Conventional Encryption Model

Plaintext is an original text / data which will be converted into a random nonsense text called ciphertext in order to prevent the original message being read by the people out of the recipient. The encryption process consists of an algorithm that produce a different output depending on the specific key being used at the time and a key which value is independent of the plaintext and shared by sender and recipient. The ciphertext can be transformed back to the original plaintext by using a decryption algorithm and the same key that was used for encryption. The security of conventional encryption depends on the secrecy of the key, not the secrecy of the algorithm. It is impractical to decrypt a message based on the ciphertext plus knowledge of the encryption/decryption algorithm. The principal security problem is maintaining the secrecy of the key.

Security of conventional encryption depends on several factors:

-. The encryption algorithm must be impractical to decrypt a message on the basis of the ciphertext and knowledge of the encryption/decryption algorithm.

-. Secrecy of the key

  

Referring to the image above, message (X) will be encrypted using algorithm key (K) and the encryption process will produce the ciphertext (Y).

            Y = E_K(X)

While the recipient  will decrypt the ciphertext (Y) into message (X) using the same algorithm key (K) as the key used to encrypt.

            X = D _K(Y)

Depth First Search (DFS) & Breath First Search (BFS)

Depth-First Search (DFS)

Pencarian dilakukan pada satu node dalam setiap level dari yang paling kiri. Jika pada level yang paling dalam, solusi belum ditemukan, maka pencarian dilanjutkan pada node sebelah kanan. Node yang kiri dapat dihapus dari memori. Jika pada level yang paling dalam tidak ditemukan solusi, maka pencarian dilanjutkan pada level sebelumnya. Demikian seterusnya sampai ditemukan solusi. Jika solusi  ditemukan maka tidak diperlukan proses backtracking (penelusuran balik untuk mendapatkan jalur yang dinginkan).

Kelebihan DFS adalah:

• Pemakain memori hanya sedikit, berbeda jauh dengan BFS yang harus menyimpan semua node yang pernah dibangkitkan.

• Jika solusi yang dicari berada pada level yang dalam dan paling kiri, maka DFS akan menemukannya secara cepat.

Kelemahan DFS adalah:

• Jika pohon yang dibangkitkan mempunyai level yang dalam (tak terhingga), maka tidak ada jaminan untuk menemukan solusi (Tidak Complete).

• Jika terdapat lebih dari satu solusi yang sama tetapi berada pada level yang berbeda, maka pada DFS tidak ada jaminan untuk menemukan solusi yang paling baik (Tidak Optimal).

Breadth First Search(BFS)

Merupakan algoritma yang melakukan pencarian secara melebar yang mengunjungi simpul secara preorder yaitu mengunjungi suatu simpul kemudian mengunjungi semua simpul yang bertetangga dengan simpul tersebut terlebih dahulu. Selanjutnya, simpul yang belum dikunjungi dan bertetangga dengan simpul-simpul yang tadi dikunjungi, demikian seterusnya. algoritma BFS menggunakan graf sebagai media representasi persoalan, tidak sulit untuk mengaplikasikan algoritma ini dalam persoalan-persoalan teori graf.

Cara Kerja Algoritma BFS

Dalam algoritma BFS, simpul anak yang telah dikunjungi disimpan dalam suatu antrian. Antrian ini digunakan untuk mengacu simpul-simpul yan bertetangga dengannya yang akan dikunjungi kemudian sesuai urutan pengantrian.

Untuk memperjelas cara kerja algoritma BFS beserta antrian yang digunakannya, berikut langkah-langkah algoritma BFS:

1. Masukkan simpul ujung (akar) ke dalam antrian
2. Ambil simpul dari awal antrian, lalu cek apakah simpul merupakan solusi
3. Jika simpul merupakan solusi, pencarian selesai dan hasil dikembalikan.
4. Jika simpul bukan solusi, masukkan seluruh simpul yang bertetangga dengan simpul tersebut (simpul anak) ke dalam antrian
5. Jika antrian kosong dan setiap simpul sudah dicek, pencarian selesai dan mengembalikan hasil solusi tidak ditemukan
6. Ulangi pencarian dari langkah kedua

The Definition and Use Of X-800 & RFC 2828

X-800 is an extention recommendation of the recommendation X-200 which describes the reference model for Open System Interconnection (OSI). It establishes a framework for coordinating the development of existing and future recommendations for the system interconnection. The objective of OSI is to permit the interconnection of heterogeneous computer systems so that communication between application process may be achieved. At various times, security controls need to be built in order to protect the information exchanged between application processes,but by doing so the cost and time of obtaining and modifying data will be greater than the potential value of the informations.
This recommendation defines the general security related architectural elements for which protection of communication between open system is required. It establishes within the framework of reference model, guidelines and constraints to improve the existing recommendation in order to allow secure communications.

X-800 provides a general description of security services and related mechanisms and defines the positions within the reference model where the services and mechanisms may provide.

The OSI security architecture provides a useful overview of many concepts that take eyes on the mechanisms, services and security attacks which can be described as following :
•    Security Attack        : any action that compromises the security of information owned by somebody including unauthorized reading of a message of file and traffic analysis.
•    Security Mechanism    : any process that designed to detect or preventing a security attack to be held.
•    Security Service    : a process of enhancing / improving the security of data processing system and information exchange between application processes.

In this literature, the term threat and attack are commonly used to have similar definitions but here we try to provide definitions of threat and attack according to RFC 2828 :
•    Threat
A potential violation of security which exist when there is an action or event that could breach security and cause harm.
•    Attack
An intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system.

According to X-800 standards, there are 8 security dimensions addresses to network vulnerability :
1.    Access control  
2.    Authentication
3.    Non – repudiation
4.    Data consistency
5.    Communication security
6.    Data integrity
7.    Avaliabity
8.    Privacy

X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers.The following are considered to be the security services which can be provided optionally within the framework of OSI reference model.

1.    Authentication
These services require authentication information compromising locally stored information and data for authenticating.
-. Peer Entity Authentication : this service is provided for use at the establishment or during data transfer phase of a connection to confirm the identities of one or more of the entities connected to one or more of the other entities.
-. Data Origin Authentication : this service provides the corroborations of the source of a data unit, it doesn’t provide protection against duplication or modifications of data units.

2.    Access Control
Provides protection against unauthorized use of the resources accessible via OSI, may be applied to various type of access to a resource.

3.    Data Confidentiality.
Provides the protection of data from unauthorized disclosure using these methods : connection confidentiality, connectionless confidentiality, selective fields confidentiality, traffic flow confidentiality.

4.    Data Integrity
This service counter active threats, at the start of the connection using the peer entity authentication service and the data integrity service during the life of the connection can provide the detection of duplication of data units.

5.    Non – Repudiation
This service is divided into 2 types :
1.    Non – repudiation with proof of origin : the recipient is provided with proof of the origin data , this will protect any attempt by the sender to falsely deny sending the data or its contents.
2.    Non – repudiation with proof of delivery : the sender is provided with proof of delivery, this will protect against any subsequent attempt by recipient to falsely deny receiving the data or its contents.

Specific Security Mechanisms
The following mechanisms may be incorporated into the appropriate layer in order to provide some of the service :
1.    Encipherment
2.    Digital signature mechanism
3.    Access control mechanism
4.    Data integrity mechanism
5.    Authentication exchange mechanism
6.    Traffic padding mechanism
7.    Routing control mechanism
8.    Notarization mechanism

Pervasive Security Mechanisms
This mechanism describes a number of mechanisms which are not specific to any particular service, they are not explicitly described as being in any particular layer but some can be regarded as aspects of security management directly related to the level of security required.
1.    Trusted functionality
2.    Security labels
3.    Event detection
4.    Security audit trail
5.    Security recovery