Saturday, March 16, 2019

Crime Prevention through Environmental Design (CPTED) Approach

Security design and access control are more than bars on windows, a security guard booth, a camera, or a wall. Crime prevention involves the systematic integration of design, technology, and operation for the protection of three critical assets-people, information, and property. Protection of these assets is a concern and should be considered throughout the design and construction process.

The most efficient, least expensive way to provide security is during the design process. Designers who are called on to address security and crime concerns must be able to determine security requirements, must know security technology, and must understand the architectural implications of security needs.

Consider the following picture of an office campus below. What do you observe? Note down what all do you think represents this campus.

Here are some important points worth mentioning :
  • Well-Paved footpaths.
  • Proper guidance of people entering and leaving by giving them a designated path to walk upon.
  • Seating Arrangement
  • Proper Lighting arrangements
  • A clear line of sight.
While designing the physical security program, CPTED - crime prevention through environmental design is one of the most commonly used approaches. Let us understand this approach in detail.

Crime Prevention Through Environmental Design (CPTED) is a set of design principles used to discourage crime. The concept is simple: Buildings and properties are designed to prevent damage from the force of the elements and natural disasters; they should also be designed to prevent crime. The place needs to be designed to deter criminals so that crime does not take place.

CPTED anticipates and is based upon the premise that the physical environment can be manipulated to create behavior changes in the way people behave. If benches and tables are placed in a park, there is a high chance that people will use them and sit on them. Inadvertently, they will behave as security guards and keep a look at the activities of the people passing by. 

CPTED principles are based on anticipating the thought processes of a potential offender and creating an environment that discourages follow-through. CPTED has the added advantage of creating a sense of security and well-being among employees and tenants. When CPTED is put into practice, the resulting environment - including the building and its surroundings - will discourage or impede criminal behavior, and at the same time encourage honest citizens to keep a watchful eye.

CPTED provides three main strategies to implement the design principles of the physical environment to increase the overall protection.
  • Natural Access Control
  • Natural Surveillance 
  • Natural territorial Enforcement

Natural Access Control

This technique ensures that access is controlled in the most natural way. It ensures proper guidance of people entering and leaving the premises by proper landscaping, placement of doors, lighting, fences etc.

Think from the perspective of a thief. Will you be more comfortable robbing a place which is completely lit, under CCTV control, locked etc? Every criminal is more comfortable in a dark alley, unlocked doors, and windows etc.

Sidewalks, lighted bollards, and clear sight lines are used as natural access controls. They work together to give individuals a feeling of being in a safe environment and help dissuade criminals by working as deterrents.

Natural Surveillance

We have often seen movies where the good old nosy neighbor knows about all the moves of the person who gets murdered. The police nabs the perpetrator just by getting inputs from this form of unwanted surveillance. While natural surveillance is not about neighbor but it does borrow some of the good things from this.

Natural surveillance is the use and placement of physical environmental features, personnel walkways, and activity areas in ways that maximize visibility. Instead of CCTV and round the clock personnel monitoring the walkways, you make the physical environment in such a way that people around you act as security guards unknowingly and involuntarily. Benches in parks and organizations are kept so that you just don’t sit there, but observe around yourself.

Inadvertently, you will make the criminal uncomfortable in committing the crime as he may feel that he is being watched. Specially created walkways, cycle ways etc are other ways to help enforce natural surveillance.

Natural Territorial Enforcement

What will you do to defend your home? Anything? This is because you have a sense of ownership for the place. In a similar manner, natural territorial enforcement creates physical designs that create a sense of belonging. This ownership creates a feeling so that people ensure that they defend the place where they work or own. Territorial reinforcement can be implemented through the use of walls, fences, landscaping, light fixtures, flags, clearly marked addresses, and decorative sidewalks.

CPTED also encourages activity support, which is planned activities for the areas to be protected. These activities are designed to get people to work together to increase the overall awareness of acceptable and unacceptable activities in the area. The activities could be neighborhood watch groups, company barbeques, block parties, or civic meetings. This strategy is sometimes the reason for the particular placement of basketball courts, soccer fields, or baseball fields in open parks. The increased activity will hopefully keep the bad guys from milling around doing things the community does not welcome.

What is your take on the CPTED approach? Share in the comment(s) section below.

Sunday, January 13, 2019

Building Blocks of a Blockchain - Part 2

I strongly suggest that you read the first part before reading this part as I can assure you that the old man still has a long story to tell.

Blockchain involves a lot of technical terms which we are going to learn about in the second part. Thinking of running away, don’t, as we are going to understand each and every term and the complete functioning of blockchain through real-life analogies. So grab yourself something to eat and start reading…

What the old man suggested in the story was an example of DISTRIBUTED LEDGER TECHNOLOGY (DLT)? A distributed ledger is a type of database that is shared, replicated, and synchronized among the members of a DECENTRALIZED network. The distributed ledger records the transactions, such as the exchange of assets or data, among the participants in the network.

Taking cues from the story, the book of promises which the brothers maintained is the ledger book. A ledger book is a record of transactions which is maintained to ensure that no one forgets his promises. It’s similar to what a bank maintains to records the transactions. Since this ledger book was maintained by everyone, replicated whenever a change happened and synchronized to reflect the changes it would be a distributed ledger. 

Before we move further, I want you to be clear with one aspect. The blockchain is a type of DLT. This means when you hear the word blockchain, the following statement must come into your mind- A distributed database that is available with everyone (for simplicity).  DLT is like a common terminology and blockchain is like an example of it. It’s similar to Lion being an Animal. The blockchain is the Lion and DLT is animal.

I know you are getting restless. Think of it like a Sherlock Holmes mystery. You need to understand all the pieces before you start appreciating the bigger picture.

We all transact with banks. Have you ever wondered that if there is a problem with the current system of banking? If your answer is No, then you really are quite gullible. Let’s taken an example. Suppose you want to send me 100$, what would you do? You will ask my account details and transfer the same. Even though this was a transaction between the two of us, inevitably, a third party always gets involved. The BANK. Going back to the story, the bank is like the LEDGERWOMAN. The bank maintains the records of the transactions which you and I make. We TRUST this authority to keep the records clean and this authority takes a cut to maintain these transactions. In a way, it CONTROLS the records. If hacked, it can lose all records. If fraudulent, it can fudge these records. 

There are a few more terms which we need to understand before we can appreciate the real definition and working of a blockchain. 

If you have tried torrent (that allows you to download free pirated stuff), then you can easily understand peer to peer networking. Think of it as you helping a fellow colleague instead of going to the boss. When you download a movie from Netflix, that movie gets downloaded from a central server which Netflix owns and maintains. However, when you download something from a torrent, it is not a central authority that does that. Multiple people download it and start sharing it amongst themselves. EVERYONE has a copy of it or in a way, CONTROL, of it. In the old man’s story too, EVERYONE had CONTROL over the ledger. [ We can fight over the technicalities of this example, some other time]

Monday, January 7, 2019

Understanding Blockchain – Part 1

In the first part, instead of bombarding you with technical jargons, I will tell you a story. This story will form the basis of understanding the technical jargons which will get introduced in Part 2 of this series.

There once lived an old man who had 10 sons. They all lived together. The old man was a clever man. He made each son choose a different profession so that they all could help out each other. One farmed while the other one hunted, the third one made pottery while the fourth one became a milkman. Hence, all decisions were taken by him. The family lived in this manner for quite some time. However, all the produce was brought to the old man for distribution among the brothers. You can say the old man was a central authority.

The old man thought that since he has to die one day, he must think of a solution that the brothers can apply to distribute the various items they produced. He knew that the centralized authority which he has commanded over the years will not remain after he dies. 

The old man thought that he will ask each son to make a PROMISE to one another. Why so? Because different items took a different time to produce. While the milkman was ready with milk every day for the family, the farmer took around 3 months to bring back his share of produce. He called all his sons for a meeting and gave them this solution. All the brothers agreed. The milkman made a promise to supply milk to all the brother’s families in exchange for pottery and rice. The farmer made a promise to supply the grains to everyone and so on. 

The brothers were fine with this idea as they TRUSTED each other. This trust factor was important as it was basis this trust that they all agreed to exchange goods with each other and keep their promises. The old man thus transformed the decision making from a centralized system to a decentralized system.

Initially, the system worked, but over time, there were more and more promises being made. It became really hard to track all of these “promises”. Soon brothers were disputing over promises forgotten or never made. This brought the family’s survival to a question. So all the sons got together to find a solution to this problem.

They all decided to appoint someone to track these promises.
Let’s call her as the LedgerWoman. 
She called in all the sons and got to work to write down the promises which they made to each other on a daily basis. Over time, the family size increased and the ledgerwoman had more and more work to do since the number of promises increased. One day, the ledgerwoman stopped all work and went on a protest that she must be paid a share of the trade as she worked so hard. Reluctantly, the families agreed. The families were now equivalent to a big village. Hence, in every transaction (promise) which was logged in the ledger, a cut was taken by the ledgerwoman.

Over time, this ledgerwoman became extremely wealthy and powerful as she controlled the book of promises. As time passed, she started taking bribes and increased her cut of shares. She also started fudging the book of promises.

The families were now back to square one. They kicked the Ledgerwoman out and decided to do something about it. Appointing another person for this job was not the solution, hence, a new innovative idea had to be thought through. Transactions had to be recorded, but the issue was asking one person to maintain this book of promises. So, the families got together to come to a conclusion that all would maintain the ledger details.

This forms the basis of the block chain, where every individual will own the records of transactions and in case of any change, all the ledgers with all the families will get updated. For making these changes, the families would have to meet at regular intervals for a Verification Check. This check would ensure that all ledgers are updated with the most recent promises. Everyone will come to a CONSENSUS that the ledgers match and in this manner, EVERYONE will have complete CONTROL and KNOWLEDGE of the transactions taking place.

A young man pointed out that what would happen if an entry in one of the ledgers did not match such as :

Ledger 1: Jason promised to give 20Kg of rice to Ethan hunt in exchange for 4 chicken.

Ledger 2: Jason promised to give 10Kg of rice to Ethan hunt in exchange for 5 chicken.

An old man suggested that we follow the 51% rule in this case. If 51% or a majority of the ledgers say that “Jason promised to give 20Kg of rice to Ethan hunt in exchange for 4 chicken” we accept that as the truth and nothing else. He also suggested marking a special symbol after a page of the ledger got completed. The symbol on the next page would be a derivative of this new symbol. In this manner, even if a person wanted to change a page in the ledger, he would not be able to do so as he would have to change the symbol too which was impossible.

In this manner, no one will have to trust each other and still the distributed ledger where the 51% rule applies will be the source of trust for everyone. TRUSTLESS system is what the old man called it.
This story will form the principle of understanding the basics of Blockchain which will be covered in Part 2.

I leave you with the following questions:

1. What when the families and village grows to thousands of members? Will this solution still work?

2. What if someone gets hold of all the ledgers and make changes in all of them?

3. What mechanism would be used if every village had their own separate way of ledger keeping?

Feel free to share your thoughts in the comment(s) section below…

This is Part 1 of the 5-part series on the blockchain. In this series, we will learn about what is exactly blockchain and the need for it. We will then focus on understanding the working of a blockchain followed by its applications in the real world. We will then move on to Blockchain 2.0 – Smart contracts. In the final part, we will focus on Blockchain 3.0 & 4.0.

Saturday, January 5, 2019

Digital Signature

We learned about the basics of cryptography in the first post. We then learned about the types of cryptography – symmetric and asymmetric (private and public key cryptography). Then we mixed both of them to get the hybrid aspect. As if this was not enough, intelligent minds mixed hashing into cryptography to produce digital signatures.

It’s time to learn about this new potion – Digital Signature. Before we delve into detail, we must understand what is hashing. Hashing is a method to ensure that the integrity of the message has not been compromised with. A one-way hash function is used for creating a hash that takes a variable-length string (a message) and produces a fixed-length value called a hash value. This hash value will only change if a change has occurred in the message. If there is no change, then the hash value will not change if you apply the one-way hash function 1 time or a 1000 times. Let’s take an example to understand this. 

Message: This blog really helps me to understand information security concepts in a simple manner. 

There are various hashing algorithms which can be used to create a hash value of this message. For simplicity purposes, let’s consider the hash value after the hash function is: D34mCd768218g367.

What to do with value now? This value will help you identify if the message sent across has changed or not. How? If the message will change, the hash value will also change. This is just one piece of the puzzle of the digital signature. 

This diagram will help us to understand the complete picture.

Our old friends – Alice and Bob want to share information as usual. This time, however, an important requirement is that the message must not be modified. Alice, therefore, decides to use the digital signature to give confirmation to Bob that the message which he will get to read has not been modified.

These steps will help you understand the complete process.

1. Alice has a data file with her. This is the secret script of Captain Marvel. 

2. She applies a hash function on this data file to create a hash value. This hash value will act as proof that no changes have been made in the script.

3. This hash value is then encrypted to keep it safe. Alice uses her own private key for this encryption.

4. This complete package is the digital signature.

5. An important point to note here is that the data file is not encrypted here. The hash value is encrypted here.

6. This digital signature is then appended to the data file and sent across.

7. Bob receives this message and he opens the data file.

8. He is elated to see the Marvel script, however, he is unsure that whether the message has been tampered with or not.

9. To do that, he checks the public key of Alice and uses that to decrypt the hash value.

10. In addition to that, Bob calculates the hash value of the message himself.

11. Both these values are then compared by Bob to come to a conclusion whether the message’s integrity has been tampered with or not.

The hashing function ensures the integrity of the message, and the signing of the hash value provides authentication and non-repudiation. The act of signing just means the value was encrypted with a private key.

It would be extremely unfair if I leave you without questions to tax your brain. Do not forget to leave answers to them in the comment(s) section below.

1. What would be the best key for the digital signature – Private or Public?
2. If the hash value is different, does it mean that the digital signature is corrupted?
3. Do digital signatures provide non-repudiation?