쥐스킨트의 작은 서재

Cryptographic nonce

In cryptography, a nonce is an arbitrarynumber that may only be used once. It is similar in spirit to a nonce word,hence the name. It is often a random or pseudo-random number issued in anauthentication protocol to ensure that old communications cannot be reused inreplay attack. They can also be useful as initialization vectors and incryptographic hash function.

Usage

Authentication

Authentication protocol may use nonces toensure that old communications cannot be reused in replay attacks. Forinstance, nonces are used in HTTP digest access authentication to calculate anMD5 digest of the password. The nonces are different each time the 401authentication challenge response code is presented, thus making replay attacksvirtually impossible. The scenario of ordering products over the Internet canprovide an example of the usefulness of nonces in replay attacks. An attackercould take the encrypted information and –without needing to decrypt – couldcontinue to send a particular order to the supplier, thereby ordering productsover and over again under the same name and purchase information. The nonce isused to give ‘originality’ to a given message so that if the company receivesany other orders from the same person with the same nonce, it will discardthose as invalid orders.

A nonce may be used to ensure security fora stream cipher. Where the same key is used for more than one message and thena different nonce is used to ensure that the keystream is different fordifferent messages encrypted with that key; often the message number is used.

Applicationprogramming interface

In computer programming, an ApplicationProgramming Interface (API) is a set of routine definitions, protocols, andtools for building software and applications. A good API makes it easier todevelop a program by providing all the building blocks, which are then put togetherby the programmer. An API may be for a web-based system, operating system,computer hardware, or software library. An API specification can take manyforms, but often include specifications for routines, data structures, objectclasses, variables, or remote calls.

Adware

Adware, or advertising-supported software,is any software package that automatically renders advertisements in order togenerate revenue for its author. The advertisements may be in the userinterface of the software or on a screen presented to the user during the installationprocess. The functions may be designed to analyze which Internet sites the uservisits and to present advertising pertinent to the types of goods or servicesfeatured there. The term is sometimes used to refer to software that displaysunwanted advertisements known as malware.

Scareware

Scareware is a form of malicious softwarethat uses social engineering to cause shock, anxiety, or the perception of athreat in order to manipulate users into buying unwanted software. Scareware ispart of a class of malicious software that includes rogue security software,ransomware and other scam software with malicious payloads, which have limitedor no benefit to users, and are pushed by unethical marketing practices. Someforms of spyware and adware also use scareware tactics.

FileAllocation Table

File Allocation Table (FAT) is a computerfile system architecture and a family of industry-standard file systemsutilizing it. The FAT file system is a legacy file system which is simple androbust. It offers good performance even in light-weight implementations, butcannot deliver the same performance, reliability and scalability as some modernfile systems. It is, however, supported for compatibility reasons by nearly allcurrently developed operating systems for personal computers and many mobiledevices and embedded systems, and thus is a well-suited format for dataexchange between computers and devices of almost any type and age from1981 upto the present.

Originally designed in 1977 for use onfloppy disks, FAT was soon adapted and used almost universally on hard disksthroughout the DOS and Window 9x eras for two decades. As disk drives evolved,the capabilities of the file system have been extended accordingly, resultingin three major file system variants: FAT12, FAT16, FAT32. The FAT standard has alsobeen expanded in other ways while generally preserving backward compatibilitywith existing software.

Ubiquitous computing

Ubiquitous computing (or “ubicomp”) is aconcept in software engineering and computer science where computing is made toappear anytime and everywhere. In contrast to desktop computing, ubiquitouscomputing can occur using any device, in any location, and in any format. Auser interacts with the computer, which can exist in many different forms,including laptop computers, tablets and terminals in everyday objects such as afridge or a pair of glasses. The underlying technologies to support ubiquitouscomputing include Internet, advanced middleware, operating system, mobile code,sensors, microprocessors, new I/O and user interfaces, networks, mobileprotocols, location and positioning and new materials.

Diffie-Hellmankey exchange

Diffie-Hellman key exchange (D-H) is aspecific method of securely exchanging cryptographic keys over a public channeland was one of the first public-key protocols as originally conceptualized. D-His one of the earliest practical examples of public key exchange implementedwithin the field of cryptography. Traditionally, secure encrypted communicationbetween two parties required that they first exchange keys by some securephysical channel, such as paper key lists transported by a trusted courier. TheDiffie-Hellman key exchange method allows two parties that have no priorknowledge of each other to jointly establish a shared secret key over aninsecure channel. This key can then be used to encrypt subsequent communicationsusing a symmetric key cipher.

Proxy server

In computer networks, a proxy server is aserver (a computer system or an application) that acts as an intermediary forrequests from clients seeking resources from other servers. A client connectsto the proxy server, requesting some service, such as a file, connection, webpage, or other resource available from a different server and the proxy serverevaluates the request as a way to simplify and control its complexity. Proxieswere invented to add structure and encapsulation to distributed systems. Today,mots proxies are web proxies, facilitating access to content on the World WideWeb and providing anonymity.

Uses

Monitoringand filtering

-      Content-control software

A content-filtering web proxy server provides administrative controlover the content that may be relayed in one or both directions through theproxy. It is commonly used in both commercial and non-commercial organizations(especially schools) to ensure that Internet usage conforms to acceptable usepolicy.

A content filtering proxy will often support user authentication, tocontrol web access. It also usually produces logs, either to give detailed information about the URLs accessedby specific users, or to monitor bandwidth usage statistics. It may alsocommunicate to daemon-based and/or ICAP-based antivirus software to providesecurity against virus and other malware by scanning incoming content in realtime before it enters the network. 

-      Filtering of encrypted data

Web filtering proxies are not able to peer inside secure socketsHTTP transactions, assuming the chain-of-trust of SSL/TLS has not beentampered with.

The SSL/TLS chain-of-trust relies on trusted root certificateauthorities. In a workplace setting where the client is managed by theorganization, trust might be granted to a root certificate whose private key isknown to the proxy. Consequently, a root certificate generated by the proxy isinstalled into the browser CA list by IT staff.

In such situations, proxy analysis of the contents of a SSL/TLStransaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by the client’s trust of a root certificate theproxy owns.

-      Bypassing filters and censorship

If the destination server filters content based on the origin of therequest, the use of a proxy can circumvent this filter. For example, a serverusing IP-based geolocation to restrict its service to a certain country can beaccessed using a proxy located in that country to access the service.

Internet

The Internet is the global system ofinterconnected computer networks that use the Internet protocol suite (TCP/IP)to link billions of devices worldwide. It is a network of networks thatconsists of millions of private, public, academic, business, and governmentnetworks of local to global scope, linked by a broad array of electronic,wireless, and optical networking technologies. The internet carries anextensive range of information resources and services, such as the inter-linkedhypertext documents and applications of the World Wide Web (WWW), electronicmail, telephony, and peer-to-peer networks for file sharing.

The origins of the Internet date back toresearch commissioned by the United States federal government in the 1960s tobuild robust, fault-tolerant communication via computer networks. The primary precursornetwork, the ARPANET, initially served as a backbone for interconnection ofregional academic and military networks in the 1980s. The funding of theNational Science Foundation Network as a new backbone in the 1980s, as well asprivate funding for other commercial extensions, led to worldwide participationin the development of new networking technologies, and the merger of manynetworks. The linking of commercial networks and enterprises by the early 1990smarks the beginning of the transition to the modern Internet, and generated a sustainedexponential growth as generations of institutional, personal, and mobilecomputers were connected to the network.

Backdoor

A backdoor is a method, often secret, ofbypassing normal authentication in a product, cryptosystem or algorithm etc.Backdoors are often used for securing unauthorized remote access to a computer,or obtaining access to plaintext in cryptographic systems.

A backdoor may take the form of a hiddenpart of a program, a separate program, or may be a hardware feature. Althoughnormally surreptitiously installed, in some cases backdoors are deliberate andwidely known. These kinds of backdoors might have “legitimate” uses such asproviding the manufacturer with a way to restore user passwords.

Default passwords can function as backdoorsif they are not changed by the user.  Somedebugging features can also act as backdoors if they are not removed in therelease version.