Prabith's Blog

Cybersecurity Shenanigans - A 2022 Recap

Sat, 31 Dec 2022 22:16:30 GMT

As a security researcher with Traboda Cyberlabs, I have always been fascinated by the constantly evolving world of technology and how it can be used to protect against cyber attacks and malware. In 2022, I had the opportunity to delve deeper into these topics and learn a lot about the latest threats and techniques used by hackers.

However, before I dive into my experiences in 2022, I want to take a moment to reflect on the previous year, 2021. It was a challenging year for me, filled with a lot of losses and difficult moments. It was a year that tested my strength and resilience, and at times it felt like everything was working against me.

But despite the challenges, I refused to let 2021 define me. I decided to use the difficulties as an opportunity to grow and learn from my experiences. And in 2022, I was fortunate enough to meet some truly remarkable people who helped me along my journey.

One of the highlights of my year was the deep conversations I had with my mentor, Vipin Pavithran. One topic that we often explored in our conversations was the history of India. Vipin sir has a wealth of knowledge in this area along with cyber security industrial, and I always found it fascinating to hear his insights and perspectives on different historical events and periods. He would share stories and anecdotes about India’s rich history, and these conversations helped me gain a deeper understanding and appreciation of the country’s past. As I reflect on my journey as a security researcher in 2022, I am filled with a sense of gratitude and accomplishment. It was a year filled with challenges and opportunities, and I was fortunate to have the support and guidance of people like Vipin sir, who constantly mentored me whenever I was confused while making a decision.

I had also participated in several Capture the Flag (CTF) events with team bi0s. These events were a great way for me to test my skills and learn about different techniques and attacks used in the field of cybersecurity.

I had also participated in the Google Hash Code, a programming competition organized by Google. It was an incredible experience and I was thrilled to have been able to make it into the top 500 globally with 2809242 points. The Google Hash Code was a great opportunity for me to test my skills and see how I stacked up against other programmers from around the world. It was a challenging competition, but I was determined to give it my all and see how far I could go.

One of the highlights of my career in 2022 was the opportunity to attend nullcon, a cybersecurity conference held in Goa, India. It was an amazing experience and I learned so much from the professionals and experts who were in attendance.

Not only did I have the chance to listen to some truly inspiring talks and presentations, but I also had the opportunity to connect with some truly great people who have excelled in the field of cybersecurity. It was an incredible networking opportunity and I made some connections that I know will last a lifetime.

But the conference itself wasn’t the only memorable experience I had in Goa. I also went on a road trip of about 350 km to drink a 10 rupee coffee at a small café in the middle of nowhere at midnight. It was a truly unique and memorable experience, and one that I will never forget lol.

One of the most rewarding aspects of my job is the opportunity to connect with other professionals in my field. Through LinkedIn, I was able to connect with a lot of amazing people and have some truly insightful conversations with them. I even received job offers from tech giants like Google and Microsoft, but ultimately decided to focus on improving my skills for the time being.

In addition to my professional pursuits, I also had the opportunity to meet some great people and make some new friends in 2022. It’s always refreshing to have a supportive network of people who you can rely on and turn to for advice and guidance. I was fortunate to meet some truly remarkable individuals who added so much value to my life and taught me a lot about myself and the world around me.

These people are more than just friends to me - they are my support system and my rock. They have been there for me through the highs and lows, and have always been willing to listen and offer guidance and support. They understand me in a way that few others do, and I am grateful to have them in my life.

Overall, 2022 was a fantastic year for me. I was able to learn a lot, grow as a professional, and experience some truly unexpected good moments. I’m grateful for all of the opportunities that came my way and am excited to see what the future holds.

As I reflect on the past year, I can’t help but feel a sense of accomplishment and pride in all that I’ve learnt and achieved. It’s not always easy to navigate the world of technology and cybersecurity, but with determination, I was able to make a real impact in my field.

I’m excited to see what the future holds and am looking forward to continuing to learn and grow as a security researcher. There’s always so much more to learn and discover, and I can’t wait to see what new challenges and opportunities come my way.

Thank you for reading my blog post and I hope you enjoyed learning a little bit more about my life and my journey as a security researcher. Until next time!

Towards the reliability of PRNU based scanner identification for securing authentication in IIoT

Wed, 10 Aug 2022 22:12:03 GMT

ABSTRACT

Biometric authentication generally proves more secure than traditional methods of authentication but still, hacking into a biometric authenticated system is possible. Securing the devices using another layer of protection along with biometric authentication and PRNU makes it more secure. Photo Response Non Uniformity (PRNU) is the difference between a sensor’s actual response and the uniform response when uniform light is falling on it.

The cyberattacks against the Ukrainian power utilities in December 2015 were unusual in that actual harm was done. However, there is a lot of proof that organisations’ operating systems have been infiltrated widely.

Following a series of cyberattacks on three local energy firms, significant portions of the Ukrainian populace experienced power outages over the 2015 holiday season. The identity of the hackers is still unknown despite being commonly believed to be from Russia because identification in these cases is difficult. However, the primary attack vector — a well-known trojan called Black Energy — has been definitively established.

The specifics of how the operational systems of the Ukrainian power firms were penetrated serve as an informative case study highlighting the complexity of today’s cyberattacks and the susceptibility of organisations participating in the Industrial Internet of Things (IIoT).

Related Work

In accordance with the thesis written by Jan Lukáš, Jessica Fridrich, and Miroslav Goljan, Which proposes the authentication of the image using PRNU, In a court setting, identifying the source of photos given as evidence would be extremely helpful if the equipment used to capture a specific digital image could be accurately identified. This research paper discusses a new approach to the issue of digital camera identification from its images based on the sensor’s pattern noise. The photo-response non-uniformity noise and the fixed pattern noise (FPN) are the two primary elements of the pattern noise (PRNU). FPN refers to a certain noise pattern on digital imaging sensors that is frequently seen during longer exposure shots and occurs when some pixels are prone to producing greater intensities than the average intensity. Only a minor portion of the pattern noise is the fixed pattern noise. The pixel non-uniformity noise brought on by varied pixel light sensitivity is another, much stronger, component that better withstands processing. Ambient temperature or humidity have no impact on PNU noise. The output from the scanner is represented as where I0 is the noise-free version of the output image IR, P is the camera PRNU fingerprint and theta independent random noises.

This study also discusses several flaws that inevitably enter the image acquisition process and provides a brief description of the processing processes inside a typical digital camera. Analyse the pattern noise and its characteristics to determine which elements are most likely to be helpful in identifying cameras.

A technique known as flat fielding, which involves first correcting the pixel values for the additive FPN and then dividing them by a flat field frame, can be used to reduce the pattern noise.

The noise is then achieved using a denoising filter F to the image IR, The author have used the wavelet-based denoising filter. The PRNU fingerprint,P̂ is generated by computing maximum likelihood estimate

We compute the correlation C between the camera reference pattern and the noise residual n = p - F(p) to determine if an image p was captured by camera C.

According to the thesis, “Securing Remote User Authentication in Industrial Internet of Things ”, User authentication is crucial to Industrial Internet of Things security. Many of the current authentication methods, however, are open to numerous attacks. In the referenced paper, They presented a strong user authentication scheme that uses fingerprint recognition and photo response non-uniformity to secure IIoT. PRNU-based authentication minimizes the attack surfaces by assisting in the demonstration of the user’s device’s ownership. The proposed method uses hardware and user fingerprints to successfully thwart phishing and spoofing attacks. Even though they only ran a small-scale experiment to demonstrate PRNU’s effectiveness, we still managed to get results that have the potential to greatly enhance IIoT security.

The study suggests a pixel PRNU-based unified framework for both device identification and integrity verification. Both tasks begin with estimating the PRNU using a maximum-likelihood estimator that is created from a condensed model of the sensor data. The maximum likelihood estimator for the PRNU is derived, and the results highlight the need for pre-processing the estimated signal to get rid of some systematic patterns that could increase the number of false alarms in device identification and the number of missed detections in integrity verification. Some malicious changes in the image may preserve the PRNU, such as changing the colour of a stain to a blood stain. Such manipulations will not be detected using this method.

Solution Approach

To guarantee that linked IoT devices can be trusted to be who they say they are, strong IoT device authentication is needed. As a result, each IoT device requires a special identity that can be verified during connection attempts to a gateway or central server. Whether we realise it or not, biometrics are becoming more and more crucial to how we perform daily chores. As time goes on, the use of biometrics will increase and many of us will utilise them automatically to access a variety of goods and services that we use on a regular basis.

In today’s era, Cyber Authentication enables organizations to keep their networks secure by permitting only authenticated users or processes to gain access to their protected resources. There are many different cyber security techniques, and each has its own difficulties. We need to develop a solution that overcomes the limitations of existing approaches. The raw data is encrypted before being delivered over the channel in order to guarantee the authentication of the authorised user. Therefore, there ought to be specialised techniques that can stop attacks like 3D spoofing.

Issues include:

(1) the resistance to impersonation attacks; (2) the irrevocability of biometric templates; and (3) guarantee that personal information remains private

We need to make the IIot (Industrial Internet of Things) applications more secure when it comes to authentication and security to safeguard the critical information.

Biometric Charectristics	Finger	Facial	Iris	Hand	Retina	Signature	Password
Universality	High	High	High	Mid	High	low	low
Distinctiveness	High	low	High	mid	High	low	low
Permanence	High	mid	High	mid	mid	low	low
Collectability	mid	High	mid	High	low	High	low
Performance	High	low	High	mid	High	low	low
Acceptability	High	High	low	mid	low	High	low
Circumvention	mid	High	low	mid	low	High	low

Security — security-wise, it is a vast improvement on passwords and identity cards. Fingerprints are much harder to fake, they also change very little over a lifetime, so the data remains current for much longer than photos and passwords. They are simple and straightforward to utilise for the user. No more having trouble recalling your previous password or getting locked out because you forgot your photo ID at home. Your fingerprints are always with you.
Non-transferable — fingerprints are non-transferrable, ruling out the sharing of passwords or ‘clocking in’ on behalf of another colleague. This allows for more accurate tracking of workforce and provides additional security against the theft of sensitive materials. Increased accountability at work is another benefit of utilising fingerprint recognition. Biometric evidence that you were present when a scenario or occurrence occurred is difficult to dispute and can be used as proof, if necessary.
Cost effective — from a technology management perspective, fingerprint recognition is now a cost-effective security solution.Small, portable scanners provide a high degree of precision and are simple to set up.

With regards to our analysis from the above table, We had come to a conclusion that fingerprint authentication can be the best bio-metric authentication suitable to integrate with PRNU.

Security experts have been particularly worried about the risks associated with fingerprint authentication. So, a new tool to identify fake images has lately been introduced: the Photo-Response Non-Uniformity . Significant research has been done and is being done in the area of bio-metric authentication security.

Here we aim at checking the reliability of the authentication by integrating PRNU and fingerprint authentication with a larger database. So we’ve developed a Python tool for checking the authenticity of the fingerprint and device using PRNU. That is, If the fingerprint matching score (x) x > 60, It checks for the PRNU PCE (y) value. If y > 60, then the user gets authenticated else the tool denies access.

Experiment Set-up

The experiment setup includes a biometric fingerprint sensor module connected to Raspberry Pi 3 Model B using PL2303HX 3.3v/5v TTL (Transistor-Transistor Logic) Logic Level USB Serial Port Adapter. We use the source identification algorithm presented in “Determining Image Origin and Integrity Using Sensor Noise” to test the fingerprint images. Peak to Correlation Energy(PCE) which is a ratio that is the squared correlation divided by the sample variance of the circular cross-correlations is used as the similarity metric for identifying the source scanner or biometric fingerprint scanner in the Python source code.

Experiment and Performance Evaluation

To verify the reliability of an existing method which combines PRNU with Biometric fingerprint . First to verify the fingerprint, the fingerprint scanner capture an image of the fingerprint being scanned and make sure the pattern matches the one in the database. To verify if a fingerprint picture belongs to a particular scanner, we correlate the image’s PRNU in opposition to that scanner’s reference fingerprint extracted from at least six images. When two separate sources are compared, PCE values are close to zero for unauthentic photos. The PRNU matching is carried out principally based totally on a PCE threshold charge of forty. Authentic devices could be identified from the fingerprint image. We made the setup and verified the reliability of the PRNU and fingerprint authentication tool.

Conclusion

Despite numerous user authentication techniques, attackers continue to find a way. To sharpen the security we put forward usage of PRNU based scanner identification. In this paper, by carrying out the experiment we have verified the reliability of the technique which combines Photo Response Non-Uniformity and fingerprint biometrics. This technique prevents several types of attacks such as 3D spoofing and also helps to verify the device thus providing more security.

Malware analysis on Agent Tesla

Wed, 22 Jun 2022 22:12:03 GMT

Static analysis of agent tesla - 1

Identified obfuscated strings

From these, we have identified that it uses obfuscation and also uses DigiCert i.e Digital Certificates As we have understood, it is compiled using C# or .Net. So, we have used DNSpy which is a reverse engineering tool.

On static analysis of the malware, 1st Stage Malware (use of LoadLibraryA and GetProcAddress )

From this, we can say that Malware uses LoadLibraryA and GetProcAddress where LoadLibraryA are responsible for for loading a module specified as parameter into the address space of the calling process. In conjunction with that, GetProcAddress retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). Here, it also performs String Replacement/Obfuscation.

DYNAMIC ANALYSIS OF 1st Stage So, we perform Dynamic Analysis by execution. In this case, we have initially disabled the network interface and identified the following:

From this, we have understood that if Internet or network interface is disabled, it results in Connection Error or Fatal Error and it retries continuously to connect to the network. So, we have created a dummy XAMPP Server where we have added the pastebin and hastebin IP address to the localhost to have a fake network available.

Wireshark: Malware trying to access hastebin and digicert at 127.0.0.1 as we have modified the host’s file Also, Task Manager Identified that the malware is running. Malware trying to access mscore.dll,machine config and other HKLM registers. Malware working under Explorer.exe and having multiple child processes running. From this dynamic analysis, we have identified that as soon as malware executes, it looks to connect with HasteBin/PastePin where it will try to download additional downloader files which is necessary for Stage 2 malware and it is trying to disable AMSI.dll

Hence, the main payload code contains an obfuscated first stage PE dll file where char “@” is added for “000” at multiple locations. This helps Agent Tesla evade signature-based detection.This module is called “representative”, which is a dotnet compiled dll module. After de-obfuscation, the main payload loads this first stage dll module in memory.

Agent Tesla uses a steganography technique, where an image contains an embedded PE file. This resource image is used by the first stage dll module to extract the second stage dll module.

decryption routines are then carried out on collected data to generate the second stage module named “CF_Secretaria.In this decryption routine, K1 points to the decryption key and P1 points to data collected from the “ApplicationTru” bitmap.

The first stage dll module loads this “CF_Secretaria” in memory, and then it transfers control to it by calling “CallByName” function

The second stage dll is heavily obfuscated with a utf8 encoding function name to make analysis difficult “ResourceManager” is created to read its resource “bcf6M”. This resource data contains an encrypted PE file which is the final payload. On the collected resource data, an initial XOR operation is carried out with the key “PnltzRBT” Initial decryption logic is the same as is used for the second stage dll module extraction… but with a different key. After initial decryption routines, further decryption is carried out where data is decrypted with a 16 bytes XOR key. This key is present at the start of the previously decrypted buffer. After this decryption, the malware delivers the final payload. After performing a process hollowing into the current process, it starts stealing computer information.

Agent Tesla collects information like computer name, TCP hostname, DNS client, domain, and more

The malware contains a predefined list of browsers, and it checks for their presence on the system If these browser directories are found, it collects a list of all the files and folders present in them. Then it checks for the “User data” directory and, if found, next checks for the “Login Data” file that contains mail ids and password information of stored profiles. Fig. 13 shows code checking for the presence of browsers information. Agent Tesla also checks for browser cookies and collects information about them. Fig. 14 shows profile collected information for the Edge browser. The sample also has capabilities to capture keystrokes shows the code that can be used in Keylogging. It can also steal clipboard data Agent Tesla also has the capability to capture a screenshot and send it in jpeg format. As can be seen in the code, the collected image is encoded and then converted to base64 format. Further, it also steals FTP credentials and sends them through the STOR method, It searches for the “Open-VPN” “config” directory to steal credentials of it,check for the NordVPN configuration and steal its credentials, It can search for “recentservers.xml” of FileZilla to get information about recent FTP server connections, steals information such as IMAP Password, POP3 Password, HTTP Password, and SMTP Password. For this, it checks Microsoft Outlook registry entries.

The sample encrypts data before communicating with its command & control server and uses the TOR client for keeping its communication and connection anonymous. It may download the TOR client from the TOR website. Stolen data is then exfiltrated over SMTP The email subject line contains the combination of OS and Computer name, and the body contains system information along with the stolen credential information.

For persistence, the sample drops its copy at c:\ %insfolder%%insname% and creates a run entry

Statistical Study on Cybersecurity Hazards and Financial System Vulnerabilities

Wed, 22 Jun 2022 22:12:03 GMT

Prabith GS, Amrita Vishwa Vidyapeetham, Amritapuri, Kerala, India. Email: prabith7.g.s@gmail.com

ABSTRACT

This research paper aims at studying the catastrophic impact of cybercrime on banking institutions, cyber security measures attempted to curb its effect and the development of a robust cyber security mechanism. In recent years banks are its direct victim. In India, a number of banks generally fall prey to massive malware attacks; it not only leaks valuable and sensitive information but also cause heavy financial losses. The objective of this study is to identify the business areas which are more susceptible to cyber-attacks and to ensure customization and development of cyber security protocol. The study involves secondary data analysis from various web resources such as government websites, articles, and research papers; it also includes a case study analysis of cyber threats and crimes that caused a huge financial loss in the past. This paper will provide insights into a cyber regime that will benefit banks, financial institutions, and society at large

INTRODUCTION

The banking and financial sector Institution (BFSI) is a huge area or sector having a large number of customers spread across the earth. As needed, the availability of the banking is now mostly available to everyone irrespective of their community background. Nearly 1.2 billion adults have accounts in banks since 2011 as per the Global Findex database 2017. A study conducted by a research institute says Indians have migrated to digital banking and about 51% of the total Indians prefer online banking wherein 26% of them access services via their bank websites and use mobile banking services. The digitalization of the banking sector also increased the risk of cyber-attacks and crimes. The banking sector only accounts for 22% of the cyber-attacks that took place in India . If we compare with the cyber attacks happening over the past decade there was a tremendous increase in the cyber threats in this particular sector. This unprecedented growth in crime has not only caused serious damage to the critical banking processes but has also caused huge financial loss to the system.

Billions of dollars are lost every year just because of cyber attacks and the cost to spend in combating the crimes is amount to USD 274 billion. The evolution of cyber threats happened in India majorly in 1998 post-privatization of the banking industry with virus attacks, followed by hacking websites, sending malicious codes, advanced worms, and Trojan, identity theft (Phishing), Denial of Service (DOS), and Distributed Denial of Service (DDOS) in subsequent years and nowadays with cyber espionage and cyber warfare.

There were many cyber attacks that happened in India such as the July 2016 phishing email attack on union bank of India swindling of 171 million US Dollars, the May 2017 Ransomware attack causing several thousands of computers to get locked down, etc. India had 42 million cyber-crime victims, 52% of whom suffered financially or some other kind of loss due to hacking, scams, fraud, and thefts. Major Cyber security challenges are inborn weaknesses in the framework and vulnerabilities utilized by banks, multitudinous section focuses on the web and obsolete safeguard advancements that are exceptionally helpless against cutting-edge assault advancements utilized by attackers. However, basic cyber security precautions are taken by all the financial institutions. Conscious of rising threats of the cyberinfrastructure in its regulated entities, a good number of regulatory mechanisms and cyber security technologies have evolved during these years. Therefore, recognizing the increased frequency and complexity of cyber security incidences, there is a need to conduct an ongoing review of the cyber security landscape and emerging threats.

THE OBJECTIVE OF THE STUDY:

Hence the goal of this paper is to review the threats innate in the current and arising technologies, concentrating on the adoption of systems to Conduct a continuous audit of the cyber protection scene and arising threats. Analyze the effect of cybercrimes on the financial area Intends to concentrate on the arising advancements to address the difficulties due to cyber threats

Suggest adoption of various security protocols/standards interfacing with stakeholders and suggest appropriate policy intervention

RESEARCH METHOD/METHODOLOGY

To carry out this study existing information/ data available through the various sources are collected and analyzed on a comparative basis for arriving at logical findings/answers to the research question. The sources are mostly the white papers, government documents, published academic papers, journals, print media, and findings of RBI, NCRB, NITI Aayog, and CERT-IN, statistical data banks plus historical records.

The scope of the research is to study the impact of cyber-attacks on the Indian banking system only thereby narrowing the focus to bank fraud cases in India with the objective to standardize the points in the banking process more prone to attack and identifying the types of cyber-attacks that the banks are likely to encounter every day.

EVOLUTION OF CYBER THREATS

In 1970, the world experienced its first “cyber attack” – What first started as a harmless joke, paved the way for a new wave of criminality - cybercrime. Since then, attacks have become more sophisticated with the use of malware, ransomware, and phishing attacks, among many others. In fact, according to Security Magazine, today’s hackers attack computers with Internet access every 39 seconds on average. The evolution of cyber-attacks started with a simple computer virus during the 1980s. Viruses are called sets of self-replicating computer programs modifying other computer programs and inserting their own code to infect the system. In the late 1990s, hacking websites evolved as a threat to systems with some applied research. During 2004, malicious code as an attack resurfaced which was application security that could not be controlled with conventional antivirus alone.

Types of Cyber Attacks:

From the large array of data collected from various available resources and analysis made from those collected data, it is understood that Indian Banking Systems is mostly affected by these certain types of cybercrimes. According to a data breach investigation report – Verizon 2017, several banking organizations have been surveyed and it was found that more than 50% of the organizations apparently affected by the following major five cyber threats such as denial of service (DOS), phishing, malware, spear-phishing, and ransomware. Out of most incidents reported, the top 3 patterns of cyber-attacks such as denial of service(DOS), web application attacks, and payment card skimming consist of more than 88% of all the security incidents.

Phishing:

Phishing is a cyber crime that leverages deceptive emails, websites, and text messages to steal confidential personal and corporate information. Victims are tricked into giving up personal information such as their credit card data, phone number, mailing address, company information, etc. This information is then used by criminals to steal the victim’s identity and commit further crimes using this stolen identity.

Identity theft:

Identity Theft also called Identity Fraud is a crime that is being committed by a huge number nowadays. Using the identity of another person and attempting a practice for personal profit is termed an Identity threat. This theft is committed in many ways by gathering personal information such as transactional information of another person to make transactions. .

Virus and Trojans:

A Virus is a malicious executable code attached to another executable file which can be harmless or can modify or delete data. Trojan Horse is a form of malware that capture some important information about a computer system or a computer network.

Vishing:

Vishing is short for “voice phishing,” which involves defrauding people over the phone, enticing them to divulge sensitive information. In this definition of vishing, the attacker attempts to grab the victim’s data and use it for their own benefit—typically, to gain a financial advantage.

Cross-side scripting:

Usually used for web applications. This enables attackers to inject client-side scripts into web pages viewed by users. This is used by attackers to bypass access controls.

Insider threat:

It is a malicious threat that comes from inside of any organization from people, and employees themselves which exposes the system to attackers.

Botnet:

A botnet attack is a form of cyberattack that happens when a group of internet-connected devices is infected by malware that is under control by a malicious hacker. Botnet attacks typically involve sending spam, data theft, exploiting sensitive information, or launching vicious DDoS attacks.

ATM/Debit/Credit card frauds:

Debit, credit, or ATM card fraud is a type of banking crime that occurs when unauthorized access is made to your account or unauthorized transactions have been made through your card.

DOS and DDOS:

DDoS. A denial-of-service (DoS) attack floods a server with traffic, making a website or resource unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.

Ransomware:

Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data

STATISTICS AND ANALYSIS

So, the question is why banks are so vulnerable to cyber-attacks? The major cause of attacks seems to be money which causes attackers blind to do anything. Besides that, the market size of the Indian banking system is huge and growing day to day. With the proliferation of digital banking systems and financial inclusion schemes in India, huge numbers of online as well as offline users are now transacting through various modes of such as net banking, mobile banking, mobile wallets credit/debit cards, etc.

In past, there are many cyber-attacks on the Indian banking system attempting to theft and/or cause loss of money and hence imposing huge financial, reputational, and Operational impacts and loss of money, client base, and personal data. As per RBI data, the number of cases related to ATM/Credit/Debit cards and online banking frauds was 13,083 and 11,997during 2014-15 and 2015-16 respectively. Apart from that 44,697 and 49,455 cyber security cases related to phishing, malicious codes, denial of service, website hacking, etc. have been reported in the year 2015 and 2016 respectively as per the information tracked by CERT-in (Buletin, 2020). There is an increase in the number of such cases nowadays compared to those times in India. Some of the precious cyber-attack cases on the Indian banking system have caused huge financial losses and put the bank at too much risk from existing customers. Among them phishing attack on Union Bank Of India in 2017 attempt to the theft $170m, a malware attack on the switching system of cosmos bank Pune in August 2018 theft of 94 crore rupees, a phishing attack on UTI bank on 14 February 2007, SIM Card swap fraud cases causing loss of 4 crores and a large number of customers, ATM System hacking in Kolkata with loss of 20 lakhs rupees and other website hacking cases, Rourkela police busted a racket including an online misrepresentation worth Rs 12.5 lakh are few largest cyber-attacks in Indian history. This paper contains case study data of two out of the above-noted cyber-attacks in order to analyze the loopholes in the system and shares findings to adopt the best preventive measures to protect the system from such types of attacks in the future.

Case of cyber-attack on UBI 2017:

A cyber attack on Union Bank of India began after an employee opened an email attachment releasing malware that allowed hackers to steal the state-run bank’s data. The opening of the email attachment, which looked like it had come from India’s central bank, initiated the malware that hackers used to steal Union Bank’s access codes for the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a system that lenders use for international transactions. The codes were used to send transfer instructions for about $170 million to a Union Bank account at Citigroup Inc in New York. Union Bank had traced the money trail and blocked the movement of funds. SWIFT late last year said that some banks using its system had been attacked after the Bangladesh heist, the Journal said but did not specifically name Union Bank of India. The attempt closely resembled the cyber theft last year of more than $81 million from the Bangladesh central bank’s account at the New York Federal Reserve, the paper reported.

Malicious attack on cosmos bank of Pune

The next case study is a malicious attack on the cosmos bank of Pune on August 11 and 13, 2018, which is one of the best examples of malware attacks. In this case, banks’ internal and ATM infrastructure were compromised. The crime involved multiple malicious central code attacks on the bank’s switching system between the central and core banking systems. Basically, the code generated false payment transfer requests in response to transaction requests by the customers. After making false adjustments to targeted customers’ account balances, sending false standing -, an activity that authorized ATM withdrawal of a large amount of money using 450 cloned non-EVM debit cards from various countries. Attackers compromised the bank’s ATM/POS switching system by sending malicious codes into the system which in turn did not allow verification of any transactions requested by users at the POS/ATM machine. When there is a transaction of withdrawal happens, a transaction request (TRQ) is sent to the bank’s core banking system to verify and validate the user account and upon successful validation, a transaction reply message is sent confirming the same to the same customer. So in this case, the malicious code is used to send fake transaction reply messages to every transaction request at ATM/POS. So, attackers successfully tampered with the switching system of banks such that any transaction requests were not reaching out to the bank’s core banking system for validation of the amount and in this way. This attack on the cosmos bank did help siphoned off 84 crores of rupees with 2 waves of huge transactions in a more advanced and well-planned manner breaking layers of defense in the banking system. After further studies, it had been found that the cybercriminals had made much research on the Cosmos bank’s banking infrastructure and background surveillance system. The bank’s officers may have ignored all alerts produced by the system for unknown reasons. Periodic auditing of bank-generated reports should not have been ignored as well .

LEGAL FACTORS ON CYBER SECURITY

Every government in the world, including our own country, is concerned about cyber security. India is especially facing a rising number of cyber security issues, and it is critical that it accepts the responsibility for them. According to a recent Economic Times analysis on global cybercrime, cyber-attacks cost the government nearly Rs. 1.25 lakh crore every year. Another research by Kaspersky highlights that the number of cyberattacks in India increased from 1.3 million to 3.3 million during the first quarter of 2020. India recorded the largest number of attacks, 4.5 million, in July 2020. Recently, the Reserve Bank of India (RBI) prohibited MasterCard from failing to comply with the direction for storing payment system data. The hazards posed by the internet are nearly limitless, and the most effective method to resist them is to implement a cyber security policy. The government must devote significant resources to safeguarding key data assets. The country’s cyber law has to be updated to integrate legal rules and address the issues posed by rapidly developing technologies.

There are four predominant laws to cover when it comes to cybersecurity: In countries like India, where the internet is used very extensively, cyber laws become extremely crucial. Stringent cyber laws fulfill the purpose of supervising the digital circulation of information, software, information security, e-commerce, and monetary transactions. By providing maximum connectivity and minimizing cybersecurity concerns, India’s Cyber Laws have cleared the path for electronic commerce and electronic government in the country and also broadened the scope and application of digital media.

Information Technology Act, 2000: The ITA, enacted by the Parliament of India, highlights the grievous punishments and penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scope of ITA has been enhanced to encompass all the latest communication devices.

Indian Penal Code (IPC) 1980: Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860 - invoked along with the Information Technology Act of 2000.

Companies Act of 2013: The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds Investigation Office) to prosecute Indian companies and their directors. Also, post the notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs have become even more proactive and stern in this regard.

NIST Compliance: The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable global certifying body.

RESULTS AND FINDINGS

Major crimes in the Indian banking sector are because by phishing, identity theft, and malware. Even a big crime can happen from small mistakes and a lack of awareness of cyber security policies. Any suspicious things should be carefully handled and concerned authorities should be informed first before acting.

Systems should be audited on a fixed interval basis to test for any security breach. Public sector banks should be more focused on enhancing security through Public-private partnerships; allocate more budgets to data protection and security framework enhancement. ATM/POS machine switching system connectivity with the core banking system should be continuously monitored along with ATM/POS machine transaction monitoring. A constant network packet as an acknowledgment signal should be sent and received to validate connectivity.

SAFETY MECHANISM / SOLUTION

the major responsibility of maintaining a secure Internet banking experience lies on the customer; the customer to update the browser, choose the appropriate browser, update the antivirus, choose the appropriate antivirus, be aware of phishing attacks, be aware of Malware, remember to update password every six months, choose a complex password, etc. In this paper, we propose a novel model that shifts some of these responsibilities to the banks. Banks have state-of-the-Art Information Technology Operations and Centers. By investing a bit more, the banks can take some of the responsibilities away from the customer and reduce the risk of security threats, thereby offering a fairly secure environment for their customers. The model proposed highlights some of the practices that are to be divided between Internet banking users and the bank’s information technology security policies. The proposed model bridges the gap between the users and the Bank. The model states that the banks can enforce their security policies to ensure a safer banking experience for users. On the other hand, users should follow the instructions provided by the bank to ensure a safe Internet banking experience.

Internet banking users should change passwords every three months, however, the bank is responsible to ensure that this happens by expiring the users’ password every three months and forcing the user to choose a new password. The users should keep in mind while choosing a password that it should not be easy to guess, however, it is the bank’s responsibility to allow passwords that have capital and small letters, numbers, and a special character. Any password that does not have these features will not be accepted. The bank should enforce that the user should not use the previous 2 passwords as well. Using a virtual keyboard for safeguarding sensitive information like passwords or debit cards is a responsibility added to the bank side. The Bank can enforce users to use a virtual keyboard by disabling the sensitive field by using the virtual keyboard provided on the webpage. As there is a chance for the user device to be infected by malware or a key logger program that detects the keystroke and can compromise the password security.

Banks should use the concept of the trusted device to ensure the identity of the users while the user is logging on. If the user has logged in from an untrusted device the bank system should send an SMS alert to confirm if it was the intended user. Education of the users is a key component to ensuring a safe Internet banking experience. The bank can provide security warnings on their web pages after the user has successfully logged in to familiarize users with the threats that are at risk for Internet banking. Banks should use Artificial intelligence software or machine-based learning software that can make judgments on the user behavior example transferring a large amount of cash to a destination, not within the monthly pattern of the user. This software can be used to detect all electronic transactions including credit card transactions and will be able to detect if the user has made a purchase, not within the customer’s pattern and will alert and sometimes disable the credit card or E-banking account in extreme cases until the customer’s identity is verified. The machine-based learning or artificial intelligence should predict this anomaly and take appropriate action. Information security is a critical part of the Internet banking process. Therefore, banks can improve the security features from their side by securing their servers and the communication between the user and the Internet banking server. In order to ensure the security of the user’s data, some security features that each bank should incorporate are listed below:

SSL Certification: An SSL certificate is a bit of code on your web server that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection. It’s kind of like sealing a letter in an envelope before sending it through the mail.

Device registration: The user access device will be registered and after verification, only that device will be able to access the online banking system

System-based alarms: Set up different server-based alarms to monitor and control the bank transactions and access of the user accounts.

MFA: Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack

SNS: Simple notification id enabled to the internet banking service which will send mobile SMS and email notification based on the enabled system-based alarms

Data Encryptions: Encryption is enabled to all the stored data on the server by using encryption tools such as bit-locker.

User access permission: Based on the requirements, administration users need to be created and only minimum required access to particular services granted.

The private key with password: To make the internet banking infrastructure access more secure, private keys with passwords need to use.

Malware analysis of Malware that attacked financial sector

Agent tesla

Agent Tesla is an extremely popular spyware Trojan written for the . NET framework has been observed since 2014 with many iterations since then. It is used to steal sensitive information from a victim’s device such as user credentials, keystrokes, clipboard data, credentials from browsers, and other information

Malware analysis: blog or click here

REFERENCES

L. Klapper, D. Singer, S. Ansar, and J. Hess, “Asli Demirgüç-Kunt The Global Findex Database Measuring Financial Inclusion and the Fintech Revolution 2017.” 2017, [Online]. Available: http://hdl.handle.net/10986/29510.
B. Standard, “Banks most vulnerable to cyber threats_ Govt official _ Business Standard News.” Business Standard Ltd, Mumbai, pp. 2–10, 2019, [Online]. Available: https://www.business-standard.com/article/current- affairs/banks-most-vulnerable-to-cyber-threats-govt-official- 119022000646_1.html.
A. R. Raghavana and L. Parthiban, “The effect of cybercrime on a Bank’s finances,” Int. J. Curr. Res. Acad. Rev., vol. 2, no. 2, pp. 173–178, 2014, [Online]. Available: http://www.ijcrar.com/vol-2-2/A.R. Raghavan and Latha Parthiban.pdf.
K. Mohapatra, “effective operational risk management Cybersecurity vulnerability in Indian banks,” CYBERSECURITY Framew. BANKS, 2016, [Online]. Available: https://financialit.net/sites/default/files/customerxps_white_paper_cyber securityvulnerabilityinindianbanks_1.pdf.
M. M. MANISHA, J. M. P, and N. K.M, “International Journal of Advanced Research in Online Banking and Cyber Attacks : The Current Scenario,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 5, no. 12, pp. 743–749, 2015, [Online]. Available: https://www.researchgate.net/publication/290325373_Online_Banking_ andCyberAttacksTheCurrent_Scenario.
A. Saravade, N ; Bhalla, “Emerging trends and challenges in cyber security _ Reserve Bank Information Technology Private Limited (ReBIT).” 2018, [Online]. Available: https://rebit.org.in/whitepaper/emerging- trends-and-challenges-cyber-security.
D. V. Saraswat, “Cyber security,” 2003. doi: 10.1016/j.techsoc.2003.09.022.
S. Goel, “Cyber-Crime: a Growing Threat To Indian Banking Sector,” 3rd Int. Conf. Recent Innov. Sci. Technol. Manag. Environ., vol. 2016, pp. 13– 20, 2016, [Online]. Available: http://data.conferenceworld.in/IFUNA18DEC16/P13-20.pdf.
RBI, “the Reserve Bank ’ S Accounts,” 2019. [Online]. Available: https://m.rbi.org.in/Scripts/AnnualReportPublications.aspx?Id=1267.
MR. DIGPAL SINGH H. RATHORE & MR. KARN MARWAHA, “CYBER CRIME IN BANKING SECTOR -LAW MANTRA,” vol. 2, no. 7,
2014, [Online]. Available: www.lawmantra.co.in.
“HACKED: HOW $171 MN STOLEN FROM UNION BANK WAS RECOVERED,” 2017.
O. Kolesnikov, “Cosmos Bank Swift / Atm Us $ 13 . 5 Attack Detection Using Security,” 2018. [Online]. Available: https://www.securonix.com/web/wp- content/uploads/2018/08/Securonix-Threat-Research-Cosmos-Bank- Report.pdf.
“Cosmos Bank’s server hacked, ₹ 94 crore siphoned off in 2 days,” Live mint, 2018.
I. Mugari, S. Gona, M. Maunga, and R. Chiyambiro, “Cybercrime - The Emerging Threat to the Financial Services Sector in Zimbabwe,”
Mediterr. J. Soc. Sci., vol. 7, no. 3, pp. 135–143, 2016, doi: 10.5901/mjss.2016.v7n3s1p135.
D. Stiawan, M. Y. Idris, A. H. Abdullah, F. Aljaber, and R. Budiarto, “Cyber- attack penetration test and vulnerability analysis,” Int. J. Online Eng., vol. 13, no. 1, pp. 125–132, 2017, doi: 10.3991/ijoe.v13i01.6407.
A. Lakshmanan, “Literature review on Cyber Crimes and its Prevention Mechanisms,” no. February. pp. 1–5, 2019, doi: 10.13140/RG.2.2.16573.51684.
L. Ali, F. Ali, P. Surendran, and B. Thomas, “The Effects of Cyber Threats on Customer’s Behaviour in e-Banking Services,” Int. J. e-Education, e- Business, e-Management e-Learning, vol. 7, no. 1, pp. 70–78, 2017, doi: 10.17706/ijeeee.2017.7.1.70-78.

Historicity of the Mahābhārata

Fri, 21 May 2021 22:12:03 GMT

ABSTRACT

The Mahabharata by Krishna Dwaipayana Vyasa, made out of two lakh and twenty thousand, sixteen syllabled lines, has been distinguished as the greatest of the world’s legendary works, and, is embedded in the Indian bloods as “the national gallant past” (Bakhtin’s term). Beforehand there was no composed adaptation of The Mahabharata—there may have been a few occaI introductions which were orally sung by the versifiers. The first story of The Mahabharata had a place with a previous period than the hour of its piece. Indeed, the current type of the epic went through numerous augmentations and insertions during a huge range of time. As indicated by numerous advanced students of history, the aggregation of The Mahabharata stretched out over years and years, from 400 B.C. to 400 A.D.

KEYWORDS: Science and technology, Vedic period, Vaimānika Śāstra, pyramid of giza, Stonehenge, Lost civilization, Global flood.

INTRODUCTION

The antiquated epic account Mahabharata is one of India’s extraordinary historical stories, added in the heart of Indian identity and culture. The epic keeps up its status as a socially central book which, aside from philosophical and otherworldly qualities, instructive and strict guidance, contains and scatters beliefs of moral commitment, accepted practices and jobs.

There is an incredible discussion about whether there is any authentic exactness or proof/evidence in the narrative of Mahabharata. This story is amazing to such an extent that it has made various individuals conjecture ‘Did it truly occur? or then again essentially as fiction?’.

It is very obvious that there are a few bits discovered in the Mahabharata which is by all accounts extrapolated. However, this extrapolation couldn’t make any distinct/exact determination so an invented tag might be forced with the Mahabharata. The uncertainty about the accuracy is simply because of some sort of extrapolation as well as the basic gauge set somewhere around unfamiliar scholars who additionally put a question mark to the perusers. They attempted to uphold that the Mahabharata alongside the Puranas and the Vedas, all are created in the advanced age. Be that as it may, this assessment has not yet been set up. It is accepted that the Mahabharata is the most established exemplary of Indian writing and was made by the wise Veda Vyasa.

HYPOTHESIS

Mahabharata is the most staggering story at any point advised to humanity. It structures one of the mainstays of Hindu Dharma and it’s virtues have a tremendous effect on many great individuals. In this thesis, I will be trying to discuss some theoretical and scientific evidences of science and technology from Mahabharata. I will also be trying to prove the existence of giant people at the time of Mahabharata i.e The Devs, The Asurs and The Rakshasas.

RESEARCH QUESTION

how is it possible that people living 5000 years prior had a particularly progressed level of architecture, science and technology.
The giant people who were described in mahabharata are real?

Comparative study of Mahabharata with World monuments

Vaimānika Śāstra

While the whole world is persuaded that the Wright brothers were the pioneers of aeronautics, here is a book which depicted India to have had the information on flying vehicles called “Vimanas” from old occasions.

आ नो नावा मतीनां यान् पाराय गन्तवे ........ ॥ ९॥ ऋ० अष्ट० १ । अ० ३ । व० ३४ । मं० २ ॥ 
कृष्णं नियानं हरयः सुपर्णा अंपो वसाना दिव मुत्पतन्ति । 
त आववृतन्त्सदन....॥१०॥ 
द्वादश प्रधयश्चक्रमेक त्रीणि नम्यानि क उतच्चिकेत । 
तस्मिन्त्साक त्रिशता न शकवो ऽ पिता घष्टिनं चलाचलास: ॥ ११ ॥ ऋ० अष्ट० २ । अ० ३ । व० २३ । म० १ । २ ॥

(G.R. Josyer, Vymanika Shastra, 1959)


Translation: Just an intelligent people constructed ships to cross oceans.....jumping into space speedily with a craft using fire and water.....containing 12 stamghas (pillars), one wheel, three
machines, 300 pivots, and 60 instruments.

The book even produced certain mind boggling details of construction, working of engines, gyroscopic systems which were developed much later in aviation technology. NASA actually undertook an experiment of construction of mercury vortex engines, very similar to what was written in Vaimanika Shastra. Almost 8 chapters of the Vaimanika Shastra deals with the secrets of constructing aeroplanes that cannot be broken or cut, that is indestructible, that is fire resistant. It deals with the secret of making planes motionless and invisible. It deals with the secrets of destroying enemy planes, ascertaining the direction of approach of enemy planes, etc. In the Vaimanika Sastra, we can also see the construction diagrams of vimanas.

Ravana’s well-known aerial aircraft was the Pushpak Vimana. He had used it to abduct Sita to Lanka, and after killing Ravan, Sri Ram returned to Ayodhya in the same Pushpak Vimana with Sita, Lakshman, and Vibhishan. This is detailed in the Ramayana, and it occurred during the Treta Yug. According to Maharshi Bhardwaj, Vimanas were delegated as per the Yugas. During Krita Yuga, Dharma was set up solidly. Every one had daivatva, godlikeness installed in their personality. These characteristics of nobility had engaged some of them from various perspectives. Munis, Maharshis and Rishis had ‘Ashta Shakti’ :

Anima: Ability to be invincible
Mahima: Ability to be of enormous
Garima: Ability to be heavy like rock
Laghima: Ability to be lighter than air
Prathyah: Ability to be contended
Prakamya: Ability to fulfill ones wish
Eshatva: Ability to be divine
Vashitva: Ability to make others surrender.

Basically they could expect any structure at some random time. ‘Laghima’ enabled them to be lighter than air and they had the option to suspend and furthermore, travel independently uninhibitedly noticeable all around.As time passed by, they lost the control over their mind and powers. But the question is, was our history filled with such great advanced technologies? Is there any other evidence of those vimanas from other eras or scriptures? Lets consider some other internationally accepted historical monuments.

A. The great pyramid of giza

The passage to the Great Pyramid is on the north side, around 59 feet (18 meters) over the ground level. A slanting hallway plummets from it through the pyramid’s inside stone work, infiltrates the rough soil on which the construction rests, and finishes in an incomplete underground chamber. From the plummeting hall branches a climbing way that prompts a room known as the Queen’s Chamber and to an extraordinary inclining exhibition that is 151 feet (46 meters) in length. At the upper finish of this exhibition, a long and tight entry offers admittance to the entombment room legitimate, as a rule named the King’s Chamber. This room is totally fixed and roofed with stone. From the chamber, two thin shafts run at a slant through the brick work to the outside of the pyramid; it isn’t known whether they were intended for a strict reason or were intended for ventilation. Over the King’s Chamber are five compartments isolated by monstrous flat rock sections, the probable reason for these chunks was to protect the roof of the entombment chamber by redirecting the gigantic push applied by the overlying masses of stone work.

Dating such a monument made of stone was very difficult. Later, Robert M. Schoch, with his geological tests shocked the world. According to his tests, erosions which happened on the walls of the monument would have been caused due to heavy rainfall .i.e. Before 5000 B.C.

The subject of how the pyramids were fabricated has not gotten a completely acceptable answer. The construction of such a great ancient pyramid would never be possible without high level powerful technology.

B. Stonehenge

Stonehenge is a special ancient landmark, lying at the focal point of an extraordinarily rich archeological scene. An uncommon hotspot for the investigation of ancient times, it holds a critical spot in the advancement of paleontology.

The officially accepted built date of this monument is 2400 B.C. Here, developers lifted an expected 80 non-native bluestones, 43 of which remain today, into standing positions and put them in either a horseshoe or round arrangement. During the third period of development, which occurred around 2000 B.C., sarsen sandstone chunks were masterminded into an external sickle or ring; some were gathered into the famous three-pieced structures called trilithons that stand tall in the focal point of Stonehenge. Exactly 50 sarsen stones are presently apparent on the site, which may have contained some more. Investigation of a new laser overview of the stones has uncovered the diverse stone working techniques utilized, and has shown that a few pieces of the landmark were more painstakingly completed than others. Specifically, the north-east side and the internal essence of the focal trilithons were finely dressed.

To fit the upstanding stones with the even lintels, mortice openings and distending joins were made. The lintels were opened together utilizing tongue and furrow joints. These sorts of joint are typically discovered distinctly in carpentry.

Now the question is, how did the creators lift the 70 tons block of stones 30 feet in the air and place it in such a posture with dressings?Without any doubt , it requires complex engineering and It would never be possible without high tech powerful tools.

With all these analysis we can come to a conclusion that during the period of mahabharata i.e around 2300-4000 B.C, we had most technological and highly powerful tools. But the question which arises next is where did all these powerful tools disappear?

Lost civilization: Findings Of Graham Hancock and Dr. Robert Schoch

A 19-mile wide effect cavity was found a large portion of a mile underneath a Greenland ice sheet, offering researchers and archeologists evidence that a mile-wide shooting star affected the planet’s northern ice cap over 12,000 years ago.

The revelation seems to help a quarrelsome hypothesis proposed by specialists, including Graham Hancock and Dr. Robert Schoch, who accepts that a particularly disastrous effect may have cleared out a lost human advancement that originated before the acknowledged timetable of standard paleohistory. As indicated by specialists associated with the investigation, the space rock affected a territory known as the Hiawatha ice sheet, on the northwestern side of Greenland. Going at a speed of 12 miles per second, the iron space rock hammered into the Earth with the power of around 47 million times the energy delivered by Little Boy, the atomic bomb dropped on Hiroshima during WWII. The shooting star positions inside the main 25 biggest shooting stars to at any point have affected the Earth. The power of the effect would have liquefied a lot of ice, causing ocean levels to rise, and flotsam and jetsam to slung high into the air. This residue and debris would have brought about an atomic winter, leaving substantial particulate matter hanging in the climate for many years, prior to settling and permitting daylight to arrive at the planet’s surface once more.

Early proof of such an effect was found in 2015 when researchers saw that ice tests taken from the glacial mass gave indications of an effect. Obviously, around this time temperatures dropped strangely following the finish of the last ice age, tossing Earth’s environment once more into a much more serious ice age known as the Younger Dryas.

Yet, prior to discovering proof of a particularly destructive occasion, researchers were uncertain of what might have caused the uncommon swing in temperature.

Because of the heavy flood and high level ash in the air, Many animals from North America went extinct altogether. The biggest mysteries until this discovery was made about the comet which hit the earth was the reason why all these animals disappeared at the same time 12000 years ago.

One of the most important finding which can again support the above statements are the findings of Denisovan’s tooth. The primary Denisovan individual was recognized in 2010 dependent on mitochondrial DNA (mtDNA) removed from an adolescent female finger bone from the Siberian Denisova Cave. One of the pieces went to Svante Paabo, a developmental geneticist at the Max Planck Institute for Evolutionary Anthropology in Leipzig, Germany. His group sequenced its DNA and found that the bone had a place with a heredity unmistakable from present day people and from Neanderthals.

We also came to know that the size of the tooth is three times that of the normal human tooth. Even in mahabharata, It describes about some giant people. Denisovans will probably be one of them. In the great mahabharata war, Bheem’s son ghatotkacha slaughtered two strong rakshasas known as alambala and alayudha. Truth be told, with his huge giant body and power, Ghatotkacha cut off both their heads and tossed it at Duryodhana. This move put Duryodhana and the whole Kaurava camp in extraordinary dread. They began to stress that Ghatotkacha himself may polish off the conflict! Till at that point, their fundamental concern was to endure Bhima and Arjuna. Nonetheless, they currently contemplated whether they will even make due to confront the two Pandavas.

The kauravas then concluded that ghatotkacha must be murdered at any expense. They drew nearer and made a solicitation to karna to utilize his novel ‘Vasavi Shakti-astra’ and murder the rakshasa. As is notable, the ‘shakti’ was given by indra to karna and would work just a single time to kill anybody karna wanted. Be that as it may, the astra would return back when it had its first casualty. It was karna’s longing all through the conflict to utilize it against arjuna at an appropriate event. Here ghatotkacha could be considers as a Denisovans because when they tried the DNA testing to figure out who it belonged to . Shocking results were disclosed stating that tooth belonged to a human being. The tooth was belonged to a human species which we did not know existed till then. As they had to give a new name, they named the species as Denisovans.Even people living in geographical area near the Denisova cave have 2.4 percent Denisovan DNA. We have to go back 40 million years to know to correct answers. With all the evidences which we have collected so far, we can say that the giant people which were mentioned in the mahabharata was real.

CONCLUSION

In this work I have primarily considered archaeological and Scientific information which resulted in the tentative period of the Mahabharata war between 800 BCE and 1200 BCE and before. I have also compared the improvised technologies used during Mahabharata with ancient historical world level monuments and the biological evidence of giant people who said to have lived during that period was also discussed with proof.

All these might be the part of some extrapolation which is very likely as found everywhere in the epic Mahabharata. In this article we have also given some ideas relying mainly on archaeological evidences laid by different eminent archaeologists and from various archaeological research works done by different institutes around the places relevant with the Mahabharata scenario. Though a vivid work is still left for confirmation of the historicity of the Mahabharata, yet we can definitely conclude that the epic Mahabharata contains a lot of historicity behind the screen.

REFERENCES

G.R. Josyer, 1959, Vymanika Shastra or Science of Aeronotics, 116,International Academy of Sanskrit Research
H.S.Mukundan, S.M.Deshpanden, H.R.nagendran, A.prabhu and S.P.Govindaraju, 1974, A CRITICAL STUDY OF THE WORK “VYMANIKA SHASTRA”, Indian Institute of Science,Bangalore‐560012.
Parker Pearson, M 2013 Researching Stonehenge: Theories Past and Present. Archaeology International, No. 16 (2012-2013): 72-83
M.Robert Schoch, 2012, Forgotten Civilization: The Role of Solar Outbursts in Our Past and Future, Simon & Schuster; Illustrated edition,384
Robert Scott Hussey-Pailos, Construction Of The Top Of The Egyptian Pyramids:An experimental test of a levering device, 2005, University Of Florida
A.V. Zubova, T.A. Chikisheva, and M.V. Shunkov, 2017, The Morphology of Permanent Molars from the Paleolithic Layers of Denisova Cave,Institute of Archaeology and Ethnography, Siberian Branch, Russian Academy of Sciences,Pr. Akademika Lavrentieva 17, Novosibirsk, 630090, Russia

An Analytical Study On Encryption And Privacy

Sun, 31 Jan 2021 22:12:03 GMT

ABSTRACT

Security plays an indispensable role in internet and networking applications. Nowadays, internet and network application are emerging very rapidly. Today, the significance and the worth of transmitting or exchanging information over the internet or other communication medium is enlarging. Information Security plays a very crucial role in the aspect of data transfer. The best way to give the security for our information is cryptography.

Cryptography is one, which plays an important role in computer security that translates the information from its original form into an incomprehensible or unreadable form by using encryption and decryption techniques. Cryptography certifies that the information is transmitted without any modification and only the official person will be able to uncover and read the protected information. There are a large number of cryptographic techniques emerging to obtain secure communication.

This paper mainly focuses on the different kinds of encryption techniques, attacks on encryption and privacy. The keywords are: cryptography ,cipher, encryption, decryption, attacks, symmetric , asymmetric , Privacy, Privacy Policy

INTRODUCTION

Encryption is the process of making files or data unreadable which only the authorized parties can understand. It’s one of the oldest and important fields of study man has ever undertaken. From Prehistoric Times to the 21st century, it is important to secure the leakage of data to unwanted parties. There are historical inscriptions that provide evidence that Encryption was practiced and originated from Egypt who wished to preserve their secrets regarding Religious Rituals from other cultures. For secret communication between military generals ancient Greece and the Spartans has devised a cipher device called Scytale consisting of a thin rod wrapped around by a piece of paper inscribed with the message .

Later these encrypted texts were often created by simply substituting a letter with another letter in the text, which was known as Substitution Cipher. This method was widely used by Julius Caesar to communicate with his military troops. During World War, devices like Cipher Disks, Enigma, and Trench Code were widely used among European Nations. Since we had a brief introduction to the origin of Encryption let’s learn more about Encryption. In other words, Encryption uses a particular step to jumble the data and then requires a key for the receiving party to decode the information. This process requires the use of a cryptographic key: a string of characters that is used for altering data to make it random and difficult to understand.

In Cryptography a cipher is a well-defined process that is used to convert normal text into the encrypted form and vice-versa When using a cipher the ordinary text is known as plaintext and its corresponding encrypted form is known as Ciphertext.. As we read, these ciphers like Scytale, Substitution Cipher, and many more became relatively easier to understand and decipher, also partially due to the Introduction of Computers which are capable of solving more complex calculations in a shorter amount of time. Thus came various modern cipher techniques like Stream Cipher, Block Cipher, Hybrid Cipher, and many more have strengthened the confidentiality of Information from malicious attacks. Depending upon the type of security key used Encryption can be classified as Symmetric and Asymmetric Encryption. In symmetric encryption both sender and user agree upon a standard key that is used to encrypt the message whereas in Asymmetric Encryption two different keys are used.

1. ENCRYPTIONS

Cryptography is the art of converting readable text (plain text) into unreadable cipher text that ensures data privacy. It’s about data security, data encryption, data authentication and access control. Basically there are two types of cryptography - Symmetric Key cryptography and Asymmetric Key cryptography.

1.1 SYMMETRIC ENCRYPTIONS

The modern cryptographic system is classified into 3 categories namely Block cipher, Stream cipher and Hybrid cipher.

1.1.1 BLOCK CIPHER

Block Ciphers are the algorithm used to encrypt a plaintext to ciphertext of same size.To encipher the whole block size , similar key is used. Some important algorithms of this category will be discussed further.

A. DES(Data Encryption Standard)

IBM developed DES algorithm in 1997 and tends to operate on 64 bits block size. Process of this encryption is split into 16 stages subsisting of eight S-Boxes. It shuffles the bit first and then moves on to non linear substitution and finally performs XOR operation to get the output. The sub key of a particular round is merged with the result using XOR operation. The process of description involves reverse order of sub keys.

Benefits of DES:

Its a 56 bit key. So there are 2^56 possibilities of keys which would take a decade to find the correct key using brute-force attack
Encryption and decryption takes the same algorithm
This is very convenient for software and hardware requirements.
Cryptanalyst is free to perform cryptanalysis, so as to exploit the Des algorithm. However, have found it extremely hard to find any major weakness.
DES does have the desirable properties of confusion and diffusion
Due to its Feistel structure and uncomplicated logic, DES is relatively easy to implement.
Each bit of cipher text is based upon multiple bits of the key and changing a single bit of plaintext changes, on average, half of the bits of cipher text

Drawbacks of DES:

During splitting of keys to two half and swapping them might throw up the same result if they have continuous 1’s and 0’s. Thins ends up in using the same key through out the 16-cycles
There can be same output from the S-Boxes on different inputs on permutation. These are called Semi weak keys.
If the message is encrypted with a particular key, and is taken 1’s compliment of that encryption will be same as that of the encryption of the compliment message and compliment key.
The initial and final permutation is not exactly clear and seems confusing.
Now in the age of parallel computing, breaking DES has become easy with the help of brute force attack which was impossible during that time.
DES fails in front of linear crypt-analysis, because during its design this attack wasn’t invented.

B. AES(Advanced Encryption Standard)

National Institute of Standards and Technology(NIST) started AES in January 1997. AES is more powerful than DES algorithm and for both encryption and description purposes , it has a minimum block size of 128 bits. In this encryption process, Bites will be substituted first,then rows will be shifted , then mixes column and castle add the round keys. It can be used to secure both sensitive and uncategorised materials (fig 1). Benefits of AES:

This security algorithm may be implemented in both hardware and software
It is resilient against hacking attempts
It is an open source solution , it remains highly accessible for both private and public sectors
AES is the most commonly used security protocol today, used for everything from encrypted data to wireless communications
It is essential for the government computer security, cyber security and electronic data protection
AES brings additional security because it uses a key expansion process in which the initial key is used to come up with a series of new keys called round keys
AES data encryption is a more mathematically efficient and elegant cryptographic algorithm

Drawbacks of AES:

AES has a very simple key schedule and simple encryption operations
Every block is always encrypted in the same way
Hard to implement with software
AES in counter mode is complex to implement in software taking both performance and security into considerations.
Many AES attacks are based upon the simplicity of this key schedule and it is possible that one day an attack will be created to break AES encryption.

C. Blowfish

It is a 64 bit cipher encryption consisting of changeable key length which ranges from 32 to 448 bits. It is designed as a practical alternative to DES algorithm for speedy encryption in 32 bit processors by Bruce Schneir . Blowfish is a fiestel cipher comprising of 16 sequence/rounds and is fit for handling huge amount of data. During each round of processing, large number of subkeys are used .it consists of P-ARRAY of 18 subkeys, each having 32 bits and 4 Sboxes of 256 entries. It is a well structured algorithm but is vulnerable to chosen and differentiable plaintext attacks. I/P data block is broken into two halves of 32 bit each ,L0 and R0, during the encryption using Blowfish. It has a wide range of application where the key is not frequently changed.

D. RC4(Rivest Cipher 4)

Ronald Rivest developed RC4 algorithm and it requires consecutive swapping of state entries, based on a key sequence . Length of the key is changeable ranging from 1 to 256 bites. pseudo-random bytes are generated in this process to generate the stream which is XORed for converting plaintext to ciphertext. This algorithm is ten times faster than DES algorithm.

E. 3DES (Triple Data Encryption Standard)

3DES is a evolved form of DES algorithm. It is highly dependable and has a key key length of 192 bits. In the first stage the key is divided into three sub keys of 64 bits and the rest of the procedure is same as DES algorithm except that the process is repeated three times. The data which is encrypted by the first key is decrypted by the second key and again the third key encrypts the decrypted data. But it does not have the potential to secure the data for a longer period of time.

1.1.2 STREAM CIPHER

Stream ciphers are classified under Symmetric key cipher. Each digit of the plain text combines with pseudorandom keystream . Each digits of plain text is encrypted individually , one at a time , with the corresponding digit of the main stream.

A. Grain Cipher

Grain Cipher was designed by Thomas Johansson,Martin Hell and Willi Meier . It was designed in such a way that the chip area needed is reduced and implementation of the hard ware is also easy.NFSR and LFSR of 80 bits each are the main two constituents of Grain Cipher. LFSR is used to secure cipher cryptographically by providing proper balanceness . On the other hand NFSR adds nonlinearity to grain cipher.

NFSR input is masked with LFSR output in order to create a balanced state of NFSR . The key size and initial vector are 80 bits in size. f(x) and g(x) are the feedback polynomial functions for the LFSR and NFSR are f(x) and g(x). h(x) is represented for the non linear filter function. The filter functions uses specific bits from both the feedback registers as inputs. After that 7 bits are added to h(x) from NFSR which then becomes an irrelevant feedback to both LFSR and NFSR. This value is also used as the keystream sequence.

1.2 ASYMMETRIC ENCRYPTIONS

Public key cryptography, unlike their symmetric counterparts, uses two keys (public and private). One key is used for encryption while the other for decryption. These keys are generally generated using certain algorithms powered by mathematical one way functions.

Asymmetric Encryptions have 3 algorithms Generator(G), Encryptor(E) and Decryptor(D). G() is used to generate a pair of keys (pub,priv). E(pub,m) and D(priv,ct) are used to encrypt and decrypt respectively. Public key can be shared with anyone as it can only be used to encrypt messages. Likewise, only the person with the private key can decrypt the message. Ulike symmetric, asymmetric are classified on the basis of algorithms used like RSA, ECC, Diffie–Hellman, ElGamel etc.

A. RSA

Rivest Shamir Adleman is the most commonly used Public Key encryption system out there. The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.

This algorithm can make a pair of keys. The key generation is as follows:

Choose two prime numbers p and q.
Calculate n=p·q
Calculate the value of Euler’s totient for n φ(n) = φ(p)·φ(q) = (p − 1)·(q − 1)
Choose a number e such that e is coprime with φ(n) and 1<e<φ(n).
Calculate d such that d·e= 1 (mod φ(n)) (n,e) is the public key and (d,n) is the private key.

The encryption process is pretty straight forward ciphertext c = me (mod n). The decryption process is also similar, plain text pt = c^d (mod n). The RSA system’s security relies on the fact that if you take 2 huge prime numbers and multiply them the result is nearly impossible to factorize and get back those primes. Unless the person uses a small exponent value such as e=3 etc it is difficult to break this crypto system if the modulo is strong.

RSA can also be used to sign and authenticate messages.The sender can find the hash of the message and raise it to power d and mod n, sig = hd (mod n). And the receiver can do sig to the power e mod n and check whether the hash value matches with that of the message, H = sig<sup>e</sup> (mod n).

B. DIFFIE-HELLMAN

Deffie-hellman is a protocol used to generate a shared private key for two users and exchange info over an insecure channel. It is one of the most popular key-agreement algorithms. It is the base of many protocols including SSL/TLS. American cryptographers Whitfield Diffie and Martin Hellman in 1976 published this algorithm. However, it was revealed that the protocol had been discovered even earlier, by the British intelligence agency (James H. Ellis, Clifford Cocks, and Malcolm J. Williamson) but remained undisclosed.

For key generation let’s consider two people Alice and Bob, who want to generate their key..

First Alice and Bob pick a common prime number p and a generating element g. (It is advised to choose p such that (p-1)/2 is also a prime)
Now Alice chooses a large random number ‘a’ which is her private key. Similarly Bob chooses a private key ‘b’.
Now Alice computes A = ga mod p and sends it to Bob. Likewise Bob computes B = gb mod p.
Alice sends A to Bob and Bob send B to Alice.
Alice and Bob calculate k, k = Ba mod p, also k = Ab mod p.
Now both Alice and Bob both have the secret number k.
In practice we find the hash of this k and use it as key for symmetric ciphers like AES.

This is one of the most secure protocols out there if the initial number are chosen properly as the attacker world have to solve discrete log problem and there is no known efficient method to calculate it and that make this protocol as strong as RSA as solving discrete log is as hard as factorizing modulus in case of RSA.

Like RSA we can use Diffie-Hellman protocol to encrypt messages using public and private keys. Suppose Bob wants to send a message to Allice, he can encrypt it with Allice’s public key, i.e, g,p,g^a mod p. Bob chooses a number b and sends g^b mod p to Alice. Then he sends the message encrypted by symmetric key, (g^a)^b mod p. Only Alice can get the value of b and decrypt the message. But DH is rarely used for this purpose.

C. ELLIPTIC-CURVE CRYPTOGRAPHY

ECC or Elliptic-curve cryptography was proposed in 1985 by Neal Koblitz and Victor Miller. Elliptic curves have some peculiar characteristics which make them so useful.

The curve is non-singular(smooth)
A line between two points will always intersect at a third point.

This allows us to find a point in this curve starting from another point which has no relation with the starting point. So making it very difficult to reverse the path.

For generation of keys, we first choose a point P on the curve then we use the curve’s projective property and draw a line which is tangent to the starting point P, then find where it intersects the curve at a second point Pʹ. Afterwards, flip the axis and draw a line from that new point (2•P) through the starting point P and find the new intersection point Pʹʹ. Then flip the axis again and draw a line from that new point (3•P) through the starting point and find the new point of intersection Pʹʹʹ etc. (this mathematical operation is called point multiplication). We can repeat this process as many times as we want and get a point Q on the curve which has no relation with the original point P and can be defined as Q = n•P, where n is no of iterations.

The security lies in the fact that if we know starting point P and ending Point Q, we cannot calculate n. It turns out there is no known algorithm to find n. Basically you have to just keep adding P to itself and count how many times you have to do it in order to get to Q. This is easy for small n but for huge values of n, this becomes impossible. If the selection is truly random, it will take more time than the life of this universe to find any collision if you can try more than 250 billion billion possibilities a second (five times the peak of the bitcoin network) and you will need more energy than the energy required to evaporate the entire water on earth.

Because of this ECC is used by Bitcoin, Ethereum and many others. They use y² = x³+7 curve known as secp256k1 curve.

1.3 HYBRID CIPHER

A hybrid cipher integrates both symmetric and asymmetric ciphers. It functions using the public key cipher to share a key for symmetric cipher. One of the ultralight weight cryptographic hybrid cipher which shows the characteristics of both Block Cipher and Stream Cipher is Hummingbird. This hybrid structure make it the most suitable for the resource constrained devices .
As mentioned above, it does two two work at the same time. In the first part, it takes the benefit of having the properties of both symmetric and asymmetric techniques using ECC and AES algorithms . In part two, It uses XOR-Duel RSA as it is more robust and cannot be easily attacked . For data integrity MD5 hashing is used to be secure that the original data or text is not changed while communicating .

2 CRYPTOGRAPHIC ATTACKS

The basic intention of an attacker is to break a cryptosystem and to find the plaintext from the ciphertext by cracking down the ‘key’. To obtain the plaintext the attacker only needs to find out the secret decryption key, as the algorithm is already in public domain. Once the attacker is able to determine the key, the attacked system is considered as broken.

A. Bruteforce attacks

In Brute-force attacks hacker tries every possible character combination to find the ‘key’ to decrypt an encrypted message. Brute-force attacks may take a smaller amount of time for smaller keywords but it will take an immeasurable amount of time for larger keywords.Therefore it is not preferred in modern days encrypted system.

B. Cipher-only attack

In the ‘cipher-only’ attack the attacker knows the cipher-text of various messages which have been encrypted using the same encryption algorithm. The attacker tries to figure out the ‘key’ which can then be used to decrypt all messages.

C. Known-plaintext attack

In the ‘known-plaintext’ attack, the attacker knows some of the plain-text and the cipher-text. He then has to figure the ‘key’ by reverse engineering and he can decipher other messages which use the same ‘key’ and algorithm. It was popular for breaking ciphers used during the Second World War.

D. Chosen plaintext attack

The ‘chosen-plaintext’ attack is similar to the ‘known-plaintext’ attack, but here the attacker experiments by choosing his own plaintext (say choosing a word such as ‘cryptography’) for a ‘Vignere cipher’ and with the generated ciphertext he can figure the ‘key’.Once he figures the ‘key’ he can learn more about the whole encryption process and understand how the ‘key’ is being used.With this information, and the information can be stolen.

E. Chosen ciphertext attack

In the ‘chosen ciphertext’ attack, the attacker chooses a portion of the decrypted ciphertext. He then compares the decrypted ciphertext with the plaintext and figures out the key.

F. Differential cryptanalysis

This was a popular type of attack against block algorithms such as DES in 1990. The primary aim of this attack, as with other attacks, is finding the ‘key’. The attacker follows several messages of plaintext into their transformed ciphertext. He observes the changes form plaintext to the ciphertext and deduces the key.This is a type of ‘chosen-plaintext’ attack since the attacker chooses the plaintext to observe the transformation.

G. Linear cryptanalysis

In this attack the attacker carries out a “known-plaintext” attack against several messages which have been encrypted with the same key. This gives the attacker inforamtion to guess probability of particular key. If more messages are attacked, there is a higher possibility of finding the particular “key”.

H. Replay attacks

In a ‘replay attack’, the attacker captures some authentic information by sniffing or any other mode and re-submits it back to the receiver. This dupes the receiver and they give the attacker unauthorized access.

I. Man in Middle Attack (MIM)

The targets of this attack are mostly public key cryptosystems where key is exchanged before communication takes place.A hacker interepts the key being exchanged by acting as an middle man and the data are stolen.

Host A wants to communicate to host B, hence requests public key of B.
An attacker intercepts this request and sends his public key instead.
Thus, whatever host A sends to host B, the attacker is able to read.
In order to maintain communication, the attacker re-encrypts the data after reading with his public key and sends to B.
The attacker sends his public key as A’s public key so that B takes it as if it is taking it from A.

J. Dictionary Attack

This attack has many variants and in all the variant involve compiling a ‘dictionary’. In simplest method of this attack the attacker builds a dictionary of ciphertexts and corresponding plaintexts that he has learnt over time and when attacker gets the ciphertext, he refers the dictionary to find the corresponding plaintext.

3. PRIVACY

Privacy is the claim of individual , group , or institutions to determine for themselves when , how,and to what extend information about them is communicated to others.

THE WAYS TO PROTECT PRIVACY

There are the following basic ways to protect privacy :

Technology
Law
Markets
Yours choices as an individual

Technology- By creating spam filters and Asymmetric Key cryptography.

Law- the CAN-SPAM Act -Illegals to send commercial email with false headers -We can unsubscribe from the sender Markets-you choose an email provider that does a good job of reducing spam
Your choice you decided not to open that email with the unpleasant header

TYPE OF PRIVACY HARM

Major 4 categories of privacy harms are:

intrusions
information collection
information processing
information dissemination

1) INTRUSIONS

In this they come into your space and contact you or tell you want to do

Examples

unwanted email(spam)
unwanted phone calls etc.

2) INFORMATION COLLECTION

They watch you are doing , more than they should surveillance and interrogation Example of protections : with a warrant ,the government can wiretap or search your house. Having to get a warrant to get a warrant is a protection , though , against too much information collection.

3) INFORMATION PROCESSING

They have a lot of data and to do things with it

permission
Identification: they learn about your anonymous action
Data mining : they learn pattern ,to decide if you are a good customer or suspected terrorist
Exclusion : they decide you are not a good potential employee or customer

4) INFORMATION DISSEMINATION

They disclose data,perhaps more than we think they should

Breach of confidential: a doctor or lawyer discloses more than you wish
Transfer to third party: a company or government shares data about you to persons you don’t expect
Public disclosure of private facts: an intimate photo of you or disclosure of intimate facts
Disclosure of untrue facts : you can put in false light
Appropriation: they use for name or picture without your

FAIR INFORMATION PRACTICES

On general analysis we examine that five fair information have been developed to protect against these sort of privacy concern The five principal are:-

Notice /awareness
choice/consent
access/participation
integrity/security
enforcements/redress

1) NOTICE/AWARENESS

Individual visual need notice to make an informed choice about whether to provide information Who is collecting the data Uses for which for which the data will be used

Who will receive the data
The nature of the data and the means by which it is collected if not obvious
The steps taking to preserve confidentiality, integrity and quality of the data

2) CHOICE

Choice may apply to secondary uses uses beyond the original reason you provide your data
Sometimes the choice is opt in they wont share your data unless you say you want them to
HIPAA medical privacy rule-don’t share
sometimes choice is opt out they can share your data or contact you but you can tell them not to

3) ACCESS/PARTICIPATION

Individual in some instances can access the data held about them,and correct any inaccuracies

Fair credit reporting act
Privacy act

4) INTEGRITY/SECURITY

Data should be secure and accurate
Without security, can have good privacy policies but hackers gain entry
Without accuracy, wrong decision are made about individuals
We should expect reasonable technical, physical and administrative measures

5) ENFORCEMENTS/REDRESS

THERE IS GREAT VARIETY IN THE WAYS THAT PRIVACY PRINCIPLES ARE ENFORCED

Increasingly, companies and government agencies have Privacy Professionals to comply with their privacy promises
Companies can be fined if they break the promise of privacy .
For some kind so data ( medical , financial , stored communication),there is additional
Enforcement by individual or government agencies.

WHATSAPP NEW PRIVACY POLICY

According to new privacy policy the data will still remain end to end encrypted while sharing data to an individual. The data which WhatsApp will going to share is the system hardware ,system software , operating system , signal , time , IP address , profile , status , name and contacts. WhatsApp will give the data not only Facebook but other Facebook associated third party apps. The end-to-end encryption will not be provided for the business accounts they can fetch the data to share with Facebook and other Facebook associated third party apps.

CONCLUSION

This paper mainly tells about the study of Symmetric, Asymmetric key encryption, Attacks on these encryptions, Privacy and some commonly used algorithms like AES, DES,RSA,ECC etc. Security plays an indispensable role in Internet and networking applications. Information security plays a very crucial role in the aspect of data transfer. The best way to give security to our information is Cryptography. Depending on the communication and channel we have to choose the best algorithm from above. Nowadays both Symmetric and Asymmetric key encryption play a major role in Network Security. Here we even learned different types of Cryptographic attacks. We got to know many types of attacks and how they are work. Privacy has attracted the attention of internet users due to the increase in privacy breach incidents with time. Most of the breaches are due to inadequate security measures. Some of the ways to protect our privacy are discussed above. Those will help internet users have a better understanding of what will be required to protect from unauthorized intrusions and minimize the risk of being a victim of privacy breaches, information security continually evolves new issues and concerns as technology change.

REFERENCES

Himani Agrawal and Monisha Sharma, “Implementation and analysis of various Symmetric Cryptosystems”, Indian Journal of science and Technology Vol.3, No.12, 2012.
Tingyuan Nie, and Teng Zhang ,”A Study of DES and Blowfish Encryption Algorithm”, IEEE, 2009.
W. Stallings, Cryptography and Network Security Principles and Practices Fourth Edition, Pearson Education, Prentice Hall, 2009
”File Encryption and Decryption Using Secure RSA”, Rajan.S. Jamgekar, GeetaShantanu Joshi, International Journal of Emerging Science and Engineering (IJESE)ISSN: 2319–6378, Vol.1, No.4, 2013.
Manoj Kumar Pandey, et.all., “Survey Paper: Cryptography The art of Hiding Information”, International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), ISSN: 2278 – 1323, Vol.2, No.12, 2013.
“ElGamal Digital Signature Algorithm of Adding a Random Number”, Xiaofei Li, Xuanjing Shen and Haipeng Chen, College of Computer Science and Technology, Jilin University, Changchun, China, Journal Of Networks, Vol.6, No.5, 2011.

Knowledge Representation in Sanskrit and Artificial Intelligence

Mon, 25 Jan 2021 22:12:03 GMT

The SPIRIT of Rick Briggs was upon President Ram Nath Kovind at the conference of the Shri Lal Bahadur Shastri Rashtriya Sanskrit Vidyapeetha, where he said Sanskrit is the most fitting language for composing calculations, and for AI and man-made brainpower. He resuscitated a nationalist legend that refuses to die, and it is strengthened by every iteration.

Oh, and here’s the thesis. Have a look Knowledge Representation in Sanskrit and Artificial Intelligence.

Artificial intelligence has already started making great promises in vast areas of science, agriculture and manufacturing. This emerging period of partnerships between humans, machines and artificial intelligence brings with it the recent rise of opportunities. Day-to-Day engineering may be seen as one with artificial intelligence and the justifiable, standard, and reasonable use of military technology to accomplish organization success.

Rick Briggs gives a brief history of Sanskrit language practitioners such as Panini, Kaundabhatta, Bhattoji Dikshita and Nagesha. Panni, who lived in the middle of the 4th century BCE, laid a solid foundation for the Sanskrit grammar. Panini’s successors like Bartrhari gave rise to algebraic grammar and tried to improve themselves. During the 16th century Kaundabhatta and Buttoji Dikshita provided new information on the existing grammar through their publication of the Vaiyakarana-bhusanasara by Bapttoji Dikshita. Similarly during the 17th century Nagesha gave language to his great work at Vaiyakaranasiddhantamanjusa, or the Treasurer of the descriptive statements of the linguists. The author sets out these linguistic frameworks and makes a strong point that Sanskrit is not only a spoken language but has its own scientific and mathematical backbone.

During the late 1980’s and 1990’s, a whole new approach to Artificial Intelligence was began when Rick Briggs, an associate scientist from NASA published an article entitled “Knowledge Representation with Sanskrit and Artificial Intelligence”. In the past forty years , much effort , money and time is spent for representing and designing a language which can be accessible to computer processing.

He also explained the purpose of the paper was to show that native language can serve as an artificial language as well, and that much of the work in Artificial Intelligence (AI) has restored the millennial wheel. It is important to understand that people and computers understand different languages. “Natural Languages” are languages understood by people such as English, Hindi and even Sanskrit. On the other hand, “Mechanical / Programming Languages” includes Lisp or C or Prolog or Python. The main purpose of him at that time was to reach a point where computers understood “natural languages”.

Rick Briggs also refers towards the difficulty that an artificial intelligence would have in understanding the true meaning of the words and understanding the emotions behind those words. In this thesis, he also gave a solution for the above problem by using natural language i.e. Sanskrit. Sanskrit was always been an important language before intellectual communities. Despite its ancient origin, the language has some amazing properties that can be considered helpful in different fields of research. When Rick Briggs published this journal stressing the involvement of Sanskrit in AI, is really a honour proving its power for being a valuable course of literature.

Before reading this thesis, First question which encountered me was “how a language like Sanskrit can pay a way towards the future of Artificial Intelligence At first, I considered the language Sanskrit to be a sacred and religious language. So I tried to understand more about it and how it can be an advantage over Artificial Intelligence. As Sanskrit is a language which is followed over hundreds and thousands of years, I tried to bow my head into the ocean of Sanskrit and realised that it’s a language which is actually easy to be followed and understand for machine with AI. Writing algorithms using Sanskrit is actually easy compared to other languages because of its strict rules and valued grammars .I would also like to mention what Francis Sullivan stated about algorithms,

“Algorithms are the poetry of computation. Just like verse, they can be terse, allusive, dense, and even mysterious. But once unlocked, they cast a brilliant new light on some aspect of computing.”

I would say that the rules of the Sanskrit system equate this definition with tea. Lets just take an example which he used primarily to make us understand about the above mentioned difficulty and also why the use of natural language in the field of AI is recommended. Sentence “That’s exactly what I needed today!” can be interpreted and expressed in different senses. In one instance a fine and happy individual finding some lost things which is closer to his heart that had been lost for some amount of time could be cheered up or excited from the situation. And exclaim this moment of triumph was exactly what their day needed to be happy. On the other hand , a disgruntled individual or a student having a rough day could accidently worsen the situation by slipping on a banana peel and sarcastically exclaim that this further exasperation was exactly what he needed today. This sentence could be interpreted as a man expressing that slipping on a banana peel made his bad day worse.

The above problem can be minimised by using natural language. The grammar of Sanskrit is structured in such a way that its is formula bound, logical and rule-bound, which makes it highly appropriate for writing algorithms. Sanskrit has a rich history and was used in early Indian mathematics and Vedic science. The structured grammar also make Sanskrit suitable for ML and even artificial intelligence.

Rick Briggs, in his thesis, challenged that belief by gaining attention to this fact that there has existed at least one language Sanskrit, even though in theory, be used in the form of an artificial language. The logical structure it had mapped the representation of knowledge scheme perfectly.

The first idea was to use a standard representation system using Semantic Nets was developed, followed by the framework of the ancient Grammar method of analyzing sentences. Eventually, the exact similarities between the two will be struck, and the implementation of the same doctrine will be given.

Consider the sentence “Out of friendship, Maitra cooks rice for Devadatta in a pot over a fire”

The triples corresponding to the net are:

cause, event, friendship
friendship, object_1, Devadatta
friendship, object_2, Maitra
cause, result, cook
cook, agent, Maitra
cook, recipient, Devadatta
cook, instrument, fire
cook, object, rice
cook, on-lot, pot.

The sentence in the Indian analysis is rendered as follows: The Agent is represented by “Maitra”, the instrument by “fire”, the Object by “rice”,” the cause by “friendship” (between Maitra and Devadatta), the Recipient by “Devadatta” and the Locality by “pot.”

Since all these syntactic structures represent the actions auxiliary to the action “cook,” we can write its sentence representation;

cook, agent, Maitra
cook, object, rice
cook, instrument, fire
cook, recipient, Devadatta
cook, because-of, friendship
friendship, Maitra, Devadatta
cook, locality, pot.

A comparison of these analyses shows that the Sanskrit sentence when arranged ,it is similar to the analysis reached using computerized analysis. That is quite surprising, since the Sanskrit sentence formed is very different from that of English. The sentence translated to Sanskrit is given below for comparison:

मैत्रः  सौहर्द्यत  देवदत्ताय  ओदनं  घटे  अग्निना  पचति 
( Maitrah: sauhardyat Devadattaya odanam ghate agnina pacati) .

The wording order in Sanskrit is usually less important than style, and Sanskrit theologians paid little attention to it. That language is well suited to a method that removes syntax and generates basically a list of semantic messages associated with karakas.

Conclution

This thesis is a wonderful theoretical representation for depicting the advantage of Sanskrit over other linguistic language in the field of Artificial Intelligence . This study honours the ancient Indo-Aryan language , Sanskrit. If a scientist is successful in his study, it would be good to see a machine programmed in a natural language and communicate in Sanskrit.

Indian President Shri Ram Nath Kovind also addressed in the 17th Shri Lal Bahadur Shastri Rashtriya Sanskrit Vidyapeetha conference held at New Delhi on Sanskrit communications and Artificial Intelligence.

I have done a lot of research over the internet to find some interesting works related to this topic, and surprisingly, Even after continuous research done by different scientists there are no other works in related fields attributed to this name. Research has been done for more than 20 years at NASA. However, NASA has not issued any official statement on the study. Hoping that our generation would take this idea.

This thesis is recommended to all those young computer scientists. It has the potential to lit a fire in their progress as well as in the field of AI.

References

Briggs, R. November 1985. Knowledge representation in Sanskrit and artificial intelligence. RIACS, NASA Ames Research Centre, Moffet Field, California 94305,.AEEE.
https://www.aaai.org/ojs/index.php/aimagazine/article/view/466
Ramaswamy, Vanitha. 1990., Some concepts of sanskrit grammar and their application to computers. https://shodhganga.inflibnet.ac.in/handle/10603/172376