Expert System For Computer Security: Data Encryption, Decryption And Key Hash Algorithms

1.0 Introduction

In the past, security was simply a matter of locking the door or storing files in a locked filing cabinet or safe. Today, paper is no longer the only medium of choice for housing information. Files are stored in computer databases as well as file cabinets. Hard drives and floppy disks hold many of our secret information. In the physical world, security is a fairly simple concept. If the locks on your house’s doors and windows are so strong that a thief cannot break in to steal your belongings, the house is secure. For further protection against intruders breaking through the locks, you might have security alarms. Similarly, if someone tries to fraudulently withdraw money from your bank account but the teller asks for identification and does not trust the thief’s story, your money is secure. When you sign a contract with another person, the signatures are the legal driving force that impels both parties to honor their word.

In the digital world, security works in a similar way. One concept is privacy, meaning that no one can break into files to read your sensitive data (such as medical records) or steal money (by, for example, obtaining credit card numbers or online brokerage accounts information). Privacy is the lock on the door. Another concept, data integrity, refers to a mechanism that tells us when something has been altered. That’s the alarm. By applying the practice of authentication, we can verify identities. That’s comparable to the ID required to withdraw money from a bank account (or conduct a transaction with an online broker). And finally, non repudiation is a legal driving force that impels people to honor their word.

As the Internet becomes a more pervasive part of daily life, the need for e-security becomes even more critical. Any organization engaged in online activity must assess and manage the e-security risks associated with this activity. Effective use of cryptographic techniques is at the core of many of these risk-management strategies. The most important security tool is cryptography.

1.1 Background of the Study

Before the modern era, cryptography was concerned solely with message confidentiality (i.e., encryption) — conversion of messages from a comprehensible form into an incomprehensible one, and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge (namely, the key needed for decryption of that message). In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs, and secure computation, amongst others.

Encryption attempts to ensure secrecy in communications, such as those of spies, military leaders, and diplomats, but it have also had religious applications. Steganography (i.e., hiding even the existence of a message so as to keep it confidential) was also first developed in ancient times. An early example, from Herodotus, concealed a message – a tattoo on a slave’s shaved head – under the regrown hair. More modern examples of steganography include the use of invisible ink, microdots, and digital watermarks to conceal information.

1.2 Statement of the Problem

The problem is security. The password method used in almost all commercial operating systems is probably not very strong against a sophisticated or unsophisticated attacker.

The choice of data encryption comes next in the minds of those that want reduction of unauthorized access on confidential files or data. Security provided by the computer operating systems come with a preset super user account and password. The super user may have a password to control network functionality, another to conduct or access nightly backups, create accounts, and so on. For a cracker, logging on to a system as the super user is possibly the best way to collect data or do damage. If the super user has not changed an operating system’s preprogrammed passwords, the network is vulnerable to attack.

Most crackers know these passwords, and their first attempt to break into a network is simply to try them. If an attacker cannot log on as the super user, the next best thing might be to figure out the user name and password of a regular user. It is used to be standard practice in most Universities and colleges, and in some commercial companies, to assign every student or employee an account with user name and initial password – the password being the user name. Everyone was instructed to log on and change the password, but often, hackers and crackers logged on before legitimate users had a chance.

1.3 Objectives of the Study

To understand and improve the computer data security through encryption of data.

To provide a means of safeguarding data in a system

To enhance the integrity of data

To facilitate the use of more sophisticated tool against hacking, cracking, bugging of a system.

To develop a platform to complement physical security.

1.4 Significance of the Study

Data security in these contemporary times is a must. For your secrets to be secure, it may be necessary to add protections not provided by your computer operating systems. The built-in protections may be adequate in some cases. If no one ever tries to break into or steal data from a particular computer, its data will be safe. Or if the intruder has not learned how to get around the simple default mechanisms, they’re sufficient. But many attackers do have the skills and resources to break various security systems. If you decide to do nothing and hope that no skilled cracker targets your information, you may get lucky, and nothing bad will happen. One of the most important tools for protecting your data from an authorized access is Data Encryption, any of various methods that are used to turn readable files into gibberish. Even if an attacker obtains the contents of the file, it is gibberish. It does not matter whether or not the operating system protections worked.

1.5 Limitations of the Study

Technology Constraint:

The problem encountered here is searching information about computer security through Data Encryption and Key Hash Algorithm and another problem is since the secret key has to be send to the receiver of the encrypted data, it is hard to securely pass the key over the network to the receiver.

Time Constraint:

The time giving for the submission of this project work was not really enough for the researcher to extensively carry out more research on this work.

Financial Constraint:

There was not enough money to extensively carry out this work.

1.6 Scope of the Study

Computer Security has been defined as the art of protecting computer system and information from harm and unauthorized use .the most important security tool beyond human integrity used is cryptography which is used to hide data from public view and to ensure that the integrity and privacy of any data sent across a network is not compromised.

Cryptography involves encryption and decryption process . The scope of this study covers the message security, message integrity, user authentication and key management of messages.

1.7 Definition of Terms

Security:

The set of accesses controls and permission that are used to determine if a server can grant a request for a service or resource from a client.

Password:

An identity that defines an authorized users of a computer in order to access to the system.

Software:

A collection of computer programs that runs as a group to accomplish a set of objectives which could be referred to as job.

System:

An organized unit which composed of two or more inter related parts that functions together to achieve a particular goal.

Encryption:

The process of converting ordinary information (plaintext) into unintelligible gibberish (that is, cipher text).

Decryption:

The reverse, moving from unintelligible cipher text to plain text.

Algorithm:

This is a sequential way of solving a problem.

Cryptography:

This is used to hide data from public view and to ensure that the integrity and privacy of any data sent across a network has not been compromised.

Summary

From the pre-explained analysis of the program, it’s goal had been demonstrated by making use of some major programming functions like performing loops. Python allows for the use of FOR LOOPS and WHILE LOOPS. In this program, the while loop was used at various instances. It was used to allow restarting of the program after first execution. It was also used to create a loop that will handle the counting of the encryption key. To restrict users of the program, the IF conditional statement handles that area letting the encryption continue only IF the encryption key is counted as 16 characters.

Recommendation

For users of the code, the python console will work just fine but if the user is not eligible enough, it will be preferred for them to make use of a Python IDE (Integrated Development Environment) like the popular IDLE built with Tkinter. Additionally, Python2.7 was used to write this code so the keywords and language functions that have changed in Python3 may cause some bugs to occur if it’s used with a Python3 interpreter.

Having presented all that is needed for the successful implementation of this project. The following recommendations are suggested by the researcher aim at improving / correcting some lapses.

Developers and engineers need to understand crypto in order to effectively build it into their products.

Sales and marketing people need to understand crypto in order to prove the products they are selling are secure.

The customers buying those products, whether end users or corporate purchasing agents, need to understand crypto in order to make well-informed choices and then to use those products correctly.

IT professionals need to understand crypto in order to deploy it properly in their systems.

Even lawyers need to understand crypto because governments at the local, state, and national level are enacting new laws defining the responsibilities of entities holding the public’s private information.

Conclusion

Today the importance of security in communication and network systems have come a long way to ensure that information transmitted between two or more parties involved in a conversation enjoys the benefits of privacy. In spite of the technological advancements to promote a secure path for communicating parties, most communication still leaves some kind of recorded trail. For example, communications over telephone lines, including faxes and e-mail messages, produce a record of the telephone number called and the time it was called. Financial transactions, medical histories, choices of rental movies, and even food choices may be tracked by credit card receipts or insurance records. Every time a person uses the telephone or a credit card, the telephone company or financial institution keeps a record of the number called or the transaction amount, location, and date. In the future, as telephone networks become digital, even the actual conversations may be recorded and stored. All of this amounts to a great potential loss of privacy. Cryptography is one tool that will be able to ensure more privacy.