PSEUDORANDOM NUMBER A BOON OR A BANE TO CYBER SECURITY

By
Transaction of information on internet is not a new; it has gone through a lot of transformation. But how much is this transaction secured especially when it comes to critical information related to defense, financial organizations etc. Cyber crooks, network hackers, cyber pirates, internet thieves is an emerging crime category of criminals and threat to online information transactions of data and information.
Not only the Banks and financial institutions but almost every organization who have some critical data have put much effort into internet security measures to protect customer and even themselves from fraud. You’re probably familiar with the “two-factor authentication security method” – the bank provides you with a security token, which generates a pseudo-random number for you to use at login, along with other credentials. What if fraudsters managed to over-rule this security measure during your attempt to log into your online bank account.
Some of the techniques used by cyber-criminals to breach your internet security and get to your money are Man-in-the-browser, Phising Schemes, Money Mules, Keylogger through hardware or software.
The security token which is a onetime pseudorandom number comes to the rescue. But, if this token in the form of a OTP number, if used more than once may prove to be a very bad experience for anyone. So, its use is also required to be protected from cyber-criminals and this may depend on how hard the coding has been done. For example the code given below generates the security token:
$link = JRoute::_('index.php?option=com_comp&view=comview&task=action'&'.JSession ::getFormToken().'=1');
And the code given below is used for validating the token

JSession::checkToken('get') or die( 'Invalid Token' );
This code generates the link which is something like:
 http://localhost/index.php?option=com_comp&view=comview&task=action&231a817c6f53a732b6d70f3e2c3c5fcd=1
In this example, the token generated is not a onetime useable, as a number of request can be sent to on the OTP. Actually the generated token and the check token must be both related to a session such that one can verify the token in the same session and only once. Clicking the back button should amount to as a new session and a new token be generated for verification and previously generated token should be treated as an invalid token.
So through this discussion one thing is very clear that the security threat is only in using the security token and not in its generation procedure or technique.
The security token in discussion can be implemented in hardware or software. A hardware implementation of it is generally done using LFSR (linear feedback shift registers). The two structures of LFSR are many-to-one and one-to-many structure. Block diagram of the many-to-one structure is given below:
Many-to-One Structure
Well, the design of the hardware is little out of the scope of this small article, however, it should be noted that pseudorandom sequence depends on the seed value (Initial value of the LFSR), the tap positions and the feedback type. The choice of taps determines how many values there are in a given sequence before the sequence repeats.
LFSR used as pseudorandom number generated find a number of applications which includes:
  • Data Encryption/Decryption
  • Digital Signal Processing
  • Wireless Communications
  • Built-in Self Test (BIST)
  • Data Integrity Checksums
  • Data Compression
  • Pseudo-random Number Generation (PN)
  • Direct Sequence Spread Spectrum
  • Scrambler/Descrambler
  • Optimized Counters
Conclusion:
The pseudorandom generator is definitely a boon and not a bane to the cyber-security. The number is not repeated until the whole cycle of maximal length of number is over, and this length is very high say for 128-bit it is not until 2128 numbers are generated. The threat is in its improper usage. It should be ensured in the transaction code that the number is not allowed to be used again.
Ravinder Nath Rajotiya
Professor, Department: ECE

Comments

Post a Comment

Popular posts from this blog

Teacher As: Critical Pedagogue

By
Education is not only a process of cognitive development. It is a process of overall development of the child. The whole teaching learning process consist with three important components i.e student, teacher and curriculum. In the process of curriculum construction, evaluation and feedbacks are an important aspect to redesign the curriculum. Evaluation cannot be made on the basis of academic achievement of the students. Teacher should play an important role in the construction of curriculum as well as transaction of curriculum. Thus there is a need that teacher should take initiative to evaluate the whole education system as a Critical pedagogue. It is an ability to evaluate our teaching and the practices prevailing in existing education system critically in relation to methods and practices adopted by the teacher to teach concern pedagogical subjects. Ira Shor defines “ Critical pedagogy is habits of thought, reading, writing and speaking which go beneath surface meaning, first impr
Read more

ROLE CONFLICT PROBLEM AMONG WORKING WOMEN

By
Women of India have marked their significant presence in the world in various fields. They have been given the status of power and prestige in India.    Indian women has got much more significance in today’s developing times. Where until lately, they were shadowed by patriarchal dominance, the contemporary women in India have moved beyond all social boundaries to emerge as triumphant leaders of tomorrow. Not only has She taken up courageous roles in society, her own individuality as a ‘woman’ has now got an improvised meaning. The world has changed for females in India now. The daughters are pursuing successful ambitions in the male dominated corporate scenario and mothers are taking up flextime jobs to showcase their exceptional managerial talent. Today, our women have stepped out to become bread earners of the family. Although the trend is yet developing in India, The IT-BPO sector is becoming a female dominated industry in India with a significant number of capable and qualified f
Read more

Rights and obligations of Issuer, Participant and Beneficial owner under the Depository Act, 1996

By
As per section 17 of depository Act the rights and obligations of the depositories, participants and the issuers whose securities are dealt with by a depository shall be specified by the regulations. Under the Depository Act, 1996 depository means a company formed and registered under the Companies Act, 1956, and which has been granted a certificate of registration by SEBI under sub-section (1A) of Section 12 of the Securities and Exchange Board of India Act, 1992 ). (Section 2(1) (e)) Work of Depository- The word ‘depositary’ is defined as “the party of the institution (company) receiving a deposit. A depository holds securities (like shares, debentures, bonds, Government Securities, units etc.) of investors in electronic form. Besides holding securities, a depository also provides services related to transactions in securities. It acts as a trustee of the owner since the securities are entrusted with him in trust. He is also the agent of the owner of the securities. Thus
Read more