Why Do We Need Two-Factor Authentication?

1 mainIn the last couple of years, we have encountered quite a few security breaches. A lot of internet companies are being targeted with these kinds of attacks. One of the most common forms of online transactions is that you have an account that’s protected with a password. So whenever you want to access your account, you just enter your username along with the password. But the problem is that this is breakable! As in, people can technically break into these accounts. So people started thinking about different ways in which this could be prevented. Of course, choosing better passwords would help, but we need to way to fundamentally improve the security. How exactly do we do it? Do we just choose bigger and better passwords or is there something new we can do?   Continue reading

Elliptic Curve Cryptography: Part 4/4 – How Do We Use Elliptic Curves?

1 mainIn the previous blog post, we discussed about elliptic curves and saw what they look like. We also looked at some of their special properties that enable it to be a good trapdoor function. But this is still very mathematical, right? The curves are great to look at and we understand general concept of elliptic curves, but how do we use them in real life? The curves denoted by those equations don’t represent the curves that are used in cryptography. In the real world, things are digitized. We need to convert things into bits and move them around quickly. So how do we do it?   Continue reading

Elliptic Curve Cryptography: Part 3/4 – What Is An Elliptic Curve?

1 mainIn the previous blog post, we discussed why RSA will not be sufficient anymore. We looked at how machines are getting stronger, and that we cannot rely on factorization as our primary mathematical foundation. We also talked a bit about what we are looking for in our new system, and then said a quick hello to elliptic curves. In this blog post, we will see what elliptic curves are. As always, we will keep the equations to a minimum, and instead, try to understand the underlying concept. Let’s go ahead, shall we?   Continue reading

Elliptic Curve Cryptography: Part 2/4 – Why Do We Need It?

1 mainIn our previous blog post, we discussed public key cryptography and how it works in general. The RSA is so powerful because it comes with rigorous mathematical proofs of security. The authors basically proved that breaking the system is equivalent to solving a very difficult mathematical problem. When we say “difficult”, what it means is that it would take trillions of years to break it even if all the supercomputers in the world were to work in parallel. By the way, this is just one encoded message! The problem in question here is prime number factorization. It is a very well-known problem and has been studied for a very long time. So if it’s such a difficult problem, why do we need something new? What’s the problem here?   Continue reading

Elliptic Curve Cryptography: Part 1/4 – Why Should We Talk About It?

1 mainElliptic curve cryptography is one of the most powerful techniques used in the field of modern cryptography. Just to be clear, elliptic curves have nothing to do with ellipses. I agree that the name can be slightly misleading, but once we discuss what elliptic curves are, it will become much clearer. So as you may have already guessed, elliptic curve cryptography (ECC) is based on the properties of elliptic curves. ECC is very useful in internet security and it is being deemed as the successor to the almighty RSA crypto system. If that didn’t make sense to you, don’t worry! We are going to discuss everything in detail. A lot of of websites are increasingly using ECC to secure everything like customer data, connections, passing data between data centers, etc. So what makes ECC so special? Is it strong enough to take over the world?   Continue reading

DNS Cache Poisoning

1Internet entities are regularly affected by Distributed Denial of Service (DDoS) of various scales. This is basically a way to hack into an entity and stop it from working. Hackers use it all the time to bring down famous sites. They tend to attack the domain name system (DNS), since it allows to infiltrate heavily. Now what is a domain name system? Well, a domain name system server basically translates a human readable domain name (such as mysite.com) into a numerical IP address. This numerical IP address is is used to route communications between nodes on the network. For people who didn’t already know, this is how the internet works! Coming back to the hacking part, the attackers like to attack their victims by poisoning the DNS. Wait a minute, how do you “poison” a system? How do they actually attack the users?   Continue reading

Steganography

mainLet’s say that we want to communicate with someone secretly. We prefer that only the intended recipient have the ability to decode the contents of the communication. We obviously want to keep the message secret. Sounds familiar? A common solution to this problem is to use encryption. An encryption scheme takes a message and transforms it into an unreadable format so that an eavesdropper can’t read it. Now what if we don’t want anyone to find out that there is communication going on? As in, if the attackers don’t know that something is going on, then there are lesser chances of getting attacked right? How do we achieve this? Are there techniques to that allow us the hide this information?   Continue reading

Operation Aurora

On January 14, 2010 McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for Operation Aurora to exploit Google and at least 20 other companies. Microsoft  issued a security bulletin and patch immediately. Operation Aurora was a coordinated attack which included a piece of computer code that exploits the Microsoft Internet Explorer vulnerability to gain access to computer systems. This exploit is then extended to download and activate malware within the systems. The attack, which was initiated stealthily when targeted users accessed a malicious web page, ultimately connected those computer systems to a remote server. Now this connection was used to steal company intellectual property and additionally gain access to user accounts. Why did the users visit the malicious web page? Likely because they believed it to be reputable. This attack became particularly famous because of the level of sophistication and the obfuscation methods used.   Continue reading

What Is SSH?

Consider the following situation. You are at your friend’s place with your laptop and you want to access your home computer to do something. May be you want to start a download or you want to run a program right away. What would you do in this situation? Will you go all the way to your house just to start a download? You already have a laptop at your disposal, so you should be able to use it somehow. You can just connect to your home computer through internet. But what if someone else hacks you while you do that? This is where SSH comes in.   Continue reading