CHAPTER ONE
1.0 INTRODUCTION
In the past, security was simply a matter of locking the door or storing files in a locked filing cabinet or safe. Today, paper is no longer the only medium of choice for housing information. Files are stored in computer databases as well as file cabinets. Hard drives and floppy disks hold many of our secret information. In the physical world, security is a fairly simple concept. If the locks on your house’s doors and windows are so strong that a thief cannot break in to steal your belongings, the house is secure. For further protection against intruders breaking through the locks, you might have security alarms. Similarly, if someone tries to fraudulently withdraw money from your bank account but the teller asks for identification and does not trust the thief’s story, your money is secure. When you sign a contract with another person, the signatures are the legal driving force that impels both parties to honor their word.
In the digital world, security works in a similar way. One concept is privacy, meaning that no one can break into files to read your sensitive data (such as medical records) or steal money (by, for example, obtaining credit card numbers or online brokerage accounts information). Privacy is the lock on the door. Another concept, data integrity, refers to a mechanism that tells us when something has been altered. That’s the alarm. By applying the practice of authentication, we can verify identities. That’s comparable to the ID required to withdraw money from a bank account (or conduct a transaction with an online broker). And finally, non repudiation is a legal driving force that impels people to honor their word.
As the Internet becomes a more pervasive part of daily life, the need for e-security becomes even more critical. Any organization engaged in online activity must assess and manage the e-security risks associated with this activity. Effective use of cryptographic techniques is at the core of many of these risk-management strategies. The most important security tool is cryptography.
1.1 BACKGROUND OF THE STUDY
Before the modern era, cryptography was concerned solely with message confidentiality (i.e., encryption) — conversion of messages from a comprehensible form into an incomprehensible one, and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge (namely, the key needed for decryption of that message). In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs, and secure computation, amongst others.
Encryption attempts to ensure secrecy in communications, such as those of spies, military leaders, and diplomats, but it have also had religious applications. Steganography (i.e., hiding even the existence of a message so as to keep it confidential) was also first developed in ancient times. An early example, from Herodotus, concealed a message – a tattoo on a slave's shaved head - under the regrown hair. More modern examples of steganography include the use of invisible ink, microdots, and digital watermarks to conceal information.
1.2 STATEMENT OF THE PROBLEM
The problem is security. The password method used in almost all commercial operating systems is probably not very strong against a sophisticated or unsophisticated attacker.
The choice of data encryption comes next in the minds of those that want reduction of unauthorized access on confidential files or data. Security provided by the computer operating systems come with a preset super user account and password. The super user may have a password to control network functionality, another to conduct or access nightly backups, create accounts, and so on. For a cracker, logging on to a system as the super user is possibly the best way to collect data or do damage. If the super user has not changed an operating system’s preprogrammed passwords, the network is vulnerable to attack. Most crackers know these passwords, and their first attempt to break into a network is simply to try them. If an attacker cannot log on as the super user, the next best thing might be to figure out the user name and password of a regular user. It is used to be standard practice in most Universities and colleges, and in some commercial companies, to assign every student or employee an account with user name and initial password – the password being the user name. Everyone was instructed to log on and change the password, but often, hackers and crackers logged on before legitimate users had a chance.
