Cryptography Basics

Sometimes you may think how you could transfer your data/information to someone without reveling information to others. Well the answer is cryptography. (note: this is related to basic/ for starting users).

What is Cryptography?

It is a way/practice by which you could hide information. You could actually hide information by writing in such a language which could be understood by recipient. Isn’t that great!! But there is nothing new in this. This is being used from ancient times and so many times breaks.

How does it work in modern time?

The information what you want to transfer is known as plain text & the process of converting it known as encryption. The process of re-converting them known as decryption. Any plain text is encrypted or decrypted using Key.

Types of cryptography

Broadly there are two types of cryptography:

Symmetric Key Cryptography: Also known as private key cryptography. Under this both receiver & sender use same key to encrypt & decrypt. This could be categorized further as block ciphers & stream ciphers. Some examples are Data Encryption Standard (DES), Advanced Encryption Standard (AES), RC4, RC2, etc. The major shortfall of this type, if the key is compromised than message would no longer be hidden.

Asymmetric Key Cryptography: Also known as public key cryptography. Under this there are two keys, one key is used to encrypt & other to decrypt the message. It covers major shortfall of private key cryptography as the sender would only have his private key and other person could only decrypt message if his public key is known.

Which is the unbreakable encryption?

You must be curious to know this. Well it will be “One Time Pad”. Every bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting in a ciphertext.

There many other concepts & advance/wide topics in cryptography. Please re-visit to know more & advance topics on this.

Access Control Basics

To start with, first of all:

What is Access Control?

It is a system/service which enables an ability to control access to areas and resources in computer-based information system or physical facility.

What is AAA?

AAA refers to Authentication, Authorization & Accountability.

Authentication: refers to a process of proving that you are someone whom you claim to be based below factors:

a.       Something you know, like passcode, password, etc

b.      Something you have, like smart card, etc

c.       Something you are, like biometric (fingerprint, retina scan, etc)

d.      Where you are, like in office, outside office, etc

Authorization: refers to a process which decides what a person can do or perform action on objects. Like based on your authorization level you may read some document but can’t write.

Accountability: refers to process which associates a subject with its actions. Like audit trails, logs, etc.

What are the models of Access Control?

The most common models are Discretionary Access Control & Non-Discretionary Access Control. Under Non-Discretionary Access Control, we have Mandatory Access Control (MAC), and Role Based Access Control (RBAC)

Discretionary Access Control (DAC): The owner of the object would decide that who is allowed to access & under what privileges.

Mandatory Access Control (MAC): The system would decide that who is allowed to access & under what privileges based on labels assigned to each object & subject. If both labels (subject & object) are same than access is provided.

Role Based Access Control (RBAC): The system would decide that who is allowed to access & under what privilege based on the role of individuals.