usingMaths.com
From Theory to Practice - Math You Can Use.







<< PreviousNext >>

Data and Software Security in Java



Scenario for Security

Imagine yourself as a student having an assignment or project due for submission but cannot get to school due to ill health or some other reason.
The only choice left you is a school-mate living close-by to help submit this assignment / project.
If for some reason you would like to be sure that your work will not be copied, or seen by your courier school-mate en route to school, you may be forced to take some steps to protect your work...


Security Options

A first thought to protecting this precious work may be to get an appropriate sized envelope and seal the (paper) work in it, before handing the work over to your courier friend.
The problem with this option is that the courier friend can easily get a similar envelope, and re-seal the work after copying or going through the to-be-submitted project if he/she is interested.

One way to make sure this will not happen is to put your hand signature on the envelope so it becomes difficult to replace.
This means the courier friend can only see the project if he can skillfully open the closed envelope without damaging it, and then re-seal it when he is done; or he will have to be able to replicate your hand signature on a second envelope - this may be possible if your hand signature is easy to copy or if the courier friend is innately gifted in mimicking or replicating things.
The big problem with this though is that your subject teacher may not be looking out for your hand signature on an envelope, or expecting any envelope for that matter.

A second option would be for you to buy a padlock; put the project in your schoolbag and lock the zips tacked together with the padlock.
This sounds like the more secure option of the two.



Key Delivery System

Going with the second security option, you are not going to just hand both the schoolbag and the padlock's key to the same person, the whole fuss will amount to nothing.
You will have to find two different mutually exclusive school-mates in your neighbourhood, one to deliver the project in the schoolbag and the other to deliver the key to the padlock with which you locked your schoolbag.
Mutually exclusive in this context simply means that the courier friend to deliver the schoolbag with the project in it will not be aware or even know about the courier friend that will be delivering the key.
Otherwise, they may collude on the way and tamper with your precious project.

This way, your precious project arrives at your subject teacher's desk in two bits, and your mind will be at peace as to the integrity of the contents of your project.








A second delivery method would be to use a padlock that strictly works with two different keys; the padlock can only be locked with one key, and can only be opened with the other key.
So if the subject teacher was expecting your project in a locked schoolbag, you can easily give your locked bag and key that only opens the padlock to the same courier school-mate.
Should your courier friend attempt to open your schoolbag to see your project work, he won't be able to lock your schoolbag afterwards - proof of deed.

Again, the obvious leak is that your courier friend can open and replace your padlock with a similar one if he can afford it; and of-course your subject teacher has to be expecting your project to arrive in a secure channel - locked schoolbag - otherwise what's the point?


Internet and Software Security

All means of transportation is open for the use of all and sundry. It will be totally absurd, and ridiculously expensive if every company, or high profile individual build their own (private) roads - for example - to transport their precious expensive wares from one point to another, or banks to transport cash from one branch to the other; just so that what is been transported would be safe from theft and tampering.

Instead these companies and banks use public roads - for example - to transport their wares, and concentrate their energy and resources to protect their goods while in-transit:
Banks use bullion vans to transport money, alongside all the security personnel they can muster;
Companies that transport things like Gold and other expensive jewelries also go with security envoys;
Others make sure their wares are insured while in-transit.


The internet, just like any other transportation medium, is open to every John, Dick and Harry. Any data of value that needs to be transported over the internet is done over a Secure Socket Layer ( SSL - https:// ), to ensure it's protected. SSL in implementation is very similar to padlock illustration given above.
It all comes down to encrypting sensitive data before dispatch and decrypting this data at the receiving end.
This sometimes involves the use of an agreed set of keys - called Public Key and Private Key.

Software companies also use a similar technology - this time just a single key is used and it is kept secret (secret key) - for protecting softwares against unlicensed copying / distributions.

So in the next demonstrations, we will be showing just how data files and text can be encrypted with secret keys, public key and private key combinations -- two way (forward and reverse) encoding, and how hash algorithms are used as proof of deed.




<< PreviousNext >>