What are two fundamental cryptography principles?

In this article we shall discuss about the two fundamental principles that govern a cryptographic system. 

1. Redundancy

- Some redundancy must be there in all the encrypted messages. 

- By redundancy here, we mean the information that is not required for understanding the message reducing the chances for a passive intruder to make attacks. 

- Passive intruder attacks involve putting the stolen information to misuse without understanding it. 

- This can be more easily understood by an example of a credit card. 

- The credit card number is not alone sent over the internet rather it is accompanied by other side info such as the DOB of the card holder, its validity date and so on. 

- Including such info with the card number cuts down on the changes for making up the number. 

- Adding a good amount of redundancy prevents the active intruders from sending garbage values and then getting it verified as some valid message. 

- The recipient must be capable of determining whether the message is valid or not by  doing some inspection and simple calculation. 

- Without redundancy the attackers would simply send junk message and the recipient will decode it as a valid message. 

- However, there is a little concern also with this. 

- N number of zeroes must not be put at the beginning or the end of the message for redundancy because such messages become easy to be predicted thus facilitating the crypt analysts work.

- Instead of zeroes, a CRC polynomial can be used because it proves to be more work. 

- Using cryptographic hash might be even better.

- Redundancy has also got a role to play in quantum cryptography. 

- Some redundancy is required in the messages for the bob to determine if the message has been tampered. 

- Repetition of the message twice is a crude form of redundancy.

- If the two copies are found to be identical, the bob states that somebody is interfering with the transmission or there is a lot of noise. 

- But such repetition process to be expensive. 

- Therefore, for error detection and correction the methods used are reed Solomon and hamming codes.

2. Update

- Measures must be compulsorily taken for the prevention of the attacks by active intruders who might play back the old messages. 

- The longer an encrypted message is held by an active intruder, the more is the possibility that he can break in to it. 

- One good example of this is the UNIX password file.

- For anybody who has an account on the host, the password is accessible. 

- A copy of this file can be obtained by the intruders and they can then easily de-crypt the password.

- Also, the addition of the redundancy allows the simplification of the messages’ decryption.

- It must be checked whether the message has been sent recently or is an old one. 

- One measure for doing so is including a time stamp of few seconds in the message. 

- This message then can be saved by the recipient for that many seconds and can be used for comparing with the incoming messages and filtering the duplicates.

- Messages which exceed this time period will be rejected as being too old.

Apart from the above two principles the following are some other principles of cryptography:

Ø Authentication: For ensuring that the message was generated by the sender itself and no one else so that no outsider can claim as being the owner of the message.

Ø Integrity: In cryptography, the integrity of the messages must be preserved while sending the message from one host to another. This involves ensuring that the message is not altered on the way. Using cryptographic hash is a way to achieve this.

Ø  Non-repudiation

What are different characteristics of build verification test?

Build verification test is often abbreviated as BVT and can be defined as a set of tests that are carried out on all the builds that are newly built in order to verify if those builds are testable or not before they are transferred to the testing team for their further testing. 

Generally, the test cases used in build verification test are considered to be the core functionality test cases which are used to keep the stability of the software systems or applications in check and regulate their testing thoroughly. 

The whole process of build verification test takes a whole lot of efforts and time if carried out manually and therefore the whole process is usually automated. If a build fails the build verification, then the same build is again returned to the developer to fix the faults. 

There are other names also by which the build verification test is known as mentioned below:

1. Smoke testing
2. Build acceptance testing or BAT

In a typical build verification test, there are two aspects that are exclusively tested and are mentioned below:

1. Build acceptance
2. Build validation

Few basics of Build Verification Tests

1. Build verification tests are a sub set of tests that are used for the verification of the main functionalities.
2. Some build verification tests are created on a daily basis and some builds are daily tested and if those builds fail the build verification test, they are rejected and returned back to their developer for making the fixes and when the fixes have been done, a new build is released and is gain subjected to the build verification test.
3. The build verification test has an advantage that it saves the precious efforts of the testing team that are required for setting up a test and testing a build whenever there is a break in the major functionality of the build.
4. The test cases of the build verification test should be designed very carefully so that they provide the maximum possible coverage to the basic functionality of the build.
5.  A typical build verification test is run for 30 minutes maximum and not then this limit.
6. The build verification testing can also be considered as a type of regression testing that is done on each and every build that is new.

Aim of Build Verification Test

- The primary aim of the build verification test is to keep a check on the integrity of the whole software system or application in terms of its build or we can say modules.

- When several development teams are working together on the same project, it is important that the modules that they are developing individually have got good ability for integrating with each other since this is very important. 

Till now so many cases have been recorded in which the whole project failed miserably due to a lack of integration among the modules. There are some worst cases also in which the whole project gets scraped just because of the failure in the module integration. 

- The build release has got a main task i.e., file check in i.e., including all the modified as well as new project files associated with the corresponding builds. 

- Earlier checking the health of the building initially was considered to be the main task of the build verification test. 

- This is called as “initial build health check” and it includes:

1. Whether or not all the files have been included in the release or not?
2. Whether all the files are in their proper format or not?
3. Whether all the file versions and languages have been included or not?
4. Whether the appropriate flags have been associated with the file or not?

What are different characteristics of security testing?

Security testing as its name suggests can be defined as a process to determine that whether a software or information system or application is capable of protecting data and keeping it secure.
It also determines that the software or the information system keeps the functionality of the system intact and as intended.

Security testing needs to cover up six important concepts. They have been discussed below in detail:
1. Confidentiality
- It can be defined as a measure of security which seeks to provide protection against the disclosure information or data to the third parties or any unauthorized parties other than the authorized parties or individuals.
- This is not the only way of ensuring security of the information.

2. Integrity
- This is a security measure intended to inform the information or data receiver about whether the information or data which is being provided is correct and fully legal.
- Most often, same underlying techniques are used for both confidentially and integrity aspects of security.
- There is a basic difference between integrity and confidentiality and that is: for integral security, additional information is also provided.
- This additional information usually forms the basis of not only encoding of the whole communication data but also forms the basis for an algorithmic check.

3. Authentication
- This security measure involves the confirmation of the identity of a particular person.
- It ensures that a packed product contains exactly what its packaging and labeling claims to be.
- The process of authentication is also used to trace the origins of a software system, application or an artifact.
- The process of authentication plays a big role in determining that a computer software system or application is a trusted one or not.

4. Authorization
- The process of authorization is an important security measure.
- It verifies the identity of the receiver of that particular service.
- It can be defined as a process for determining that a person who has requested for some service is allowed and is eligible to receive that service or to carry out some operation.
- The best example of authorization security measure is given by access control.

5. Availability
- Availability security measure assures that that the communication services and information will be always ready for use whenever they are needed.
- This security measure ensures that the required information is always available to the authorized people when they are in need of it.

6. Non- Repudiation
- It basically falls under the category of digital security measures.
- Non- repudiation security measure confirms that the data, information and messages are transferred and received by the people or parties claiming to have sent the data, information or messages.
- The security measure like non- repudiation offers a way to guarantee that the person or the party who had sent the message, later cannot deny sending the message and the recipient also cannot deny having received the message if any issue is raised.

Security testing as a term has a number of different meanings and cannot be explained in just one way. Security taxonomy provides a better way to under stand all these concepts.

- Discovery
- Vulnerability scan
- Vulnerability assessment
- Security assessment
- Penetration test
- Security audit
- Security review