Monday, December 3, 2018

Understanding Cryptography



“ $%^*^* Nh%&gfg  K97@#”. Well, I’m 100% sure that you did not understand what I meant to say through these words. This is what cryptography is all about. Nah, don’t think that if you are unable to read what was written, it becomes an implementation of cryptography. When you convert plain text (readable text) into something that cannot be read (deciphered) often called ciphertext, it is known as cryptography.

Why would you want to convert something which is readable into gibberish? From time immemorial, human beings have kept secrets to protect themselves and their countries. For this very reason, information must be protected and this assurance can be further provided by encrypting the data, ie. the process of converting plain text into cipher text. Remember, the three pillars of information security – CIA. Cryptography helps implement the confidentiality principle.

The formal definition is as follows:

Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is considered a science of protecting information by encoding it into an unreadable format.

Now it’s time to learn new terms :

Encryption is a method of transforming readable data, called plaintext, into a form that appears to be random and unreadable, which is called ciphertext. Plaintext is in a form that can be understood either by a person (a document) or by a computer (executable code).

Once it is transformed into ciphertext, neither human nor machine can properly process it until it is decrypted. This enables the transmission of confidential information over insecure channels without unauthorized disclosure.

The algorithm is the set of rules also known as the cipher, dictates how enciphering (encryption) and deciphering (decryption) takes place. The secret ingredient that makes this algorithm so hard to break is the KEY.

If you are confused, don’t be. We need to understand all of this through an example.

In cryptography, you need to make friends with Alice & Bob. They are the 2 most famous people in the world of cryptography. Now Alice wants to send a message to Bob. The message is “I passed my CISSP exam and Mayur helped me a lot in it”. This is what is plain text as you were able to read it. Bob, however, doesn’t want the world to know this. So Bob converts this message to “@#$% B$CG &*()&%VBNJIJJM” which is unreadable. He converts it to a ciphertext which you and I can’t read. How does he do that? He uses an algorithm and encrypts it. In order to do so, he uses a KEY, similar to a password or passcode which can change it back. It’s like using a lock and only the correct KEY combination can open the lock.

In encryption, the key (crypto variable) is a value that comprises a large sequence of random bits. Is it just any random number of bits crammed together? Not really. An algorithm contains a keyspace, which is a range of values that can be used to construct a key. When the algorithm needs to generate a new key, it uses random values from this keyspace. The larger the keyspace, the more available values can be used to represent different keys—and the more random the keys are, the harder it is for intruders to figure them out. For example, if an algorithm allows a key length of 2 bits, the keyspace for that algorithm would be 4, which indicates the total number of different keys that would be possible.

All this makes up a cryptosystem which contains all the hardware and software that is required to implement this.

In a nutshell, cryptography helps you protect your information by utilizing rules which are driven by a key.


What are your thoughts on this?

Monday, November 19, 2018

Understanding NAT – Network Address Translation


If you would like to send a letter to me, what would be the most important aspect for you to send it across? My address. If you would have observed, we usually write the address in a certain format – building number, followed by area, city, state and then the pin code. Why do we do that? To avoid confusion. In a similar fashion, computers when they need to talk to each other, need to use the addresses. The Internet uses the IP addressing scheme, through which each computer on the Internet is assigned an IP address and that can be used for communication. Now think, how would you communicate if these addresses go missing? Read on to find out.

A long time ago, when the Internet came into existence, the concept of IP addresses came to life. This was called the IPv4 addressing scheme. This scheme involved the addresses being recorded as say, for example, 10.22.10.150. So every computer on the Internet got one such address. Over time, with the population explosion, the number of computers and devices connected to the Internet increased so much that the number of addresses went in short supply. To overcome this problem, IPV6 was introduced which could solve the problem as the number of addresses offered by this scheme was extremely large (2^128). However, this scheme also required changes to be done with the software and the hardware which we used. Intelligent minds came together to find a short-term fix until we could start using the IPV6. This solution was called NAT – Network Address Translation.

To understand NAT, let’s take an example. Imagine that you and I live in a society where there are a lot of apartments. Let’s call this place as “Security Society”. My flat number is 3331 and yours is 3335. In a similar fashion, there are hundreds of apartments in this society. When you send a letter outside, you write your complete address – Flat Number 3331, Block S, Security Society. However, the main security guard at your society’s entrance puts your letter in another envelope and changes the address to “Security Society” and hands it over to the postman for delivery. When the postmaster brings back the reply, the delivery address is just mentioned as Security Society and not the complete address. Hence, he hands it over to the security guard at the entrance and goes back. The guard understands that this letter belongs to you and hands it over to the correct address - Flat Number 3331, Block S, Security Society. 

Let’s apply the same analogy to the world of computers to understand NAT. When a message comes from an internal computer with the address of 10.20.30.215, for example, the message is stopped at the device running NAT software (security guard), which happens to have the IP address of 1.2.3.4 (address changed). NAT changes the header of the packet from the internal address, 10.20.30.215, to the IP address of the NAT device, 1.2.3.4. When a computer on the Internet replies to this message, it replies to the address 1.2.3.4 (Security Society). The NAT device (security guard) changes the header on this reply message to 10.20.30.215 (actual address – flat number) and puts it on the wire for the internal user to receive. Thus, NAT hides internal addresses by centralizing them on one device, and any frames that leave that network have only the source address of that device, not of the actual internal computer that sends the message.

NAT provides great security benefits in addition to solving the problem of the number of IPV4 address. When an attacker wants to target a system, he will not have the actual IP address and thus will continue to attack the natted IP address. Take a cue from the analogy shared above, the spam or marketing emails from companies will land up with the security guard who will just discard them and you will not be bothered.

There are 3 types of NAT implementation:

1. Static Mapping – Here the NAT software will have a bunch of public IP addresses and every private address will be mapped to a particular system always. So computer A always receives the public address x, computer B always receives the public address y, and so on. This is generally used for servers that need to keep the same public address at all times.

2. Dynamic Mapping – The NAT software will again have a bunch of public IP address, but this will get allocated dynamically to the private addresses. So if you send a request to communicate you will be given the public IP A which is first in the list, unlike static mapping where you were always mapped to public IP C.

3. Port Address Translation (PAT) – A pat on the back for you since you have made it to this point in the article. PAT is an extension of NAT and helps us to reduce the cost of buying multiple IP addresses. Here we will have only one IP address similar to one security guard at the main gate. Let’s take an example - The NAT device has an IP address of 10.40.81.5. When computer A needs to communicate with a system on the Internet, the NAT device documents this computer’s private address and source port number (10.10.44.3; port 43,887). The NAT device changes the IP address in the computer’s packet header to 10.40.81.5, with the source port 40,000. When computer B also needs to communicate with a system on the Internet, the NAT device documents the private address and source port number (10.10.44.15; port 23,398) and changes the header information to 10.40.81.5 with source port 40,001. So when a system responds to computer A, the packet first goes to the NAT device, which looks up the port number 40,000 and sees that it maps to computer A’s real information. So the NAT device changes the header information to address 10.10.44.3 and port 43,887 and sends it to computer A for processing. 

Although NAT is a short-term solution, it has been well received by the networking and the security community. Eventually, the world will move to IPV6 in entirety, but NAT and PAT offer cost-efficient and secure ways to handle the problem of depleting IP address today and even in future.

What are your thoughts on this? 

Saturday, October 27, 2018

Asynchronous & Synchronous Communication



Try to read the sentence written after this statement - “youwillpasscisspexamifyoustudyhard”. Clearly, you need to focus on the letters and your mind will try to discern the different words for you. Similarly, if I speak to you without pausing, it would again be difficult for you to discern and understand what I am communicating. So irrespective of the way we communicate – verbal or written, we need to follow certain grammatical rules so that the other party is able to clearly discern and understand what is being said. These grammatical rules for the written language include punctuation symbols such as comma, semicolon, spaces etc. while for verbal communication we use various aspects such as pausing, hand gestures, tones. 

In a similar manner, technological communication protocols also have their own grammar and synchronization rules when it comes to the transmission of data. We have two kinds of transmission ways – Synchronous & Asynchronous. Both of them utilize aspects similar to verbal and written communication. 

Asynchronous transmission utilizes bits for starting and pausing the transmission. If two systems are communicating over a network protocol that employs asynchronous timing, then “start” and “stop” bits are used. The sending system sends a “start” bit, then sends its character, and then sends a “stop” bit. This happens for the whole message. The receiving system knows when a character is starting and stopping; thus, it knows how to interpret each character of the message. It is similar to how we communicate in a written letter – I will insert spaces, commas, full stop, etc. to indicate “start”, “pause” or the “end” of the letter.

Just like when we speak verbally, we do not explicitly say “Pause” or “Stop” or “Start” to indicate the beginning or an end of a conversation, in a similar manner, synchronous transmission does not employ any explicit “start” or “stop” bits to indicate the beginning or the end of any transmission. If two systems are going to communicate using the synchronous transmission technology, they do not use start and stop bits, but the synchronization of the transfer of data takes place through a timing sequence, which is initiated by a clock pulse. So, synchronous communication protocols transfer data as a stream of bits instead of framing them in start and stop bits. The synchronization can happen between two systems using a clocking mechanism, or a signal can be encoded into the data stream to let the receiver synchronize with the sender of the message. This synchronization needs to take place before the first message is sent.

In simple terms, asynchronous transmission is like a communication that happens on the satellite phone where the sender and receiver both say “Over” to indicate that they have sent the message while the synchronous transmission is like a normal communication that is done where our pauses at specific intervals indicate the start and the end of transmission. 

Now, having understood this, a question would pop up in your mind. What is the use of this transmission techniques? In today’s digital age where everything is just data that needs to be sent across, there must be rules that govern this transmission. In addition to the rules, the two systems must agree on a way to receive and process data. Synchronous transmission is utilized where we have a predictable data stream (such as Netflix streaming) while Asynchronous transmission is utilized where an unpredictable amount of data can be sent across (Internet connections, torrent downloads).
Ultimately, it’s all about timing.

And speaking of timing, this is a special article for me, as this is the 75th one. :)

Monday, October 22, 2018

The TCP Handshake


We learned about the TCP protocol in the article “Understanding TCP and UDP.” A brief mention was made in that article on the 3-way handshake process. Before we delve into that further, we must recapitulate about the TCP (Transmission Control Protocol).  TCP is a reliable and connection-oriented protocol, which means it ensures packets are delivered to the destination computer. If a packet is lost during transmission, TCP has the ability to identify this issue and resend the lost or corrupted packet. 

Now, before any data is sent across, handshaking takes place between the two systems that want to communicate. Once the handshaking completes successfully, a virtual connection is set up between the two systems. It’s just like a high profile deal that gets signed. Just like in a deal, both the parties discuss on various parameters such as the financial settlement, payment of outstanding dues, shareholding etc., in a similar manner, the two hosts (systems or computers) must agree on certain parameters, data flow, windowing, error detection, etc. 

The following diagram will help us understand the agreement that takes place between the two hosts.



The host (lovely lady here) that initiates communication sends a synchronous (SYN) packet to the receiver. This means that “Would you be interested in establishing a data connection with me?”
The receiver acknowledges this request by sending a SYN/ACK packet which translates to “Yes, I am interested in taking this conversation further. I have acknowledged your request and sending you the details of how to communicate with me.”

The lady accepts this “SYN+ACK” packet and sends an “ACK” packet which translates to “Ok… I understand the terms and conditions. Let’s begin the conversation.”

After this, the host and the other system starts transmission of data between each other. If all were so good in this world, we would not have to deal with the following problems which arise when the lovely lady turns out not to be so lovely.

The lady here has a change of heart and decides to play a trick on the receiver. What she does is, she withholds the last step of the handshake – “ACK”. Since the 3 way-handshake is not complete, the other system keeps on waiting for that. In the meantime, this lady starts another connection with the server and again withholds the last “ACK” packet. If she does it multiple times, it results in what is called as a “SYN Flood” attack. This is actually flooding the victim system with SYN packets, eventually, the victim system allocates all of its available TCP connection resources and can no longer process new requests.

This is an example of DoS attack – Denial of Service. The victim system will not be able to provide any services to any client as all its resources are locked with one system. 

There is another attack – DDoS attack. This is a distributed denial of service attack. Here the attack is from multiple different systems which leave the handshake open and the result is again the denial of service. To put it in the same example, let’s consider that this lovely lady brings together a lot of her friends and ask them to start the handshake process with the victim and leave it in the middle. This would result in a DDoS attack.

There is one more attack mechanism we need to learn about before we say goodbye to each other.


One of the values that are agreed upon during a TCP handshake between two systems is the sequence numbers that will be inserted into the packet headers. Once the sequence number is agreed upon, if a receiving system receives a packet from the sending system that does not have this predetermined value, it will disregard the packet. This means that an attacker cannot just spoof the address of a sending system to fool a receiving system; the attacker has to spoof the sender’s address and use the correct sequence number values.

If an attacker can correctly predict the TCP sequence numbers that two systems will use, then she can create packets containing those numbers and fool the receiving system into thinking that the packets are coming from the authorized sending system. She can then take over the TCP connection between the two systems, which is referred to as “TCP session hijacking”.

Understanding TCP & UDP


Have you ever wondered what happens behind the scenes when you click a video on your favorite website? Or when you are trying to log onto a secure website? There are multiple protocols that run behind the scenes to help you out and allow you to watch that favorite video of yours or buy that dress which you longed for.

Two such important protocols are TCP ( Transmission Control Protocol) and UDP (User Datagram Protocol). These are one of the two most common protocols used during networking and setting up a secure infrastructure. Multiple services run on the top of this protocol or in simple terms utilize their services. Before we go further and understand the technicalities involved, we must try to learn what happens in simple terms.

Everything we work upon is actually one and zeros only in the computer universe. The data that is sent across from one computer to another is a bunch of ones and zeros flowing from here to there. For the sake of simplicity, we will call this bunch as a packet. Say, when you click on YouTube to watch a video, you actually send a command asking YouTube to send some packets from its computer (or server) to your smartphone. Similarly, when you are logging on to Flipkart and checking out from the cart, you are actually sending packets from your computer to Flipkart’s computer. Easy Peasy, Right? So where do TCP and UDP come into this video watching and flipkarting?

TCP is a connection-oriented protocol while UDP is a connectionless protocol. What does this mean? Connection-oriented means that this protocol will ensure that packets (remember, a bunch of 1s and 0s) will be delivered to the destination computer with a 100% guarantee. Connection less protocol means that it will try its level best to deliver the packets, but may not be 100% sure that the packets actually got delivered. The analogy is similar to a registered post and a normal postal letter. In a registered post (TCP), the letter will be delivered to you in hand, while the normal postal letter (UDP) is thrown at your doorstep. You are lucky if you get it.

If you are paying close attention, I have taken two examples above to drive the point of TCP and UDP. Both the examples (video watching and flipkarting) are one of the applications of UDP and TCP respectively. Let’s understand how. When you watch a video, a lot of data is sent across to your computer. Even if one of the packets out of these thousands of packets gets lost in the transmission, you may not even notice as the overall effect on your video may be extremely minimal. This is where UDP is used. Since UDP is a connectionless, best effort protocol, it is used while playing video where even if you lose a few packets, you will not suffer. Since it is a connectionless protocol, it is easy to implement and requires fewer resources and is faster than TCP. On the other hand, when you are doing a payment on an e-commerce website, no packet loss is acceptable as it may affect the transaction. Hence TCP, a connection-oriented protocol needs to be used. TCP will do a 3-way handshake to establish this connection. In order to set up this connection and deliver your packets with 100% guarantee, TCP requires more resources, however, it makes it more reliable. (We will understand about the 3-way handshake and related attacks in the next article.)

If you are a developer, you must decide which protocol to use while delivering a service. TCP and UDP can be used in conjunction with other services too. Say, you develop an email application – SMTP service. If you wish to ensure that the mail gets delivered with 100% guarantee, you may implement SMTP with TCP.

Let’s extend this discussion to understanding the differences between these protocols. If reliability is a requirement, we will go for TCP, else UDP. Since TCP requires a lot of resources to get implemented, it would be prudent to send small amounts of data which require reliability. If a high volume transaction like a video streaming (Netflix) needs to be done, UDP would be a better choice.

What are your thoughts on this?