DNS Cache Poisoning

1Internet entities are regularly affected by Distributed Denial of Service (DDoS) of various scales. This is basically a way to hack into an entity and stop it from working. Hackers use it all the time to bring down famous sites. They tend to attack the domain name system (DNS), since it allows to infiltrate heavily. Now what is a domain name system? Well, a domain name system server basically translates a human readable domain name (such as mysite.com) into a numerical IP address. This numerical IP address is is used to route communications between nodes on the network. For people who didn’t already know, this is how the internet works! Coming back to the hacking part, the attackers like to attack their victims by poisoning the DNS. Wait a minute, how do you “poison” a system? How do they actually attack the users?   Continue reading

The Intuition Behind Image Watermarking

mainThis is a continuation of my blog post on intro to digital watermarking. In that post, we discussed what digital watermarking is and how it can be achieved. Here, we will discuss the intuition behind image watermarking and a few techniques that can be used. If you look at enough number of images, you will realize that not all of them are equally suited for watermarking. At least, we cannot use the same criteria to watermark all the images. How do we know where to watermark an image? Are there any rules or do we just place some watermark randomly in an image? Does it make a difference?   Continue reading

Digital Watermarking

mainLet’s say you want to verify the authenticity of a signal. The signal can take any form like an image, audio, video, or any other kind of bit stream. By now, everybody would have heard the term “watermark” being used in the general sense. The most common example would be currency notes. Watermarks are embedded to verify the authenticity of the notes. But how do we achieve that with more complicated signals? As things move into the virtual world, where the threats are elevated to a much higher and abstract level, we need a way to verify the authenticity of different forms of digital signals. How do we do it?   Continue reading

Image Steganography

mainAs discussed in my previous post, steganography is the art of hiding the fact that communication is taking place. We achieve this by hiding original information inside other information known as carrier files. Many different carrier file formats can be used, but digital images are the most popular because of their frequency of occurrence on the internet. For hiding secret information in images, there exists a large variety of steganographic techniques, some are more complex than others, and all of them have respective strong and weak points. Different applications have different requirements of the steganography technique used. For example, some applications may require absolute invisibility of the secret information, while others require a larger secret message to be hidden. How do we achieve this? How robust is it?   Continue reading

Steganography

mainLet’s say that we want to communicate with someone secretly. We prefer that only the intended recipient have the ability to decode the contents of the communication. We obviously want to keep the message secret. Sounds familiar? A common solution to this problem is to use encryption. An encryption scheme takes a message and transforms it into an unreadable format so that an eavesdropper can’t read it. Now what if we don’t want anyone to find out that there is communication going on? As in, if the attackers don’t know that something is going on, then there are lesser chances of getting attacked right? How do we achieve this? Are there techniques to that allow us the hide this information?   Continue reading

P vs NP: The Epic Saga

P vs NPP vs NP problem is one of the great unsolved problems in theoretical computer science. This problem has become broadly recognized in the mathematical community as a mathematical question because it is fundamental, important and beautiful. It is in fact one of the seven Millennium Prize Problems. If you solve this problem, you get $1 million and become really famous among mathematicians and computer scientists. If you are evil, then you can use your proof to become richer than God, then publish your proof, reject the prize money and become extremely well respected in the mathematics community! Wait a minute, really? How can I use this to become rich? Before we answer that, let’s see what exactly is the difficulty in solving the problem. Shall we?   Continue reading

Reimann Hypothesis And Its Connection To Cryptography

Over the centuries, mathematicians have been involved in solving some of most complex problems. But what is the motivation behind that? The pursuit of truth! But The Clay Mathematics Institute thought that there should be a little more than that. So to celebrate mathematics in the new millennium, they established seven Millennium Prize Problems. The prize money for each problem is one million dollars. That’s pretty exciting! These were some of the most difficult problems over which many mathematicians were racking their brains. Reimann Hypothesis is one of them. The interesting thing about this particular problem is that it has far reaching consequences in the field of modern cryptography and internet security. Now how can an obscure and complex mathematical problem affect cryptography and internet security?   Continue reading

Onion Routing

I was recently reading some literature about data encryption and I stumbled across an interesting concept. The classic secure communication model is the one where the sender encrypts the message and sends it across the network, which is then decrypted at the receiver’s end. In real life, this is done over several networks and several routers. This method works well because we assume that the routers are completely secure and they do exactly what they are told. Now what if a router is compromised on the path? An attacker will be able to monitor all the traffic that goes through it. Once the attacker gains control of the router, many bad things can happen like decryption of secure messages, false communication, leakage of sensitive details etc. How do we prevent it?   Continue reading

Operation Aurora

On January 14, 2010 McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for Operation Aurora to exploit Google and at least 20 other companies. Microsoft  issued a security bulletin and patch immediately. Operation Aurora was a coordinated attack which included a piece of computer code that exploits the Microsoft Internet Explorer vulnerability to gain access to computer systems. This exploit is then extended to download and activate malware within the systems. The attack, which was initiated stealthily when targeted users accessed a malicious web page, ultimately connected those computer systems to a remote server. Now this connection was used to steal company intellectual property and additionally gain access to user accounts. Why did the users visit the malicious web page? Likely because they believed it to be reputable. This attack became particularly famous because of the level of sophistication and the obfuscation methods used.   Continue reading