients, according to the Post story. Merrill Lynch didn”t notice? Why would Merrill accept any transfer requests, indeed take any financial communication seriously at all, from a free, obviously unverified anonymous e-mail account? I”m alarmed by the checks and balances that must be in place at big New York brokerage firms.

Rather than being a story about a genius who almost got away, this is simply one more story of easy identity theft amid a tidal wave of similar crimes. The Federal Trade Commission has received 40,000 complaints of identity theft since it started keeping track two years ago, but the agency is certain that represents only a fraction of real victims. This is a serious problem, long ignored by the industry. If fact, just last year the credit industry beat back a congressional bill known as The Identity Theft Protection Act, claiming it would be too expensive for them. “Clearly there has to be more leveling of the playing field. We have to hold banks and credit unions accountable.”

Last month the U.S. Federal Bureau of Investigation (FBI) was again warning electronic-commerce Web sites to patch their Windows-based systems to protect their data against hackers.

The FBI’s National Infrastructure Protection Center (NIPC) has coordinated investigations over the past several months into organized hacker activities targeting e-commerce sites. More than 40 victims in 20 states have been identified in the ongoing investigations, which have included law enforcement agencies outside the United States and private sector officials.

The investigations have uncovered several organized hacker groups from Russia, the Ukraine, and elsewhere in Eastern Europe that have penetrated U.S. e-commerce and online banking computer systems by exploiting vulnerabilities in the Windows NT operating system, the statement said. Microsoft has released patches for these vulnerabilities, which can be downloaded from Microsoft’s Web site for free.

Once the hackers gain access, they download proprietary information, customer databases, and credit card information, according to the FBI. The hackers subsequently contact the company and attempt to extort money by offering to patch the system and by offering to protect the company’s systems from exploitation by other hackers.

The hackers tell the victim that without their services they cannot guarantee that other hackers will not access their networks and post stolen credit card information and details about the site’s security vulnerability on the Internet. If the company does not pay or hire the group for its security services, the threats escalate, the FBI said. Investigators also believe that in some instances the credit card information is being sold to organized crime groups.

Defend yourself when you cannot defeat the enemy, and attack the enemy when you can.

Scott Culp in a detailed list of security precautions on Microsoft”s Web page suggests that there are ten immutable laws of security.

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore. It’s an unfortunate fact of computer science: when a computer program runs, it will do what it’s programmed to do, even if it’s programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. That’s why it’s important to never run, or even download, a program from an untrusted source – and by “source”, I mean the person who wrote it, not the person who gave it to you.

Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore. In the end, an operating system is just a series of ones and zeroes that, when interpreted by the processor, cause the machine to do certain things. Change the ones and zeroes, and it will do something different. To understand why, consider that operating system files are among the most trusted ones on the computer, and they generally run with system-level privileges.

That is, they can do absolutely anything. Among other things, they’re trusted to manage user accounts, handle password changes, and enforce the rules governing who can do what on the computer. If a bad guy can change them, the now-untrustworthy files will do his bidding, and there’s no limit to what he can do. He can steal passwords, make himself an administrator on the machine, or add entirely new functions to the operating system. To prevent this type of attack, make sure that the system files (and the registry!

, for that matter) are well protected.

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

He could mount the ultimate low-tech denial of service attack, and smash your computer with a sledgehammer.

§ He could unplug the computer, haul it out of your building, and hold it for ransom.

§ He could boot the computer from a floppy disk, and reformat your hard drive. But wait, you say, I’ve configured the BIOS on my computer to prompt for a password when I turn the power on. No problem – if he can open the case and get his hands on the system hardware, he could just replace the BIOS chips. (Actually, there are even easier ways).

§ He could remove the hard drive from your computer, install it into his computer, and read it.

§ He could make a duplicate of your hard drive and take it back his lair. Once there, he’d have all the time in the world to conduct brute-force attacks, such as trying every possible logon password. Programs are available to automate this and, given enough time, it’s almost certain that he would succeed. Once that happens, Laws #1 and #2 above apply

§ He could replace your keyboard with one that contains a radio transmitter. He could then monitor everything you type, including your password.

Always make sure that a computer is physically protected in a way that’s consistent with its value – and remember that the value of a machine includes not only the value of the hardware itself, but the value of the data on it, and the value of the access to your network that a bad guy could gain. At a minimum, business-critical machines like domain controllers, database servers, and print/file servers should always be in a locked room that only people charged with administration and maintenance can access. But you may want to consider protecting other machines as well, and potentially using additional protective measures.

If you travel with a laptop, it’s absolutely critical that you protect it. The same features that make laptops great to travel with – small size, light weight, and so forth – also make them easy to steal. There are a variety of locks and alarms available for laptops, and some models let you remove the hard drive and carry it with you. You also can use features like the Encrypting File System in Windows 2000 to mitigate the damage if someone succeeded in stealing the computer. But the only way you can know with 100% certainty that your data is safe and the hardware hasn’t been tampered with is to keep the laptop on your person at all times while traveling.

Law #4: If you allow a bad guy to upload programs to your web site, it’s not your web site any more. This is basically Law #1 in reverse. In that scenario, the bad guy tricks his victim into downloading a harmful program onto his machine and running it. In this one, the bad guy uploads a harmful program to a machine and runs it himself. Although this scenario is a danger anytime you allow strangers to connect to your machine, web sites are involved in the overwhelming majority of these cases. Many people who operate web sites are too hospitable for their own good, and allow visitors to upload programs to the site and run them. As we’ve seen above, unpleasant things can happen if a bad guy’s program can run on your machine.

If you run a web site, you need to limit what visitors can do. You should only allow a program on your site if you wrote it yourself, or if you trust the developer who wrote it. But that may not be enough. If your web site is one of several hosted on a shared server, you need to be extra careful. If a bad guy can compromise one of the other sites on the server, it’s possible he could extend his control to the server itself, in which case he could control all of the sites on it – including yours. If you’re on a shared server, it’s important to find out what the server administrator’s policies are.

Law #5: Weak passwords trump strong security. The purpose of having a logon process is to establish who you are. Once the operating system knows who you are, it can grant or deny requests for system resources appropriately. If a bad guy learns your password, he can log on as you. In fact, as far as the operating system is concerned, he is you. Whatever you can do on the system, he can do as well, because he’s you. Maybe he wants to read sensitive information you’ve stored on your computer, like your email. Maybe you have more privileges on the network than he does, and being you will let him do things he normally couldn’t. Or maybe he just wants to do something malicious and blame it on you. In any case, it’s worth protecting your credentials.

Always use a password – it’s amazing how many accounts have blank passwords. And choose a complex one. Don’t use your dog’s name, your anniversary date, or the name of the local football team. And don’t use the word “password”! Pick a password that has a mix of upper- and lower-case letters, number, punctuation marks, and so forth. Make it as long as possible. And change it often. Once you’ve picked a strong password, handle it appropriately. Don’t write it down. If you absolutely must write it down, at the very least keep it in a safe or a locked drawer – the first thing a bad guy who’s hunting for passwords will do is check for a yellow sticky note on the side of your screen, or in the top desk drawer. Don’t tell anyone what your password is. Remember what Ben Franklin said: two people can keep a secret, but only if one of them is dead.

Finally, consider using something stronger than passwords to identify yourself to the system. Windows 2000, for instance, supports the use of smart cards, which significantly strengthens the identity checking the system can perform. You may also want to consider biometric products like fingerprint and retina scanners.

Law #6: A machine is only as secure as the administrator is trustworthy. Every computer must have an administrator: someone who can install software, configure the operating system, add and manage user accounts, establish security policies, and handle all the other management tasks associated with keeping a computer up and running. By definition, these tasks require that he have control over the machine.

This puts the administrator in a position of unequalled power. An untrustworthy administrator can negate every other security measure you’ve taken. He can change the permissions on the machine, modify the system security policies, install malicious software, add bogus users, or do any of a million other things. He can subvert virtually any protective measure in the operating system, because he controls it. Worst of all, he can cover his tracks. If you have an untrustworthy administrator, you have absolutely no security.

When hiring a system administrator, recognize the position of trust that administrators occupy, and only hire people who warrant that trust. Call his references, and ask them about his previous work record, especially with regard to any security incidents at previous employers. If appropriate for your organization, you may also consider taking a step that banks and other security-conscious companies do, and require that your administrators pass a complete background check at hiring time, and at periodic intervals afterward. Whatever criteria you select, apply them across the board. Don’t give anyone administrative privileges on your network unless they’ve been vetted – and this includes temporary employees and contractors, too.

Next, take steps to help keep honest people honest. Use sign-in/sign-out sheets to track who’s been in the server room. (You do have a server room with a locked door, right? If not, re-read Law #3). Implement a “two person” rule when installing or upgrading software. Diversify management tasks as much as possible, as a way of minimizing how much power any one administrator has. Also, don’t use the Administrator account – instead, give each administrator a separate account with administrative privileges, so you can tell who’s doing what. Finally, consider taking steps to make it more difficult for a rogue administrator to cover his tracks. For instance, store audit data on write-only media, or house System A’s audit data on System B, and make sure that the two systems have different administrators. The more accountable your administrators are, the less likely you are to have problems.

Law #7: Encrypted data is only as secure as the decryption key. Suppose you installed the biggest, strongest, most secure lock in the world on your front door, but you put the key under the front door mat. It wouldn’t really matter how strong the lock is, would it? The critical factor would be the poor way the key was protected, because if a burglar could find it, he’d have everything he needed to open the lock. Encrypted data works the same way – no matter how strong the cryptoalgorithm is, the data is only as safe as the key that can decrypt it.

Many operating systems and cryptographic software products give you an option to store cryptographic keys on the computer. The advantage is convenience – you don’t have to handle the key – but it comes at the cost of security. The keys are usually obfuscated (that is, hidden), and some of the obfuscation methods are quite good. But in the end, no matter how well-hidden the key is, if it’s on the machine it can be found. It has to be – after all, the software can find it, so a sufficiently-motivated bad guy could find it, too. Whenever possible, use offline storage for keys. If the key is a word or phrase, memorize it. If not, export it to a floppy disk, make a backup copy, and store the copies in separate, secure locations.

Law #8: An out of date virus scanner is only marginally better than no virus scanner at all. Virus scanners work by comparing the data on your computer against a collection of virus “signatures”. Each signature is characteristic of a particular virus, and when the scanner finds data in a file, email, or elsewhere that matches the signature, it concludes that it’s found a virus. However, a virus scanner can only scan for the viruses it knows about. It’s vital that you keep your virus scanner’s signature file up to date, as new viruses are created every day.

The problem actually goes a bit deeper than this, though. Typically, a new virus will do the greatest amount of damage during the early stages of its life, precisely because few people will be able to detect it. Once word gets around that a new virus is on the loose and people update their virus signatures, the spread of the virus falls off drastically. The key is to get ahead of the curve, and have updated signature files on your machine before the virus hits.

Virtually every maker of anti-virus software provides a way to get free updated signature files from their web site. In fact, many have “push” services, in which they’ll send notification every time a new signature file is released. Use these services. Also, keep the virus scanner itself – that is, the scanning software – updated as well. Virus writers periodically develop new techniques that require that the scanners change how they do their work.

Law #9: Absolute anonymity isn’t practical, in real life or on the web. All human interaction involves exchanging data of some kind. If someone weaves enough of that data together, they can identify you. Think about all the information that a person can glean in just a short conversation with you. In one glance, they can gauge your height, weight, and approximate age. Your accent will probably tell them what country you’re from, and may even tell them what region of the country. If you talk about anything other than the weather, you’ll probably tell them something about your family, your interests, where you live, and what you do for a living. It doesn’t take long for someone to collect enough information to figure out who you are. If you crave absolute anonymity, your best bet is to live in a cave and shun all human contact.

The same thing is true of the Internet. If you visit a web site, the owner can, if he’s sufficiently motivated, find out who you are. After all, the ones and zeroes that make up the web session have be able to find their way to the right place, and that place is your computer. There are a lot of measures you can take to disguise the bits, and the more of them you use, the more thoroughly the bits will be disguised. For instance, you could use network address translation to mask your actual IP address, subscribe to an anonymizing service that launders the bits by relaying them from one end of the ether to the other, use a different ISP account for different purposes, surf certain sites only from public kiosks, and so on. All of these make it more difficult to determine who you are, but none of them make it impossible. Do you know for certain who operates the anonymizing service? Maybe it’s the same person who owns the web site you just visited! Or what about that innocuous web !

site you visited yesterday, that offered to mail you a free $10 off coupon? Maybe the owner is willing to share information with other web site owners. If so, the second web site owner may be able to correlate the information from the two sites and determine who you are.

Does this mean that privacy on the web is a lost cause? Not at all. What it means is that the best way to protect your privacy on the Internet is the same as the way you protect your privacy in normal life – through your behavior. Read the privacy statements on the web sites you visit, and only do business with ones whose practices you agree with. If you’re worried about cookies, disable them. Most importantly, avoid indiscriminate web surfing – recognize that just as most cities have a bad side of town that’s best avoided, the Internet does too. But if it’s complete and total anonymity you want, better start looking for that cave.

Read more

Survey Paper on Banking System using Location-Based System

Table of contents

Abstract – Increasing digital technology has revolutionized the life of people. The banking system in today’s world is open to threats of fraud and cyber-attacks. Since today’s banking system is built on location-based, it is easy for an attacker to penetrate in any such database which will easily compromise all the information and data of the customers of the bank.

This vulnerability of today’s banking system can be reduced by re-building the banking systems on top of location-based technology, thus reducing the threat of the database being hacked. Since the user is accessing an account within a particular geographical location then the only user can access or transfer money otherwise not it will make the transactions more secure thus making the overall banking system faster and secure.

Index Terms – location based, Banking system, AES

INTRODUCTION

Smart phones are becoming a major part in everybody’s daily life. All kinds of activities, including banking or financial mCommerce transactions (e.g. online shopping), are nowadays performed online via Smartphone applications whilst on the move. 50% of all Smartphone owners in the U.S. used their Smartphone for banking transactions in the first quarter of 2011. This is an increase of nearly 100% compared to the year before [1].

However, most of the techniques used to authenticate the client towards the remote authenticator (i.e. the bank offering a financial service) in these mCommerce applications still base upon classic (and static) authentication factors like passwords, tokens or biometrics.

The fact that the client is on the move, whilst using these mCommerce applications is not considered or used to enhance the authentication security. Reliable client authentication and data protection are still major concerns for mCommerce application providers because the classical authentication factors are open for hackers.

As a result, mCommerce application providers restrict access, on average, to 30% of possible services to their clients via Smartphone applications. Financial institutions engaging in any form of Internet banking using smart phones should have effective and reliable methods to authenticate customers.

An effective authentication system is necessary for compliance with requirements to safeguard customer information, to prevent money laundering and terrorist financing, to reduce fraud, to inhibit identity theft, and to promote the legal enforceability of their electronic agreements and transactions. The risks of doing business with unauthorized or incorrectly identified persons in an Internet banking environment can result in financial loss and reputation damage through fraud, disclosure of customer information, corruption of data, or unenforceable agreements.

There are a variety of technologies and methodologies financial institutions can use to authenticate customers. This paper presents a solution to implement a Secure Authentication mechanism which is based on an active securing Fund Transaction and securing login credential using Location Based Authentication.

RELATED WORK

In this Paper, This paper proposes a location-aware attribute-based access control scheme for cloud storage, in which the location information is flexibly set as trapdoors inside fundamental access policies of CP-ABE, and trapdoors are released with the help of location servers. The trapdoor approach makes that the change of users’ locations will not cause revocation of users’ attributes.

Our analysis shows that the above approach is effective and our proposed LABAC brings little overhead to data consumers, attribute authorities and the cloud.[1]

In this paper, we have covered several novel technologies that use mobile devices to access different services from anywhere and anytime. The definitions, the advantages and the architecture of each technology is explored. The mobile cloud computing technology was taken, recently, more consideration a caused to its importance.

Because mobile devices in continuous and quick development, they are taken a care from IT developers. Mobile cloud computing will be the dominate technology and the trend now is to develop new applications and to remodify the old applications to be mobile cloudy. We tried to prove that this technology will conquer the challenges and the problems of preceding technologies. Mobile cloud computing models are presented.

These models try to alleviate the problems concerning the limited resources in mobile devices. Despite the enormous development of mobile devices and the support of mobile cloud computing to mobile devices, they still take a lot of attention of researcher because a number of challenges encounter this technology. We are interested to work in this domain and, for future research, we will concentrate on its challenges and explore it deeply.[2]

In this paper, we have undertaken a systematic literature review of mobile cloud computing (MCC), in order to understand the trend of research interests so far in MCC, in terms of the least and most researched issues. We were able to highlight some of the challenges in MCC such as privacy, security and trust, fault tolerance, mobility management, network congestion, heterogeneity and connection protocols, resource constraint and platform heterogeneity, context awareness, presentation and usability issues, battery life and energy awareness, and cloud API Security Management.[3]

In this paper, we tend to propose a unique authentication theme for mobile cloud computing, Data Digest-based Authentication consists of 3 phases: registration, authentication, and update. With these phases, Data Digest Authentication utilizes hashing, additionally to traditional user id and secret primarily based authentication, to make sure confidentiality and integrity throughout the authentication method. It can survive a range of various attacks, like man-in-the-middle, replay attacks, etc.[4]

Cloud computing is the present and futuristic resource pooling paradigm which converges with the Internet of Things (IoT). However, there are authentication and key management issues to be resolved. Identifying users is not an easy task in cloud. As a result in this article we proposed a provably secure multi-factors authentication scheme with trusted third party. In our approach, trustee distributes the authentication tokens on behalf of cloud service provid¬ers and allows the cloud servers just to verify the hashed key credential data.

This approach also ensures the mutual authentication of the communication entities. We used multi-party station to station Diffie-Hellman key exchange protocol which overcomes many key management prob-lems. Our proposed mechanism preserves the privacy of the remote authentication details in the cloud and significantly helps to protect the stakeholder’s sensitive information from the inside and outside malicious attackers.[5]

EXISTING SYSTEM

In the existing system several challenges, including security and privacy are raised from the adoption of this IT paradigm. A major challenge in cloud and mobile cloud computing is to ensure security and privacy of users personal information (e.g., financial data, health record, location information) from malicious attacks. It is important for a cloud service provider (CSP) to establish trust and gain confidence by providing proper security and privacy to the clients.

PROPOSED SYSTEM

In this paper, The proposed authentication scheme provides a true protection for the user credentials in the cloud. Therefore the problems and risks envisioned in the previous section can be achieved. Advanced Encryption Standard (AES) algorithm is used for symmetric encryption/decryption of communication data between users and servers.

A major challenge in cloud and mobile cloud computing is to ensure security and privacy of users personal information (e.g., financial data, health record, location information) from malicious attacks. It is important for a cloud service provider (CSP) to establish trust and gain confidence by providing proper security and privacy to the clients. Authentication is important for establishing accountability and authorization of the users while allocating cloud resources.

These days, mobile devices are built with features that allow them to access the clouds resources. The devices are made to easily access the resources due to their portability and ease of use. This architecture is the same as the client server architecture. The second purpose of the mobile device is to act the node for the cloud where resources are gathered from all the mobile devices that are participating to solve the problem of processing power and limited storage. The methodology of the system is:

  1. User: The data consumer (User) is assigned a global user identity Uid. In the proposed system the user send request to the cloud server for accessing the information (transaction).
  2. Admin: Admin can add user and monitors system.
  3. Cloud: In cloud we can stored and access data.
  4. Location-based Authentication: In this module If user is accessing a account within particular geographical location then only user can access or transfer money otherwise not.

CONCLUSION AND FUTURE WORK

In this system we proposed a novel fully secure location-based mechanism based on a Advanced Encryption Standard (AES) scheme. To protect user’s confidential information, data should be accessible by the authenticated people only. To achieve this aim, location based authentication methods are used.

REFERENCES

  1. Yingjie Xue, Jianan Hong, A Location-aware Attribute-based Access Control Scheme for Cloud Storage.
  2. Erlangung des doktorgrades, Biometric cryptosystems: authentication, encryption and signature for biometric identities.
  3. Ahmed Dheyaa Basha, Mobile Applications as Cloud Computing: Implementation and Challenge.
  4. Prof. Mamta sharma, Study on mobile cloud computing, it’s architecture, challenges and various trends.
  5.  Zhangjie Fu, Xingming Sun Towards Efficient Content-aware Search over Encrypted Outsourced Data in Cloud.
  6. Y. Zhu, D. Ma, D. Huang, and C. Hu, “Enabling secure locationbased services in mobile cloud computing,” in Proceedings of the 2nd ACM SIGCOMM workshop on Mobile cloud computing. ACM, 2013, pp. 27–32.
  7. J. Shao, R. Lu, and X. Lin, “FINE: A ?ne-grained privacypreserving location-based service framework for mobile devices,” in Proceedings of the 33rd IEEE International Conference on Computer Communications. IEEE, 2014, pp. 244–252.
  8. S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute revocation,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ACM, 2010, pp. 261–270.
  9. K. Yang, X. Jia, and K. Ren, “Attribute-based ?ne-grained access control with ef?cient revocation in cloud storage systems,” in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. ACM, 2013, pp. 523–528.
  10. D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in Proceedings of the 21st Annual International Cryptology Conference. Springer, 2001, pp. 213–229

Read more

Communication in the Military

Communication has always been important with in the military from day one. Wihtout this communication no soldier would know where to be or when to be there. When the U. S. military first began we fought in a completely different style than we do today. Back then there was alot more to war to than there is today. They stood on line with their chests out proud of what they were doing. Without communication the first rank would not know when to fire their muskets, when to take a knee, when to begin reloading their weapons and when to stand back up to take aim to start the process all over again.

According to the Merriam Webster Dictionary the classification of communication states it’s a process by which information is exchanged between individuals through a common system of symbols, signs or behaviour. In relation, communication is the heart of what makes the United States Army what it is today. Without Communication vital information would not be passed down from the Chief of Command to a chain of Non Commissioned Officers to the soldiers. Not to mention, innocent lives would be in jeopardy, missions would be misconstrued, and simple information from NCO to soldier would be conflicted.

Lack of communication in the army means important decision on anything would not be made. Taking from the Chief of Command, if he did communicated to his dependents on decisions such as going to war, or even making the change of declaring General Martin Dempsey chairman of the Joint Chiefs of Staff how could we improved the nation better yet a team; because all in all the United States army is a TEAM. Not having communication within a constituency of people creates an anarchy of chaos. The smallest amount of information is always imperative.

For example, if a soldier goes out over the weekend and doesn’t inform anyone of he or she whereabouts and something crucial happens to him or her no one would never know because that soldier failed to communicated with his/her battle buddy more importantly their NCO. It is important to notify your chain of command where you are at all times so that they know. This is why the Army has developed the TRiPs system so that if traveling outside of the 250 mile radius of post you are required to fill out this digital form and it be approved by your supervisor before taking the said trip so that your chain of command knows your whereabouts always.

When others know about one’s location it is easier to manoeuvre to find them if anything should ever go wrong. No one wants to become a victim if something should ever go not according to plan; and that’s why it is critical to notify someone whenever going out. Communication is key due to the simple fact that if the individuals involved in the social interaction do not first form a bases of what is tolerable and what is not, how than, can they “respect” the other individual.

They next element that would be necessary for a healthy respectful relationship would be empathy. Without an empathic outlook by all parties engaged in communication, how might they respect another’s point of view? Empathy must follow communication, for empathy shows acknowledgement and understanding of what was first communicated by all parties. After empathy, the final and most important step towards respect is submission. Submission is needed to assimilate each individual into respect, not per say, for one or more individuals to dominate the others.

Lets break down these three ideals of respect, starting with communication. Communication is the very bases for respect. Without this very basic idea, an organization as prominent as the Army of the United States could simply not exist. The relationship between communication and respect is one sided. Communication can exist without respect, but not vice versa. An example of this could include two individuals fighting over the price of an item. Both individuals are communicating, but neither is respecting the other.

By any means, the bane of communication when applied to respect is miscommunication. Miscommunication in itself is the very break down of communication. Communication plays an essential role in any institution, especially in the military. The military employs two basic forms of communication; which are verbal and non-verbal. All two forms are vital to the success of the military. Without effective communication in the military regardless of the status there cannot be a positive outcome of any situation with failure to understand what is passed.

Military communication has played an important role in transmitting information, orders, and reports both in the field and at sea and between command centres and deployed units both in the field and at sea. Information is transmitted from superiors to subordinates utilizing the chain of command system. “The American Heritage dictionary of English language” defines Chain of command as a system where by authority is passed down from the top through a series of executive positions or military ranks in which each is accountable to the one directly superior.

Individual unit leaders exercise command by communicating orders and instruction of commanders to their respective units. Traditionally, military communication had been in the form of sending and receiving signals. “The first military comms tool was the communication automobile designed by the Soviet Union in 1934. The basics of the communications in the beginning was the sending and receiving of signals – which were encoded so that the enemy would not be able to get hold of any top secret communication.

Then the advent of distinctive signals which lead to the formation of the Signal Corps, this corp. , specialised in tactics of military comms. They evolved into a distinctive occupation where the signaller became a highly technical job dealing with all available communications methods including civil ones. In the modern world, most nations attempt to minimize the risk of war caused by miscommunication or inadequate communication by pushing the limits of communication technology and systems.

As a result military communication is more intense, complicated, and often motivates the development of advanced technology for remote systems such as satellites and aircraft, both manned and unmanned, as well as computers. Computers and their varied applications have revolutionized military comms. Fortunately military communication does not always merely facilitate warfare, but often supports intelligence gathering and communication between adversaries, and thus sometimes prevents war. Signal communication is basically a means of conveying information from person or place to the other utilizing indicators such as gestures and smoke. Signal communication or signaling has long played an important role in warfare. “This form of communication is greatly employed when troops don’t want to be heard or detected and it serves to provide a means of transmitting information from reconnaissance and other units in contact with the enemy. ” The military uses signal communcations in many different ways and have done so since the beginning of the military.

Whether it be in the form of hand and arm signals within an Infantry unit to allow everyone behind them to know what they need to do at a specific time whether it be halt or stop movement, or to take a knee, to get down in the prone, to mark a rally point to meet up at. The list goes on and on and by using a signaling form of communication it allows them to do so without being heard by an enemy force that may be in the immediate area. The signaling form of communication smoke is also used by infantry units and other ground force elements to notify others what they need to do or the position in which they are in.

They use smoke to notify medevac of their position in case they have wounded or KIA within their element to be picked up. Ground troops would “pop smoke” and wait for the medevac helicopter to indicate what color of smoke that they see to know that it is they element in which they are intending to go to. Verbal communication is the most widely used form of communication in the military. This method has an advantage over the other forms of communication. It allows the person passing the information to interpret the facial expressions of those receiving the information being passed.

You can also use the web now days as a form of verbal communcation. With the addition of this tool the military has become even more effective. With this tool leaders are able to send the same message to a large group of people without having to take the time out to have a formation or a gathering of the soldiers in order to do so. This method has become the primary source of communcation within the military because of its ease and almost everyone has access to a computer and the web at some point during their duty day.

It reduces time in which it takes to get information put out and reduces the amount of time that one would waste by going to a gathering or formation. The people within the conversation is ultimately unlimited to whomever they would like within it and allows for multiple responses at one said time whenever they see the message and are able to send a response without taking them away from other tasks at hand and allowing them to efficiently transition from one task to the next.

Military Communication is a key to the success of everything that we do in the military. Here is an example of how the web can help efficiently pass along information in the Army. With communicating in the military it has to be clear and to the point because many times it has to be passed on to someone else and there can not be any confusion. Just recently I received and email.

It was to pass along what the Commander had worked out for the holiday schedule for Thanksgiving and wanted all the units to be aware of the days that we would have off and the days that we needed to post a duty also give us the days for leave that service members are allowed to take and posted a memo stating that if someone is to take leave on these dates they are not allowed to take leave for the rest of the year unless it was a red cross emergency. The purpose of this email so I can inform my team on the days that we would have off and the days allotted for leave.

My commanding officer was the sender and I was the receiver. The message was the days we would have off for thanksgiving holidays. The technology used was a milper messages which is a military personal message. All involved had positive feedback. The technology used was very appropriate due to this needed to be sent out to many units at one time rather than the commander looking up each email address and sending that out that way he could send it out to each unit and then the Commanding Officer can see to it that the message was passed to each person.

Another form of military communication is Cryptography. Cryptography is one of the most influential and important assets pertaining to government today. “Cryptography is the mathematical science of preparingcommunication incoherent to parties unintended to receive the message, or Cryptography is the study of methods of converting readable messages into guised unreadable information, unless one knows of the methods of decryption. This military comms method ensured that the messages reached the correct hands and eyes or ears.

Nowadays digital cash, signatures, digital rights management and intellectual property rights and secure electronic commerce are its new purviews. It is also being used in computing, telecommunications and infrastructure. ” In essence this what this statement is saying is that when using cryptography you are required to enter some sort of passcode or password in order to access the material contained within the message. The military uses this method when it comes to almost any kind of electronically sent mail or information.

In order to access the Army Knowledge Online website which contains soldiers data and emails you are required to enter your username and password. The passwords the military requires people to use are some of the most difficult passwords to hack. All passwords must contain uppercase, lowercase letters along with numbers and special characters. Another form of Cryptography used by the military is the common access card. This card contains soldier data within a microchip that is inserted into an identification card. When using the CAC card you also have a 6-8 digit pincode that is required when acessing government computers or material.

Each soldier has a CAC card that is used to get throught the gate on each military installation. This form of Cryptography takes two essential things in the miltary and forms them both into one idea. Written communication is another form in which the military uses. The written form of communication is probably the most commonly used form of communication within the military. Military uses written communication everyday. Whether it be in the form of an email which can also be considered verbal or in the form of a Memorandum for record or a DA form 4856 counseling form. One of the most important concepts to master is expressed several ways: put your bottom line first, hook your reader, make it relevant to him/her. DA PAM 600-67 lists this concept first among its seven style techniques in Paragraph 3-1 and hammers the idea home again in Paragraph 3-2. AR 25-50 says “focus first on the main point” (Paragraph 1-45) and “open with a short, clear purpose statement” (Paragraph 1-46). ” A MFR can be for the purpose of many different things. It can be used to give guidence of off limit establishments or be a directive on how a task will be carried out.

Beyond that there are even more ways a memorandum for record may be used but those are just a couple that come to mind right off hand. The DA form 4856 counseling is used amongst the Army. It gives guidence to on a monthly basis or whenever they do something negative in which his or her chain of command feels it is necessary to give the soldier a negative counseling. There are many other reasons for a counseling. They can be used purposes to give the soldier a guideline to things that he or she must accomplish in order to be recommended for promotion or reasons that they are not being recommended.

On a monthly basis the counseling tells a soldier how the soldier ultimately did for the previous month whether it be good or bad. The counseling will have special emphasis on what the soldier did well as well as the soldiers shortcomings, giving the soldier guidence on what he or she should work on the following month. The DA 4856 is an excellent form of communication between the Team or Squad leader and the lower enlisted within his or her team or squad when used properly.

Most people in the Army do not use the counseling form in the correct manner in which it was designed to be used. This is usually due to the fact that they themselves do not understand Army communication themselves or they just do not understand how the form is actually meant to be used. The Army is begining to go back to its old way and the ways that most soldiers have been brought up in the Army is in fact the wrong way leading to what is being known as Toxic Leadership and the Department of the Army is doing their best to begin getting rid of this toxic leadership.

Toxic leadership could be defined as someone that does the bare minimum or in the case of a counseling form would what is referred to as hand jamming it. Meaning that they pay no attention to their soldier but when something comes up and they do not have the counselings prepared they go back and write them and instruct the lower enlisted soldier that they are in control of to back date the form to keep them from getting in trouble as well. This form has become more and more common within the Army that is rediculous.

If someone wants to be in charge of someone they should take charge and do what they are suppose to do in that position not throwing their soldier under the bus when they think thats something they have done is coming back to bite them based on their own actions… They expect their soldiers to cover them but leadership is suppose to stick up for their soldiers not throw them under the bus. What kind of signal, what kind of communication is this to the lower level soldier? Not a good one and thats all that can be said.

To sum up this essay there are several different forms of communication within the military that all serve their own purpose to the military. There is the communication form of signal that can be used to signal different things from telling other soldiers what they should do next when in combat, to informing air support of your position via smoke or a VS-17 panel. There is the form of verbal communication which can be used to give a platoon or company of soldiers a safety briefing for the weekend, or just to put out guidence to a select few individuals within the element.

Another form of communication being cryptography. Cryptography allows one said person to send another said person a message or email or another form of typed material that you must use a passcode, pincode, or password to access. All forms of government email use this type of communication to ensure the safety and of the rest of the population of the United States. The last form of communication we discussed is written. Written communication is the most important and most commonly used among the military.

Written comunication can be used as a MFR or counseling session for a lower level soldier. A MFR can be used in different ways, it can be used to notify soldiers of off limit establishments or just to give guidence to soldiers on how to accomplish a said task that has been given to them. A DA form 4856 is utilized to give guidence to the lower level soldier on how well they have performed over the period of a month. Commonly known as a monthly counseling but can also be used as a negative counseling to inform a soldier of wrong doing that he or she has done to recieve the statement.

Negative counselings can be used in conjunction to ultimately punish the soldier using UCMJ action. All in all communcation is an essential part of the military. The lack of communication cause serious problems as well as just the lack of understanding the communication that has been given. Communication within the military is a must or nothing will get done, or get done to the standards anyway. It is imparative that all members of the United States military understand the importance of communication and excercises it on a regular basis on order for the military to effectively function.

Read more

Sms Banking

Table of contents

Abstract

M-banking has emerged as one of the main division of m-commerce. Mobile banking services consists of information inquiry, notifications and alerts, applications and payment transfer. Mobile based application is used for connecting customer handset with bank server for all such services.

Current M-banking applications used by banks are facing security challenges for payment transfer banks are using secure payment gateway and other security measures which increases cost and infrastructure for bank but major day-to-day banking applications are inquiries, notifications and alerts. The problem with current banking applications is that they send data directly to customer in plain text form compromising with security. We present SMS based secure mobile banking which enhances security with minimum cost.

In this approach bank hides customer transaction data is secure SMS using AES symmetric cryptographic algorithm and send it customer application supported handset. Customer application decrypts data in secure manner. Keywords: M-banking, MD5, AES, MPIN I.

INTRODUCTION

M-banking system is one which provides all daily banking operations to customer with one click of his mobile handset with supported application. M-banking system has potential to provide access or delivery of very specific and highly necessary information to customer as given in [2].

Growth in the M-Banking is driven by various facilities like convenience of banking operations, greater reach to consumers and Integration of other m-commerce services with mobile banking. In M-banking there is no place restriction, it is highly penetration coefficient as growth of mobile phones are more than computers, it is fully personalized and private increasing transaction authenticity and is 100% available all the time with users. However, there are several challenges that need to be addressed to completely utilize the benefits of the M-Banking like handset compatibility, security, scalability, reliability.

Due to increase in use of mobile handsets for many m-commerce applications, Chances of mobile hacking for financial benefits are heavily increased. Currently mostly all banks in India and outside are sending text SMS directly to the customer handset for basic bank services without any security which can be accessed by any malicious person and can use this information for getting access to customer account. OTA (Over-the-air) mobile data can be hacked in network path from bank to customer mobile handset including MPIN, a password use for user identification in M-banking.

Thus there is a need of secure and cost effective solution which can be easily provided on all types of handsets. Our objective is to provide cost effective, secure, fast M-banking solution combining features of cryptography. In this paper we have presented SMS based secure mobile banking with minimum cost using cryptography.

M-BANKING CHANNELS

M-banking can be executed using various channels like SMS, USSD, GPRS, WAP; Phone based Application, SIM Application. All of these channels are used separately or combined for various banking operations ISSN : 0975-4024 Dec 2011- Jan 2012 472

Manoj V, Bramhe / International Journal of Engineering and Technology Vol. 3 (6), 2011, 472-479 A. Short Message Service (SMS) SMS is the simplest form of mobile banking. It is largely used for information-based services. SMS has the maximum reach amongst consumers since all the mobile phones support SMS. Short messages are stored and forwarded by SMS centres. These messages have some security issues. B. Unstructured Supplementary Services Delivery (USSD) USSD is a technology unique to GSM. It is a capability built into the GSM standard for support of transmitting information over the signalling channels of the GSM network.

USSD provides session-based communication. Turnaround response times for interactive applications are shorter for USSD than SMS. In USSD, the interaction is in the form of a continuous session as opposed to SMS. USSD is available on all handsets. C. Wireless Application Protocol (WAP) / General Packet Radio Service (GPRS) GPRS is a packet-switched data service available to GSM users. GPRS enables services such as WAP access, Multimedia Messaging Service (MMS), and services such as email and World Wide Web access in mobile phones. . WAP is wireless application protocol used over GPRS. It is similar to Internet banking.

The consumer’s handset needs to be WAP enabled. WAP banking is open to similar threats as Internet banking. D. Phone-based Application Phone based applications are developed in various languages like J2ME, . NET having advantages that it can use GPRS, USSD or SMS, MMS to carry the consumer data/instruction in an encrypted format and it is operator independent. These are secure application which resides on supported handset. E. SIM Application Tool Kit The SIM Application Toolkit allows for the service provider or bank to house the consumer’s mobile banking menu within the SIM card. STK is the most secure method of mobile banking.

It allows the bank to load its own encryption keys onto the SIM card with the bank’s own developed application.

CURRENT M-BANKING

Even though various channels are available for M-banking most of the banks uses SMS as basic and cheap channel for basic banking operations. Currently all banks in India like ICICI, HSBC, SBI etc are not using any encryption techniques in SMS based M-banking system. They are using simple text based SMS for customer queries in which they directly send account information to customer only hiding some digits of account number which can be easily hacked by any hacker or seen by anyone from message inbox.

Even though some banks do provide some other channel like GPRS and WAP but cost of implementation is more and these facilities are not available on all types of mobile handset thus there is a need of secure and cost effective solution which can be easily provided on all types of handsets. A. Issues in M-banking 1) Lack of Standards: The lack of standards gives rise to lot of local and fragmented versions of m-payments offered by different stakeholders. Standards need to address security and privacy concerns of customers as well as interoperability between various implementations. ) Device constraints: There are technical issues related to the mobile devices . The mobile phones suffers from various constrains like less processing power and memory, bandwidth, short battery life , frequent disconnections, tiny screens, poor resolution and privacy issues. 3) Security Issues: Securing m-Commerce is even more difficult than wired transaction. Device constraints raise the questions as to whether there will be adequate security for users without compromising the ease of use and speed.

Current real time M-banking application of various banks uses plain text messages without any security algorithm for sending data hence any malicious user can access customer important data on mobile and used it for malicious purpose thus direct sending of data is not suggestible for M-banking. SMS are prone to spoofing and there are issues related to SMS encryption. However technology manufacturers are developing improved security for applications with authentication and encryption technologies and many claims that the ISSN : 0975-4024

Dec 2011- Jan 2012 473 Manoj V, Bramhe / International Journal of Engineering and Technology Vol. 3 (6), 2011, 472-479 transaction using mobile device is fully secure. There are many techniques for secure M-banking operations but major research work has been done on Cryptography and steganography techniques. Cryptography is a process of converting plaintext data into cipher text using cryptographic algorithms. They insure basic security requirements like authentication, confidentiality, integrity and non-repudiation. B. Basics of Short Message Service

Short Message Service (SMS) is the ability to send and receive text messages to and from mobile telephones. SMS was launched as a part of GSM1 standard. Each short message is up to 160 characters in length. The 160 characters can comprise of words, numbers, or punctuation symbols. Short Message Service is a store and forward service; this means that messages are not sent directly to the recipient but via a network SMS Centre. SMS comprises two basic point-to-point services as Mobile-originated short message (MO-SM) and Mobile-terminated short message (MT-SM).

Mobile-originated short messages are transported from MOcapable handset to SMSC whereas Mobile-terminated short messages are transported from SMSC to the handsets. The figure no. 1 shows a typical organization of network elements in a GSM network supporting SMS. Fig. 1. Basic model of SMS based M-banking The benefits of SMS to subscribers are convenience, flexibility, and seamless integration of messaging services and data access, delivery of notifications and alerts, guaranteed message deliver, reliable, low-cost communication mechanism, increased subscriber productivity, delivery of messages to ultiple subscribers at a time. The SMSC (Short Message Service Centre) is the entity which does the job of store and forward of messages to and from the mobile station. The SME (Short Message Entity), which is typically a mobile phone or a GSM modem, can be located in the fixed network or a mobile station, receives or sends SMS. The SMSC usually has a configurable time limit for how long it will store the message. SMS Gateway SMS Gateway is an interface between software applications mobile networks.

An SMS Gateway allows interfacing software applications to send and/or receive SMS messages over mobile network. A GSM Modem modulates outgoing digital signals from a computer or other digital device to signals for a GSM network and demodulates the incoming GSM signal and converts it to a digital signal for the computer or other digital device.

PROPOSED SOLUTION

Current real time M-banking application of various banks uses plain text messages without any security algorithm for sending data in SMS banking hence any malicious user can access customer important data on mobile.

Proposed secure M-banking is based on symmetric cryptographic techniques where common secret key is shared among bank customer and bank server. Proposed Architecture consists of 4 components as Customer Mobile application, Bank Server application, Bank side mobile / GSM Modem, Bank database and wireless OTA [1]. Our solution uses windows mobile as client application platform and . NET framework as server side software. Customer interested in using M-Banking facilities has to make registration only once with corresponding bank. Bank has all necessary details of customer in database.

Bank sends Customer–side mobile application developed for windows mobile to user. Application will be installed once on windows mobile supported handset. This application consists of Login screen along with get session key option, menu screen for bank services options, and encryption and decryption screens for outgoing and incoming secure SMS and send message screen to send SMS to server GSM handset /Modem. Application will be updated as and when bank updates it. ISSN : 0975-4024 Dec 2011- Jan 2012 474 Manoj V, Bramhe / International Journal of Engineering and Technology Vol. 3 (6), 2011, 472-479

Bank will have GSM mobile Handset / GSM modem connected to bank application server. GSM handset will be connected to application server using either Bluetooth or USB cable having SIM card installed in it which has task of receiving, processing and replying customer SMS continuously. GSM handset/ modem are cheaper and can be easily installed but have slow speed for message handling which can be increased by connecting modem with SMSC centre over internet. Secure M-Banking server side application is developed in windows compatible environment like VB. NET which can be installed on bank application server.

Application is consisting of SMS Service, Information Manage, Account Details Manage, User Request modules to receive and process secure encrypted message from customer mobile. SMS Service module is responsible for retrieving and replying secure SMS automatically whenever they reaches server GSM handset / Modem. Bank database consists of various tables storing customer details pertaining to his personal information, Account information and transaction information. Bank database stores customer confidential information like his MPIN, Mobile identification pin and encryption keys in encrypted and secure manner.

We have discussed various major types of M-Banking channels as SMS, GPRS, WAP and USSD out of which every channel has own advantages and disadvantages. WAP and GPRS are good and provide session based security but they are handset dependent and also in rural part of India all mobile operators are not providing respective services. USSD is used along with SMS and requires separate infrastructure. Thus SMS channel is simple, easy to implement, cheaper and widely used channel which is device independent. Current SMS based M- has many drawbacks s SMS is inherently developed in GSM for non-sensitive message transfer among users. Mutual authentication, text encryption, end-to-end security and non-repudiation is not present in design of GSM architecture [16]. Major issues with SMS based banking are SMS Spoofing which is an attack where malicious user sends out SMS message which appears to be sent by original sender. Current SMS architecture allows hiding original sender’s address by altering respective field in original SMS header. Also SMS has encryption only during path from base transreceiver station and mobile station. End-to-end encryption is not available.

IMPLEMENTATION

We have implemented proposed solution in . NET platform for windows mobile in windows environment. Customer mobile application in . NET framework runs on supported windows mobile handset for which we have used HTC mobile and bank server application is running in . NET along with any GSM handset connected in Bluetooth / USB mode to it. We have added secure SMS structure which provides extra security along with satisfying security parameters. This secure SMS will add extra security features like cryptographic and hashing algorithm to satisfy confidentiality, integrity, authentication and non-repudiation.

Our system is based on secure SMS protocol and it uses SMS as media to send and receive encrypted information. . A. Secure SMS Message Structure The secured SMS message is divided into multiple fields’s to accommodate for the various security checks required for the protocol. Figure no. 2 shows the structure overview for a secure SMS message. The use of each labelled structure is explained below. Account No. Session Key Cipher Text (6 digit) (Generated From MPIN) (Plain Text + MPIN) Message Digest Fig. 2. Secure SMS message Structure Secure SMS message structure proposed by us consists of 4 fields’s as shown in above figure.

Account Number: – It is customer account number in bank which is first field used for authentication purpose. This information is stored in plain test format so that at the server end, information can be retrieved to get required keys from database. Session key: – It is onetime key randomly generated from customer MPIN inputted in bank server database during M-Banking registration process. This key is stored in 2nd field of message. Customer makes a request to get session key from his handset to bank server. Bank server will reply this with encrypted session keys stored in file, which will be stored on customer handset. ISSN : 0975-4024

Dec 2011- Jan 2012 475 Manoj V, Bramhe / International Journal of Engineering and Technology Vol. 3 (6), 2011, 472-479 Cipher Text: – This text is created from combination of plain text and MPIN and stored in 3rd filed of message structure. Main idea behind this is to protect data from malicious attacker. As MPIN is most important data and from which session keys are created to be used for encryption and decryption purpose, hence it s send in encrypted manner. Message Digest: – Message digest is used for checking integrity. Customer message digest is calculated from combination of plain text and MPIN and stored in 4th field of secure SMS.

MD5 algorithm is used to calculate message digest on both ends. This received digest will be compared with calculated digest at bank server end , if not found of same size then message will be discarded as fake transaction and no message will be send to mobile handset from which request is sent. B. Sending Secure SMS from Client Mobile Whenever customer wish to make any transaction using M-banking, he will run application installed on handset and provide all necessary details. We have used 6 transactions for testing purpose and information collected from user on his handset is used to generate secure SMS.

After registration customer will get mobile application installed once on his windows mobile. Customer will enter 4-digit MPIN which will be stored in server database in encrypted format using his password. For non-repudiation purpose we have added concept of one time session key. Server uses customer MPIN to generate session key randomly and again stored them in encrypted format. Customer runs the banking application and feed details of 6-digit account number, 4-digit MPIN and 4digit password and click button to get session key. Server sends generated session key to customer handset which will be stored in encrypted format on his handset.

Customer goes to menu screen, chooses requires account type and type of transaction he wish to perform and goes to next screen. Mobile client application shows 4 entries on next screen consisting of session key received, generated fixed plain depending upon transaction chosen, cipher text created from combination of plain text and MPIN and 4-part secure message. Secure SMS contains account number in plain text, session key in encrypted format, cipher text created from plain text and MPIN and message digest calculated from message.

Customer will send message to sever using as normal message. C. Receiving and Replying Secure SMS from Server Module Proposed Server is running on computer installed with required software like VB. NET, Windows mobile device centre and SDK, . NET compact framework, MS-access and Server side application. Server side application has four modules as SMS Service, Information Manage, Transaction Manage and User Requests. SMS service module retrieves SMS received at Server side handset and decode it to get original query send by customer.

Server application process query, get required data from bank database and then sends it in encrypted format to customer mobile through bank side modem. Whenever Customer sends any secure SMS containing his transaction query to server side GSM Modem, Server application automatically retrieves secure SMS and deletes it from server attached handset to avoid flooding of message inbox. We have used ActiveX control for this purpose. Bank Server application splits received secure SMS in same 4-parts. Server reads first part, a plain text 6-digit account number and compares it with database stored account number.

If match is not found, it will send message “Wrong Account Number” to customer handset. If account match is found then server uses 2nd part of secure SMS, which is session key send by user to decrypt 3rd part of received secure SMS. After decrypting 3rd part of SMS, server application gets combination of plaintext as customer original transaction query followed by 4-digit MPIN. Server application compares received MPIN with stored MPIN from server table if a match is not found, will send message “Wrong Pin Number” to customer handset.

Server calculates message digest of 3rd part received using MD5 algorithm and compare it with received massage digest, 4th part of secure SMS to check for message integrity. If match is not found, server generates message on server side “Fake Transaction” and sends nothing to customer side handset as it may be off any malicious user. If all security checks are proper, Server application process query of customer and get required data from database encrypts data using session key received from customer and sends automatically to customer handset.

EXPERIMENTAL RESULTS

We have developed two applications for client and server side. Mobile client application is developed using . NET compact framework and VB. NET, installed on windows mobile supported HTC mobile device. This application is used by customer for various M-banking transactions to send encrypted secure SMS to bank ISSN : 0975-4024 Dec 2011- Jan 2012 476 Manoj V, Bramhe / International Journal of Engineering and Technology Vol. 3 (6), 2011, 472-479 Server and gets back encrypted reply from bank Server.

Client and Server side application performs symmetric encryption and decryption using 256-bit AES symmetric encryption algorithm. MD5 algorithm is used for hashing purpose. Server side bank application is developed using VB. NET it uses SMS toolkit, an ActiveX control to retrieve and process secure SMS automatically. Server side application also contains certain modules for database management of customer account and transactions Normally symmetric cryptographic algorithm don’t have non-repudiation as both party shares common secret key but we have used session key concept for maintaining non-repudiation property of encryption.

Since Session key is used only once and created randomly, no two users can have common session key and it is created from MPIN, a master key which customer only knows so he cannot deny that he has done transaction. We have carried out 6 types of transaction including Account Balance, Mini transactions, Cheque Book Request, Cheque Stop request, Pay Bill and Fund Transfer. Following are some sample client application module. The figure no. 3 shows session key, user query in fixed plain text format, cipher text generated from combination of plain text and his MPIN and 4-part secure SMS message generated as per format discussed.

This last message is sent to server. Fig. 3. Generating 4-Part Secure Message This secure SMS is retrieved by server side SMS service module. Server application split message and decrypt it to get original transaction query of customer. This query is processed to get response data from database which is firstly encrypted and then send to customer handset. Customer handset get auto reply from server side in cipher text, which is decrypted on mobile by client side application to get server response in plain text. The Figure no. 4 shows response obtained automatically from server for account balance.

This reply consists of 3 parts. First part is common session key used by server and client. Second part is cipher text received from server application in secure manner. Third part is plain text message obtained after decrypting secure message received from server. Client mobile application uses 256-bit AES algorithm to decrypt message using common session key. This message will be hidden from customer and he will only get final query results in plain text format but for result purpose we have shown this screen. ISSN : 0975-4024 Dec 2011- Jan 2012 477

Manoj V, Bramhe / International Journal of Engineering and Technology Vol. 3 (6), 2011, 472-479 Fig. 4. Secure Reply from Server To be a secure system, it must satisfy Confidentiality, Authentication, Integrity and Non-Repudiation Secure SMS system maintains confidentiality using AES cryptography and Non-Repudiation using session key. Here 3-factor authentication is used for authentication and security purpose whereas Message integrity is carried out using MD5 algorithm.

CONCLUSION AND FUTURE WORK

We have implemented a secure SMS based Mobile Banking system.

The system allows user to carry out all banking transaction securely from anywhere, anytime. All messages from user windows mobile are sent in encrypted format to bank server. Bank server decrypt message, process query and encrypt result in SMS. Server sends message to customer which will be decrypted on his handset. The evaluation of the system was studied for varying banking transaction and under various security threatening malicious activities were recorded. Performance of the transaction is studied. We have executed few banking transaction from HTC windows mobile and using VB.

Net server side application. We have used LG GSM mobile as server attached mobile device. Experiments shows that secure SMS Mobile banking provides cost effective and secure system with satisfying Confidentiality, Authentication, Integrity and Non-Repudiation using symmetric cryptography. Application can be used on any windows mobile supported handset from anywhere as no GPRS and WAP are required. We have implemented system using symmetric key AES algorithm. In future better power consumption algorithm like blowfish can be tried out.

Steganogrpahy can also be applied for secure M-banking transactions. We can use concept of STK, SIM application toolkit where bank can stored the application and encryption keys on SIM.

REFERENCES

  1. Mohammad Shirali-Shahreza and M. Hassan Shirali-Shahreza, “Mobile banking Services in bank area”, SICE Annual Conference 2007,
  2. Japan Martinez Borreguero, F. Javier and Chaparro Pelaez, Julian,”Spanish Mobile Banking Services: An Adoption Study”, Proceedings of the International Conference on Mobile Business 2005.
  3. Mohammad Shirali-Shahreza,”Improving Mobile Banking Security Using Steganography “, International Conference On Information Technology. Przemyslaw Krol, Przemyslaw Nowak, Bartosz Sakowicz,”Mobile Banking Services Based On J2ME/J2EE”, CADSM’2007.
  4. Yousuf S. AlHinai, Sherah Kurnia and Robert B. Johnston,”Adoption of Mobile, Commerce Services by Individuals: A Meta-Analysis of the Literature”, Sixth International Conference on the Management of Mobile Business . ISSN : 0975-4024 Dec 2011- Jan 2012 478
  5. Manoj V, Bramhe / International Journal of Engineering and Technology Vol. (6), 2011, 472-479
  6. T N T Nguyen, P Shum and E H Chua,”Secure end-to-end mobile payment System”. Ashutosh Saxena, Manik Lal Das and Anurag Gupta,”MMPS: A Versatile Mobile-to-Mobile Payment System”, Proceedings of the International Conference On Mobile Business 2005.
  7. Iuon-Chang Lin and Yang-Bin Lin,”An Efficient Steganography Scheme for M- Commerce”. Mohammad Shirali-Shahreza and M. Hassan Shirali-Shahreza, ”Text Steganography in SMS”, 2007 International Conference on Convergence Information Technology.
  8. Sandeep Singh Ghotra, Baldev Kumar Mandhan, Sam Shang Chun Wei, Yi Song, Chris Steketee, ”Secure Display and Secure Transactions Using a Handset”, Sixth International Conference on the Management of Mobile Business. Jiehua Wang, Song Yuan, “A Novel Security Mobile Payment System Based On Watermarked Voice Cheque”. M. Shirali-Shahreza, “Stealth Steganography in SMS”, Proceedings of the third IEEE and IFIP International Conference on Wireless and Optical Communications Networks 2006.
  9. Kewin Chikomo, Ming Ki Chong, Alpan Arnab, Andrew Hutchison, “Security of Mobile Banking”. Dilla Salama Abdul Minaam. Hatem M. Abdul Kadir, Mohily Mohamed Hadhoud,” Evaluating the effects of Symmetric Cryptographic algorithms on Power Consumption for different data types”, International Journal of Network Security, Volume 11, September 2010.
  10. Managing the Risk of Mobile Banking Technologies, Bankable Frontier Associates. Deshpande Neeta, kamalapur Snehal,” Implementation of LSB Steganography and its Evaluation for various bits”. ISSN : 0975-4024 Dec 2011- Jan 2012 479

Read more

Book Report on `A Young Woman’s Mathematical Journey In Code

They say some are born great, some achieve greatness and some have greatness thrust upon them. In case of Sarah, did she achieve greatness? The answer to this question is both yes and no! How she can achieve greatness, where was the time for it?

She was just sixteen, a tender age not even good enough to fall in love, and yet the word ‘great’ was firmly implanted on her. Was greatness thrust upon her? The answer to this question is firm ‘No!’  The part of the statement that befits her is that she is born great. Her illustrious mathematical journey had arrived at the sterling landmark at that young age.

This work is both knowledge and enjoyment. The brilliance of the students comes to the fore at the Undergraduate and University levels. That is the time when the Professors spot the intelligent, brilliant and the brilliant among the brilliant students. But Sarah’s extraordinary brilliance must have been spotted when she was in the kindergarten. This is so, because, her father was a renowned Professor of Mathematics.

Academic studies do matter for students like Sarah, but such genius children invariably study in the College of Self-Education, where their mind is their Principal. Their initiative, their Professors! Their hard work, their tutors! They are ambitious and industrious. They decide upon a project; start, act and finish.

“The eldest among five children, Flannery went to high school at Scoil Mhuire Gan Smal in Blarney, where she gave a science fair presentation on cryptography. In researching RSA encryption, she created her own encryption algorithm, which earned her an Esat Young Scientist Exhibition and later an Intel Fellows Achievement Award.

She went to college at the University of Cambridge, graduating in 2003 with a degree in computer engineering. Now she works for American video game developer Electronic Arts.”(Planet…)

In brief, what the book is about….

This book is the mathematician’s delight. How the serious subject like mathematics, can be interspersed with humor. Her introduction to the book itself fascinates and kindles curiosity. By reading it, you realize why she attained instant fame which she richly deserves.

In introduction she gives details about public-key cryptography, the RSA algorithm and the alternate algorithm that she created. The lucid style and control on the language required to deal with mathematical explanations is the strong point of the book.

Genius has nothing to do with the age. Therefore, forget for a while that a teenager is the author of the book, yet you can not forget that lovely and inspiring face of the author in the cover page of the book! Unless known in advance, you will find it difficult to believe that she is the owner of such a brilliant brain. You probably think that this book is the creation of an experienced Professor, well researched from a long list of bibliography.

The book begins in an orthodox style. Instead of saying something about the author straightaway, the book gives description with pages of family background. That again is about mathematics, because her father was the Professor of mathematics.  A long section, titled, “Early Challenges” follows. This is where the challenges for the readers are thrown. They are recollections of her past.

The mention of about a dozen puzzles is made. She owned them from her father, told for the benefit of Sarah and her brothers. David Flannery, their father was the mentor of mathematics as well. The description for each puzzle is given along with an invitation for the reader to try to solve the same, before trying to locate the solution provided in the book elsewhere. Your chances of success are not very bright. A black-board in the dining room!

That is bound to happen when you have four sons and a daughter, all interested in the serious study of mathematics. On the blackboard, new puzzle was recorded each day for them to work on. Like, “Given a five-liter jar and a three-liter jar and an unlimited supply of water, how do you measure out four liters exactly?”

Some got into more difficult concepts: “How might you determine the average earnings of a group of people in a room (at a class reunion, perhaps) without any individual’s divulging his or her salary?” the second puzzle has the latent message, which forms part of the theme all through the book.

That is to try getting information and hiding information. With such intelligent invitations the readers become part of the proceedings in the book. It is no effort to score over the reader but to win the reader in a positive style. It is to encourage him, and no to affront one with the exhibition of intelligence. Those who think that this is a book on the subject of mathematics which is bound to have the serious start will have peasant surprise to be greeted with mind-boggling puzzles.

Fame and Publicity and thereafter….

She received instant fame, became a celebrity in mathematics overnight, but she was humble about her achievements. Here she speaks beyond her age refuses to expand like the balloon with inflated ego. “I have no doubt that I am not a genius,”she declares.

“I am not being falsely modest. Through my father’s classes I have seen examples of true genius and I know I do not possess that ‘insight’ that distinguishes geniuses from those regarded as merely intelligent.”(p. 243). Those who read the book were sure about her impending success in the world of mathematics. She was the worthy mathematics daughter of a worthy mathematics Professor.

Next to puzzles….

She attempts the most original aspect of the subject of mathematics problems that take her to the position and fame sky-rocketing. Overnight she is a world-figure as for mathematics. The subject matter for any national level competition has got to be the unique one. She was to enter the Esat Irish Young Scientist’s Compettion-1998.

The project on cryptography was done by her at the suggestion and instance of her father. Her project will throw light on various cryptographic techniques, providing the account of the famous RSA algorithm. The mention and discussion of all these things is initiated at page 40 of the book, she discuses learning the relevant mathematics and the programming involved.

Then her father takes over the mathematical literature for the next 110 pages, and you catch up with Sarah again in page number 150.These pages contain mathematical exposition authored by David Flannery. They provide the basics of cryptography, and to understand it, is not the easiest of the propositions. He introduces thoroughly RSA algorithms at this stage.

When Sarah takes over at page number 150, she is at the threshold of the fame that is about to engulf her young personality. She gets tremendous response for her project that fetches her several prizes, and she is inspired to prepare for another ambitious and prestigious entry –the Rafe Jones at Brown University.

She is on the second step of the ladder of success. She undergoes a week-long internship at a Dublin cryptography company, and notices several techniques. Thereafter, she devises an alternative algorithm to the RSA and that is the flagship issue of her new project.

The results achieved by her are astounding. Her method is simple matrix multiplication instead of the relatively cumbersome modular exponentiation of the RSA. Her algorithm runs twenty times faster. It is christened by her as the Cayley Purser algorithm, the 19th century British mathematician Arthur Cayley as also Michael Purser, the mathematician whose ideas caught her imagination during her internship.

She runs in to the thick of the issues now-she proves how the new algorithm is secure from certain kinds of attacks and it becomes the mathematical odyssey for her, wherein she is required to explore and master the cobweb of not too familiar mathematics. Such a situation is the testing time for any student of mathematics.

It was probing the new waters for the first time with lots of hopes of positive results, but also with the fear of disappointment, should anything go wrong, at the most unsuspected moment. Mathematics is such a subject where there is no scope for errors. You have got to be accurate, as otherwise the whole edifice built by you step by step will collapse.

“All of this was an unusual experience for me,” she writes, “but I had a great feeling of excitement. I think it was because I was working on something that no one had worked on before. I worked constantly for whole days on end, and it was exhilarating” (p. 208).

To get the worthy solution, you need to have a strong problem. That was the situation Sarah, luckily found she in. The thesis problem provided lots of enthusiasm to her to go ahead. With the finalization of the thesis problem, she considered her to be lucky.

The problem was of her creation and she was bent upon to own the responsibility to solve it herself. She began to put extra efforts and worked desperately to find the authentic solution.

She reaped the dividends for her sincere efforts, she was able to prove that Cayley Purser algorithm had strong defenses and it can withstand successfully attack from a large family. She provides the detailed description to judge her new project, both algorithm and proof, in the 1999 Irish Young Scientist competition.

An inventive mind is always excited about any new achievement-you decide on a problem for you and then solve it successfully. Same was the case with Sarah.

When you smell success, when you have positive indications that you are nearing solution, the excitement is all the more. At that stage Sarah burnt the midnight oil to continue her sincere efforts. Success had to kneel before her; she showed the strong defense for the Cayley-Purser algorithm in the face of multi-pronged family attacks. She gives the detailed account, step by step, how her project needs to be judged, and the related explanation for the algorithm, with unassailable proofs.

In the 1999 Irish Young Scientists Competition., she quotes from her journal, “On one occasion,” she writes, “I looked out of our little huddle and it felt really strange—our conversation was so very intense that just to look around was like coming up for air” (p. 222). The finest moment of her judging was, she writes: “Before they left, [the judge] asked me the simplest question of all, and I could see he was wondering whether or not I would be able to answer it.

The answer was the fast exponentiation algorithm, and I must have smiled before I replied, because I knew it was the perfect end to the perfect session. I had been able to defend my project at all levels. The last question was a check to see if I knew the fundamentals. They smiled at each other on my final answer, which I’ll never forget.” (p. 223).

It was the perfect culmination. The excitement was about how gracefully Sarah walked up to the stage to accept the title of Irish Young Scientist of the Year. It was one of the extraordinary moments of her life. The charm of youth was on her side.

And the algorithm she talked held excellent possibility of rich dividends. The inquisitive media stood alerted and the unexpected bonus arrived, when London Times front-paged an article on her mathematical exploits. Overnight she entered the portals of stardom in mathematics. It did not take long time to transform her academic achievements towards the commercial gain.

The would-be cryptograph entrepreneurs were seeking her services. She received many offers to give lectures in Singapore. Mention of her name was made in the official magazine of the Spice Gils. She also received a request from Profile Books in London to write up the experiences and all that prompted to advance on the tough path of mathematics.

The budding young mathematician’s book had the firs print order of 35,000 copies, the marketing budget of $ 65,000 and an eight-city author-tour.

About the contents of the book, Sarah often  sweetly apologizes for going deep into number theory; before explaining matrices, she writes, “I promise that from then on there will be no more explicit mathematics, only light explanations of mathematical ideas.”

The hard-core mathematics in the book is restricted to two chapters. For those who wish to learn more, there are appendices. Her main project is about how the most famous current encoding system works, and in the meantime, she had invented one of her own. She takes extensive pains to explain both the systems and goes deep into the number theory along the route.

With the winning of the prize, fame and the monetary gains consequential to the fame arrived like an avalanche. Pepsi wanted her to concede that the mathematics brain and that of the family was due to lavish consumption of Pepsi, but the offer of contract was promptly turned down. A good mathematical calculation viewed from the humanitarian angle; they were aware perhaps of the harmful effects of such addictive drinks on the health of the younger generation!

“I have no doubt that I am not a genius,” said the prize winner of the 1999 European Contest for Young Scientists. Bu who would believe her and at the same time remain without deeply appreciating her modesty! She was the media sensation within days after getting the prestigious award. She was about to be hailed as an instant celebrity, for the public key to cryptography, the method used to transmit secure data over the Internet, but destiny played its part.

When everyone in the knowledgeable circles thought that her encryption algorithm is worth the millions, a security hole was discovered. Nevertheless she had done a great job. Now she met her father on equal terms, a mathematician talking to another senor mathematician.

There is an interesting interaction between the father-daughter mathematical duos. To be taught lessons from her father in the drawing room of the house was one thing. To be part of his lecture fraternity, and listen to his mathematical revelations in an organized way sitting as one among the audience was altogether a different experience. The previous day, he had a serious, purposeful conversation with Sarah. Her father said, “Now that you have decided to do transition year, I must do some math with you.” He continued, “I’d like to show you how some beautiful but reasonably elementary mathematics is applied, stuff that you wouldn’t ordinarily come across in school.”

She could not understand the immediate intentions of her father. She thought he was inviting her to the kitchen blackboard, as she was aware of his enthusiastic ways; how he got inspired at the most unsuspected moment and wished to unleash his mathematical knowledge on her, whether she was mentally prepared  for it or not.

Perhaps, at that moment she was not ready to receive the tough lessons of mathematics. She replied, “Dad, whatever you do, do something structured!” That set him thinking, as to the proper, most effective and appropriate way to teach and take her to the world of mathematics. He remembered his past. The debt he owed to the one who taught him mathematics. How the torch of mathematical knowledge was passed on to his hand.

It now depended, what he would do, with what his teacher did for him, and from where he left.  He strongly felt that he must transfer the knowledge to some one else who richly deserved it. Who else could be that individual except his own daughter, in whom he must have noticed the latent mathematical genius?

He told his daughter, “Of course, only if you are genuinely interested-I wouldn’t force it on you.” She was genuinely interested. The evening lecture by her father proved to be the foundation stone for the grand mathematical edifice that she was going to build.

Sarah was now part of the class of serious students studying mathematics. The evening classes from seven ten, with the student strength of 8, continued for twenty five nights. The daughter was the youngest student, just 15 years and six months, but a couple of other students too were young.

There were adults who came from various backgrounds. Computer scientists, a secondary school mathematics teacher, a chemistry graduate working for a medical laboratory. They were the ones who loved mathematics, and who regretted their inaction in not pursuing the mathematics study, when young. It was a class that had its own specialties.

The cause of study was great, not the career out of the study. No credits were given. It was not part of any major. No home work or study was demanded. It was David Flannery’s way of “getting back into math” with no holds barred approach. You wee encouraged to come up with your most silly questions. He loved and appreciated those who made fools of themselves, as according to him, only those will learn and had the chance of success.

These assurances, coming from a reputed Professor, were greatly appreciated by the students. They looked forward to the classes with expectancy and with hope that they will be exposed to something interesting about the mathematics in the next session.

Sarah though had peculiar problem that the teacher was her father, she was able to mentally sort out the issue. Her dedication and the serious approach when she meant study, paved the way or her progress.

From the teacher’s perspective, what one teaches is important. But how one teaches, what one teaches is more important. Towards this end David Flannery filled the bill admirably. He was the one who enjoyed his teachings and encouraged his students to learn in style.

No time-bound hard tasks were expected from the students. Each one was encouraged to estimate one’s level of understanding, and progress accordingly. He was able to maintain an atmosphere of affection at home and in his classes.

The brain teasing puzzles enticed the students to know more and more, and the hours spent by the students in the association of David Flannery, proved highly fructifying. His company kindled their curiosity further. They eagerly awaited his next class and firmly believed that something more interesting would be in store for them.

The class was not all fun as was made out initially by David Flannel. That was his style of making the students interested in the subject. Soon, the intensive part of his chartered syllabus for the students began and his forays were in the    elementary number theory, with cryptography as the final destination.

He would the take the students entirely to different horizons of mathematics, interesting sights that were rich in content, may not be of use for the immediate application.

When David Flannery was a student, the application of the number theory were so few (industrial and internet revolutions had not taken off), and yet the number theory was of prime importance to the mathematicians, its study was considered pure. By the end of 1970s, the situation had drastically changed.

The various technicalities involved in the message system and their readings gave a shot in the arm for cryptography. It became a much sought after subject and millions of dollars were invested into the development of this subject. The demand for expertise in this area became tremendous.

The book is a treat to read for the simple reason that it is a great human story as well, a success story, a management and pubic relation story etc. The way she prepared for the competitions would set the standard for any youngster who wishes to be an achiever.

What a careful and great teacher her father was! The concepts of teaching itself have undergone metamorphic changes, and mathematics is no exception. The style of teaching has become more student-friendly.

As for Sarah, her mathematician father was her great career-asset. But her mother also continuously encouraged her by telling interesting anecdotes about the subject. ‘Mathematics is the queen of the sciences and number theory is the queen of mathematics.’ Such sweet nothings said about the subject during formative years of a young girl had great positive impact on her.

Her Mom said Mathematics and the number theory was like the Sleeping Beauty Fairly Tale, and Sarah Flannery writes, “I thought about those who had toiled away through the centuries at unraveling the mysteries of this subject, motivated by nothing more than a passionate desire to know. They could have hardly dreamt of the applications that some of their results would one day find.

I wondered what it was they had discovered, and what they would think if they could see how some of these discoveries are now being used. I was eager to learn the subject and surmise for myself whether they would be surprised or not.”

But everything about the number theory is not all that sweet. It is a deceptive theory. When you think that you are on the verge of success, you are suddenly knocked out by a lethal punch. The simple questions that you will ask your Professor may look so simple to you. The same questions were asked by many brilliant students in the past. The answers to such questions have not been found until this day, and the most intelligent ones are raking their brains to find out the solutions.

But the toughest obstacle lay in waiting for Sarah. The sharp attacks on the Cayley-Purser algorithm arrived with Michael Purse alerts, making her mathematical advancement difficult. Sarah was on the defensive; she made efforts to repair the algorithm, but could not succeed. She stated that it is not salvageable as a workable encryption system.

The theoretical interest stood in her favor through this testing time. She included a postscript explanation on the successful attack. It brought her further success when she was conferred the title of European Young Scientist of the Year for 1999. They say, “When the going gets tough, the tough gets going!”

It is very easy to say that Sarah climbed the stage to receive the award. But behind this glorious moment in the life of this sports-loving teenager from Blarney in Country Cork, Ireland, lay the extraordinary talent and matching efforts of relentless research and discoveries in Internet cryptography.

At the age of sixteen to get the international recognition and to be hailed as “brilliant” by the London Times, is no ordinary achievement. Newspapers and periodicals hailed it as “a wonderfully moving story about the thrill of the mathematical chase” (Nature) and “a paean to intellectual adventure” (Times Educational Supplement).

The dinner-time conversation with her father led her to the hall of fame. Her burning curiosity, the inner joy of persistence paid off handsomely. What is the meaning of the wise saying, “Have a will to grow and grow you will!”—ask Sarah! David Flannery lectures on mathematics at Ireland’s Cork Institute of Technology. Sarah Flannery is now a student at Cambridge University.

Some shortcomings of the book….

To say that it is the combination of a set of two books, would not be a far-fetched criticism on the book. Two narrative segments of the book, at the beginning and the end, do not serve the actual cause for which the book stands for. The 150 pages, though there is no doubting the merit of the contents, it is right thing at the wrong place. It makes the tough and prolonged reading, and causes obstruction in understanding the life of Sarah in a systematic, chronological order.

The book goes on an aim-less wandering, and it defeats the structure of the book. But those who do not like mathematics intensely, for those who are not the serious students of the subject, these 150 pages are a good read! However, this can not be considered as the serious lapse of the book, but the professional critics of this literature, would not like to miss this  point, as a matter of their duty.

The mathematical exposition part of it is flawless in contents and style. The beginning holds the interest of the common reader as well. The elementary examination of the prime numbers is detailed. The idea of primality about Mersenne primes, the Sieve of Eratosthenes and also primalaity testing are the important topics.

Then is the chapter on Modular arithmetic, Fermat’s Little Theorem, and pseudo primes. For complete understanding of the RSA algorithm, the last two of these three mathematical chapters are necessary. But they can be avoided by those who are desirous of the elementary feel for public-key cryptography.

The author has no problem with the English language, the exposition and style of writing is lucid. In fine, Sarah has given a very interesting book. The theme of the book and the author’s attitude towards the theme of mathematics, both evoke and sustain curiosity. The book deserves an outstanding position not only for the awards that it brought to Sarah, but also for the real contribution  it made to the cause of mathematics, for all time to come.

There is something uniqueness about the book. Some more remarkable books should be expected from Sarah’s pen. The author has dealt with the topic in an excellent manner and the contents of the book gain stature, without losing its ground and reality. The book is the creation of the child, with father’s blessings. What more is required for the child and what does a father expect from the child? Both see the fulfillment of their respective mathematical missions through this book.

When a child gives the account of her experiences that ultimately led her to great heights of success, the reader’s interest is all the more, for the simple reason that every parent wishes to visualize and   aspires for the success of their children.

From the point of view of human psychology and management principles that lead to success, this book is the torchbearer. Her thoughts are playful, yet never missing the mathematical purpose of the book.

The number of high school students who enjoy mathematics is not very high and many do the subject, as they have to do as it is the unavoidable subject up to a certain level. But an introduction and interaction with this book should change their perspective.

Many may not be lucky enough get a mathematics genius Professor-father. In the case of Sarah, her pastime of solving the mathematical puzzles with her father paid her rich dividends. It started as a game and slowly turned into a thrill of the mathematical chase. Nothing succeeds like success and one good thing in her life, led to the other.

A great lesson for the psychologists and sociologists who study the parental impact on the life and future of children! But for the encouragement and influence of her mathematician father, Sarah would have been yet another university student, pursuing the syllabus-oriented degrees for a routine career.

Conclusion:

God made the natural numbers, 1,2,3,4,5,6,7,8,9 and 0 and what all ‘complications’ the human being has created under the subject-banner mathematics! But for becoming the mathematician, Sarah would have been a storyteller.

The art comes naturally to her. She has dealt with a highly intellectual subject, without any pretensions, without the sense of overbearing. At times, the writing takes the serious turn, but that is what the subject matter is. Her childlike descriptions maintain the essential dignity. If she tries her hand at other subjects of writing, we may be in for surprises.

That’s what her imagination, wit and charm throughout the book reveal. “In Code”, has the makings of a very good novel and her pen holds out great promises for even better works. It is a twice-blessed book. Primarily it is a book on mathematics, and more importantly it is an interesting book of human endeavor, the human spirit, the book on positive qualities like grit and determination. Few children are lucky to have such great upbringing.

The black board in the kitchen truly speaks about the studious family. She and her four brothers made it the perfect class at home, and mostly issues related to mathematics were discussed at the dining table. At lunch, the distraction would be not be like the television set in the modern drawing room, but the attractions were puzzles appearing on the blackboard days after day, without intermission. David Flannery had a clear purpose about the puzzles.

They encouraged the children into enjoying abstract reasoning. But do no imagine, Sarah liked all these intensely. She was not a book worm. She liked to ride horses, played hurling and basketball, did boating and liked other adventurous team sports.

She carried that adventurous spirit to her mathematics research as well.

So to say, Sarah was a philanthropist mathematician and did not possess any motivated desires about her accomplishments. Mathematical community offered the talented Sarah all co-operations. Experts in the field of cryptology were eager to help her.

Initial reactions to her code system, was that it was patentable and she had the possibilities of becoming the millionaire. The exchange of vital information with other mathematicians could have damaged her interest for financial gains. Yet, she shared the information bearing in mind the overall interest of mathematics.

She was only 17, when she was a guest speaker at an IBM leadership conference for women. Sarah was also given an invitation to attend the Nobel Prize ceremonies in Stockholm. To write an interesting readable book on mathematics, normally considered a dry and brain-racking subject is no mean achievement. She has set the trend for the budding young scientists, and great scholars in any subject need not be men and women with silver hair.

The book provides to all concerned, the parents, the teachers and above all the combustible younger generation, who wish to achieve something in life, but do not know the correct procedures and steps to achieve very valuable information. Sarah provides good solutions to one’s ambitions and the way to achieve them.

This makes the book even greater, than her contribution to cryptography. Bertrand Russell once talked about ‘the silent beauty’ of mathematics. Sarah has demonstrated how the skills of the mathematician and the skills of the fiction & fantasy writer can be clubbed together to create an outstanding contribution to the world of literature. Here is the combination of great human experience mixed with intellectual stuff. It is very easy to record and offer her congratulations for all that she achieved at the young age of 16.

But think of the hard work she did, the relentless pressure she was able to endure at such a young age, and all this she did at the same time enjoying and pursuing her hobbies. So, if you have young children, and do not have many ideas as to how to inspire them, give this book to them—it would be more appropriate if the parents read and discuss the contents of this book for their benefit. The results are bound to be far fetching as for their future. The contents of the book have the lessons in ‘moral counseling’ as well.

The application of cryptography has caught up fast with the internet revolution. Many of the big companies are willing to sponsor researches and Sarah is eminently suited to take advantage of this situation. Her achievements have changed her perspective of life. The career opportunities that arrive at her doors are perhaps too much for her to handle. She has traveled to important destinations all over the world, met cryptography figureheads like Ronald Rivest and Whitfield Diffey. But the best is yet to come, and Sarah Flannery knows it well.

                                                            References Cited:

In Code: A Mathematical Journey (Paperback)

by Sarah Flannery (Author), David Flannery (Author}

Paperback: 352 pages

Publisher: Algonquin Books (December 30, 2002)

Language: English

ISBN-10: 1565123778

ISBN-13: 978-1565123779

PlanetMath: Sarah Flannery

planetmath.org/encyclopedia/SarahFlannery.html – 19k – Cached, Retrieved on January29,2008

Writing Quality

Grammar mistakes

F (51%)

Synonyms

A (100%)

Redundant words

F (48%)

Originality

100%

Readability

F (57%)

Total mark

C

Read more
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat
Close

Sometimes it is hard to do all the work on your own

Let us help you get a good grade on your paper. Get professional help and free up your time for more important courses. Let us handle your;

  • Dissertations and Thesis
  • Essays
  • All Assignments

  • Research papers
  • Terms Papers
  • Online Classes
Live ChatWhatsApp