CH-5 SECURITY AND FUTURE OF IOT ECOSYSTEM

IT security is a set of cyber security strategies that prevents unauthorized access to

organizational assets such as computers, networks, and data. It maintains the integrity and
confidentiality of sensitive information, blocking the access of sophisticated hackers.
Cyber security
Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.
Cyber security is the practice of protecting critical systems and sensitive information from
digital attacks. Also known as information technology (IT) security. Cyber
security measures are designed to combat (fight) threats against networked systems and
applications, whether those threats originate from inside or outside of an organization. It
aims to reduce the risk of Cyber attacks and protect against the unauthorised exploitation
of systems, networks and technologies.

Securing your PC

Computer has become an essential part of our daily lives. You get almost everything
done online via PC or laptop. You can secure your PC from virus in the following ways:

1. Creating strong and unique password

Password is the most common form of computer security. Passwords give the first line of
protection against any unauthorised access to your computer. Never use default
password and make sure that each strong password uses a mix upper or lower case
letters, numbers and special characters. The stronger your password more protected
your computer is from hackers and malicious software.

2. Keep windows and devices updated

Choose an operating system based on its security and vulnerability. Make sure you
update your Operating System with security updates. Windows has a built-in firewall that
protects your PC from unwanted attention via the internet. Also make sure to check
manufacture’s websites regularly to see if patches have been released. Manufacturers
issue patches and updates for vulnerabilities as they are discovered. If you find any,
update your device. Rather you should enable automatic updates, it is necessary as this
is the way new security patches are installed on your devices.

3. Use 2FA

Two factor authentication (2 FA) is another protective layer of security that requires the
user to enter one time code after entering their password. So if you have, you must use it
in your device.
4. Install, update and use antivirus software

Install antivirus software, which detects malicious programs like ransomware, virus etc.
as they arrive and prevents unauthorized application from executing.

5. Encrypt your connection to the internet

One of the best encryption tools is VPN (virtual private network). VPN encrypts your
internet connection and keeps your online activities safe; by using a VPN, you ensure
that your laptop or computer is safe while connecting to the internet.

Securing your mobile

1. Protect your device physically by choosing a strong password, using the auto lock
features, and by not sharing your device with others. Password become weak links when
they are shared among colleagues, stolen, written down or created in such a way that
they can be easily guessed. For example, user will try to create memorable password by
using their name, DOB, or socially security numbers.

2. Keep your data secure by a regularly backing up and sensing, staying up to date with
patches and doing operating system updates, and not overriding any software or security
features.

3. Safeguard your personally identifiable information (PII) like social security numbers,
passwords, and account numbers. Do not share this information via text; make sure any
mobile shopping or banking is done over a secure connection, and disable geotagging.

4. Protect your device from malware by being cautions about installing apps.

5. Try to use private data connection and switch off Wi-Fi on your mobile phone
whenever you are in public place.

NEED OF SECURITY IN IOT

Hardware, software and connectivity will all need to be secure for IoT objects to work
effectively. Without security for IoT, any connected object, from refrigerators to
manufacturing bots, can be hacked. Once hackers gain control, they can usurp the
object’s functionality and steal the user’s digital data.

There are critical vulnerabilities and security loopholes found in IoT solutions which could
be control by hackers to carry out number of criminal activities including monitoring live
feeds, changing device settings and authorizing other users to remotely view and control
devices.

Wearable’s also can become a source of threat to your privacy, as hackers can use the
motion sensors embedded in smart watches to steal information you’re typing or they can
gather health data from smart watch apps or health tracker devices you might be using.
Organization transmit sensitive data across network and other devices, cyber security to
protect that information and the systems used to process or store it.

The IoT allows billions of devices, peoples and services to connect with others and
exchange information. Due to the increased usage of IoT devices, the IoT networks are
prone to various security attacks. The deployment of efficient security and privacy
protocols in IoT networks is extremely needed to ensure Confidentiality, Integrity and
Availability. These 3 goals from the CIA triad, the basis of all security programs.

1. Confidentiality

Confidentiality involves the efforts of an organization to make sure data is kept secret or
private. To accomplish this, access to information must be controlled to prevent the
unauthorized sharing of data—whether intentional or accidental. A key component of
maintaining confidentiality is making sure that people without proper authorization are
prevented from accessing assets important to your business. Conversely, an effective
system also ensures that those who need to have access have the necessary privileges.

To fight against confidentiality breaches, you can classify and label restricted data,
enable access control policies, encrypt data, and use multi-factor authentication (MFA)
systems. It is also advisable to ensure that all in the organization have the training and
knowledge they need to recognize the dangers and avoid them.

2. Integrity

Integrity involves making sure your data is trustworthy and free from tampering. The
integrity of your data is maintained only if the data is authentic, accurate, and reliable.

For example, if your company provides information about senior managers on your
website, this information needs to have integrity. If it is inaccurate, those visiting the
website for information may feel your organization is not trustworthy. Someone with a
vested interest in damaging the reputation of your organization may try to hack your
website and alter the descriptions, photographs, or titles of the executives to hurt their
reputation or that of the company as a whole.

To protect the integrity of your data, you can use hashing, encryption, digital certificates,
or digital signatures. For websites, you can employ trustworthy certificate authorities
(CAs) that verify the authenticity of your website so visitors know they are getting the site
they intended to visit.

3. Availability

Even if data is kept confidential and its integrity maintained, it is often useless unless it is
available to those in the organization and the customers they serve. This means that
systems, networks, and applications must be functioning as they should and when they
should. Also, individuals with access to specific information must be able to consume it
when they need to, and getting to the data should not take an inordinate amount of time.

To ensure availability, organizations can use redundant networks, servers, and

applications. These can be programmed to become available when the primary system
has been disrupted or broken. You can also enhance availability by staying on top of
upgrades to software packages and security systems.
 Types of Cyber Attacks
A cyber-attack is an exploitation of computer systems and networks. It uses malicious code
to alter computer code, logic or data and lead to cybercrimes, such as information and
identity theft.

We are living in a digital era. Now a day, most of the people use computer and internet.
Due to the dependency on digital things, the illegal computer activity is growing and
changing like any type of crime.

Cyber-attacks can be classified into the following categories:

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the
important web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attackers computer or any other computer. The DNS spoofing attacks can go
on for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.

4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and
personal identification number. This attack may be used by criminals to crack encrypted
data, or by security, analysts to test an organization's network security.

6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users.
It accomplishes this by flooding the target with traffic or sending it information that triggers
a crash. It uses the single system and single internet connection to attack a server. It can
be classified into the following-

System-based attacks

These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates
by inserting copies of itself into other computer programs when executed. It can also
execute instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will
run in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting
or other purposes.

5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chat room bots,
and malicious bots.

IoT AND CYBER SECURITY CHALLENGES

1. Ransomware

Ransomware is a type of malicious software (malware) that threatens to publish or blocks

access to data or a computer system, usually by encrypting it, until the victim pays a
ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If
the victim doesn’t pay in time, the data is gone forever or the ransom increases.

Ransomware attacks are all too common these days. Major companies in North America
and Europe alike have fallen victim to it. Cybercriminals will attack any consumer or any
business and victims come from all industries.

The two most prevalent types of ransomware are encryptors and screen lockers.
Encryptors, as the name implies, encrypt data on a system, making the content useless
without the decryption key. Screen lockers, on the other hand, simply block access to the
system with a “lock” screen, asserting that the system is encrypted.

Victims are often notified on a lock screen (common to both encryptors and screen
lockers) to purchase a cryptocurrency, like Bitcoin, to pay the ransom fee. Once the
ransom is paid, customers receive the decryption key and may attempt to decrypt files.
Decryption is not guaranteed, as multiple sources report varying degrees of success with
decryption after paying ransoms. Sometimes victims never receive the keys. Some
attacks install malware on the computer system even after the ransom is paid and the
data is released.

2. Blockchain

Blockchain is a system of recording information in a way that makes it difficult

or impossible to change, hack, or cheat the system.it was invented by a person
using the name ‘satoshi nakamoto’ in 2008 to serve as the public transaction
ledger of the crypto currency bitcoin.

Blockchain technology is a structure that stores transactional records, also known as the
block, of the public in several databases, known as the “chain,” in a network connected
through peer-to-peer nodes. Typically, this storage is referred to as a ‘digital ledger.’

A blockchain is essentially a digital ledger of transactions that is duplicated and

distributed across the entire network of computer systems on the blockchain.
Each block in the chain contains a number of transactions, and every tim e a
new transaction occurs on the blockchain, a record of that transaction is added
to every participant’s ledger. The decentralised database managed by multiple
participants is known as Distributed Ledger Technology (DLT).

Blockchain is a type of DLT in which transactions are recorded with an

immutable cryptographic signature called a hash. This means if one block in one
chain was changed, it would be immediately apparent it had been tampered
with. If hackers wanted to corrupt a blockchain system, they wou ld have to
change every block in the chain, across all of the distributed versions of the
chain.

How Does Blockchain Technology Work?

In recent years, you may have noticed many businesses around the world integrating
Blockchain technology. But how exactly does Blockchain technology work? Is this a
significant change or a simple addition? The advancements of Blockchain are still young
and have the potential to be revolutionary in the future; so, let’s begin demystifying this
technology.

Blockchain is a combination of three leading technologies:

1. Cryptographic keys
2. A peer-to-peer network containing a shared ledger
3. A means of computing, to store the transactions and records of the network
Cryptography keys consist of two keys – Private key and Public key. These keys help in
performing successful transactions between two parties. Each individual has these two
keys, which they use to produce a secure digital identity reference. This secured identity
is the most important aspect of Blockchain technology. In the world of crypto currency,
this identity is referred to as ‘digital signature’ and is used for authorizing and controlling
transactions.

The digital signature is merged with the peer-to-peer network; a large number of
individuals who act as authorities use the digital signature in order to reach a consensus
on transactions, among other issues. When they authorize a deal, it is certified by a
mathematical verification, which results in a successful secured transaction between the
two network-connected parties. So to sum it up, Blockchain users employ cryptography
keys to perform different types of digital interactions over the peer-to-peer network.

The Process of Transaction

One of Blockchain technology’s cardinal features is the way it confirms and authorizes
transactions. For example, if two individuals wish to perform a transaction with a private
and public key, respectively, the first person party would attach the transaction
information to the public key of the second party. This total information is gathered
together into a block.

The block contains a digital signature, a timestamp, and other important, relevant
information. It should be noted that the block doesn’t include the identities of the
individuals involved in the transaction. This block is then transmitted across all of the
network's nodes, and when the right individual uses his private key and matches it with
the block, the transaction gets completed successfully.

In addition to conducting financial transactions, the Blockchain can also hold

transactional details of properties, vehicles, etc.

Here’s a use case that illustrates how Blockchain works:

• Hash Encryptions

Blockchain technology uses hash encryption to secure the data, relying mainly on the
SHA256 algorithm to secure the information. The address of the sender (public key), the
receiver’s address, the transaction, and his/her private key details are transmitted via
the SHA256 algorithm. The encrypted information, called hash encryption, is transmitted
across the world and added to the Blockchain after verification. The SHA256 algorithm
makes it almost impossible to hack the hash encryption, which in turn simplifies the
sender and receiver’s authentication.

Mining

In Blockchain technology, the process of adding transactional details to the present

digital/public ledger is called ‘mining.’

The Three Pillars of Blockchain Technology

The three main properties of Blockchain Technology which have helped it gain widespread
acclaim are as follows:
• Decentralization

• Transparency

• Immutability
•
Pillar #1: Decentralization
Before Bitcoin and Bit Torrent came along, we were more used to centralized services.
The idea is very simple. You have a centralized entity that stored all the data and you’d
have to interact solely with this entity to get whatever information you required.
Another example of a centralized system is the banks. They store all your money, and the
only way that you can pay someone is by going through the bank.
When you Google search for something, you send a query to the server who then gets
back at you with the relevant information. That is a simple client-server.
Now, centralized systems have treated us well for many years, however, they have several
vulnerabilities.
• Firstly, because they are centralized, all the data is stored in one spot. This makes
them easy target spots for potential hackers.
• If the centralized system were to go through a software upgrade, it would halt the
entire system

• What if the centralized entity somehow shuts down for whatever reason? That way
nobody will be able to access the information that it possesses

• Worst case scenario, what if this entity gets corrupted and malicious? If that happens
then all the data that is inside the blockchain will be compromised.

Pillar #2: Transparency

One of the most interesting and misunderstood concepts in blockchain is
“transparency.” Some people say that blockchain gives you privacy while some say
that it is transparent.

A person’s identity is hidden via complex cryptography and represented only by their
public address. So, if you were to look up a person’s transaction history, you will not see
“Bob sent 1 BTC” instead you will see

“1MF1bhsFLkBzzz9vpFYEmvwT2TbyCt7NZJ sent 1 BTC”.

So, even, the person’s identity is a secret, all their transaction that were done by their
public address are transparent.

Pillar #3: Immutability

Immutability, in the context of the blockchain, means that once something has been
entered into the blockchain, it cannot be tampered with.
In simple terms, hashing means taking an input string of any length and giving out an
output of a fixed length. In the context of crypto currencies like bitcoin, the transactions are
taken as input and run through a hashing algorithm (Bitcoin uses SHA-256) which gives
an output of a fixed length.
Let’s see how the hashing process works. We are going to put in certain inputs. For this
exercise, we are going to use the SHA-256 (Secure Hashing Algorithm 256).

As you can see, in the case of SHA-256, no matter how big or small your input is, the
output will always have a fixed 256-bits length. This becomes critical when you are dealing
with a huge amount of data and transactions. So basically, instead of remembering the
input data which could be huge, you can just remember the hash and keep track.
Features of Blockchain

Each block consists of a number of transactions and each transaction is recorded in the
form of Hash. Hash is a unique address assigned to each block during its creation and
any further modification in the block will lead to a change in its hash.
A block has mainly 3 parts:
1. Data/Information part- contain the information of the transaction incurred
2. Hash- Unique ID of block
3. Previous Hash- Hash of previous block

Since in a Blockchain, every block has the hash of its previous block, therefore if
anyone tries to temper with the data in some block then the hash of the block will be
changed. So he will have to change the ‘Previous hash’ of next block. In doing so, the
present hash of the next block will also change. Eventually the intruder will have to
change the hashes of every block in the Blockchain which is not easy at all. Hence, the
data in the Blockchain is temper proof and maintains its authenticity.

What is Bitcoin?

Bitcoin, often described as a cryptocurrency, a virtual currency or a digital currency - is a

type of money that is completely virtual.

It's like an online version of cash. You can use it to buy products and services, but not
many shops accept Bitcoin yet and some countries have banned it altogether. Each
Bitcoin is basically a computer file which is stored in a 'digital wallet' app on a
smartphone or computer.

People can send Bitcoins (or part of one) to your digital wallet, and you can send Bitcoins
to other people.

Every single transaction is recorded in a public list called the blockchain.

Security attacks
Active and Passive Attacks are security attacks. In Active attack, an attacker tries to modify
the content of the messages. Whereas in Passive attack, an attacker observes the
messages, copy them and may use them for malicious purposes.
Following are the important differences between Active Attack and Passive Attack.
 Sr. Key Active Attack Passive Attack
No.

Modification In Active Attack, In Passive Attack,

1 information is modified. information remain
unchanged.

Dangerous Active Attack is dangerous Passive Attack is

2 For for Integrity as well as dangerous for
Availability. Confidentiality.

Attention Attention is to be paid on Attention is to be paid on

3
detection. prevention.

Impact on In Active Attack, system is In Passive Attack, system

4
System damaged. has no impact.

Victim Victim gets informed in Victim does not get

5
active attack. informed in passive attack.

System System Resources can be System Resources are not

6
Resources changed in active attack. changed in passive attack.

Active attacks: An Active attack attempts to alter system resources or affect their operations.
Active attacks involve some modification of the data stream or the creation of false statements.
Types of active attacks are as follows:
• Masquerade
• Modification of messages
• Repudiation
• Replay
• Denial of Service

1. Masquerade –
A masquerade attack takes place when one entity pretends to be a different entity. A
Masquerade attack involves one of the other forms of active attacks. If an authorization
procedure isn’t always absolutely protected, it is able to grow to be extraordinarily liable
to a masquerade assault. Masquerade assaults may be performed using the stolen
passwords and logins, with the aid of using finding gaps in programs, or with the aid of
using locating a manner across the authentication process.
2 Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorized effect. Modification is an attack on the integrity of
the original data. It basically means that unauthorized parties not only gain access to data
but also spoof the data by triggering denial-of-service attacks, such as altering
transmitted data packets or flooding the network with fake data. Manufacturing is an
attack on authentication. For example, a message meaning “Allow JOHN to read
confidential file X” is modified as “Allow Smith to read confidential file X”.

3 Repudiation –
This attack occurs when the network is not completely secured or the login control has
been tampered with. With this attack, the author’s information can be changed by actions
of a malicious user in order to save false data in log files, up to the general manipulation
of data on behalf of others, similar to the spoofing of e-mail messages.
4. Replay –
It involves the passive capture of a message and its subsequent transmission to produce
an authorized effect. In this attack, the basic aim of the attacker is to save a copy of the
data originally present on that particular network and later on use this data for personal
uses. Once the data is corrupted or leaked it is insecure and unsafe for the users.
 Replay

5 Denial of Service –
It prevents the normal use of communication facilities. This attack may have a specific
target. For example, an entity may suppress all messages directed to a particular
destination. Another form of service denial is the disruption of an entire network either by
disabling the network or by overloading it with messages so as to degrade performance.

Denial of Service

Passive attacks:
A Passive attack attempts to learn or make use of information from the system but does
not affect system resources. Passive Attacks are in the nature of eavesdropping on or
monitoring transmission. The goal of the opponent is to obtain information that is being
transmitted. Types of Passive attacks are as follows:
• The release of message content
• Traffic analysis

1.The release of message content –

Telephonic conversation, an electronic mail message, or a transferred file may contain
sensitive or confidential information. We would like to prevent an opponent from learning
the contents of these transmissions.

Passive attack
2. Traffic analysis –
Suppose that we had a way of masking (encryption) information, so that the attacker even
if captured the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host and could
observe the frequency and length of messages being exchanged. This information might
be useful in guessing the nature of the communication that was taking place.
The most useful protection against traffic analysis is encryption of SIP traffic. To do this,
an attacker would have to access the SIP proxy (or its call log) to determine who made
the call.

Cryptography
Cryptography is the science of protecting information by transforming it into a secure
format. This process, called encryption, has been used for centuries to prevent
handwritten messages from being read by unintended recipients. Today, cryptography is
used to protect digital data. It is a division of computer science that focuses on
transforming data into formats that cannot be recognized by unauthorized users. An
example of basic cryptography is a encrypted message in which letters are replaced with
other characters. To decode the encrypted contents, you would need a grid or table that
defines how the letters are transposed. For example, the translation grid below could be
used to decode "1234125678906" as "techterms.com".

1 t 6 m

2 e 7 s

3 c 8 .

4 h 9 c

5 r 0 o

The above table is also called a cipher. Ciphers can be simple translation codes, such as
the example above, or complex algorithms. While simple codes sufficed for encoding
handwritten notes, computers can easily break, or figure out, these types of codes.
Because computers can process billions of calculations per second, they can even break
complex algorithms in a matter of seconds. Therefore, modern cryptography involves
developing encryption methods that are difficult for even supercomputers to break.
Features Of Cryptography are as follows:

1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no other
person except him can access it.
2. Integrity:
Information cannot be modified in storage or transition between sender and intended
receiver without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send
information at later stage.
4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.

Types Of Cryptography:
In general there are three types Of cryptography:
1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message use a single
common key to encrypt and decrypt messages. Symmetric Key Systems are faster
and simpler but the problem is that sender and receiver have to somehow exchange
key in a secure manner. The most popular symmetric key cryptography system is
Data Encryption System(DES).
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text to
be recovered. Many operating systems use hash functions to encrypt passwords.
3. Asymmetric Key Cryptography:
Under this system a pair of keys is used to encrypt and decrypt information. A public
key is used for encryption and a private key is used for decryption. Public key and
Private Key are different. Even if the public key is known by everyone the intended
receiver can only decode it because he alone knows the private key.
History of cryptography
The word "cryptography" is derived from the Greek kryptos, meaning hidden.

The prefix "crypt-" means "hidden" or "vault," and the suffix "-graphy" stands for "writing."

The origin of cryptography is usually dated from about 2000 B.C., with the Egyptian
practice of hieroglyphics. These consisted of complex pictograms, the full meaning of
which was only known to an elite few.

The first known use of a modern cipher was by Julius Caesar (100 B.C. to 44 B.C.), who
did not trust his messengers when communicating with his governors and officers. For
this reason, he created a system in which each character in his messages was replaced
by a character three positions ahead of it in the Roman alphabet.

Securing Data with Cryptographic Algorithms

Literally thousands of different cryptographic algorithms have been developed over the
years. Cryptographic algorithms can be classified as follows:

o Encryption algorithms that are used to encrypt data and provide

confidentiality

o Signature algorithms that are used to digitally “sign” data to provide

authentication

o Hashing algorithms that are used to provide data integrity

Encryption Algorithms
Some popular encryption algorithms (many of which were AES candidates) are:

o Rijndael (AES standard)

o DES and 3DES
o SAFER
o IDEA
o DEAL
o CAST-256
o MARS
o Blowfish and Twofish
Other encryption algorithms include SERPENT, RC4/RC5/RC6, LOKI-97, FROG, and
Hasty Pudding.

Signature Algorithms
Signature algorithms are used to create digital signatures. A digital signature is merely a
means of “signing” data (as described earlier in the section “Asymmetric Encryption”) to
authenticate that the message sender is really the person he or she claims to be. Digital
signatures can also provide for data integrity along with authentication
and nonrepudiation. Digital signatures have become important in a world where many
business transactions, including contractual agreements, are conducted over the
Internet. Digital signatures generally use both signature algorithms and hash algorithms.
When a message is encrypted with a user's private key, the hash value that is created
becomes the signature for that message. Signing a different message will produce a
different signature. Each signature is unique, and any attempt to move the signature from
one message to another would result in a hash value that would not match the original;
thus, the signature would be invalidated.

Hashing Algorithms

Hashing is a technique in which an algorithm (also called a hash function) is applied to a

portion of data to create a unique digital “fingerprint” that is a fixed-size variable. If
anyone changes the data by so much as one binary digit, the hash function will produce
a different output (called the hash value) and the recipient will know that the data has
been changed. Hashing can ensure integrity and provide authentication as well.
The hash function cannot be “reverse-engineered”; that is, you can't use the hash value
to discover the original data that was hashed. Thus, hashing algorithms are referred to
as one-way hashes. A good hash function will not return the same result from two
different inputs (called a collision); each result should be unique.

ARTIFICIAL INTELLIGENCE (AI)

It is one of the emerging technologies that try to simulate human reasoning in AI
systems. We are already using AI in your day-to-day lives for example a virtual assistant
such as Siri, Google assistant or cortana all are digital personal assistants. They help
you find useful information when you ask for it using your voice. This is a simple example
of AI.

John McCarthy defined the term AI in the year 1950. It is the concept that refers to a
computer ability to perform tasks and make decisions that require some level of human
intelligence.

AI systems will typically demonstrate at least some of the following behaviours

associated with human intelligence: planning, learning, reasoning, problem solving,
knowledge, representation, perception, motion and manipulation. There are many major
subfields under it:

1. Machine Learning : ML is an application of AI that provide systems the ability to

automatically learn and improve from experience without being explicitly programmed.

2. Neural networks : A computer system modelled on the human brain and nervous
system. These are brain-inspired networks of interconnected layers of algorithms called
neurons, that feed data into each other and which can be trained to carry out specific
tasks.

3. Deep learning: A machine learning technique that teaches computers to learn by

example.

4. Computer vision: Computer vision system is a technology of obtaining models to

control information from visual data. Example a spying aeroplane takes photographs
which are used to figure out spatial information or map of the areas.

5. Natural language processing: It is possible to interact with the computer that

understand human language.

APPLICATIONS OF AI

1. Gaming

2. Natural language processing

3. Expert systems

4. Vision systems

5. Speech recognition

6. Handwritten recognition

7. Intelligent robotics

ADVANTAGES OF AI

1. Available 24*7: Using AI you can make machines work 24*7 without any breaks and
they don’t even get bored, unlike humans.

2. Helping in repetitive jobs: In your day to day work, you will be performing many
repetitive works like sending a thanking mail, verifying certain documents for errors and
many more things. In banks, you often see many verifications of documents to get a loan
which is a repetitive task for the owner of the bank.

3. Reduction in human error: AI would have a low error rate compared to humans, if
coded properly. They would have accuracy and speed.

4. Needs no breaks

DISADVANTAGE OF AI

1. High cost of creation

2. Making human lazy

3. Unemployment

4. No emotions
5. Lacking out of box thinking

TYPES OF AI

1. Weak AI or Narrow AI:

o Narrow AI is a type of AI which is able to perform a dedicated task with
intelligence.The most common and currently available AI is Narrow AI in the world of
Artificial Intelligence.
o Narrow AI cannot perform beyond its field or limitations, as it is only trained for one
specific task. Hence it is also termed as weak AI. Narrow AI can fail in unpredictable
ways if it goes beyond its limits.
o Apple Siriis a good example of Narrow AI, but it operates with a limited pre-defined
range of functions.
o Some Examples of Narrow AI are playing chess, purchasing suggestions on e-
commerce site, self-driving cars, speech recognition, and image recognition.

2. General AI:
o General AI is a type of intelligence which could perform any intellectual task with
efficiency like a human.
o The idea behind the general AI to make such a system which could be smarter and
think like a human by its own.
o Currently, there is no such system exist which could come under general AI and can
perform any task as perfect as a human.
o The worldwide researchers are now focused on developing machines with General
AI.
o As systems with general AI are still under research, and it will take lots of efforts and
time to develop such systems.

3. Super AI:
o Super AI is a level of Intelligence of Systems at which machines could surpass
human intelligence, and can perform any task better than human with cognitive
properties. It is an outcome of general AI.
o Some key characteristics of strong AI include capability include the ability to think, to
reason, solve the puzzle, make judgments, plan, learn, and communicate by its own.
o Super AI is still a hypothetical concept of Artificial Intelligence. Development of such
systems in real is still world changing task.

MACHINE LEARNING
Machine learning is an application of artificial intelligence (AI) that provides systems the
ability to automatically learn and improve from experience without being explicitly
programmed. Machine learning focuses on the development of computer
programs that can access data and use it to learn for themselves. The primary aim is
to allow the computers learn automatically without human intervention or assistance
and adjust actions accordingly.

ADVANTAGE

1. Automation of Everything
Machine Learning is responsible for cutting the workload and time. By automating things
we let the algorithm do the hard work for us. Automation is now being done almost
everywhere. The reason is that it is very reliable. Also, it helps us to think
more creatively.
Due to ML, we are now designing more advanced computers. These computers can
handle various Machine Learning models and algorithms efficiently. Even though
automation is spreading fast, we still don’t completely rely on it. ML is slowly transforming
the industry with its automation.

2. Wide Range of Applications

ML has a wide variety of applications. This means that we can apply ML on any of the
major fields. ML has its role everywhere from medical, business, banking to science and
tech. This helps to create more opportunities. It plays a major role in customer
interactions.
Machine Learning can help in the detection of diseases more quickly. It is helping to lift
up businesses. That is why investing in ML technology is worth it.

3. Efficient Handling of Data

Machine Learning has many factors that make it reliable. One of them is data handling.
ML plays the biggest role when it comes to data at this time. It can handle any type of
data.
Machine Learning can be multidimensional or different types of data. It can process
and analyze these data that normal systems can’t. Data is the most important part of any
Machine Learning model. Also, studying and handling of data is a field in itself.

4. Best for Education and Online Shopping

ML would be the best tool for education in the future. It provides very creative techniques
to help students study.
Recently in China, a school has started to use ML to improve student focus. In online
shopping, the ML model studies your searches. Based on your search history, it would
provide advertisements. These will be about your search preferences in previous
searches. In this, the search history is the data for the model. This is a great way to
improve e-commerce with ML.

DISADVANTAGE
1. Possibility of High Error
In ML, we can choose the algorithms based on accurate results. For that, we have to run
the results on every algorithm. The main problem occurs in the training and testing of
data. The data is huge, so sometimes removing errors becomes nearly impossible.
These errors can cause a headache to users. Since the data is huge, the errors take a
lot of time to resolve.
2. Algorithm Selection
The selection of an algorithm in Machine Learning is still a manual job. We have to run
and test our data in all the algorithms. After that only we can decide what algorithm we
want. We choose them on the basis of result accuracy. The process is very much time-
consuming.
3. Data Acquisition
In ML, we constantly work on data. We take a huge amount of data for training and
testing. This process can sometimes cause data inconsistency. The reason is some
data constantly keep on updating. So, we have to wait for the new data to arrive. If not,
the old and new data might give different results. That is not a good sign for an algorithm.
4. Time and Space
Many ML algorithms might take more time than you think. Even if it’s the best algorithm it
might sometimes surprise you. If your data is large and advanced, the system will take
time. This may sometimes cause the consumption of more CPU power. Even with
GPUs alongside, it sometimes becomes hectic. Also, the data might use more than the
allotted space.

WHAT IS ROBOTIC PROCESS AUTOMATION?

Robotic process automation (RPA) is a software technology that makes it easy to build,
deploy, and manage software robots that emulate humans actions interacting with digital
systems and software. Just like people, software robots can do things like understand
what’s on a screen, complete the right keystrokes, navigate systems, identify and extract
data, and perform a wide range of defined actions. But software robots can do it faster
and more consistently than people, without the need to get up and stretch or take a
coffee break. RPA is the use of software with AI and MI capabilities to handle high
volume, repeatable tasks that require human to perform.

APPLICATIONS OF RPA

1. Accounting: For general accounting, operational accounting, transaction reporting,

and budgeting organizations can use RPA.

2. Healthcare: It can be used by medical organizations in the handling of patient records,

claims, customer service, account management, reporting, and data analytics.

3. Customer Services: By automating contact center duties, can assist businesses to

deliver improved customer service, including e-signature verification, scanned records

uploading, and automated rejection approval verification data.

4. Financial Services: Financial services companies may use RPA for foreign exchange
payments, automation of account opening and closing, audit request management, and
insurance claims processing.