Encryption – Do you need to secure your files?

Security, anonymity​ and privacy are topics you hear a lot about these days. When the news is filled with how terrorists used encryption to mask their evil activities one might ask do we really need it? I would say we absolutely do. It would be easy to make a case for government agencies, banks and even medical services to have access to this type of technology, but I’d even say we as individuals need to use it.​ The Bureau of ​Justice Stastics reported that in 2014​ there were 17.6 million US residents that experienced identity theft.​ On average it costs victims about $1,500 in lost finances and that’s not counting lost hours and stress caused by cleaning up the mess. Most of your personal files don’t need encrypted but you should protect your sensitive data. Things like financial, medical, website passwords, etc should be secure.​​

I’ve spent some time learning the ins and outs of encryption. There’s still much I don’t know, but I do feel I have a good grip on how many of these technologies work.​ I want to use the rest of this article to explain a little about encryption an application I’ve created called Xcipher and how it works.

The two main types of encryption are public and private key. Public key is what we often use when we connect to a secure website. It uses very large prime numbers to create a key that is used to encrypt data in a file. Primes are significant because they take a very long time to factor.​ For example​​ I can take two large prime numbers and multiply them together in seconds, but if I take the result and try to find the two numbers that created it, that would take a long time and for very large primes it could take thousands of years to crack.

Xcipher uses private key encryption which doesn’t use prime numbers at all. Private key encryption is similar to writing your password or padlock combination on a sheet of paper and storing it away till later. The file cannot be unencrypted without the password and it’s kept secret from others.

The Xcipher application will read a byte from the input file create an encrypted byte based upon a character in the password, and then write that byte to the output file….and continue through the entire file.

A byte is 8 bits, and the first read of the file would contain data like this: {01101001 010010101 10100001}.​​ ​After the data is read​ a “mask” of the same length (8 bits) must be created. This mask is basically a random number from 0 – 255. It is used to flip the bits using an Xor operator. Java has a function that returns a random number.  Something really helpful about this function and what makes this application possible is the fact that you can seed the random function with a starting point and it will then return a sequence of numbers that are always the same. If I create a million random numbers the second run with the same seed will create the exact same million numbers.

Let’s say our password is “apple”. It has already read in byte: 01101001 and the first character of the password is a lower case ‘a’. If you use its integer value you get the number 97. We then generate 97 random numbers, toss them to the side, and then use the 98th, which will be an integer between 0 and 255, and that will be our mask. We throw the first numbers away to add complexity to the algorithm making it near impossible to calculate the mask that is returned. If you dont’ have the password that is used to create the mask and the starting point (seed) for the random number you cannot determine the mask. Without it you cannot recreate the original byte.

There are 256 possible number between 0 – 255, and that is important because that is also the largest number possible with a byte. The binary number 11111111 is equal to the decimal number 255. So the random number that is chosen is always the size of one byte….our mask is a random number the size of a byte.

Now lets say the 98th number was 133 which is the binary number 10000101. So now we have:
01101001 – original byte
10000101 – mask 
The Exclusive Or (know as an Xor operator) will compare the two bytes bit for bit.  You remember those truth tables you learned in college, well here’s the one for Xor:

  • 1 Xor 1 = 0
  • 1 Xor 0 = 1
  • 0 Xor 1 = 1
  • 0 Xor 0 = 0.

Let’s do the calculation:
01101001 – original byte
10000101 – mask
____________________________XOR
11101100 – encrypted byte

Xcipher screen shot:

enc2

 

 

 

 

 

 

 

So how does the decryption work? Well, when you run the encrypted file back through the same program, it will read in the encrypted byte, and when Xor’d with the same mask, it will produce the original byte. So the Xor acts like a switch that will flip the bits back to the original, and java will produce the exact random numbers each time.

Just because bad people use a good technology doesn’t make that technology bad. Encryption is a powerful tool that makes our online communication safe and secure and we should not fear it. If you’re interested in the application just message me and I’ll give you a copy.

How Safe is Your Identity?

cyber-crime-and-identity-theft

 

One scary moment of my life was answering a call from my credit card account manager who asked, “Mr. Lucas, did you recently purchase a dozen roses and four bottles of wine in New Jersey?”  Well, considering I’ve not been to Jersey, I had never used that card, and I don’t drink wine, my answer was, “No!”  I began immediately thinking about how bad this could be. Would I have to cancel my cards? Would I spend hours on the phone trying to clean this up? Luckily that’s all the further that theft went. I didn’t have to pay for the charges, and none of my other accounts had been compromised.

It is becoming increasingly harder to stay safe. In a world that’s wired to the internet and a culture dependent on a variety of electronic gadgets, identity theft is thriving. “You can’t prevent identity theft! No one can!” says financial expert Dave Ramsey. Even Todd Davis, the CEO of a large identity protection company, who shared his social security number publicly had his identity stolen 12 times, says the Phoenix News Times. While this may be a bit unsettling, understand that you can make it extremely difficult for the prowling identity thief. Don’t become the feeble gazelle faltering at the rear of the heard. When it comes to identity theft, there are three areas to consider.

Minimize the risk–There are a number of ways we can lower the risk of attack, and they all limit access to your personal data.

Get a shredder and properly dispose of old documents that have sensitive data; don’t just throw them in the trash. Anyone can drive around in the early morning hours and pilfer through your garbage. Don’t give out personal information to someone who calls you. If you need to give the info, then hang up and call their publicly listed number. Never trust that the person on the end of the line is who they say they are. And finally and most importantly, be cautious of what you put on the internet. From a person’s Facebook account or website it’s often easy gather all kinds of personal information. Even something as simple as, “Here’s my cat named fluffy!” Many people use their pet’s names as passwords.

Monitor your accounts. –Another big way to keep yourself safe is to monitor your existing accounts. If you can catch illegal activity when if first happens you can limit the damage.

Watch your monthly reports. Keep your receipts and match them with the report item for item, and if something appears that you didn’t buy then call. You can also check your annual reports for free at https://www.annualcreditreport.com. You can get reports for all three (Trans Union, Equifax, Experian) of the reporting agencies from them. Another simple step to take is reduce the number of accounts you have. It’s easy to miss unwanted activity if you have 10-15 different accounts to watch.

Maximize your protection. –One final way to reduce the time and money spent on costly clean-up is to purchase identity theft insurance.

You must change your mindset. No person or company can prevent an identity theft from occurring, but a good company can help manage the aftereffects, and repay stolen money. You insure the things that are valuable to you, your homes, and your cars, so why not insure your identity?  You can find a good identity policy for around $6.75 a month. Dave Ramsey recommends the Zander Insurance Group as a good provider of identity theft protection.

Talking Machines…part 2

talkin machine2In my previous article, I talked about how far technology had progressed in the past 100 years.  In my own lifetime, I’ve seen computer technology really explode.  My first computer was a Commodore 16, with no hard drive, and 16k of memory.  There was no graphical operating system, and I couldn’t do much more than type at a prompt.  The PC came with a monthly magazine subscription that had sample programs listed in the back, and I can remember my dad and me sitting for hours typing in code for a Space-Invaders type of program.  It never worked.  We tried entering the program three times, but it would crash after about 30 seconds—must have had a bug.

Since that time hard-drive size and processing speeds have increased exponentially—Moore’s law describes a trend in hardware manufacturing where the number of transistors that would fit on an integrated circuit doubled about every 24 months.  It also seems a new PC becomes outdated minuets after removing it from the box.  However, in spite of all these computing advancements, human language programs have lagged far behind.

Computers can process large amounts of data very quickly—billions, and even trillions of instructions per second. A computer can search an encyclopedia for a phrase like “history of computers”, and return all the results in a list in just a few seconds. There’s just no way a person could do that kind of rote processing—it would take us months or years to do the same thing.

Computers tend to do certain types of tasks efficiently, like searching through a list or adding numbers. But there are certain tasks that are tough for a computer. For example, a person can look at an image of a friend, and within seconds recognize them. Computers can’t. There are image-recognition programs, but they are slow and unreliable.

Many forums and blogs on the internet have a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) defense built in…when you post a reply to someone’s thread or blog, it requires you to look at an image, and then type it into a verification box. This is to keep computer programs from posting advertisements and other nasties to the site. This is effective because it is difficult for a program to look at an image and determine what it is.

Another difficult task for a computer is to process language. Human languages are ambiguous—take a look at this sentence: Time flies when you’re having fun, but fruit flies like bananas.

Does fruit fly?  How does time take flight?  Is “flies” a noun or verb, an action or insect?

Also stressing a word in speech can change the meaning of the sentence. For example:

I never said anything about you”
– Maybe someone else did, but I didn’t.

“I never said anything about you”
– I never said anything, but may have written something.

Imagine a future without the mouse or keyboard.  You get home from work, open the door, and immediately speak to your house computer, “Jake! Please turn on the TV.”  It responds in a pleasant voice and tells you it is now set to channel 23 for the evening news.  Later on that evening you’re sitting on the couch, “Jake can you email my sister, and invite her to the cookout Saturday?”  It replies a few seconds later and asks, “Would you like me to ask her to bring something?”  A program that can understand and follow a conversation would be very useful.

It could also become a very personal possession, and be passed on to your children and grand children, allowing them to ask questions about your life like  “Jake. What was my grandfathers favorite food?” or “Jake.  What was my dad’s first job?”

For now, computers that can communicate intelligently with us lies within the realm of sci-fi, but science fiction often drives scientific discovery.

Talking Machines…part 1

talkin machine1I’m amazed at the progress of technology over the past 100 years. Modes of transportation have gone from wheeled carts pulled by horses to vehicles that are measured in thousands of horsepower. There have been major advances in medicine—doctors can transplant most organs of the human body, and there has even been partial success in transplanting the head of a monkey to a different body.  Or was it the body to a different head? We’ve been to the moon and Mars. We’ve split the atom. We can talk instantly with someone on the opposite side of the planet, and computers that would have filled entire rooms years ago, can now fit on your wrist or in your pocket.

So… I pose this question. When do you think we will be able to talk to our computers?

We do this somewhat now, in limited capacities, so let me rephrase the question. When do you think conversations with our computers will be as real and indistinguishable as conversations with other humans?  I’m not talking about sentience, that’s an entirely different conversation, but when will computers be able to simulate human conversation?

ELIZA was one of the first programs to attempt a conversation between man and machine, and was created by Joseph Weizenbaum in 1966.  Dr. Weizenbaum was a computer science professor at MIT, and created ELIZA to simulate an empathic psychologist.  It would take statements made by patients and rephrase them as questions.  For example, a response to “My back hurts” might be “Why do you say your back hurts?”  It’s a simple little trick that seems to mimic intelligence, but is easily dismissed as it becomes apparent that there is no reasoning behind the responses.  There are many other conversational programs available today—Jabberwacky, ALICE, PARRY, ELLA, and HAL to name a few, but they all fall short when it comes to true natural language processing (NLP).

This idea is not new to the field of artificial intelligence.  Alan Turing first proposed a test of intelligence in the 1950 edition of Computing Machinery and Intelligence.  The test goes like this: a human judge has a text-only conversation with a computer program and another human.  If he is unable to distinguish between the computer and the other human, then that program passes the test—the Turning Test.

In 1990 Hugh Loebner brought this test to life by offering $100,000 and a gold medal to the first computer program whose responses were indistinguishable from a human’s.  This grand prize is still unclaimed, and programmers still compete annually for a bronze medal and a $2000 prize.

You might think that computers are smart, but the ability to do something quickly and efficiently doesn’t indicate intelligence.  For the most part, computers just do what you tell them.  They don’t think for themselves.  They just follow instructions.  There has been significant progress in the field of artificial intelligence (AI), but the smartest machines of today still only have the intelligence of an insect.

In 2005 Ray Kurzweil wrote a book called The Singularity is Near that suggests sentience will happen not too far in the future.  Ray has been hailed by many as a modern day scientific prophet.  Bill Gates said, “Ray Kurzweil is the best person I know at predicting the future of artificial intelligence.”  His book suggests that technology is growing exponentially—by 2020 machine intelligence will equal human intelligence, and by 2040 machines will surpass the intelligence of all humanity combined.

Is sentient life possible? Ehh… I don’t know, we’ll have to wait and see, but I do think it will be possible for a computer to emulate a human—first in speech, and then in action.