FuadKP

Cryptography comes from the Greek words for "secret writing". It has a long and colorful history going back thousands of years. In this section we will just sketch some of the highlights, as background information for what follows. For a complete history of cryptography, Kahn's (1995) book is recommended reading. For a comprehensive treatment of the current state-of-the-art in security and cryptographic algorithms, protocols, and applications, see (Kaufman et al., 2002). For a more mathematical approach, see (Stinson, 2002). For a less mathematical approach, see (Burnett and Paine, 2001).
Professionals make a distinction between ciphers and codes. A cipher is a character-for-character or bit-for-bit transformation, without regard to the linguistic structure of the message. In contrast, a code replaces one word with another word or symbol. Codes are not used any more, although they have a glorious history. The most successful code ever devised was used by the U.S. armed forces during World War II in the Pacific. They simply had Navajo Indians talking to each other using specific Navajo words for military terms, for example chay-dagahi-nailtsaidi (literally: tortoise killer) for antitank weapon. The Navajo language is highly tonal, exceedingly complex, and has no written form. And not a single person in Japan knew anything about it.
In September 1945, the San Diego Union described the code by saying "For three years, wherever the Marines landed, the Japanese got an earful of strange gurgling noises interspersed with other sounds resembling the call of a Tibetan monk and the sound of a hot water bottle being emptied." The Japanese never broke the code and many Navajo code talkers were awarded high military honors for extraordinary service and bravery. The fact that the U.S. broke the Japanese code but the Japanese never broke the Navajo code played a crucial role in the American victories in the Pacific.

corps, diarists, and lovers. Of these, the military has had the most important role and has shaped the field over the centuries. Within military organizations, the messages to be encrypted have traditionally been given to poorly-paid, low-level code clerks for encryption and transmission. The sheer volume of messages prevented this work from being done by a few elite specialists.
Until the advent of computers, one of the main constraints on cryptography had been the ability of the code clerk to perform the necessary transformations, often on a battlefield with little equipment. An additional constraint has been the difficulty in switching over quickly from one cryptographic method to another one, since this entails retraining a large number of people. However, the danger of a code clerk being captured by the enemy has made it essential to be able to change the cryptographic method instantly if need be.

The messages to be encrypted, known as the plaintext, are transformed by a function that is parameterized by a key. The output of the encryption process, known as the ciphertext, is then transmitted, often by messenger or radio. We assume that the enemy, or intruder, hears and accurately copies down the complete ciphertext.
However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers, called cryptanalysis, and the art devising them (cryptography) is collectively known as cryptology.
It will often be useful to have a notation for relating plaintext, ciphertext, and keys. We will use C = EK(P) to mean that the encryption of the plaintext P using key K gives the ciphertext C. Similarly, P = DK(C) represents the decryption of C to get the plaintext again.

This notation suggests that E and D are just mathematical functions, which they are. The only tricky part is that both are functions of two parameters, and we have written one of the parameters (the key) as a subscript, rather than as an argument, to distinguish it from the message.
A fundamental rule of cryptography is that one must assume that the cryptanalyst knows the methods used for encryption and decryption. In other words, the cryptanalyst knows how the encryption method, E, and decryption, D,of Fig. 8-2 work in detail. The amount of effort necessary to invent, test, and install a new algorithm every time the old method is compromised (or thought to be compromised) has always made it impractical to keep the encryption algorithm secret. Thinking it is secret when it is not does more harm than good.
This is where the key enters. The key consists of a (relatively) short string that selects one of many potential encryptions. In contrast to the general method, which may only be changed every few years, the key can be changed as often as required. Thus, our basic model is a stable and publicly-known general method parameterized
by a secret and easily changed key. The idea that the cryptanalyst knows the algorithms and that the secrecy lies exclusively in the keys is called Kerckhoff's principle, named after the Flemish military cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883). Thus, we have: Kerckhoff's principle: All algorithms must be public; only the keys are secret The nonsecrecy of the algorithm cannot be emphasized enough. Trying to keep the algorithm secret, known in the trade as security by obscurity, never works. Also, by publicizing the algorithm, the cryptographer gets free consulting from a large number of academic cryptologists eager to break the system so they can publish papers demonstrating how smart they are. If many experts have tried to break the algorithm for 5 years after itspublication and no one has succeeded, it is probably pretty solid.
Since the real secrecy is in the key, its length is a major design issue. Consider a simple combination lock. The general principle is that you enter digits in sequence. Everyone knows this, but the key is secret. A key length of two digits means that there are 100 possibilities. A key length of three digits means 1000 possibilities, and a key length of six digits means a million. The longer the key, the higher the work factor the cryptanalyst has to deal with. The work factor for breaking the system by exhaustive search of the key space is exponential in the key length. Secrecy comes from having a strong (but public) algorithm and a long key. To prevent your kid brother from reading your e-mail, 64-bit keys will do. For routine commercial use, at least 128 bits should be used. To keep major governments at bay, keys of at least 256 bits, preferably more, are needed.
From the cryptanalyst's point of view, the cryptanalysis problem has three principal variations. When he has a quantity of ciphertext and no plaintext, he is confronted with the ciphertext-only problem. The cryptograms that appear in the puzzle section of newspapers pose this kind of problem. When the cryptanalyst has some matched
ciphertext and plaintext, the problem is called the known plaintext problem. Finally, when the cryptanalyst has the ability to encrypt pieces of plaintext of his own choosing, we have the chosen plaintext problem. Newspaper cryptograms could be broken trivially if the cryptanalyst were allowed to ask such questions as: What is the encryption of ABCDEFGHIJKL?
Novices in the cryptography business often assume that if a cipher can withstand a ciphertext-only attack, it is secure. This assumption is very naive. In many cases the cryptanalyst can make a good guess at parts of the plaintext. For example, the first thing many computers say when you call them up is login: . Equipped with some
matched plaintext-ciphertext pairs, the cryptanalyst's job becomes much easier. To achieve security, the cryptographer should be conservative and make sure that the system is unbreakable even if his opponent can encrypt arbitrary amounts of chosen plaintext.
Encryption methods have historically been divided into two categories: substitution ciphers and transposition ciphers. We will now deal with each of these briefly as background information for modern cryptography.

Jaringan atau dalam bahasa inggrisnya network saat ini merupakan salah satu teknologi yang sanagt penting dalam perkembangan IT. Bill Gates dalam bukunya yang berjudul "Speed of Throught" membahas tentang dunia baru yang disebut dengan dunia web, yang menurutnya akan menjadi hal yang sangat penting dan menjadi saraf dalam perkembangan IT.

Jaringan memudahkan user untuk mampu berkomunikasi dalam jarak yang tak terbatas. Antara Indonesia dan Inggris dapat dicapai dengan hitungan detik tanpa kita harus naik pesawat dan berkunjung bertemu dengan Ratu Elisabeth untuk tahu seluk beluk negara Inggris.

perkembangan terknologi ini merupakan akibat dari perkembangan teknolog jaringan yang sudahsnagat pesat saat ini. Mulai dari LAN, MAN, dan WAN yang merupakan spesifikasi jaringan berdasar jarak jangkauan area. Seiring dengan hal ini juga, tingkat keamanan sebuah jaringan menjadi hal yang sangat penting. Keamanan jaringan menjadi hal yang perlu sangat diperhatikan.

Dalam jaringan ada banyak hal yang terkait baik itu dari segi hardware maupun software. pada kesempatan kali ini, saya akan sedikit berbagi tentang apa yang disebut IDS(Intrussion Detection System). IDS merupakan salah satu hal yang menjadi sangat penting mengingat apa yang disebut dengan firewall.

Firewall merupakan pengaman system jaringan dengan prinsip menjaga dan mengamankan jaringan dari kejahatan maupun kejahilan diluar jaringan. Firewall mampu melakukan filtrasi terhadap hal yang tidak dizinkan memasuki jaringan dengan ketentuan-ketentuan tertentu. Hal ini tentunya sungguha akan sangat membantu para ADmin jaringan untuk memantau dan maintenance jaringan.

Tetapi ternyata kejahatn terhadap jaringan bukan hnaya berasal dari luar jaringan saja, tapi juga ancaman dari dalam jaringan itu sendiri. Intrusion detection system (IDS) merupakan penghambat atas semua serangan yang akan menggangu sebuah jaringan. IDS memberi peringatan kepada administrator server saat terjadi sebuah aktivitas tertentu yang tidak diinginkan administrator sebagai penanggung jawab sebuah sistem. Selain memberikan peringatan, IDS juga mampu melacak jenis aktivitas yang merugikan sebuah sistem. Suatu IDS akan melakukan pengamatan (monitoring) terhadap paket-paket yang melewati jaringan dan berusaha menemukan apakah terdapat paket-paket yang berisi aktivitas yang mencurigakan sekaligus melakukan tindak lanjut pencegahan. Pada dasarnya terdapat dua macam IDS, yaitu Host – Based dan Network Based.

IDS host-based bekerja pada host yang akan dilindungi. IDS jenis itu dapat melakukan berbagai macam tugas untuk mendeteksi serangan-serangan yang dilakukan pada host tersebut. keunggulan IDS host-based adalah pada tugas-tugas yanga berhubungan dengan kemanan file, misalnya ada tidaknya file yang telah diubah atau ada tidaknya usaha untuk dapat akses ke file-file yang sensitive.

IDS network-based biasa berupa suatu mesin yang khusus dipergunakan untuk melakukan monitoring terhadap seluruh segmen dari jaringan.IDS network-based akan mengumpulkan paket-paket data yang terdapat pada jaringan dan kemudian menganalisisnya serta menentukan apakah paket-paket tersebut berupa suatu paket yang normal atau suatu serangan atau berupa aktivitas yanga mencurigakan.

FuadKP

Pages

Thursday 25 December 2008

Keamanan Sistem Internet

Tuesday 23 December 2008

Cryptography

Sunday 21 December 2008

Intrussion Detection System