Name of Student: Smith Udommana Course: Computer Science Year: Senior Training Period: 9th August, 2004 13th October, 2004 Name of Liaison Officer: Keattisak Sripimanwat (D. Eng) Name of Company: National Electronics and Computer Technology Center (NECTEC)
Abstract
It is a great opportunity to intern at National Electronics and Computer Technology Center (NECTEC) from 9th Aug to 13th Oct 2004. I have learnt a lot not only applying theories learnt in the classroom, but also making new friends at work. Additionally, the internship instills me in the right kind of work attitude and professionalism through interaction with people in the organization as well as working in team and employing IT in the real workplace. This report consists of two separate projects whose topics are based on programming and documentation. The first project is a Website: Thai Telecommunication Encyclopedia, which is the brief history of the Telecommunication in Thailand. It describes various types of Communication. The second part is the report of Eavesdropping Eavesdropping concept and impact. The goal of this report is to show or estimate the loss of Eavesdropping and to be a well preparing of eavesdropping that would be occurred during transfer data or message. Another goal of this project is that it can be used as references in the quantum cryptography project. One of the fist major of Eavesdropping is telecommunication, so this report will focus on the telecommunication Eavesdropping. Last but not least, I hope that this report will be beneficial to the persons interested in this field; especially for the those who want to use this information for references, or other internship students would use it as the reference to do his/her report. After this internship ends, I am hopeful that I can bring all knowledge learnt from NECTEC. Besides, I would like to thank the Supervisor, Dr. Keattisak Sripimanwat and all my colleagues who assisted me throughout the training period.
Smith Udommana
II
Page
V VIII 1 2 3 3 4 4 4 4 5 5 5 5 7 8 9 10 11 12 13 13
III
Part 2: Eavesdropping on history and its losses 2.1 Reports on the Security Part 3: Eavesdropping devices and their techniques 3.1 Eavesdropping on Wireless Part 4: Avoiding Successful Eavesdropping 4.1 Eavesdropping Over the Wire 4.2 Methods of Avoiding Eavesdropping 5. Appendix 6. References
13 14 15 16 16 16 16 19 22
IV
3.1.1.2 Objective 3.1.2 New Website should be easier to find information New Website can be used as references New Website can be used via internet access Easier to add more information
3.1.3
(Operating System) Windows Program Perl 5.3 Program WebApp 0.9.9 Program I-explorer Program Dreamever Program OmniHttp 2.1
3.1.4
Developing and Documenting Software Testing and Maintaining the system Implementing and evaluating the system
3.2 Searching information Eavesdropping concept and impact 3.2.1 Objective To get more information about the concept and impact of Eavesdropping To use information in this report to support quantum Cryptography project. 3.2.2 Methods Identify Problems Searching Information Development Report Creating Report Presenting Report
4.1 To be able to adapt the skills from the class room 4.2 More knowledge and have more crating website skills 4.3 More understanding about Encyclopedia 4.4 To know new technology especially Turbo Codes and Quantum Cryptography
VII
Table of Work August Description of Training Encyclopedia Identifying problems, Opportunities , and Objective Determining System Requirements Analyzing System Need Program writing Developing and Documenting Software Testing and Maintaining the system Implementing and evaluating the system Week 1 Week 2 Week 3 Week 4 Week 1 September Week 2 Week 3 Week 4 Week 1 October Week 2
Eavesdropping Identify Problems Objective of the Project Searching Information Development Report Creating Report Presenting Report
VIII
Table of Work August Description of Training Encyclopedia Identifying problems, Opportunities , and Objective Determining System Requirements Analyzing System Need Program Writing Developing and Documenting Software Testing and Maintaining the system Implementing and evaluating the system Week 1 Week 2 Week 3 Week 4 Week 1 September Week 2 Week 3 Week 4 October Week 1 Week 2
1. Introduction
The purpose of the project Thai Telecommunication Encyclopedia Web Page is to collect and exchange the information about Thai Encyclopedia by the membership of the website. They can add new information and comment in the website for more information.
Communication is the most important for human being because it is the The
methods of telling how people feel and what ideas of each person are.
communication process has been used since the historical era. When the time goes by, there were lots of things that made the number of population to be increased so fast and the communication process were even more complicated, so we need to create new technology for explaining how the communication process works. Thais technology has been improved continually. Some of them are created by Thais and most of them received from others. According to the annual report of Thai Communication Authorities during the year 1990s found that Thais used technology more the previous decade and found that people who did not use technology because they did not know that these technologies were already existed. Form the technologies that have been improved so fast, people who use the technology need to keep in touch with them, but in reality, only some groups can understand the new technology. Inequality occurs. And something the information between the groups is not the same because most of the information today in the websites or in the books is old. In the world of competition, people who have more information will superior than who do not have. To get more information is not easy because there are lots of methods involved. One thing that includes in these methods is that how to get good and right information. By doing that, technologies are needed. To search in formation today is much easier just using computer, telephone, and so on. These technologies not only help the users for searching information but also it does help them to save more time and costing. From that reason Thai Encyclopedia was created for informing all kinds of communication technologies from history to today. To maintain updated information. Another purpose of doing this is to use information in the website as references.
3
2.1 Problems and demand for development 2.1.1 From the report above found that some Thais are understand the new communication process and most of them are students, which is less people comparing to the whole country. This create inequitable among groups of people. 2.1.2 There are not enough books about communication and most of them are used for marketing which contain incorrect information. 2.1.3 Most encyclopedia books are written in the technical terms which difficult to understand. 2.1.4 Thai telecommunication has been improved so fast. People do not have information. So, the website is needed to be informed to those who want to know the new technology.
2.2 The ways to fix that problems 2.2.1 to collect the information about communication in Thailand including all technologies regarding communication. 2.2.2 The information that are collected is easy to find and useful for researching. 2.2.3 Creating website for easier searching
3. Program Goal
3.1. To collect the information about telecommunication in Thailand for easier searching on the internet. 3.2. Easy to add and update more information about the communication. 3.3. To inform new technology for Thais and people around the world. 3.4. To upgrade the knowledge bases about new technologies.
4. Project Purpose
4.1. To use the information as references. 4.2. To inspire Thais to built new technology by Thais for Thais 4.4. To be the standard for researching and references.
5. Testing
To testing type URL -> http://www.kmitl.ac.th/dslabs/Encyclopedia
[Figure 1: Encyclopedia] From the reasons above, this prototype can work well in the situation of keeping the information update.
6.2 To become member In order to add article in this website, to be come member is needed.
5
6.2.1 Go to Home and click new member (You can register for free by clicking here.)
[Figure 2 Encyclopedia]
6.2.2
[Figure 3 Encyclopedia] The systems will Login Username and Password 6.3 Edit or change information 6.3.1 Login to the system
6.4 Writing articles 6.4.1 6.4.2 Login to the system In the Members windows, it will display 4 menus 6.4.3 My Profile - changing personal information Member list - checking Member list Write Article - creating article Logout - logging out the system
[Figure 5: Encyclopedia]
[Figure 7: Encyclopedia]
9
10
Table of Work August Description of Training Eavesdropping Identify Problems Objective of the Project Searching Information Development Report Creating Report Presenting Report Week 1 Week 2 Week 3 Week 4 Week 1 Week 2 September Week 3 Week 4 Week 1 October Week 2
11
According to the Hyper dictionary, Eavesdrop is from the word Eaves + drop which means To stand under the eaves, near a window or at the door, of a house, to listen and learn what is said within doors; hence, to listen secretly to what is said in private. In the terms of computer technique, the word Eavesdrop means to get the information without unawareness. It happens not only in the communication among computers but also it includes all types of communications.
The best way to due with criminal Eavesdropping is to understand the functions and the methods of security. In order to transfer information or data, the Fundamental to IP-based networks is the function of dividing data into packets and the independent routing of packets through a large network with no central control [Unix.Net]. Although each packet is marked with its sender and receiver, the packets are not invisible to other devices on the network. An intermediate network device can easily intercept and examine any passing packet. In order to maintain the security, the sender has to make sure that the signal or the packet that comes to the receiver directly without interception.
Confidentiality is the concealment of information from all but authorized parties. However, there are effective mechanisms to prevent each and every one of these incidents from happening. Effective security involves the combination of the
12
Data Integrity is the assurance that unauthorized parties have not modified a message. When sender and receiver are communicating, they want to ensure that the content of their communication is not altered, either maliciously by accident in transmission
Authentication is the assurance that the parties involved in a transaction are who they say they are. This will prevent malicious from deceiving Receiver by impersonating Sender.
Eavesdropping is the method of breaking confidentiality where the third person (malicious) eavesdrop the message. In the other word, she can get the message what Sender and Receiver have been talked. If the message among the parties talk is not important, it will not be affected their security, but somehow most of the time the message is secret, so the protection is also wanted. In the next part will talk about the important of the security and the history of its losses.
13
If we look sharply only over the past five years, there will be much worth and it seems to be increasing in the future. The information below is given from the CS/FBI Computer Crime and Security over 500 companies in the past five years. All of these losses are concern only in the telecommunication eavesdropping. Year 2000 Year 2001 Year 2002 Year 2003 the Business loss $ 33,346 [FBI00.Net] the Business loss $ 55,375 [FBI01.Net] the Business loss $ 346,000 [FBI02.Net] the Business loss $ 1,205,000 [FBI03.Net]
Amount of Business Loss 1.4 1.2 1 Amount of 0.8 Money 0.6 0.4 0.2 0 2000 2001 2002 2003
Year
[Figure 1: Eavesdropping] That information based on the survey among year 2000-2003 the number of survey were 643, 538, 503, and 530 responds respectively. Base information in the graph, the amount of loss is increasing so fast. If comparing the number loss between year 2000 and year 2004, the amount of loss was increase approximately thirty-six times.
14
15
4.1.1
Link encryption. The long-haul telephone lines that are used to carry the IP packets can be encrypted. Organizations can also use encrypting routers to automatically encrypt information sent over the Internet that is destined for another office. Link encryption provides for the encryption of all traffic, but it can only be performed with prior arrangement.
4.1.2
Document encryption. The documents that are placed on the Web server can be encrypted with a system such as PGP. Although this encryption provides for effective privacy protection, it is cumbersome because it requires the documents to be specially encrypted before they are placed on the server and they must be specially decrypted when they are received.
4.1.3
SSL (Secure Socket Layer). SSL is a system designed by Netscape Communications that provides an encrypted TCP/IP pathway between two hosts on the Internet. SSL can be used to encrypt any TCP/IP protocol, such as HTTP, TELNET, or FTP.
4.1.4
SHTTP (Secure HTTP). Secure HTTP is an encryption system for HTTP designed by Commerce Net. SHTTP only works with HTTP[UNIX.Net].
The strength of the encryption algorithm The length of the encryption key The secrecy of the encryption key The reliability of the underlying software that is running on the Web server The reliability of the underlying software that is running on the Web client
Confidentiality is primarily accomplished with cryptography, which involves the design and implementation of systems that maintain secrecy. The messages that are to be transformed into a secret form are called plaintexts and, once transformed, the messages are called ciphertexts. A cryptosystem transforms plaintext into ciphertext, or vice versa, through the use of a set of crypto algorithms. Special pieces of variable data called keys determine how the crypto algorithms will transform the plaintext and ciphertext. The keys are chosen from a set of keys. The process of transforming plaintext into ciphertext is called encryption, and the reverse process is called decryption
16
[Figure 2: Eavesdropping] The encryption and decryption process. It is preferable that the security of a cryptosystem resides in the secrecy of the keys rather than with the supposed secrecy of the crypto algorithm. This means that it should be virtually impossible to decrypt a ciphertext to plaintext if the decryption key is unknown, even if the full details of the encryption and decryption algorithms are known.
Message confidentiality is primarily accomplished with symmetric algorithms (secretkey algorithms). A symmetric algorithm utilizes the same secret key for encryption and decryption. The historical Caesars cipher can serve to illustrate the use of a symmetrical algorithm. The method is simple: shift a plaintext alphabet three letters over to transform it into a ciphertext alphabet.
[Figure 3: Eavesdropping] The two alphabets in Caesars cipher using three as the key.
The key in this particular case is three and the algorithm simply changes the plaintext letter with the corresponding ciphertext letter based on the key. Instead of exchanging the full alphabets, Sender and Reciever need only exchange the cryptographic key, three. In our example, the plaintext SENDER becomes the ciphertext DOLFH. Decrypting the ciphertext is the reverse process; the ciphertext letter is changed to the corresponding plaintext letter based on the same key. An obvious method for trying to break a cryptosystem that utilizes a public knowledge algorithm is to try all possible keys in the keyspace until the right one is
17
found. This method is commonly referred to as brute force. The time required for this method depends on the size of the keyspace and the amount of computer processing power available. The Caesars cipher has 25 possible keys, and a third person could easily find the key that was used by simply trying out all the possibilities. In Conclusion, today, Eavesdropping is not a new issue, but not so many people realize how important it is. After the business loss from the Eavesdropping increasingly, people relies how to protect information from eavesdropping. One of the most well known methods is cryptography, but somehow this method is still not hundred percent secure because attackers can guess the consequences of the letters that have been changed. From this reason, another way was introduced Quantum Cryptography. It believes that this method can prevent hackers or third person hundred percent secure. In the near future, it predicts that the number of loss will be decreased due to the technology today.
18
5. Appendix
Wiretappers do the same basic thing, but they try to hide the tap from the person they're spying on. The easiest way to do this is to attach the phone somewhere along the part of the line that runs outside the house [How.Net].
19
6. References
[BBC.Net] Hacking: A History unknown author Available URL: http://news.bbc.co.uk/1/hi/sci/tech/994700.stm [CSI1.Net] CSI/FBI Computer Crime and Security Survey Written by Richard Power Available URL: http://www.gocsi.com [FBI00.Net] CSI/FBI Computer Crime and Security Survey Written by Richard Power Available URL: http://www.pbs.org/wgbh/pages/frontline/shows/hackers/risks/csi-fbi2000.pdf [FBI01.Net] CSI/FBI Computer Crime and Security Survey Written by Scott Pulp - Security Program Manager at Microsoft Security Response Center Available URL: http://www.fblauer.com/Security_Framework.ppt [FBI02.Net] CSI/FBI Computer Crime and Security Survey Written by Richard Power Available URL: http://www.fdle.state.fl.us/Fc3/FBI2002.pdf [FBI03.Net] CSI/FBI Computer Crime and Security Survey Written by Richard Power Available URL: http://www.visionael.com/products/security_audit/FBI_CSI_2003.pdf
[Spi.Net] The History Of Hacking written by ROBERT TRIGAUX Available URL http://www.sptimes.com/Hackers/history.hacking.html [Spi2.Net] The Underbelly Of Cyberspace written by ROBERT TRIGAUX, Times Staff Writer St. Petersburg Times, published June 14, 1998 Available URL http://www.sptimes.com/Hackers/underbelly_of_cyberspace.html [Time.Net] Timeline Of Hacking unknown author Available URL: http://www.geocities.com/ricelubinpnay/timeline.htm [Unix.Net] Avoiding the Risks of Eavesdropping unknown author Available URL: http://www.unix.org.ua/orelly/networking/puis/ch18_04.htm [How.Net] How To Wiretapping Work written by Tom harries Available URL: http://electronics.howstuffworks.com/wiretapping .htm/printable
20