Information Security Notes 2 - Symmetric and Asymmetric Encryption

Symmetric and Asymmetric key

Symmetric

• Share Same Key
• Most classoc crypto are Symmetric
• Encrypts and Decrypts using the same key
• Also called “Secret Key Encryption”

Symmetric Overview

• More secure if the algorithm is opened and publicly review
• Two type of Symmetric
  1. Stream Cipher: the smallest unit to encrypt is one bit
  2. Block Cipher: the smallest unit to encrypt is a block
• Block Ciphers are more secure than most stream ciphers
• Most encryptions scramble the message by substitution and rearrangement for multiple-times
• Security is bounded by the key size.
  • 64bits key => broken with at most 2^64 operations

History - Data Encryption Standard

DES and 3DES should not be adopted today.

• Known more by reading “Meeting in the middle attack”

Asymmetric

• Public Key
• Private Key
• Encrypt with public key; Decrypt with private key
• Also called “Public Key Encryption”
• Everyone can lock but only the one with private key can unlock
• Trapdoor Function: As a function, its function value is very easy to calculate, but the calculation of the inverse solution is very difficult unless some special information is known.

Note that there are many Maths about ECC, AES etc. I will note them if I have time later.

Attribute of data

• Nominal (ID numbers)
• Ordinal (grades)
• Interval (dates)
• Ratio

How to measure the similarity of two objects

Similarity = 1 - Dissimilarity

• Similarity
  • Numerical measure of how alike two data objects are
  • Is higher when objectsare more alike
  • Often falls in the range [0,1]
• Dissimilarity
  • Numberical measure of how different re two data objects
  • Lower when objects are more alike
  • Miinimum Dissimilarity is often 0
  • Upper limit varies

Proximity refers to a similarity or dissimilarity

Data Quality

Examples of problems:

• Noise and outliers
• Missing Values
• Duplicate data

Duplicate Data

Data set may include data objects that are duplicates, or almost duplicates of one another

• Major issue when merging data from heterogeous sources

Example: Same person with multiple email addresses
Data Cleaning: Process of dealing with duplicate data issues

Data Preprocessing

• Aggregation: Conbining two or more attributes
  • Data reduction
  • Change of scale
  • More “stable” data
• Sampling
• Dimensionality Reduction
• Feature subset selection
• Discretization
• Attribute Transformation

Sampling

• Sampling is the main technique employed for data selection
• Statisticians sample because obtaining the entire set of data interest is too expensive or time consuming
• Sampling is used in data mining because processing the entire set of data of interest is too expensive or time consuming

Key principle for effective sampling is

1. using a sample will work almost as well as using the entire data sets, if the sample is representative.
2. A sample is representative if it has approximately the same property as the original set of data

Types of sampling

• Simple Random Sampling
• Sampling without replacement
• Sampling with replacement
• Stratified sampling

Dimensionality Reduction

???? Need to learn later

Distributed and Cloud Computing Notes 1

Reasons for Distributed Systems

• Functional Separation
  • Different Capabilities and purposes
• Inherent Distribution
  • Information
  • People
• Power imbalance and load variation
• Reliability
• Economies

Consequences of Distributed Systems

• Concurrency - Each computer is autonomous
  • Carry our tasks independently
  • Tasks coordinate their actions by exchanging messages
  • System capacity can be increased by adding more resources
• No global clock
• Independent Failures

Motivation of Distributed Systems

• To share resource and information

Trends in Distributed Systems

• The emergence of pervasive networking technology
• The emergence of mobile and ubiquitous computing
• The increasing demand for multimedia services
• The view of distributed systems as a utility

Maintenance of intranet

• No rick if no connection to internet
• Firewalls are used to limit services from/to an intranet
  • Limit FTP/Remote Desktop etc.

Mobile computing: Performing computing tasks while the user is on the move, away from his/her usual environment

Eight forms of transparency

• Access transparency
• Location transparency
• Concurrency transparency
• Replication transparency
• Failure transparency
• Mobility transparency
• Performance transparency
• Scaling transparency

List of Challenge

• Heterogeneity
• Security
  • Confidentiality
    • Protection against disclosure to unauthorized individual information
  • Integrity
    • Protection against alteration or corruption
  • Availability
    • Protection against interference targeting access to the resources
    • DDoS
  • Authenticity or Non-repudiation
    • Proof of sending / receiving an information
    • digital signature

Failure

Availability =MTTF/(MTTF+MTTR)

• Mean time to failure(MTTF)
  • The average time of normal operation before the system fails
• Mean time to repair (MTTR)
  • The average time it takes to repair the system and restore it to working condition

Single point failure

Single hardware/Software component failures cause the whole system crash. The key approach to enhancing availability is to make as many as possible partial failures by removing single points of failure

Checkpointing

• The process of periodically saving the stage of an executing program to stable storage, from which the system can recover after a failure.
  • Each program stae saved is called a Checkpoint .
  • Checkpointing can be realized by operating system at kernel level/Third party library/by the application itself.

Jobs

• Serial Jobs: Run on a single node
• Parallel jobs: use multiple nodes
• Interactive jobs: require fast turnaround time, and their input/output is directed to a termainal
• Batch jobs: need more resources and don’t need immediate responses. Scheduled jobs.

job Management System

• A user server: Let user submit jobs.
• A job scheduler: performs job scheduling
• A resource manager: allocates and monitors resources. Enforces scheduling policies, and collects accounting information.

Security Mechanisms

• Encryption(AES, RSA)
• Authentication(Password, Public key)
• Authorization(access control)

• Concurrency
  • Fair scheduling
  • Preserve dependencies
  • Avoid deadlocks
  • Object locking, data consistency, semaphores
• Fault tolerance (No failure despite faults)
  • Fault detection
    • Checksums
    • Heartbeat
  • Fault masking
    • Retransmission of corrupted messages
    • Redundancy
  • Fault toleration
    • Exception handling
    • Timeouts
  • Fault recovery
    • Rollback mechanisms
• Scalability
• Openness
• Distribution transparency <= Do not let other touch

Information Security Notes 1 - Classical Crypto System

What is Encryption

Encryption is composed of a key and an Encryption algorithm.

1. Type of operations used for transforming plaintext to ciphertext
2. The number of keys used
3. The way in which the plaintext is processed

Encryption and Decryption

• Unencrypted message = plaintext/message
• Encrypted message = cipher/ciphertext

Cryptanalysis

Means attack

• Brute-force
  • Tries every possible
• Breaking the algorithm
  • Tries to exploit the weakness of the encryption algorithm

How to measured by the following dimensions

• Attacker models
  • How strong is the attacker
  1. Ciphertext only attacks
  2. Known plaintext attacks
  3. Chosen plaintext attacks(Attacker can choose plaintext on his own)
  4. Chosen ciphertext attacks(Attacker can choose the cipher and obtain the plaintext)
• Security Goal
  • What Goals does your attacker wants to achieve
  1. Computationally secure: The cost of breaking the cipher exceeds the value of the encryptited information
  2. Unconditionally secure: No matter how much time as opponent has, it is impossible for people decrypt. (secure against brute-force)
• Assumptions:
  • What is the computational limitation
  • Always better to over-estimate the ability of your attackers
  1. Computation: attacker might have many computing resource(super-computers)
  2. Network: attacker might have control over the network/communication channel, they can send/drop/inject/view your packet
  3. Some problems are hard(NP=/=P), no polynomial time solutions
  4. We generally assume computation requiring 2^80 is unsolvable

Brute-force attack

• Attackers try all possible sets of keys
• By probability, it has to try at least half of them
• We generally assume computation requiring 2^80 is unsolvable

Comments

Pros

1. Cheap, Super Cheap
2. guaranteed performance
3. Decent Provider
4. World Wide Locations

Cons

1. Buggy panel
2. Delay delivery
3. M247 network

Information of the Deal

1
2
3
4
5

2 CPU core (50% dedicated, burstable up to 200%)
8 GB RAM 
40 GB RAID-10 NVMe
5 TB bandwidth (1 TB in Hong Kong and Sydney)
$30 per year

Bench

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

---------------------------------
Processor  : Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz
CPU cores  : 2 @ 2999.998 MHz
AES-NI     : ✔ Enabled
VM-x/AMD-V : ❌ Disabled
RAM        : 7.8 GiB
Swap       : 4.0 GiB
Disk       : 39.1 GiB

fio Disk Speed Tests (Mixed R/W 50/50):
---------------------------------
Block Size | 4k            (IOPS) | 64k           (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 193.83 MB/s  (48.4k) | 2.60 GB/s    (40.7k)
Write      | 194.34 MB/s  (48.5k) | 2.62 GB/s    (40.9k)
Total      | 388.18 MB/s  (97.0k) | 5.22 GB/s    (81.7k)
           |                      |                     
Block Size | 512k          (IOPS) | 1m            (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 4.26 GB/s     (8.3k) | 4.92 GB/s     (4.8k)
Write      | 4.49 GB/s     (8.7k) | 5.25 GB/s     (5.1k)
Total      | 8.75 GB/s    (17.1k) | 10.18 GB/s    (9.9k)

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed     
                |                           |                 |                
Clouvider       | London, UK (10G)          | busy            | busy           
Online.net      | Paris, FR (10G)           | 431 Mbits/sec   | 217 Mbits/sec  
WorldStream     | The Netherlands (10G)     | busy            | 281 Mbits/sec  
Biznet          | Jakarta, Indonesia (1G)   | 118 Mbits/sec   | 440 Mbits/sec  
Clouvider       | NYC, NY, US (10G)         | 451 Mbits/sec   | 365 Mbits/sec  
Velocity Online | Tallahassee, FL, US (10G) | 59.1 Mbits/sec  | 397 Mbits/sec  
Clouvider       | Los Angeles, CA, US (10G) | busy            | busy           
Iveloz Telecom  | Sao Paulo, BR (2G)        | busy            | busy           

Geekbench 5 Benchmark Test:
---------------------------------
Test            | Value                         
                |                               
Single Core     | 606                           
Multi Core      | 1149                          
Full Test       | https://browser.geekbench.com/v5/cpu/5694857

Network

Looking Glass
Seems everything M247, just like other location of HH. With $30, what ever.

Tips for using HostHatch’s broken Panel

Their panel is very buggy, it seems that centos7 and ubuntu are bad, but when I reinstalled to debian10 then all functions are normal
So here’s what I did

1. reinstall to Debian
2. Mount the netboot.xyz
3. reinstall the os you want from ISO

This is only my personal solution, not guaranteed to work

Ubuntu

1. Download the ubuntu-mainline-kernel.sh Bash script utility. Open up your terminal and enter:

wget https://raw.githubusercontent.com/pimlie/ubuntu-mainline-kernel.sh/master/ubuntu-mainline-kernel.sh

2. install the previously downloaded script into our executable path:

sudo install ubuntu-mainline-kernel.sh /usr/local/bin/

3. All is ready to upgrade the Ubuntu kernel to the latest version. To do so run do following command:

ubuntu-mainline-kernel.sh -i

The above command will search for the latest kernel version available. To continue with the kernel installation answer y.

4. Finally, reboot your system

reboot

Debian

1. Update the system
   apt update && apt full-upgrade -y
apt install lsb-release

2. Add the repo to the sources list

1
2
3
4
5
6
7
8

cat > /etc/apt/sources.list << EOF
deb http://cdn-aws.deb.debian.org/debian $(lsb_release -sc) main contrib non-free
deb http://cdn-aws.deb.debian.org/debian-security $(lsb_release -sc)/updates main contrib non-free
deb http://cdn-aws.deb.debian.org/debian $(lsb_release -sc)-updates main contrib non-free
deb http://cdn-aws.deb.debian.org/debian $(lsb_release -sc)-backports main contrib non-free
deb http://cdn-aws.deb.debian.org/debian $(lsb_release -sc)-proposed-updates main contrib non-free
# deb http://cdn-aws.deb.debian.org/debian $(lsb_release -sc)-backports-sloppy main contrib non-free
EOF

3. Do the update again
   apt update

4. upgrade your kernel
   apt install -t $(lsb_release -sc)-backports linux-image-$(dpkg --print-architecture) linux-headers-$(dpkg --print-architecture) --install-recommends -y
update-grub
reboot

Algorithm - Dynamic Programming

What is Dynamic Programming?

Principle of Optimality (Bellman, 1957):
An optimal sequence of decisions has the property that whatever the initial state and decision are, the remaining decisions must constitute an optimal decision with regard to the state resulting from the first decision.

The Other Algorithmic Design Philosophy

1. Divide-and-Conquer:
   The problem is divided and the subproblems are processed in a recursive manner, but the solutions of Divide-and-Conquer subproblems are usually not repeated, and when they are repeated, the same subproblems are usually recalculated.

2. Greedy Approach:
   At each stage, starting from a certain starting point, each input is checked one by one to see if it is suitable to be added to the answer. If it is not possible to find a selection procedure to check one by one for the optimization problem to be handled, we will discuss it later.

Divide and Conquer and Dynamic Programming are very similar. The difference is that Dynamic Programming’s subproblems have many overlaps, which can be stored in a table without recalculation, exchanging space for time.

Internetional Relationship - Tools and Target

Tools

1. Political Diplomacy
2. Economy and Trade
3. Military
4. Cultural Promotion
5. Spy

Target

1. Attitude
2. Weakening Enemy
3. Seize benefits
4. Eliminate the opponent

Sails.js is a MVC Framework for Node.js

Create a new sails project

sails new {your-app-name}

Create a new Controller(apis)

sails generate api {generator-name}

Master Theorem for Exam