Blockchain

Nothing like online currency to get people interested. So, obviously I am a few years too late to this party, but the main concepts of the technology are still relevant.

As most people know by now, the most famous application of Blockchain technology is cryptocurrency, most notably Bitcoin. But what is it? How is it better than just going to the bank and getting money, or using a bank’s online transfer system?

Essentially, anytime a transaction occurs between say, a group of 4 people, a separate “block” of memory is created for each of the 4 friends. Each block has the details of the transaction permanently inscribed on it. Imagine a group of 4 people named A, B, C, and D.

On a side note, there are currently ~400 people named ‘ABCDE’ in the continental US.

Suppose one day they all go for dinner at Olive Garden. After an evening of unlimited breadsticks, C says that he will take care of the bill for now and the others can just send in their share through Bitcoin. The next day, A,B and D all send in their transactions in a group. Everytime one of them sends money to C, a separate block is created detailing who paid whom, how much, and the reserve bitcoins left over for all the members in the group, not just the ones in the transaction. These blocks are then linked together (blockchain, super creative), and each individual is given a copy of all the blocks. This link of all the block is called a ‘public ledger’. Thus, the proof/details of the transaction is available to every single person involved.

This increases the security of the transaction as well, as there are multiple copies of the block with all of the involved persons, meaning that a single person being hacked would not be as effective as hacking someone’s bank account.

Another side note, these transactions are encrypted using different variations of the public-private key encryption that we talked about last time. Bitcoin specifically uses the SHA256 hash-key encryption system. This system allows for secure data storage, and that involved/uninvolved persons cannot meddle with the details of the transfer.

Check out this video by Simply Explained to understand more about Blockchain and how it works. Next time, we’ll look at some more history-based concepts. Until then, good luck.

Cryptography

Alright then, so cryptography. Cryptography is essentially the concept of secret codes, but developed to a certain point. Modern cryptography is heavily based on mathematical theory and computer science, and cryptographic algorithms are designed to be difficult to break by any opponent. Cryptography allows people to protect their information and keep it safe from potential hackers, and is invaluable for the big-tech companies of today.

Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information. Today, cryptography is mainly associated with scrambling “plaintext” (just regular text) into “ciphertext”. This process is known as “encryption”, where in the text is made into secret code that can be then “decrypted” back into plain text after the data is transported to where it needs to be.

Think of cryptography as essentially a cipher, like the coded messages sent by Julius Caesar to his allies. Only a select few people with the right key to decode the cipher will be able to read the text.

I always loved the old Asterix and Obelix books, but I never really got them.

The most common and well-known method of cryptography is “public and private key” encryption done in the RSA (Rivest-Shamir-Adleman) method. This is very common over the internet, where encryption is very much necessary. Public key cryptography uses two different but mathematically similar keys, being the private key and the public key. The public key is, well, public. Anyone can see it and use it, but the private key is to remain just with you.

This public-private encryption can be simplified to a simple exchange. Say your friend wants to send you some old, embarrassing pictures. Now you have a safe that you keep empty and you realize that you can use it to keep the pictures in, so that no nosy family member can take your precious memories. But what if someone takes them while you are bringing the pictures over? You decide you can send the safe to your friend so that they can put in the pictures, and thus bring them over safely. However, you can’t trust your friend with a key to the safes’ padlock, as their siblings are very annoying and could steal it. So, what can you do?

A simple way to do it is for you to send the open, empty safe that anyone can access (the metaphorical public key) to your friend. As the safe is empty, no one will want to take it. Your friend can then put in the pictures and close down the padlock. This way, no one at their house can open it as they only have a safe and not the key. Your friend then sends the safe back, and you can use the key that you have (your metaphorical private key) to open it and secure the pictures.

Personally, I would have just stolen the safe itself.

Either way, the data that you transferred is now secure (in one way), and your embarrassing moments are long forgotten.

If you want to learn more about cryptography, check out this video by MIT OpenCourseWare detailing the RSA method. And if you want to learn about how quantum computers can break the public key encryption method, check out this video here by Frame of Essence. Next week we will look at everyone’s favorite, bitcoin and blockchain. Until then, good luck.

Cybersecurity

So. Security. I mean, nobody wants their stuff to be taken or viewed by random people. People don’t seem to like crime, and we have police and locks and other stuff to keep that from happening to our physical things. Similarly, we have cybersecurity for our computers. It is a hard concept to grasp, but computers do not have social skills. They just want a question, and they’ll happily give an answer to anyone who asked. So the same computer that keeps your house safe with a security system will happily let someone else break in without a second thought. So, we have our cybersecurity methods to keep us safe. Cybersecurity tries to follow three specific guidelines –

Secrecy – I mean, who wants private information to be available to strangers? secrecy (or confidentiality) tries to ensure there is no unauthorized access on your cool stuff.
Integrity – Close to the previous one, integrity ensures only authorized people can modify your data or systems. I mean, who wants their Gmail account hacked? I mean also worry about important bank information, but mainly the Gmail thing.
Availability – Authorized people should always have access to their data. What good is a security system that stops you from seeing your own stuff?

Firstly, experts in cybersecurity first try to profile who might try to attack you. Unless you have information threatening the very security of the country (I mean, everybody has that one friend) , chances are that not that many people are trying actively to break into your computer. So, you have a “threat model” made, detailing who might want to break into your laptop. For an average person, the threat model usually might just be ‘annoying sibling’ or ‘disgruntled service employee’, but for more large scale systems, the threat model can be very detailed. Mainly for security, what you are trying to do is figure out who is accessing the system, and how much of the system they should actually have access to.

To figure out if the right person is accessing the system, the computer must be able to “authenticate” the person. Authentication has a few common types, like authentication based on some secret information. Usually, we see this everywhere in the form of passwords. It is a simple system, but there are a few problems with it. If you have, say, a 4-digit pin code to a bank account, and someone wants into that account. They could, perhaps, try asking you, but an easy way for them to break in is using a “brute force attack”. This sounds dark and violent, but really they are just trying every possible combination of 4 numbers in the system, from 0000 to 9999. With a good computer, they can have the correct pin within seconds, so then there must be a way to prevent this. A good method is seen on many iPhones – if the person typing gets three incorrect passwords in a row, the phone locks itself. This is also why, annoyingly, some websites make you have a whole bunch of special characters in you password, from ‘!’ to ‘%’ and all kinds of other requirements. This makes a brute force attack a lot harder. On a side note, a good password for you could also be any 4 random words selected. Seeing as there are over 100,000 words in a typical dictionary, guessing all the possible combinations would be really hard. (https://xkcd.com/936). But maybe, the whole password thing is not for you. Maybe, you somehow keep giving away valuable information to random people. So, you could try another method of security – possession. Think of a locked door. You can only get in if you have a key, but you can’t accidently give it away while talking (Trust me, telling someone “I have a key” doesn’t give it away). So, then the door only opens for you. But this system also has issues – what if someone steals you key and copies it? You might need something else to protect yourself (For some more information, check out this article about PGP encryption). Another method of encryption involves biometrics – fingerprints, eyeballs and other organs. Let’s face it, unless someone cuts off your thumb, you aren’t going to lose it (and if someone does cut off your thumb, your phone security really shouldn’t be the first thing on your mind). However, again, this system has flaws. Against popular opinion, fingerprints aren’t actually unique – it is pretty rare, but someone out there could have the same fingerprint as you. This person can get past your thumbprint scanner with no problem. Also, when it comes to biometrics, there is limited available data. I mean, you could change a password to a combination of literally any other numbers or letters, but you only have 10 fingers. If somebody has all 10 of your prints, you don’t really have much more choice in the matter.

To finish up, let’s look at how the ‘access’ part of the authorization works. How does the system know what it should let you read, and what it should keep private? There are a few general rules as to how it should work:

People shouldn’t “read up”.
People shouldn’t “write down”.

These specific rules are part of the “Bell-LaPadula model” of access control. Check out this site for a few more access control models. Mainly about the Bell-LaPadula model first, what does it mean to read up or down? Well, the first rule is basically saying, “A lower authorization person shouldn’t be able to look at higher authorization things”. Pretty obvious, right? If you have a public file, and a top-secret file, a person reading the public file shouldn’t be able to read the top-secret file, but if you have top-secret access, you can read both files. The second rule is a little less obvious. It says, “A person who can edit the high authorization file shouldn’t be able to edit the lower authorization file”. This seems a little dumb, like if you can write in the top-secret one, why can’t you write in the public one? Mainly, this is so that someone with top-secret access doesn’t accidently leak things into the public document. Naturally, someone with public access can’t write in the top-secret one either.

Well, that’s pretty much it from me. Next week, maybe we’ll look at hacking and some other examples of cyber attacks. Check out this video to learn more about cybersecurity. I’ll see you next week. Until then, good luck.