Protection and Security in Operating System
Cryptography is a mechanism of proving security to the information from unauthorized persons. Suppose we want to send a file or message to another person, if we send the file as it is, the intruders can gain the file easily, So it has to think of alternative methods. One of the methods takes a file or message called the ‘Plaintext’ and encrypts it into the ‘cipher-text’ and then sends the data to the destination, the only destination person knows how to convert it back to the plain text.
The secret-key cryptography is also called ‘mono alphabetic substitution‘ because each letter in the message is replaced by a different letter.
The main drawback in Secret-key Cryptography is the encryption and decryption keys are the same. To overcome this problem in 1976, two researchers at Stanford University. Hallman proposed a radically new kind of crypto-system, one in which the encryption and decryption key was different and the decryption key could not be derived from the encryption key. It means that the encryption key can be made public and only the private decryption key kept secret. Suppose send a secret message to the user a correspondent encrypts the message with the receiver’s public key. Since only the receiver has the private key, only the receiver can decrypt the message. this method is called Public-key Cryptography.
Authentication, integrity non-reputation can be achieved by using Digital Signature. The idea is similar to the signature in a physical document. In the real physical world, the authenticity of a document is verified by the signature of the sender which is called Digital Signature. There is two way to complete the Digital Signature process. One way is to first run the document, the second way is the hashing algorithm. The hash function produces a fixed-length result independent of the original document size. There are two popular hash functions are available in Digital Signature:
1. MD5 (Message Digest): It produces the 16-byte result.
2. SHA (Secure Hash Algorithm): It produces the 20-byte result.
It is commonly found in the military where information is categorized as unclassified (u), considered (c), secret (s), or top-secret (TS). If a person in the military wants to open a database here must have the right to operanda a prescribed category only, other categories he can’t open. Like these multiple levels of data are defined in various organizations, this type of requirement is referred to as ‘multilevel security‘.
Another type of security mechanism is called the ‘reference monitor concept. The reference monitor is a controlling element in the hardware and operating system of a computer that regulates the access of subjects to objects based on the security parameters of the subject and object.
The resident monitor has access to a file known as the security kernel database, it maintains the access privileges of each subject and the protection and security attributes of each object. The reference monitor enforces the security rules. A system that can provide such verification is referred to as a Trusted Systems.
All operating systems use passwords for user authentication nowadays. It is a very simple, efficient method and also easy to implement. In UNIX the password mechanism works like this. Whenever the system is turned on, the login program asks the user to type his name and password. Then the password is immediately encrypted. The login program then reads the password file, it consisting of all passwords, one password for one user, and then searches for the appropriate password for the login name. If the user entered the password, and the password in the password in the password file matches then the login is permitted, otherwise it asks to enter the password again.
It is another type of authentication mechanism, in which each user is identified by a plastic card, with a magnetic stripe on it. Whenever the user wants to log in to the system, the card is inserted into the terminal, which then checks to see whose card it is. This method includes the user to type the passwords also.
Authenctication using Biometrics:
It is a third authentication method, in which the physical characteristics of the user that are hard to forget. So it is called Biometrics. A fingerprint or voice reader can verify the user’s identity. The biometric system consists of two parts, one is enrollment, and the second is identification. In the first part, the user’s physical characteristics are measured and converted into digitized and then stored in the central database. In the second part, the system asks the user for a login name, after entering the login name, the system asks the user to put in the physical parts for identification, if the parts are matched then, the login is opened otherwise rejected.