عربي : مدونة باللغة العربية مختصة بالاخبار والأحداث والتقنيات المتعلقة بنظم المعلومات والاتصالات
Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect on Monday (Oct 1).
Tags: UK, Encryption, Technology, Rights, Secrets, Government, Law, communication, interception
قال الله تبارك و تعالى في سورة الحاقة: ((فلا أقسم بما تبصرون و ما لا تبصرون)).
المعركة بين علم الإخفاء وتحليل الإخفاء لا تزال محتدمةً وتمثِّلُ حجر الزاوية في حرب نقل المعلومات السرية . الوجه الاول لهذه المعركة يمثل الاتصالات السرية حيث يتم نقل معلومات و بيانات من دون إشعار أحدٍ أن هناك اتصالاً يجري ، بينما يمثل الوجه الآخر محاولة الوقوف ضد هذا النوع من الاتصالات.
ومن المهم التأكيد على ضرورة التشفير الآمن للمعلومات قبل إخفائها ، وذلك موضوع مستقل عن علم إخفاء المعلومات يسمى علم التشفير.
يعامل علم التشفير على أنه سلاح الكتروني -وهو كذلك- لأ نه أساس في تأمين الا تصالات وضمان سلامة المتصلين وحماية الأسرار. وليس هناك أخطر من أن يعتمد شخص على برنامج أجنبي لحماية أسراره وتأمين اتصالاته ، فربما اكتشف بعد فوات الأوان أن جميع اتصالاته كانت مخترقة من قبل العدو . قال عمر بن الخطاب رضي الله عنه (لست بالخب ولا الخب يخدعني)، فأول الاحتياطات الأمنية أن تؤمن جميع الاتصالات ببرامج موثوقة!!!
هناك عدة برمجيات تقوم بوظيفة الإخفاء ، (مثلاً : برامج للإتصالات السرّية تقوم بإخفاء الأسرار داخل الصور) ، ولكن أكثرها له برمجيات مضادة تستطيع الكشف عن احتمال وجود رسائل سرية.
وفي أكثر الحالات فإن إدعاء البرامج قدرتها على إخفاء المعلومات هو محض كذبٍ وخداع، وهذا ينبهنا أنه لا يجب استخدام أي برنامجٍ نقل سري أو تشفير للمعلومات من دون أن يكون لدينا تحليل ٌ تفصيلي دقيق لعمل البرنامج يبين قدراته وإمكانيات فشله أو إحباط مهمته.
و لهذا لا يجب استخدام البرامج الغربية فهي خداع محض، وكلها لها نوع من التوقيع (Signature) يكشف مثلاً أن الوسيط (صورة) وتم تعديله ببرنامج معين يدل عليه!!!
الإخفاء المتقدم يدمج عدة تقنيات متطورة بكفاءة عالية منها:
1- ضغط البيانات بنسب عالية
2- تشفيرها بخوارزمية 2048 بت
3- إخفائها
يمكن إخفاء رسائل قصيرة داخل ملفات صوتية قصيرة ، ومن برامج الإخفاء ما يستغلُّ عدداً محدوداً من طبقات الألوان الأساسية محاولاً الإفلات من احتمال كشف أي تغييرٍ عن طريق تحليل الإخفاء الذي يعتمد على التوزيع الإحصائي للألوان. وتقوم برامج أخرى بإخفاء البيانات أو الرسائل عن طريق استغلال أحدث التقنيات في عالم هندسة الاتصالات لتفلت من جميع الإجراءات المضادة لتحليل الإخفاء.
كما يجب اختيار مناطق الإخفاء سواء داخل الصور الفوتوغرافية أو الصور الطبيعية أو مقاطع الصوت أو الفيديو ضمن نطاقات الطيف العريض(Spread Spectrum) المناسبة التي يعجز التحليل البصري أو السمعي بالإضافة للتحليل الإحصائي عن الكشف عن احتوائها على رسائل خفية، مما يجعل الإخفاء يستحق بجدارة هذا الاسم وينفرد بنقل المعلومات السرية دون أن تراها الأبصار. قال الله تبارك و تعالى في سورة الحاقة: ((فلا أقسم بما تبصرون و ما لا تبصرون)).
مصطلحات
Steganography علم الإخفاء
(Steganos graphy) علم الإخفاء
Steganalysis تحليل الإخفاء
Multi-media وسائط متعددة
Digital رقمي
Morse Code شيفرة مورس
Digital Communication إتصالات رقمية
Digital Signal and Image Processing معالجة الإشارة و الصور الرقمية
Watermarking العلامة المائية
LSB البت ذي الدلالة الصغرى
(Least Significant Bit) البت ذي الدلالة الصغرى
MSB البت ذي الدلالة الكبرى
(Most Significant Bit) البت ذي الدلالة الكبرى
Pixel عنصور
(Picture element) عنصر صورة
Grayscale السلم الرمادي
Message Digest version 5 هضم الرسالة: تقنية خاصة بتشفير كلمة السر
(MD 5) هضم الرسالة: تقنية خاصة بتشفير كلمة السر
Byte ثمانية (بضم الثاء و تشديد الياء)
Bit بت
Hexadecimal سداسي عشري
Editor محرر
Concatenation الالصاق او الالحاق
Digital Fingerprint البصمة الرقمية
Data Redundancy تكرار بياني
Histogram) Frequency distribution of RGB) ( هيستوغرام) رسم بياني لتوزيع الالوان الترددي
One Way Encryption تشفير أحادي الإتجاه
Discrete Cosine Transform Coefficients معاملات التحويل الجيبي المتقطع
Enhanced LSB Layers Analysis التحليل الطبقي
Visual Analysis التحليل البصري
Statistical Analysis التحليل الإحصائي
المصدر : (منقول)
UAE cyber crimes law
04/30/2007 10:37 AM | Gulf News Report
Abu Dhabi: President His Highness Shaikh Khalifa Bin Zayed Al Nahyan has issued a federal law on combating cyber crimes.
* Law No.2 of 2006, issued last month, includes 29 articles, and shall take effect from the date of its issuance, and is to be published in the official gazette.
* Article No.2 considers any intentional act resulting in abolishing, destroying or revealing secrets or republishing personal or official information, as a crime. It says anyone convicted of logging onto information website or system shall be punished with jail term, or fine, or both. If the act resulted in abolishing, destroying, or revealing, changing or republishing information, he/she shall be sentenced to no less than six months in jail and be fined, or both. If such information are personal, a fine of not less than Dh10, 000 shall be imposed, and a jail term of not less than one year shall be handed out to the convict, or both punishments.
* The law also reads that anyone convicted of stimulating a male or female to commit adultery or prostitution via the Internet will be jailed up to five years and fined.
* Anyone convicted of abusing holy shrines or religious rituals or insulting them or inciting others to do so, shall be sentenced to five years in jail and be fined.
* Anyone convicted of opposing the Islamic religion will be jailed up to seven years. Anyone convicted of transcending family principles and values shall be jailed for one year and fined Dh50, 000. Anyone convicted of setting up a website for groups promoting programmes in breach of public decency and order shall be sentenced to five years in jail.
* Article No.3 reads that anyone convicted of committing any crimes stipulated in Article No.2 of this law, shall be sentenced to no less than one year in jail, and fined not less than Dh20, 000, or both.
* Article No.4 says anyone convicted of forging any document of Federal or local government?s documents, or any of federal or local institutions, shall be temporarily imprisoned, and fined, or both.
* Anyone convicted of using the forged document with knowledge it is forged, shall be handed out the stipulated punishment for forgery crime. Article No.5 of the law reads anyone convicted of hampering, blocking or preventing the reach of service or logging onto computer programmes, or information sources with any possible means whether via the use of internet or any information technology mean, shall be punished with a jail term, or a fine, or both.
* Article No.6 says anyone convicted of inserting certain information via the internet or using any IT or electronic mean for the purpose of stopping or breaking down, or destroying, deleting or amending programmes and information, shall be either jailed or fined, or both.
* Article No.7 says anyone convicted of using the internet or any electronic or IT means for changing or destroying medical tests or medical diagnosis, or medical treatment or healthcare, or even assisted others to do it, shall be temporarily jailed or fined.
* Article No.8 says anyone convicted of deliberately eavesdropping, or receiving or intervened information or messages sent via the internet by using any electronic or high-tech means, shall be jailed or fined.
* Article No.9 says anyone convicted of using the internet or any other high-tech means for threatening or black mailing another person, to incite him to carry out an act or not, shall be sentenced to no more than two years in jail and fined no more than Dh50, 000, or both.
* Anyone convicted of using the internet for threatening or black mailing another person, to incite him to commit lewd acts or honour crimes, shall be sentenced up to 10 years in jail and fined Dh50, 000.
* Article No.10 reads that anyone convicted of putting his hands on immovable funds, or a document to sign for himself or others, by using the internet or any high-tech means in a fraudulent way or by taking a nick name or assuming the identity of others with intent to defraud, shall be sentenced to no less than one year, and fined no less than Dh30, 000, or both.
* Article No.11 reads that anyone convicted of reaching data of credit card or any other electronic cards by the use of the internet or any high-tech means, shall be imprisoned and fined. If the act takes place with intent to use credit or electronic cards to get other?s money or their available services, the convict shall be jailed for no less than one year, and fined no less than Dh30, 000, or one of each punishments.
* Article No.12 says anyone convicted of producing, preparing, sending, or saving information with intent to exploit, distribute or providing others with information that causes harm to public decency, via the internet or high-tick means, shall be sentenced to no less than six months in jail and fined no less than Dh 30, 000.
* Article No13 says anyone convicted of inciting or luring a male or female to commit adultery or prostitution, by using the internet or high-tech means, shall be imprisoned and fined. If the victim is a juvenile, a jail term of no less than five years and a fine shall be imposed.
* Article No14 says anyone convicted of logging onto a website with intent to change the designs of this site, deleting it, amending its information, or taking its address, shall be jailed and fined.
* Article No.15 stipulates that anyone convicted of using the internet or high-tech means for the purpose of committing the following crimes, shall be imprisoned or fined.
* The crimes are as follows:
* 1-Abuse of any Islamic holy shrines or rituals
* 2- Abuse of holy shrines and religious rituals stipulated in other religious since such rituals are maintained in accordance to the rulings of Islamic Sharia
* 3- Insulting any recognised religion
* 4- 4-Inctiment or promotion of sins
* If anyone convicted of opposing the Islamic religion, or abusing its principles, or carrying out any missionary activities for the benefit of other religions, he should be sentenced to more than seven years in jail.
* Article No16 reads that anyone convicted of transcending family principles and values, or publishing news or pictures related to the private life of the family?s members, shall be jailed for no one year and fined Dh50, 000.
* Article No.17 stipulates that anyone convicted of setting up a website, or publishing information vi the internet or any other cyber means for the purpose of trafficking in human beings or facilitating human trafficking, shall be temporarily imprisoned.
* Article No.18 reads that anyone convicted of setting up a website or publishing information with the aim of promoting narcotics shall be temporarily jailed.
* Article No.19 says anyone convicted of transferring dirty money or concealing their sources, or transferring illegal properties via the use of internet or other cyber means, shall be sentenced to no more than seven years and a fine of no less than Dh30, 000 and up to Dh200, 000.
* Article No.20 reads anyone convicted of setting up a website or publishing information for groups calling for facilitating and promoting ideas in breach of the general order and public decency, shall be sentenced to nor more than five years in jail.
* Article No.21 says anyone convicted of setting up a website or publishing information for a terrorist group under fake names with intent to facilitate contacts with their leadership, or to promote their ideologies and finance their activities, or to publish information on how to make explosives or any other substances to be used in terrorist attacks, shall be sentenced to no more than five years in jail.
* Article No22 reads anyone convicted of logging onto government websites with intent to obtain secrete information shall be sentenced to jail. If the practice resulted in deleting, destroying or publishing such information, the convict shall be sentenced up to five years in jail.
* Article No.23 says anyone convicted of inciting, or assisting or agreed with other person to commit a crime of crimes stipulated in this law, he shall be punished with the same punishment stipulated in the law.
* Article No.24 says with no prejudice to others? rights, all devices, programmes and means used in committing any of the previous mentioned crimes will be confiscated.
* Article No.25 stipulates if the convict is an expatriate, he shall be deported after serving his term.
* Article No.26 says the implementation of penalties stipulated in this law does not contradict any other tougher punishment stipulated in the penal Code or any other laws.
* Article No.27 says law-enforcement officials are allowed to catch criminals and report violations.
* Article No28 says any provision contradicts the provisions of this law shall be abrogated.
* Article No.29 says this law shall take effect from the date of its issuance, and is to be published in the official gazette.
Online banking with Apache Geronimo and Axis2
Laying down the frameworkDive deep into the intricacies of using Apache Geronimo and Axis2 to build a complex Web services application. This three-part tutorial series walks you through building an example online banking Web service, documenting each step of the process so new users can quickly grasp the concepts and build a complete Web service and Web-interface client that connects to and communicates with the Web service. In the first installment, you get acquainted with the example Web service and the Web services that use WSDL, build and compile a WSDL file, and test and deploy it on Geronimo.
Online banking with Apache Geronimo and Axis2
Part 2: The service: Filling in the guts
Continue getting to the heart of using Apache Geronimo and Axis2 to build a complex Web services application. Part 2 of this three-part tutorial series walks you through setting up the Apache Derby database in preparation for the example online banking application. You'll create a client Web application to call operations implemented in the Web service, and you'll fully test the Web service with the client application. 28 Mar 2006
Online banking with Apache Geronimo and Axis2
Using the Web serviceTime to complete your example online banking application. In this final installment of the three-part tutorial series, you'll use Apache Geronimo, Axis2, and the Web service you built in Part 1 and Part 2 to create a user interface (UI) that will allow users to view and modify their personal banking data. 04 Apr 2006
Introduction:
Digital Rights Management , what a term !
Digital Rights Management is the term being used for companies to take control of your computer and drive it in the roads they want you to go !
Event :
French Parilament is Currently Discussing the DRM scheme :
If France bans device-specific digital music and video downloads, companies like Apple would presumably need to alter technology to allow content from Web sites to play on competitive devices. This movement toward interoperability could eventually become global, and could loosen Apple's stranglehold on the digital music player market.
Story :
In an interview last week with the International Herald Tribune, Renaud Donnedieu de Vabres, the French minister of culture, said: "I have absolutely nothing against iTunes, and this is not some payback or protectionism against a foreign company."
He continued, "We are simply defining a fundamental value and principle that I believe will be demanded by Internet users and consumers."
InterOperability : Music Playing Programs Shuold Be Able To Play The Songs
Industry sources speculated that the proposed regulation, if enacted, might force Apple to cease digital music sales in France, or STOP its "digital rights management" scheme of encoding music in such a way that only Apple iPods can play the songs and music it puts in its iTunes website.
If the two houses of the French Parliament stand with the rights of the people of France, then the U.S. Commerce Department will back Apple Computer Inc. in the dispute that will be a good story to follow.
Comment:
Apple Computer Inc. is rotten and very rotten indeeed. It is technology was one day good, not any more, and the reason is simple : GREED
Related resources:
This PolicySettings.xls file is a spreadsheet that contains almost everything an active administrator needs in order to set up an effective security policy ,with extensive manual control.
PolicySettings.xls File Size = 3.86 MB (4,050,432 bytes)
AES
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm (Rijndael, designed by Joan Daemen and Vincent Rijmen, published in 1998) that may be used by US federal departments and agencies to cryptographically protect sensitive information. TrueCrypt uses AES with 14 rounds and a 256-bit key (i.e., AES-256, published in 2001) operating in LRW mode. In June 2003, after the NSA (US National Security Agency) has conducted a review and analysis of AES, the U.S. CNSS (Committee on National Security Systems) announced that the design and strength of AES-256 (and AES-192) are sufficient to protect classified information up to the Top Secret level. This is applicable to all U.S. Government Departments or Agencies that are considering the acquisition or use of products incorporating the Advanced Encryption Standard (AES) to satisfy Information Assurance requirements associated with the protection of national security systems and/or national security information.
Blowfish
Designed by Bruce Schneier in 1993. Blowfish is unpatented, license-free, and available free for all uses. TrueCrypt uses Blowfish with 16 rounds and a 448-bit key operating in LRW mode.
CAST5
CAST5, alias CAST-128, was designed by Carlisle Adams and Stafford Tavares, and published in 1997. It uses a 128-bit key, 64-bit block, and operates in LRW mode.This encryption algorithm is described in U.S. patent number 5,511,123. However, CAST5 is royalty-free both for commercial and non-commercial uses. It is also one of the encryption algorithms that are officially used by the Canadian government to cryptographically protect sensitive (unclassified) information.
Serpent
Designed by Ross Anderson, Eli Biham, and Lars Knudsen; published in 1998. It uses a 256-bit key, 128-bit block, and operates in LRW mode. Serpent was one of the AES finalists. It was not selected as the proposed AES algorithm even though it appeared to have a higher security margin than the winning Rijndael . More concretely, Serpent appeared to have a high security margin, while Rijndael appeared to have only an adequate security margin . Rijndael has also received some criticism suggesting that its mathematical structure might lead to attacks in the future . The Twofish team presents a table of safety factors for the AES finalists. Safety factor is defined as: number of rounds of the full cipher divided by the largest number of rounds that has been broken. Hence, a broken cipher has the lowest safety factor 1. Serpent had the highest safety factor of the AES finalists: 3.56 (for all supported key sizes). Rijndael-256 had a safety factor of 1.56 and Rijndael-128 had the lowest safety factor of the finalists: 1.11. In spite of these facts, Rijndael was considered an appropriate selection for the AES for its combination of security, performance, efficiency, implementability, and flexibility. At the Second AES Candidate Conference, Rijndael got 86 votes, Serpent got 59 votes, Twofish 31 votes, RC6 23 votes and MARS 13 votes. These are positive votes. If negative votes are subtracted from the positive votes, the following results are obtained: Rijndael: 76 votes, Serpent: 52 votes, Twofish: 10 votes, RC6: -14 votes, MARS: -70 votes.
Triple DES
Triple DES (TDEA), published in 1978, is three iterations (encrypt-decrypt-encrypt) of the DES cipher designed by IBM and NSA (in 1976). Triple DES operates in LRW mode. Three independent 56-bit keys are used (1 per iteration). DES has known weak keys. A TrueCrypt Wizard detects and reports a weak keys, and prevents it from being used (a new key will have to be generated). Note that this cipher is very slow.
Twofish
Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson; published in 1998. It uses a 256-bit key and 128-bit block and operates in LRW mode. Twofish was one of the AES finalists. This cipher uses key-dependent S-boxes. Twofish may be viewed as a collection of 2128 different cryptosystems, where 128 bits derived from a 256-bit key control the selection of the cryptosystem. the Twofish team asserts that key-dependent S-boxes constitute a form of security margin against unknown attacks.
AES-Twofish-Serpent
Three ciphers in a cascade operating in LRW mode of Operation. Each 128-bit block is first encrypted with Serpent (256-bit key), then with Twofish (256-bit key), and finally with AES (256-bit key). Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent as well, even though they are derived from one password (Header Key Derivation, Salt, and Iteration Count). AES-Twofish-Serpent employs individual cascaded ciphers.
Serpent-AES
Two ciphers in a cascade operating in LRW mode. Each 128-bit block is first encrypted with AES (256-bit key) and then with Serpent (256-bit key). Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent as well, even though they are derived from one password – see Header Key Derivation, Salt, and Iteration Count).Serpent-AES employs individual cascaded ciphers.
Serpent-Twofish-AES
Three ciphers in a cascade operating in LRW mode. Each 128-bit block is first encrypted with AES (256-bit key), then with Twofish (256-bit key), and finally with Serpent (256-bit key). Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent as well, even though they are derived from one password – see Header Key Derivation, Salt, and Iteration Count). Serpent-Twofish-AES Employs individual cascaded ciphers.
