29th Jul 2009 - Lecture 2: Basic Cryptography Part 2

Today, before start lecture, Mr. Zaki gave us the answer the of cipher text that given last lectures. The answer is:

THE FUEL PRICE WILL INCREASE TO RM FOUR BY NEXT WEEK

Although my answer is a bit difference from the answer, I still feel happy because I manage to decrypt it. Next, Mr. Zaki teaches us the correct way to find the cipher text. First, find a word to decrypt it. This time the word that selects to decrypt is BNQQ. After select the word, draw a table as below:


From the table above, when the enciphering key is 0; the assumed message is BNQQ. While the enciphering key is 25; the assumed message is CORR. How can find the CORR? By using total alphabet 26 minus the enciphering key (25 in this case) then we get 1. So shift the entire message one more alphabet. That why we get CORR when the enciphering key 25 and get DPSS when the enciphering key is 24. Follow the steps and find all the possible assumed messages. After complete the table, we can know that the plain text of BNQQ is WILL. Substitute B = W, C = X, D = Y until we get the table as below. By follow this table then we can decrypt the cipher text.


Next, Mr. Zaki teaches us about the vigenere ciphers. Vigenere ciphers are the best known of the manual poly alphabetic cipher. It is uses a vigenere square to perform encryption.


Above figure shown that the vigenere tableau. The left-hand (key) column of this square contains the English alphabet and for each letter, the row determined by that letter contains a rotation of the alphabet with that letter as the leading character. How to use this vigenere tableau? First, determine an original text and encryption key. For example: original text is the answer: THE FUEL PRICE WILL INCREASE TO RM FOUR BY NEXT WEEK while the encryption key is APPLE. Now, we can do the encryption as below:


From the above table, the cipher text that produce are: TWTQYEALTPLXCNVEPHPXOGBQSUGOYIXILPIK. This type of encryption is different from previous one; this is because vigenere cipher can't break with shifting the alphabet or by try and error. In order to decrypt it, someone must know the encryption key. Encryption key can single words or a sentence. So it is more secure and hard to break compare with Caesar cipher.

23rd Jul 2009 - Lab 2: The Goals of Information Technology Security

Today is the 2nd lab session of Information Technology Security;however, Mr. Zaki had canceled the lab session because some reasons.

Although the class is canceled, Mr.Zaki asks us to study the lab at home and do the review question. Lab 2 is about the goal of information technology security. We study information technology security because of confidentiality, availability and integrity.

Confidentiality mean provides protection to computer related assets from being used by unauthorized user. Its mean only the right person who has the authority can read, view, print or even knowing the existing of the object. Confidentiality also called as privacy or secrecy. While availability makes sure authorized user can access information at any time without any failure. The last goals; integrity ensures data can be modified by authorized parties and by authorized mechanism only. Information can be added, updated or deleted; hence it must be done in a correct ways and by the right person to ensure the correctness and validity of the information.

In order to create a secure computing environment, the balance between the goals is very important. This is because if one of the goals is more or less it will affect the functionality of the system. For example, if we concentrate on providing the total confidentiality of the information then the availability of the data is less.

Relationship between confidentiality, integrity and availability.

22nd Jul 2009 - Lecture 2: Basic Cryptography

Today I learn cryptography from Mr. Zaki. Cryptography is to disguise information in such a way that its meaning is unintelligible to an unauthorized person. That mean although an unauthorized people gaining access to the information also don’t understand what they see. For example, HSPPW is a word that after encryption (process of converting ordinary information into unintelligible information), we do not know what the word meaning. But if we decrypt (process that moving from unintelligible information to ordinary information) it, it can mean DOLLS or WHEEL.

When the word in unintelligible form, we called it as cipher text while if the word in ordinary form, it is known as plain text. At the end of the lecturer, Mr. Zaki asks us to find the message behind the cipher text:

YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GD SJCY BJJP

From the above cipher text, I take the BJJP as my first word to decrypt it. In my mind, if the cipher text is using substitution (one of the techniques of cryptography: replace original alphabet to other alphabet to make it unintelligible) then it is quite impossible is A. This is because it is hard to find xAAx word in English. After some try n error, I think the J is E, follow by K is F, L is G…….until I is D. Then the whole sentence is decrypt as:

THE FKEL PRICE WILL INCREASE TO RC FOUR BY NEXT WEEK

Although I able to decrypt it, it still got 2 words which do not mean anything and I don’t know why?? =.=”

16th Jul 2009 - Lab 1: Introduction to Virtualization & VMware

Today 10am until 12pm is the lab session for Information Technology Security. Mr. Zaki teaches about the Virtualization & VMware. Virtualization is a method which can create a virtual storage and run different operating systems in one pc. That mena if our pc operating system is windows XP, we can run windos vista at the same time by using the VMware workstation.

After explain the concept of Virtualization and VMware, Mr. Zaki want us to experience it by install the VMware workstation in the pc. After the installation of VMware workstation, we have to create a disk image and save the disk image in C drive(C:\). Next, we have to install the windows server 2003 on the virtual machine. Place the installer CD to the cdrom drive and start the virtual machine. The virtual machine will booting the cdrom drive and we will see the familiar windows server 2003 installation page. After finish the windows server 2003 installation, we can see the login page of the windows server. The windows server is running just like in the real pc which also has the HDD, network connections or memory.

Today I learn how to use multiple operating systems in one pc without delete the existed operating systems.

15th Jul 2009 - Introduction

Today is my first day study subject Information Technology Security. Our lecturer is Mr. Mohd Zaki bin Mas'ud. When Mr.Zaki comes in the class, he directly gives us a quiz. The quiz is about the general knowledge of the security. However, I just manage to answer 8 questions out of the 12 question. After quiz, he briefly tells us what we are going to learn in this semester. This subject covered 14 topics such as introduction to Information Security, introduction to cryptography, firewall and so on. Besides that, he also tell us about the important of the computer security. We study computer security because growing importance of the IT security and new career opportunities.

Mr. Zaki also taught us some new term such as cryptography, distributed denial of service (DDoS), CISSP, GIAC, CEH and ECSA. CISSP stand for Certified Information Systems Security Professional which is an independent information security certification governed by International Information Systems Security Certification Consortium (ISC). The CISSP examination covered variety of Information Security topics and candidattes have to answer 250 multiple choice questions in 6 hours.