Transposition Encryption

CyberCash
VeriSign
Key distribution center
Zombie
Blind carbon copy & Carbon copy
Modem
E-Mail

Explain: Transposition Encryption

In classical cryptography, a transposition cipher changes one character from the
plaintext to another (to decrypt the reverse is done). That is, the order of the
characters is changed. Mathematically a bijective function is used on the characters'
positions to encrypt and an inverse function to decrypt.
In the transposition ciphers (methods of encryption) we don't change the data
itself but only change its order.

Types of transposition:

Single columnar transposition

One of the easiest ways to achieve transposition is the Single Columnar Transposition
Cipher. To use it, one needs a keyword or phrase, whose letters are numbered according
to their presence in the alphabet.

Double columnar transposition

Double columnar transposition is similar to single columnar transposition, but the process
is repeated twice. One either uses the same keyword both times or, preferably, a different
one on the second occasion.

Grilles
Another way to achieve transposition is by means of a so called Grille. A grille usually
consists of a square piece of cardboard with cut-out apertures. The grille is placed on a
piece of paper, and the corners of the grille are marked on the paper. Then, the plaintext
is written, letter by letter in the apertures of the grille. When the last aperture is reached,
the grille is turned 90 degrees, and the process continued.

CyberCash
CyberCash’s Secure Internet Credit Card Service delivers a safe, real-time solution for
merchant processing of credit card payments over the Internet. The Credit Card Service
lets any consumer with a valid credit card buy from any CyberCash enabled merchant.
Designed to integrate fully with existing transaction processing systems used by banks
and other financial institutions, the service provides automated and instantaneous
authentication, enabling order processing to traverse the Internet 24 hours a day, 7 days a
week.

Consumers Benefits:

• Safe, private and easy to use. Protected by the highest allowed levels of Internet
encryption with assured authentication.
• Use existing Visa, MasterCard, American Express or Discover. No special credit
cards are necessary.
• Complete on-line payments

Merchant Benefits:

• Real-time authorization and settlement

• Receive payments instantly and secure
• No need to maintain expensive phone or fax operations
• Open 24 hours a day

VeriSign
VeriSign, Inc. (NASDAQ: VRSN) is an American company based in Mountain View,
California that operates a diverse array of network infrastructure, including two of the
Internet's thirteen root nameservers, the generic top-level domains for .com and .net, one
of the largest SS7 signaling networks in North America, and the RFID directory for
EPCGlobal. VeriSign also provides a variety of security and telecom services ranging
from digital certificates, payments processing, and managed firewalls to mobile call
roaming, toll-free call database queries and downloadable digital content for mobile
devices. The company groups all of these functions under the banner of 'intelligent
infrastructure' services.
The company's former payment processing service was sold to eBay in 2005.[1]

VeriSign, Inc. (Nasdaq: VRSN) is the trusted provider of Internet infrastructure services
for the networked world. Billions of times each day, our SSL, identity and authentication,
and domain name services allow companies and consumers all over the world to engage
in trusted communications and commerce.

Key distribution center

In cryptography, a key distribution center (KDC) is part of a cryptosystem intended to
reduce the risks inherent in exchanging keys. KDCs often operate in systems within
which some users may have permission to use certain services at some times and not at
others.

A typical operation with a KDC involves a request from a user to use some service. The
KDC will use cryptographic techniques to authenticate requesting users as themselves. It
will also check whether an individual user has the right to access the service requested. If
the authenticated user meets all prescribed conditions, the KDC can issue a ticket
permitting access.

KDCs mostly operate with symmetric encryption.

In most (but not all) cases the KDC shares a key with each of all the other parties.

The KDC produces a ticket based on a server key.

The client receives the ticket and submits it to the appropriate server.

] Benefits
• Easier key distribution
• Scalability- In telecommunications and software engineering, scalability is a
desirable property of a system, a network, or a process, which indicates its ability
to either handle growing amounts of work in a graceful manner, or to be readily
enlarged.[1] For example, it can refer to the capability of a system to increase total
throughput under an increased load when resources

Drawbacks
• A KDC can become a single point of failure- A Single Point of Failure, (SPOF),
is a part of a system which, if it fails, will stop the entire system from working [1].
They are undesirable in any system whose goal is high availability, be it a
network, software application or other industrial system.
• Everybody must trust the KDC
Zombie

A zombie computer (often shortened as zombie) is a computer attached to the Internet

that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a
compromised machine is only one of many in a botnet, and will be used to perform
malicious tasks of one sort or another under remote direction. Most owners of zombie
computers are unaware that their system is being used in this way. Because the owner
tends to be unaware, these computers are metaphorically compared to zombies.

(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or
trojan (6) Mail servers (7) Users (8) Web traffic

Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–
80% of all spam worldwide was sent by zombie computers.[1] This allows spammers to
avoid detection and presumably reduces their bandwidth costs, since the owners of
zombies pay for their own bandwidth. This spam also greatly furthers the spread of
Trojan horses; as Trojans are not self-replicating like viruses or worms, they rely on the
movement of e-mails or spam to grow.[2]

For similar reasons zombies are also used to commit click fraud against sites displaying
pay per click advertising. Others can host phishing or money mule recruiting websites.

Zombies can be used to conduct distributed denial-of-service attacks, a term which refers
to the orchestrated flooding of target websites by armies of zombie computers. The large
number of Internet users making simultaneous requests of a website's server are intended
to result in crashing and the prevention of legitimate users from accessing the site.[3] A
variant of this type of flooding is known as distributed degradation-of-service.
Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and
periodical flooding of websites, done with the intent of slowing down rather than
crashing a victim site. The effectiveness of this tactic springs from the fact that intense
flooding can be quickly detected and remedied, but pulsing zombie attacks and the
resulting slow-down in website access can go unnoticed for months and even years.[4]

Online criminals can use a virus to take control of large numbers of computers at a time,
and turn them into "zombies" that can work together as a powerful "botnet" to perform
malicious tasks.

Botnets, which can include as many as 100,000 individual "zombie" computers, can
distribute spam e-mail, spread viruses, attack other computers and servers, and commit
other kinds of crime and fraud.

Botnets are highly valued by online criminals, and have become a serious problem on the
Internet.

How to tell if your computer has been infected

A virus that makes your computer into a zombie might cause your computer to slow
down, display mysterious messages, or work in an unexpected manner.

These viruses usually do not disable your computer, because zombie computers must be
plugged in and connected to the Internet in order for the botnet to work.

Blind carbon copy

In the context of e-mail, blind carbon copy (abbreviated Bcc: and sometimes referred to
as blind courtesy copy or blank carbon copy[citation needed]) refers to the practice of sending
a message to multiple recipients in such a way that what they receive does not contain the
complete list of recipients.

While now associated almost exclusively with e-mail and other electronic messaging, the
term originates with typewritten documents. In a now-rare practice, a typist produces
multiple copies of a document by alternating one or more layers of carbon paper between
sheets of blank paper. When the typewriter letter strikes the paper, the carbon transfers to
the paper, producing a copy. In some circumstances, the typist must ensure that multiple
recipients of such a document not see the names of other recipients. To achieve this, the
typist can:
 • Add the names in a second step to each copy, without carbon paper
• Set the ribbon to not strike the paper, which leaves names off the top copy (but
may leave letter impressions on the paper)

To specify recipients, an e-mail message may contain addresses in any of these three
fields:

• To: Primary recipients

• Cc: Carbon copy to secondary recipients—other interested parties
• Bcc: Blind carbon copy to recipients who receive the message without others,
including the To: and Cc: recipients, seeing who else received it

It is common practice to use the Bcc: field when addressing a very long list of recipients,
or a list of recipients that should not (necessarily) know each other

Carbon copy
In e-mail, the abbreviation CC indicates secondary recipients of a message: those who
are to receive a copy of a message directed to another. The list of CCed recipients is
visible to all other recipients of the message. An additional BCC (blind carbon copy)
field is available for hidden notification; recipients listed in the BCC field receive a copy
of the message but are not shown on any other recipient's copy (including other BCC
recipients).

In common usage, To field recipients are the primary audience of the message, CC field
recipients are others whom the author wishes to publicly inform of the message, and
BCC field recipients are those surreptitiously being informed of the communication.[

Modem
\
Modem (from modulator-demodulator) is a device that modulates an analog carrier
signal to encode digital information, and also demodulates such a carrier signal to decode
the transmitted information. The goal is to produce a signal that can be transmitted easily
and decoded to reproduce the original digital data. Modems can be used over any means
of transmitting analog signals, from driven diodes to radio. Dial-up modems might be
slow but they are not going away any time soon. It’s the only kind of Internet connection
you can get on the road. Additionally, it is the only service financially available to many.

Refers to connecting a device to a network via a modem and a public telephone network.
Dial-up access is really just like a phone connection, except that the parties at the two
ends are computer devices rather than people. Because dial-up access uses normal
telephone lines, the quality of the connection is not always good and data rates are
limited. In the past, the maximum data rate with dial-up access was 56 Kbps (56,000 bits
per second), but new technologies such as ISDN are providing faster rates.

E-Mail

SMTP's strength comes primarily from its simplicity. Experience with

many protocols has shown that: protocols with few options tend
towards ubiquity, whilst protocols with many options tend towards
obscurity.

- Marshall Rose; SMTP Service Extensions; RFC 1425; February

1993.

Email servers exchange email with the Simple Mail Transfer Protocol (SMTP). Each
Internet domain has a corresponding email server. When you send email, your client
application first sends it to your email server, which then contacts the addressee's
email server and carries out a conversation over the Internet according to the rules
defined by SMTP. Your email server asks the other email server if the user name is
valid, and, if it is, transfers the email, where the receiving email server stores it until
the addressee logs on and downloads it.

By far the most common SMTP server in use is the venerable sendmail system, first
distributed for free with the Unix operating system.

The list of commands that can be exchanged during an SMTP session between two
email servers are listed below. The first command of an SMTP conversation must be
the HELO command. A mail transaction is begun with the MAIL command. The last
command in a session must be the QUIT command..

Command Expanded Command

DATA DATA

EXPN EXPAND

HELO HELLO

HELP HELP

MAIL MAIL

NOOP NOOP
QUIT QUIT

RCPT RECIPIENT

RSET RESET

VRFY VERIFY