Crowdsensing and Privacy in Smart City Applications
Raj Gaire , ... Surya Nepal , in Smart Cities Cybersecurity and Privacy, 2019
three.v.two Cryptography
Cryptographic techniques are used to ensure secrecy and integrity of data in the presence of an antagonist. Based on the security needs and the threats involved, diverse cryptographic methods such equally symmetric key cryptography or public key cryptography can be used during transportation and storage of the information. In addition, a homomorphic encryption allows various computations to take place on encrypted data without requiring the data to be decrypted for processing. From the privacy perspective, these techniques are useful to protect personal information from existence leaked during transportation and from storage servers [31].
In Microsoft Vista for Information technology Security Professionals, 2007
Using Encryption
Cryptography is a word derived from the Greek kryptos ("hidden"), and the use of cryptography predates the computer age by hundreds of years. Keeping secrets has long been a concern of human beings, and the purpose of cryptography is to hide information or change it so that it is incomprehensible to people for whom it is not intended. Cryptographic techniques are an important part of a multilayered security plan. Some security measures, such as implementation of a firewall and use of access permissions, try to keep intruders out of the network or computer altogether, much similar fences and door locks attempt to keep burglars off the grounds or out of the house. Cryptography provides an inner line of defence. Like a wall safe that is in that location in case the burglars practise make it inside your business firm—and to protect valuables from people who are authorized to come into your house—cryptography protects data from intruders who are able to penetrate the outer network defenses and from those who are authorized to admission the network merely non this particular data.
Cryptographic techniques concern themselves with three basic purposes:
■
Authentication Verifying the identity of a user or reckoner.
■
Confidentiality Keeping the contents of the data surreptitious.
■
Integrity Ensuring that data doesn't change between the time it leaves the source and the fourth dimension it reaches its destination.
I or more of these goals may be a priority, depending upon the situation.
All three mechanisms tin be used together, or they can be used separately when only one or 2 of these considerations are important. In the post-obit sections, nosotros expect more closely at how each 1 works in relation to network security.
Note
The process of confidentiality, integrity, and authentication, is also known equally CIA.
Cryptographic techniques include encryption, which involves applying a procedure called an algorithm to plain text to plow it into something that will appear to be gibberish to anyone who doesn't have the key to decrypt it. Encryption is a form of cryptography that "scrambles" plain text into unintelligible cipher text. Encryption is the foundation of such security measures as digital signatures, digital certificates, and the public central infrastructure that uses these technologies to make computer transactions more secure. Computer-based encryption techniques use keys to encrypt and decrypt data. A cardinal is a variable (sometimes represented as a password) that is a big binary number—the larger, the improve. Key length is measured in bits, and the more bits in a key, the more difficult the key volition be to "crack."
Littlejohn Shinder , Michael Cross , in Scene of the Cybercrime (2d Edition), 2008
Understanding the Purposes of Cryptographic Security
Cryptographic techniques are an important office of a multilayered security plan. Some security measures, such every bit implementation of a firewall and use of access permissions, try to keep intruders out of the network or computer altogether, much similar fences and door locks try to keep burglars off the grounds or out of the house. Cryptography provides an inner line of defense. Like a wall safe that is there in case the burglars do brand it inside your house—and to protect valuables from people who are authorized to come into your firm—cryptography protects data from intruders who are able to penetrate the outer network defenses and from those who are authorized to access the network only not this particular information.
Cryptographic techniques concern themselves with iii bones purposes:
▪
Authentication Verifying the identity of a user or figurer
▪
Confidentiality Keeping the contents of the information secret
▪
Integrity Ensuring that information doesn't alter betwixt the time it leaves the source and the time information technology reaches its destination
One or more of these goals may be a priority, depending on the situation. For instance, if an investigator receives a bulletin from his or her chief to fly to the Due west Coast to interview a witness in a case, the overriding concern might be to know that it was, indeed, the master of police who sent the message and not a fellow officer playing a practical joke. In this case, hallmark of the bulletin sender'due south identity is of utmost importance. If the case relates to an internal diplomacy investigation and it is of import that no ane else in the section know where the investigator is going, confidentiality of the data might be of import as well. And if the message states that the investigator is authorized to spend $iii,000 on the trip, it might exist important to ensure that the bulletin has not been changed (after all, chiefs are not normally this generous) in transit—in other words, that the message's integrity has not been compromised.
All iii mechanisms tin can be used together, or they tin can exist used separately when simply one or ii of these considerations are of import. In the post-obit sections, we look more closely at how each one works in relation to network security.
On the Scene
A Historical Perspective on Cryptography
Cryptography has probably been around for almost equally long as written language. According to A Brusque History of Cryptography, past Fred Cohen (www.all.cyberspace/books/ip/Chap2-1.html), the study of cryptography has been around for 4,000 years or more. Whenever communications are recorded, the consequence of protecting those recorded communications arises.
In both business and personal communications, information technology is often non desirable to share the contents with everyone—in fact, in many cases doing so could have disastrous results. Thus, early civilizations looked for means to conceal the contents of letters from prying eyes. In ancient Arab republic of egypt, deviations on the hieroglyphic linguistic communication in apply were adult for that purpose. The Greeks used a "transposition code" in which each letter of the alphabet was represented by some other that indicated where, in a filigree, the original letter was located. In early India, spies employed by the government used phonetic-based "exchange codes" (the same concept children use for squealer Latin). In biblical times, a substitution zippo called atbash, which worked past replacing the last alphabetic character of the Hebrew alphabet with the first and then on, was used to encrypt writings. Encryption methods were used past such diverse historical figures equally Julius Caesar (afterward whom the "Caesar cipher" was named), Thomas Jefferson (who invented the zero cycle), and Sir Francis Salary. Governments accept long used encryption to protect sensitive military machine messages.
Authenticating Identity
As we discussed in Chapter eleven, you can make up one's mind the identity of a user or computer in numerous means, but it more often than not requires that the user provide something that is associated with his or her user account that someone else could non easily provide. The requested credential is by and large 1 (or more than) of the following:
▪
Something you lot know, such every bit a password or personal identification number (Pivot)
▪
Something you have, such equally a smart card or certificate
▪
Something you are, in which biometric devices are used to place you on the basis of your physical characteristics
Because none of these authentication methods (or whatsoever other) is absolutely foolproof, information technology makes sense in a loftier-security surround to utilise a multifactor authentication system (sometimes called ii-way or three-manner authentication, depending on the number of hallmark methods used) by combining ii or more of them. That is, a user is required to provide both something he or she has and something he or she knows (in fact, most smart carte implementations require that the user not only insert the menu in a reader, just also enter a Pivot), or the user must both undergo a biometric scan and provide a countersign before existence granted access.
Another method of implementation is layered authentication, in which one form of authentication is accepted to provide a lower level of admission, and additional authentication is required for a college level of admission.
Note
Some security literature mentions a quaternary ways of proving identity: something you lot do. An case would be a sample of your handwriting. Voice prints might also exist considered to exist in this category.
Equally we saw in Chapter eleven, a wide number of protocols are used for authenticating users on a network, many of which use various types of encryption to ensure that the data being passed by the user to the authentication server can't be intercepted and viewed past others. Some of these protocols include:
▪
Kerberos A logon authentication protocol that is based on secret primal (symmetric) cryptography. It usually uses the Data Encryption Standard (DES) or Triple-DES (3DES) algorithm, although with the latest version, Kerberos Version 5, algorithms other than DES can be used. Kerberos uses a organisation of "tickets" to provide verification of identity to multiple servers throughout the network. This system works a little like the payment system at some amusement parks and fairs where, instead of paying to ride each ride, customers must purchase tickets at a central location and and so use those tickets to access the rides. Similarly, with Kerberos, a client who wants to access resources on network servers is non authenticated by each server; instead, all the servers rely on "tickets" issued past a fundamental server, chosen the Key Distribution Center (KDC). The customer sends a request for a ticket (encrypted with the client'due south fundamental) to the KDC. The KDC issues a ticket called a Ticket-Granting Ticket (TGT), which is encrypted and submitted to the Ticket-Granting Service (TGS). The TGS tin can be running on the same physical machine that is running the KDC. The TGS issues a session ticket to the customer for accessing the item network resource that was requested (which is usually on a different server). The session ticket is presented to the server that hosts the resources, and access is granted. The session key is valid only for that item session and is set to expire afterwards a specific amount of fourth dimension. Kerberos allows mutual authentication; that is, the identities of both the client and the server can be verified.
▪
NT LAN Director (NTLM) Some other Microsoft logon authentication method. Unlike Kerberos, with NTLM, when a client wants to admission a server'south resources, that server must contact the domain controller to have the client's identity verified. It uses MD4/MD5 hashing algorithms and DES encryption.
▪
Shiva Countersign Authentication Protocol (Due south-PAP) A remote access hallmark protocol used for Point-to-Bespeak Protocol (PPP) or punch-up connections. Shiva PAP (S-PAP) uses a two-way reversible authentication method that encrypts passwords then that they volition not be subject to interception and misuse.
▪
Challenge Handshake Authentication Protocol (CHAP) Uses a hashing algorithm and a shared secret (more almost that later in this chapter, in the section on encryption) to protect the password. CHAP provides more security than PAP. Microsoft developed its own version of the protocol, chosen MS-CHAP, which uses the DES encryption algorithm and LM/NTHASH.
▪
The Remote Authentication Dial-In User Service (RADIUS) Also used for authenticating remote connections. Exchanges are encrypted using a shared key, and multiple RAD-IUS servers tin can communicate with each other and exchange authentication information.
▪
Secure Shell (SSH) Allows users to log on to UNIX systems remotely. When using SSH, both ends of the connection (customer and server) are authenticated, and data (including passwords) can exist encrypted. 3DES, Blowfish, and Twofish are encryption algorithms that are supported by SSHv2, which besides allows the use of smart cards.
A concept that is closely related to authentication is nonrepudiation. This is a means of ensuring that whoever sends a message cannot later claim that he or she didn't send it. Nonrepudiation is sometimes considered to be a fourth, dissever purpose of cryptography, but we include information technology here in the give-and-take of authentication considering the two concepts go together; nonrepudiation merely goes a step further than authentication.
Providing Confidentiality of Data
Confidentiality refers to any method that keeps the contents of the data undercover. Unremarkably this ways encrypting information technology to prevent unauthorized persons from understanding what the information says fifty-fifty if they intercept it. In a high-security environment, where network communications necessarily involve data that should not be shared with the globe, it is important to utilise stiff encryption to protect the confidentiality of sensitive data. We talk over exactly how that is washed in the upcoming "Basic Cryptography Concepts" section.
Ensuring Data Integrity
Information integrity, in the context of cryptography, means that in that location is a fashion to verify that the data was not inverse after information technology left the sender, that the data that was sent is exactly the same as the data that is received at the final destination. It is essential to be able to count on data integrity in network transactions such equally east-commerce.
Notation
The term data integrity has a broader significant in terms of general calculating and networking than information technology does in the context of cryptography. In this sense, it refers to protection of data from harm or destruction; the integrity of data can be threatened by a power surge, a magnetic field, fire, inundation, or the like likewise as by persons who would deliberately alter information technology. You can install utilities such as Tripwire (www.tripwire.org) to monitor changes to system data on the hd.
MCSE 70-293: Planning, Implementing, and Maintaining Internet Protocol Security
Martin Grasdal , ... Dr. Thomas Westward. Shinder Technical Editor , in MCSE (Exam seventy-293) Study Guide, 2003
Purposes of Encryption
IPSec functions by using cryptographic techniques. The term cryptography refers to methods of making data unreadable or undecipherable past anyone except the authorized recipient in the consequence that the message is intercepted by someone else. IPSec uses cryptography to provide three basic services:
■
Authentication
■
Data integrity
■
Data confidentiality
In that location are times when only 1 or two of these services is needed, and other times when all of these services are needed. We will take a look at each of these services individually.
Caput of the Form…
IPSec Encryption Algorithms
IPSec provides computer-level authentication, equally well as data encryption, for virtual private network (VPN) connections that employ the Layer Two Tunneling Protocol (L2TP). One important purpose of IPSec encryption is to provide for information confidentiality and so that the messages that travel through the VPN tunnel cannot be read past unauthorized persons. This is the "individual" function of virtual private networking.
Before an L2TP connectedness is established, IPSec is negotiated between the client computer and the VPN server that uses L2TP. When the negotiation is completed, the data and the password are secure. 1 point of negotiation is the encryption algorithm that will exist used. Windows Server 2003 supports the following encryption algorithms:
■
Data Encryption Standard (DES) This method uses a unmarried 56-bit key encryption level.
■
Triple Data Encryption Standard (3DES) This method uses three 56-chip keys for encryption.
In today's security-conscious environments, most servers are set to allow encryption and allow the client machines to select their encryption methods (algorithms). You can also prepare the server settings to deny encryption, select the specific encryption strength, or allow the client computer to select the encryption forcefulness. Data encryption is very important if you want to ensure that your data is not readable in the event that it is captured by a "sniffer" or otherwise intercepted as information technology travels across the network.
Authentication
Authentication is the process of verifying the identity of a data sender or recipient. This allows the message recipient to know that the message was actually sent from the sender and not from someone posing equally the sender. IPSec can use different methods to authenticate identities, including pre-shared keys, digital certificates, and Kerberos authentication. Hallmark is needed when information technology is important to verify that a message came from the person who claims to have sent it.
A concept closely related to authentication is nonrepudiation, which refers to a fashion of ensuring that the sender cannot later on deny sending the message.
IPSec can also provide anti-replay. This refers to ensuring that an unauthorized person cannot capture the authentication credentials as they're sent across the network and "replay" them to establish a communications session with the server.
NOTE
The use of pre-shared keys is not recommended, because it is the to the lowest degree secure of the hallmark methods supported past Windows Server 2003 IPSec. The biggest problem with whatever shared cloak-and-dagger such as a pre-shared key is the difficulty of sharing the key with both parties without compromising it.
Data Integrity
Information integrity refers to the ability to ensure that the data that is received at the endpoint of the communication is exactly the same data that was sent from the originating estimator, and it has not been modified in any fashion in transit. IPSec uses the hash functions to ensure that the contents of the data parcel accept not changed between the time it was sent and the time information technology was received.
Caput of the Class…
Hashing and Hash Algorithms
A hash algorithm used for encryption is a mathematical adding that has been proven to be one-fashion so that it cannot be reverse-engineered (discovery of the original bulletin using the hash effect). (Two-manner hashes are sometimes used for purposes other than encryption.) The outcome of the awarding of the algorithm is chosen the hash consequence.
Hashing uses a underground key to create a message digest, which is a combination of the message itself and the hash result. The message digest is sent to the recipient, and the same fundamental is applied to information technology. The recipient applies the same key to the message, and the result will exist identical if there has been no amending.
The Message Digest 5 (Physician-5) and Secure Hash Algorithm (SHA) algorithms are two pop hashing algorithms.
Data Confidentiality
Data confidentiality refers to the power to "scramble" the data using encryption algorithms so that it cannot be understood past an unauthorized person who intercepts it. IPSec provides data confidentiality merely through the ESP protocol. AH does non provide for encryption of the information. ESP uses the 3DES and DES algorithms to ensure data confidentiality.
Daniel S. Soper , in Computer and Information Security Handbook (Third Edition), 2013
Uplink Encryption
Protecting a transmission that is being sent to a satellite from at or near the surface of Globe requires much more than than just cryptographic techniques; to wit, encrypting the message itself is a necessary but insufficient condition for protecting the transmission. The reason for this is that the bodily transmission of the encrypted message to the satellite is just the final pace in a long concatenation of custody that begins when the message is created and ends when the message is successfully received by the satellite. Along the way, the message may pass through many people, systems, or networks, the control of which may or may not reside entirely in the hands of the sender. If one assumes that the confidentiality and integrity of the bulletin have not been compromised as the bulletin has passed through all of these intermediaries, then but ii master security concerns remain: the directional accuracy of the transmitting antenna, and the method used to encrypt the bulletin. In the example of the erstwhile, the transmitting antenna must be sufficiently well-focused to allow the betoken to be received by—and ideally just past—the target satellite. With thousands of satellites in orbit, a strong potential exists for a poorly focused manual to be intercepted by some other satellite, in which case the only remaining line of defense for a message is the force of the encryption algorithm with which it was encoded. For this reason, a prudent sender should e'er assume that their bulletin could be intercepted while in transit to and from the satellite, and should implement bulletin encryption accordingly.
When deciding upon which encryption method to utilise, the sender must simultaneously consider the value of the data being transmitted, the purpose of the transmission, and the technological and computational limitations of the target satellite. A satellite'southward computational and technological capabilities are a function of its blueprint specifications, its electric current workload, and any deposition that has occurred since the satellite was placed into orbit. These backdrop of the satellite can therefore be considered constraints—any encrypted uplink communications must piece of work inside the boundaries of these limitations. That said, the purpose of the manual likewise features prominently in the choice of which encryption method to use. Here we must distinguish between 2 types of transmissions: commands, which instruct the satellite to perform one or more specific tasks, and transmissions-in-transit, which are intended to be retransmitted to the surface or to some other satellite or spacecraft. Not only are command instructions of high-value, just they are also not typically burdened with the aforementioned low-latency requirements of transmissions-in-transit. Command instructions should therefore always be highly encrypted, considering control of the satellite could be lost if they were to be intercepted and compromised. What remains, and then, are transmissions-in-transit, which may be of either high-value, or of low-value. 1 of the bones tenants of cryptography states that the value of the data should dictate the extent to which the data are protected. As such, minimal encryption may be acceptable for depression-value transmissions-in-transit. For such transmissions, adding an unnecessarily complex layer of encryption may increase the computational burden on the satellite, which in turn may delay message delivery and limit the satellite's ability to perform other tasks simultaneously. Loftier-value transmissions-in-transit should be protected with a robust encryption scheme that reflects the value of the data being transmitted. The extent to which a highly encrypted manual-in-transit will negatively impact a satellite's available resources depends upon whether or non the message needs to be candy earlier beingness retransmitted. If the message is simply being relayed through the satellite without any additional processing, then the brunt on the satellite's resources may exist comparatively small-scale. If, even so, a highly encrypted message needs to be candy by the satellite prior to retransmission (if the message needs to exist decrypted, processed, and and then reencrypted), the brunt on the satellite's resource may be substantial. Processing high-value, highly encrypted transmissions-in-transit may therefore vastly reduce a satellite's throughput capabilities when considered in conjunction with its technological and computational limitations.
Daniel Due south. Soper , in Computer and Information Security Handbook (Second Edition), 2013
Uplink Encryption
Protecting a transmission that is being sent to a satellite from at or most the surface of the Globe requires much more than than just cryptographic techniques; to wit, encrypting the message itself is a necessary simply insufficient condition for protecting the manual. The reason for this is that the bodily transmission of the encrypted message to the satellite is but the final stride in a long chain of custody that begins when the message is created and ends when the bulletin is successfully received by the satellite. Along the style, the message may laissez passer through many people, systems, or networks, the command of which may or may not reside entirely in the hands of the sender. If i assumes that the confidentiality and integrity of the message have not been compromised as the bulletin has passed through all of these intermediaries, and so but two main security concerns remain: the directional accuracy of the transmitting antenna, and the method used to encrypt the message. In the case of the former, the transmitting antenna must exist sufficiently well-focused to allow the signal to be received by – and ideally merely past – the target satellite. With thousands of satellites in orbit, a strong potential exists for a poorly focused transmission to be intercepted by some other satellite, in which case the only remaining line of defence force for a message is the strength of the encryption algorithm with which it was encoded. For this reason, a prudent sender should ever assume that their message could be intercepted while in transit to and from the satellite, and should implement message encryption accordingly.
When deciding upon which encryption method to utilise, the sender must simultaneously consider the value of the data being transmitted, the purpose of the transmission, and the technological and computational limitations of the target satellite. A satellite's computational and technological capabilities are a part of its pattern specifications, its current workload, and any degradation that has occurred since the satellite was placed into orbit. These properties of the satellite can therefore be considered constraints – whatsoever encrypted uplink communications must work within the boundaries of these limitations. That having been said, the purpose of the manual also features prominently in the selection of which encryption method to use. Hither we must distinguish between two types of transmissions: commands, which instruct the satellite to perform one or more specific tasks, and transmissions-in-transit, which are intended to be retransmitted to the surface or to some other satellite or spacecraft. Not simply are control instructions of loftier value, but they are too not typically burdened with the aforementioned low-latency requirements of transmissions-in-transit. Control instructions should therefore always exist highly encrypted, because control of the satellite could be lost if they were to exist intercepted and compromised. What remains, then, are transmissions-in-transit, which may be of either high value, or of low value. One of the basic tenants of cryptography states that the value of the data should dictate the extent to which the data are protected. As such, minimal encryption may be adequate for low-value transmissions-in-transit. For such transmissions, adding an unnecessarily circuitous layer of encryption may increase the computational brunt on the satellite, which in plow may delay bulletin delivery and limit the satellite's ability to perform other tasks simultaneously. High-value transmissions-in-transit should be protected with a robust encryption scheme that reflects the value of the information existence transmitted. The extent to which a highly encrypted transmission-in-transit will negatively touch on a satellite's available resources depends upon whether or not the message needs to be processed earlier being retransmitted. If the bulletin is simply being relayed through the satellite without any additional processing, so the burden on the satellite'south resources may be comparatively small. If, however, a highly encrypted bulletin needs to be processed by the satellite prior to retransmission (if the message needs to be decrypted, processed, then re-encrypted), the brunt on the satellite'south resource may exist substantial. Processing loftier-value, highly encrypted transmissions-in-transit may therefore vastly reduce a satellite's throughput capabilities when considered in conjunction with its technological and computational limitations.
Michel Barbeau , in Handbook on Securing Cyber-Physical Critical Infrastructure, 2012
Mutual Authentication Using Public Key Infrastructure
An arroyo for mobile IPv4 registration message origin mutual authentication has been proposed past Sufatrio and Lam [24]. It is a hybrid approach that combines both symmetric central and disproportionate key cryptographic techniques. Public Cardinal Infrastructure (PKI) is involved while the MNs perform solely symmetric key cryptographic operations. A MN assumes that its HA is a trusted server.
Figure 5-14 illustrates the protocol. The MN and its HA share a hush-hush cardinal grandMH. The FA and HA have, respectively, a certificate CF and CH. The FA and HA have individual keys thousandF and kH and public keys lF and fiftyH. In pace 1, the MN acquires the certificate of the FA through advertisement message thou, sent using broadcast on a periodic footing. Let Em() be a public-primal encryption signing part. Allow Dg() exist a public-key decryption signing function. The advertisement bulletin yard is signed using FA's public key, i.e., , and is accompanied with FA's certificate CF.
Figure 5-xiv. Mutual authentication using PKI.
In step 2, the MN sends through the FA a registration request m′, which is signed with the MN to HA hush-hush key one thousandMH. The registration letters incorporate the nonce of the HA nH, nonce of the MN northM, and a copy of the advert received in step 1 from the FA. In step 3, the FA forwards the registration, together with its nonce nF, to the HA.
On receiving the registration request, the HA verifies the novelty of nonce nH and consistency of the signature . The HA now verifies FA's credentials and signature on behalf of the MN. The HA start validates the FA's certificate CF using the PKI. Then, it checks the consistency of the signature using the encryption part Due eastk(), that is, we must have equal to one thousand. If all these operations succeed, then the HA may return a registration reply to the MN. The reply rep is accompanied with a new HA nonce and the nonce of the MN northwardK. This triple, denoted as thou″, is signed using the HA-MN shared secret key mMH and associated with the FA nonce nF. This new group of three items is denoted as m‴. The final bulletin consists of the trio m‴, signed using HA'southward public cardinal, i.east., , and HA's certificate CH.
On receiving the registration reply, the FA makes sure that the northwardF contained in step 4 is identical to the due northF is step iii. Using the PKI, the FA validates the HA'south certificate CH. Afterward, it authenticates the signature using the encryption part Ek(), that is, the equality must hold. The FA forwards the pair .
Blueprint of Real-Time Speech Secure Communication over PSTN
Wu Zhijun , in Information Hiding in Spoken communication Signals for Secure Communication, 2015
9.3.4.four Hider and Extractor
The technique of information hiding is implemented in SIHT, which mainly focuses on two aspects, secret spoken language information concealing and public voice communication data hiding. The latter is necessary and important.
Whereas cryptographic techniques try to muffle the contents of data, information hiding (steganography) goes a bit further: it tries to muffle not just the contents of information, but also its very existence. Two people can communicate covertly by exchanging unclassified messages containing confidential information, merely both parties accept to take into account the presence of passive, active, or even malicious attackers.
The third person watching the advice should not exist able to decide whether the sender is active in the sense that he sends covers containing secret messages rather than covers without additional information. More formally, if an observer has admission to a carrier ready of cover-objects transmitted between both communication parties, he should not be able to decide which comprehend-object ci contains cloak-and-dagger information. Thus, the security of invisible communication lies mainly in the disability to distinguish cover-objects from stego-objects [21,22]2122.
In practice, not all information can be used equally embrace for secret communication, since the modifications employed in the embedding procedure should not be visible to anyone who is not involved in the communication process. This fact shows that sufficient redundant data should be contained in the cover for the purpose of being substituted by secret information. As an instance, due to measuring errors, any data which are the result of some physical scanning procedure will incorporate a stochastic component called noise. Such random artifacts can exist used for the submission of secret information. In fact, it turns out that noisy data has more advantageous backdrop in most steganographic applications.
Obviously a embrace should never be used twice, since an assailant who has access to two versions of one cover tin can easily detect and reconstruct the message. To avoid adventitious reuse, both sender and receiver should destroy all covers that already accept been used for data transfer.
Some steganographic methods combine traditional cryptography with steganography: the sender encrypts the undercover data prior to the embedding procedure. Clearly, such a combination increases the security of the overall communication process, equally it is more hard for an assaulter to detect embedded Cipher text (which itself has a rather random advent) in a embrace. A potent steganographic arrangement, all the same, does not need prior enciphering [21].
SIHT utilizes a hush-hush central steganography system similar to a symmetric zero: the sender chooses a cover c and embeds the hugger-mugger message into c using a secret cardinal k. If the receiver knows the cardinal used in the embedding process, he or she can reverse the process and extract the secret bulletin. Anyone who does not know the secret fundamental should not be able to obtain the evidence of encoded data. Again, the cover c and the stega-objects can be perceptually similar.
A secret key steganography system tin can be described as a quintuple [153], where C is the set of possible covers, K is the set of surreptitious letters with |C| ≥ |Grand|, K is the set of secret keys, EGrand:C × Chiliad × M→C and DK:C × Chiliad→M with the belongings that DGrand(EM(c,g,k), g) = k for all yard∈M, c∈C, and k∈K.
Raja Datta , Ningrinla Marchang , in Handbook on Securing Cyber-Concrete Critical Infrastructure, 2012
seven.9 Conclusions and Future work
In this affiliate, we started by giving a brief introduction to mobile ad hoc networks and went on to discuss different security bug in detail. We take discussed the important security attacks and their solutions. Every bit MANETs are resources constrained and cannot use elaborate cryptographic techniques for data encryption and decryption, we have tried to describe some of the key direction techniques that can be used in this blazon of network. A chapter on security of mobile advertising hoc networks cannot exist complete without discussing the intrusion detection techniques existing in the literature. We idea it will be very useful to draw hither the intrusion detection schemes starting from the simple ones to more than complex schemes that employ trust values of nodes. Nosotros have also described some interesting collaborative techniques of intrusion detection to complete the chapter. Every bit regards future work, several challenges still remain in this expanse of securing ad hoc networks equally a whole and MANET in item. One primary issue of concern is that the mobile devices are battery-powered and take express computational resources. Hence, researchers must take this into account while designing security mechanisms. A complete model of all possible attacks would help researchers evaluate the security of their protocol. Such a model would also allow the application of formal methods to verify a security mechanism. Moreover, it would help researchers to design a more complete security solution instead of designing specific security mechanisms for handling specific security attacks. Some other challenge is to design security solutions that are not only highly secure just also exhibit high network performance.
Nihad Ahmad Hassan , Rami Hijazi , in Data Hiding Techniques in Windows Os, 2017
Summary
In this affiliate we began our journey from the past to discover the old cryptographic systems, which played vital roles during wars and in sending diplomatic messages in ancient times. This knowledge is crucial to understand the new encryption techniques and how they work in modern time.
Afterward listing the major cryptographic techniques we talked about steganography, its types, and techniques, and how was implemented in ancient civilizations to the nowadays solar day.
We also talked briefly almost digital watermarking and online anonymity. We postpone our deep word of these two subjects to Chapters 3 and vAffiliate threeChapter v, respectively.
In Affiliate 2 we will begin our practical hiding journeying by introducing the reader to many uncomplicated techniques that could be used to hibernate our files in Windows®. So let united states begin hiding your clandestine information!
0 Response to "What Is The Cryptography Mechanism Which Hides Secret Communications Within Various Forms Of Data"
Post a Comment