Hands-on Project 11-3

Homepage of TrueCrypt, click on the highlighted link

Click 'Download' under Windows 7/Vista/XP/2000





Select 'Create an encrypted file container'








Select 'Standard TrueCrypt volume'








Click 'Select File'







Name the volume as "TrueCrypt Encrypted Volume"







Ensure that AES is selected






Type "1" in the textbox then select "MB"







Enter password in the textbox provided







Click 'Format' to continue








Click 'OK' to finish creating the volume








========================================

Reflection

I think that EFS is more convenient to use as we do not have to download a extra program to just a encrypt a file or folder and all we need to do is just to edit the properties of the file or folder that we want to encrypt.

But because of the fact that not all Windows OS supports the encrypting function, so TrueCrypt will come in handy for those user whose computer doesn't support encrypting function.

Hands-on Project 11-2

"Microsoft's Encrypting File System (EFS) is a cryptography system for Windows operating systems that use the Windows NTFS file system. Because EFS is tightly integrated with the file system, file encryption and decryption are transparent to the user.

Any file created in an encrypted folder or added to an encrypted folder is automatically encrypted." (Mark Ciampa, 2009)

===================================

Right click then select 'Properties'

















Select 'Advanced' button

























Check the highlighted box




















Click 'OK'

















Filename of Encrypted.txt changes to green

Hands-on Project 11-1

"Hashing, also called a one-way hash, is a process for creating a unique "signature" for a set of data. This signature, called a hash or digest, represents the contents.

Hashing is used only for integrity to ensure that the information is in its original form and that no unauthorized person or malicious software ahs altered the data.

The Message Digest 5 (MD5), a revision of MD4, was created in 1991 by Ron River and designed to address MD4's weakness.

Like MD4, the length of the message is padded to 512 bits. The hash algorithm then uses four variables of 32 bits each in a round-robin fashion to create a value that is compressed to generate the hash." (Mark Ciampa, 2009)

=========================================

Homepage of md5deep
















Click on highlighted link to download md5deep
















Country1.txt and Country2.txt
















Hash algorithm for MD5 (128 bits)














Hash algorithm for SHA-1 (160 bits)














Hash algorithm for SHA-2 (SHA-256) (256 bits)














Hash algorithm for Whirlpool (512 bits)













==========================================

Reflection

By comparing two hash values will allow one to know if the information inside the file has been altered anot. This prevents any unauthorized person or malicious software from altering the information without the user knowing (eg. Man-in-the-Middle attack).

One of the example of hashing in our daily life is Automated Teller Machine (ATM) Card. As ATM does not keep a record of the user's PIN and it also does not have to get the user's pin from some remote database and send back to the ATM, hence reduces chances of people trying to hack into the systems just to get the PIN numbers. Therefore, by using hashing to verify the accuracy of the data, it will get rid of the chances of having the data exposed to a third party and making it vulnerable to attacks.

Hands-on Project 8-5

OpenID is a decentralized open source federated identity management system that does not require specific software to be installed on the desktop.

OpenID is a uniform resource locator (URL)-based identity system.

======================================

Type identity URL in the highlight textbox















Website requesting PIP for verification to login
















Successful login for lifewiki.net

Hands-on Project 8-4

"Steps for creating and using OpenID are as follows:

1) Go to a free site that provides OpenID accounts, such as MyOpenID.com, then create a account with a username(Me) and password. The user is then given the OpenID account of Me@myopenid.com

2) When the user visits a website like BuyThis.com that requires him to sign in, he can instead choose to use OpenID. He simply enters his OpenID URL, Me@myopenid.com.

3) BuyThis.com redirects to MyOpenID.com where he is required to enter his password to authenticate himself and indicates he trusts BuyThis.com with his identity.

4) MyOpenID sends him back to BuyThis.com, where he is now authenticated. "

(Mark Ciampa, 2009)

======================================

Homepage of PIP, click on highlighted button to continue





Fill in the blanks and scroll down to submit





Click on "Browse" to select profile picture





Click on the highlighted link





Click on the button to save settings






While saving settings







Information displayed under "My Information"

Hands-on Project 8-1

Cognitive biometrics is authentication based on the perception, thought process, and understanding of the user.

This is considered to be much easier for the user to remember because it is based on the user's life experiences. This also makes it very difficult for an attacker to imitate.

==========================================

Homepage of Passfaces Demostration
















Click on the highlighted button to continue
















Starting screen of the demo, click 'OK' to continue


























Click 'OK'


























Click 'NEXT' to enroll now


























Memorize the passfaces given


























Click on the given passface


























Click 'DONE' to complete enrollment


























Successful Login


























==========================================

Reflection

I think cognitive biometrics is effective, because the thinking process or memories of one person is something that could not be easily imitate by anyone even your closed ones. This is due to the fact that everyone has their own set of thinking and this will result in different perception and different point of view.

But I think that cognitive biometrics is only effective on people who have good memory and only if the account is being used everyday. If not, when the person try to login after a few years, he/she might already have forgotten about the events/faces that he/she set as password to login. Then the user will have to go through alot of channel just to get that account back.

Hence in some way cognitive biometrics is effective as it is relatively secure, but it will not be convenient for people who have bad memories.

Hands-on Project 7-2

2 cause for concerns when using a password manager programme

1) If the master password is known to a third party, all the passwords inside will also be known to the third party.
2) The programme might be linked to other programme that will send all the passwords saved inside to a thrid party without the user knowing it.

==============================================

Homepage of KeePass





Click on the highlighted link to start downloading





Starting screen of KeePass





Click 'File' and 'New' then key in a strong master password





Click 'Edit' then 'Add Entry'





Fill in the blanks





Select the group that you want and click 'OK'





Save the file





Select the group and double click on the URL




Click and drag the username and password into respective textbox







==============================================

Reflection

Though this type of password mangaer programme are convenient for those people who uses different passwords for different accounts, but if the master password is lost or leaked out to a third party, all the passwords contained inside will also be known to a third party. This will be very dangerous for the user if he/she happen to save their online banking account's password inside.

It will still be highly advisible to remember all the passwords mentally rather than saving it in some programmes. This is due to the advanced technology nowadays that allows people to hack into any programmes that they want just by downloading the softwares available online.