Alternate Data Streams - What's Hiding in Your Windows NTFS?

Cryptography Internet Security Whitepapers System Hacking

Hackers and malware authors have a strong motivation to keep you from finding their malicious software on your system. If you find it, you can delete it. If you delete it, the malware author doesn't make money-yes, this is a for-profit business. Panda software, a respected anti-virus and anti-malware vendor, reports that from January - March of 2006, 70% of the malware released on the Internet was trying to make money for the authors in one way or another.

Cryptography and Evidence

Cryptography Internet Security Whitepapers

The invention of public-key cryptography led to the notion that cryptographically protected messages could be used as evidence to convince an impartial adjudicator that a disputed event had in fact occurred. Information stored in a computer is easily modified, and so records can be falsified or retrospectively modied. Cryptographic protection prevents modification, and it is hoped that this will make cryptographically protected data acceptable as evidence. This usage of cryptography to render an event undeniable has become known as non-repudiation. This dissertation is an enquiry into the fundamental limitations of this application of cryptography, and the disadvantages of the techniques which are currently in use. In the course of this investigation I consider the converse problem, of ensuring that an instance of communication between computer systems leaves behind no unequivocal evidence of its having taken place. Features of communications protocols that were seen as defects from the standpoint of non-repudiation can be seen as benefits from the standpoint of this converse problem, which I call "plausible deniability".

Data Encryption Standard (DES)

Cryptography Internet Security Whitepapers

The DES (Data Encryption Standard) algorithm is the most widely used encryption algorithm in the world. For many years, and among many people, "secret code making" and DES have been synonymous. And despite the recent coup by the Electronic Frontier Foundation in creating a $220,000 machine to crack DES-encrypted messages, DES will live on in government and banking for years to come through a life- extending version called "triple-DES."

Digital Signature Guidelines

Cryptography Internet Security Whitepapers

These Digital Signature Guidelines have been drafted by the Information Security Committee of the Electronic Commerce Division, Section of Science and Technology of the American Bar Association. The Committee explores legal and information security aspects of electronic commerce and other issues related to information technology. The Information Security Committee is comprised of lawyers, government policy and management professionals, information technology and security professionals, notaries from various legal systems, trade facilitation experts, and others.

Digital Signature Standard (DSS)

Cryptography Internet Security Whitepapers

This Standard specifies algorithms appropriate for applications requiring a digital, rather than written, signature. A digital signature is represented in a computer as a string of binary digits. A digital signature is computed using a set of rules and a set of parameters such that the identity of the signatory and integrity of the data can be verified. An algorithm provides the capability to generate and verify signatures. Signature generation makes use of a private key to generate a digital signature. Signature verification makes use of a public key which corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. Public keys are assumed to be known to the public in general. Private keys are never shared. Anyone can verify the signature of a user by employing that user's public key. Signature generation can be performed only by the possessor of the user's private key.

Introduction to Cryptography

Cryptography Internet Security Whitepapers

Cryptography is the stuff of spy novels and action comics. Kids once saved up OvaltineTM labels and sent away for Captain Midnight's Secret Decoder Ring. Almost everyone has seen a television show ormovie involving a nondescript suit-clad gentleman with a briefcase handcuffed to his wrist. The word "espionage" conjures images of James Bond, car chases, and flying bullets. And here you are, sitting in your office, faced with the rathermundane task of sending a sales report to a coworker in such a way that no one else can read it. You just want to be sure that your colleague was the actual and only recipient of the email and you want himor her to know that youwere unmistakably the sender. It’s not national security at stake, but if your company’s competitor got a hold of it, it could cost you. How can you accomplish this?

Introduction to Cryptography and Digital Signatures

Cryptography Internet Security Whitepapers

The concept of securing messages through cryptography has a long history. Indeed, Julius Caesar is credited with creating one of the earliest cryptographic systems to send military messages to his generals. Throughout history, however, there has been one central problem limiting widespread use of cryptography. That problem is key management. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information. Consequently, the term key management refers to the secure administration of keys to provide them to users where and when they are required.

New Directions in Cryptography

Cryptography Internet Security Whitepapers

We stand today on the brink of a revolution in cryptography. The development of cheap digital hardware has freed it from the design limitations of mechanical computing and brought the cost of high grade cryptographic devices down to where can be used in such commercial applications as remote cash dispensers and computer terminals. In turn, such applications create a need for new types of cryptographic systems which minimize the necessity of secure key distribution channels and supply the equivalent of a written signature. At the same time, theoretical developments in information theory and computer science show promise of providing provably secure cryptosystems, changing this ancient art into a science.

Pretty Good Privacy (PGP)

Cryptography Internet Security Whitepapers

With PGP™ for Personal Privacy, you can easily protect the privacy of your email messages and file attachments by encrypting them so that only those with the proper authority can decipher the information. You can also digitally sign the messages and files you exchange, which ensures that they have come from the person who allegedly sent them and that the information has not been tampered with in any way while in transit. The most convenient way to use PGP is through one of the popular email applications supported by the plug-ins. This allows you to encrypt and sign as well as decrypt and verify your messages while you are composing and reading your e-mail. In addition, if you are communicating with another PGP user who is using an email application that adheres to the PGP/MIME standard, you can perform all of the PGP functions on both your messages and any file attachments by simply clicking a button when sending or receiving your e-mail.

Steganography FAQ

Cryptography Internet Security Whitepapers

Steganography is the practice of hiding private or sensitive information within something that appears to be nothing out of the usual. Steganography is often confused with cryptology because the two are similar in the way that they both are used to protect important information. The difference between the two is that Steganography involves hiding information so it appears that no information is hidden at all. If a person or persons views the object that the information is hidden inside of he or she will have no idea that there is any hidden information, therefore the person will not attempt to decrypt the information.