Search

Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Internet Security: Is There Such A Thing As An Unbreakable Code?

For centuries, people have been searching for ways to keep information from getting into the hands of the public. Cryptography gave them an answer to that. Cryptography has been used, both in its basic and sophisticated forms to hide sensitive information. Egyptian hieroglyphics contain the first known and verified example of ancient cryptography. In our age where internet is so rampant and people want to keep their personal information private, cryptography is gaining traction. But one cycle exists for all cryptography. First, someone finds a good code and starts using it, it becomes effective for some time and eventually someone somewhere breaks the code, rendering it ineffective. Because of this, people ask: Is there such a thing as an unbreakable code?

 

Can all encryption be broken

To help them answer this question and solve it, scientists came up with the concept of one-way functions. One-way functions are functions that are easy to compute on the given inputs but hard to invert. That is, you cannot get the inputs from the output when reversing it. One-way functions could make good candidates for code that cannot be easily broken. That is, it would be close to impossible to find an algorithm that would revert the output. Unfortunately, one-way functions are just a conjecture. But that conjecture has been behind much tools that have been built in cryptography, authentication, personal identification, and other data security applications.

Getting a one-way function that is feasible has huge ramifications in the internet age. It could solve the Internet security problem for good. Industries such as banking, telecommunications, and e-commerce would be in a hurry to apply it. Yes, it has been elusive but that is not to say that there have not been candidates.

One well known candidate for one-way functions involves the multiplication and factoring of prime numbers. To get the outputs, two prime numbers are given to a function and their product is computed. This function takes a quadratic time complexity. It is really hard to factor out the prime numbers given the output although it can be done in exponential time. Another candidate is the Rabin function which gave rise to the Rabin cryptosystem on the assumption that the Rabin function is one-way.

The two candidates above can be broken though if a really good mathematician knows how to write an efficient algorithm.

This problem was what Rafael Pass, Professor of computer science at Cornell Tech wanted to tackle. He believes that if he could find a really good and valid one-way function, then all internet security problem could be solved. Internet encryption would be safe for all. According to his postulate, a good one-way function is like lighting a match. After a match is lit, you cannot get back the sticks. They are now ashes. So, a good one-way function would be an encryption scheme in which the decryption would lie only in the hands of the person who encrypted it. To get a candidate, he looked to mathematics and to a field that is unrelated to cryptography – quantifying the amount of randomness in a string of numbers, or what is known as the Kolmogorov complexity.

The Kolmogorov complexity of an object is defined as the length of the shortest computer program that can generate that object as an output. The Kolmogorov complexity of a string that has a definite pattern to it, like ababababababab, which is writing ab 7 times, can easily be computed. But what if you have some random string? asdwer2345tgdhncjmckkjkd? How do you compute the Kolmogorov complexity in an efficient manner? It has been found that the Kolmogorov complexity for such random strings is computationally close to impossible. What makes it more infeasible is computing the time bounds of such an algorithm.

Taking from this idea, Professor Pass focused his research on whether an algorithm can solve the time-bounded Kolmogorov complexity. If such an algorithm exists, his research posits, then all cryptography can be broken. On the other hand, if no efficient algorithm exists for such a time-bound Kolmogorov complexity, then one-way functions do exist and they can be found.

His research has implications for encryption schemes that are widely used in the Internet. Popular social media platforms use encryption to make their platforms more secure, banks in e-banking platforms rely on encryption being more unbreakable, and overall, we depend on making sure our internet lives are kept free from the prying public. So, Professor Pass’ theory is of great interest and only time will tell when a really good algorithm can be found based on his research that would make sure our Internet security is compromised no matter what platform we are using.

Source for this article was from Cornell University.

Smartphone malware protection using computing security similar to captcha

Are you human or a bot?
Credit: Phil Whitehouse on Flickr
Mobile phones are ubiquitous. One of the allures of mobile phones is that they are personal. A smartphone can store zillion details about its owner in ways never imagined before. Furthermore, mobile phones have extended their use to virtually every aspect of our lives - from making calls to financial transactions. It is then imperative that we take the security of mobile devices as much as important as desktops and laptops. Protecting mobile devices against malware or malicious software implies preserving our privacy.

A research team at the University of Alabama at Birmingham have devised a malware detection technique that is simple and akin to captcha verification on computers. The technique involves the detection of hand gestures common with three primary smartphone services like calling, tapping and snapping using motion, position and ambient sensors to give the phone protection against attacks by malware.

Captcha was invented to prevent bots from adding urls to search engines. It is a test used in computing to determine whether the user is a human or not. Malware cannot perform common user gestures which is a familiarity on mobile devices or smartphones, such as tapping, dragging the screen etc; this distinction was used as a security advantage for identifying malware from human gestures whenever a phone attempts making calls, or is performing tasks that involve human gestures.

By the way, the user gesture is one of the weak security points of smartphones. They put themselves at risk by downloading apps that are insecure, or they just click “yes” to an ad without extensive verification. The research team is using this weakness to advantage.

In the future we could see secured gesture techniques extended to commercial grade smartphones and also to other areas of smartphone use, such as sending SMS or email.

Matched content