1.04 coding of data

 Coding of Data
When you are designing a database system to hold
data, one of the first decisions that you will need to
make is about how the data will be collected and
stored.
COMPILED BY H’MM 2

GIGO is a computer science acronym that implies bad input
will result in bad output.
Because computers operate using strict logic, invalid input
may produce unrecognizable output, or "garbage."
For example, if a program asks for an integer and you enter a
string, you may get an unexpected result. Similarly, if you try
to open a binary file in a text editor, it may display
unreadable content
One of the things that you can consider is to code some or all
of your data in order to improve the efficiency of your
system.

Any system will need to have data collected, entered and
stored.
One method of storing data is to assign codes to it. This
usually means shortening the original data in an agreed
manner. The agreement is between the users of the system.
This coding scheme could be part of the training of how to
use the system, and it could also be documented within the
system for new users. If the coding is completely obvious
then there is no such need for formal documentation.

For Example, if a field called 'Gender' has only two values 'M' and 'F'. It should be
obvious from the field name that this refers to Male and Female.
 Example 1
Original data:- Monday; Tuesday; Wednesday; Thursday; Friday
Coded data:- Mon; Tues; Wed; Thurs; Fri
 Example 2
Original data:- Xtra Large; Large; Medium; Small
Coded data:- XL; L; M; S
 Example 3
The above codes are fairly easy for anyone to recognize and understand. Some
codes however are more complicated. What do you think the following codes
might represent ?
RG935LR
CV183TP
The ^above examples could be postcodes. They represent a street name, a
particular part of the street and the town where the street is located.

 Example 4
How about :-
SH12BN
TR14GN
Let's propose that these are codes for clothes in an online shop.
These might be a little bit more difficult because the code is made up from different representative
parts. Let's have a closer look.
The first part represents a piece of clothing, so 'SH' represented 'Shirt' and 'TR' represented
'Trousers'
The middle part of the code is the dress size.
The final part of the code represented a colour, so 'BN' represented 'Brown' and 'GN' represented
'Green'.
You should be able to see from that information that the first code is a size 12 brown skirt. What piece
of clothing would the second code represent ?
It is common for much of the data collected and entered into a system to have some degree of
repetition and redundancy i.e. extra information that does not add anything.

In our everyday lives we come across many examples of how coding is used to represent
data. Here are just a few more ideas :-
Country names
The name Airline flight codes
When you fly you may have noticed that your flight is given a code.
This code consists of two letters to identify the airline that you are flying with. The letters are
usually followed by numbers to represent a particular route.
 Example 5
A British Airways flight from Heathrow to Oslo might be coded as BA766.
A flight operated by the airline company Emirates which depart from Dubai and arrives at
Heathrow might be coded as EK029
Great Britain – GB
France – FR
Canada – CA
What do you think these two country codes represent ?
CN and US

 Speeding up data entry
 Increase accuracy of data entry
 Use of validation
 Less storage space required
 Faster searching for data

 Speeding up data entry
Let's take the example of collecting data about a
person's gender. People can be either 'Male' or
'Female'.
Whilst these two options are easily understood
by all, imagine having to enter the word 'Male'
and 'Female' into a system many hundreds of
times. It is a waste of time and effort because no
extra information is contained in the full words
compared to a single letter.

 Increase accuracy of data entry
The other issue is that no matter how accurate a
person is at data entry, at some stage they are likely
to make a mistake and might spell 'Male' as 'Mail' or
'Female' as 'Femal'. This type of mistake will make
any results from your database queries unreliable.
Instead of entering 'Male' or 'Female' you could code
the data and instead enter it as 'M' or 'F'.
Simply having to enter one letter instead of a possible
six will speed up data entry. It will also cut down on
the risk of mistakes being made with spelling.

 Use of validation
In our example, the words 'Male' or 'Female' have been coded so
that they become 'M' or 'F'.
When data has been coded it makes it easier to use validation to
check if the data entered is sensible. With the example above,
the person entering the data could still make a mistake and enter
'S' instead of 'M' or 'F'.
But if you set up validation so that the field will only accept the
letters 'M' or 'F' and absolutely nothing else then that should
further cut down on possible mistakes.
Note that validation can only check if the data is sensible and
within reasonable limits, it cannot check whether the data is
accurate. Somebody could still enter 'F' instead of 'M'.

 Less storage space required
Every letter that you store in your database
system will take at least one byte of storage. If
you store 'Female' as 'F' then you will save five
bytes of storage space. If the system belongs to
a large organization, there might be many
thousands or millions of records stored - simply
by coding one field, a huge amount of hard disk
storage can be saved.

 Faster searching for data
It stands to reason that the smaller the size of
your database, the faster it will be to search and
produce results.
Thus by coding data and keeping the size of the
system to a minimum the more time you can
save in the long run when running queries.

 Coarsening of data
 Coding can obscure the meaning of the data
 Coding of Value Judgments

 Coarsening of data
This means that during the coding process some of the subtle details in the
data are lost.
Look at the image on the right :-
The colors of the houses could be classed as:-
Light pink, pale blue, black and mid blue
However, when these colors are coded they may become :-
PK (pink), B (blue), BK (black), BE (blue)
In this case, no allowance has been made for shades of colour so the
results from the above coding would end up as this :-
The fine detail have been lost. This is what is meant by 'coarsening of data'.

 Coding can obscure the meaning of the data
A reader seeing the 'gender' data as M/ F is pretty likely
to know that it means Male/ Female.
But some codes are more obscure, for example the
country code for Switzerland is CHE. Many people might
not recognize what this code represents.
If you were given the code, 244/5838 would you know
what this represented ? Have a search on the Argos site
to see if you can find this product.
In order for the code to be useful, you need to be given a
complete list of possibilities.

 Coding of Value Judgments
When you are collecting data about
people's opinions it might be difficult to
code their answers with accuracy.
For example, you might ask the
question, "was is that curry too spicy?".
Your plan is to give their answers a
code from 1-4 with 1 being mild to 4
being 'blow your head off'. However,
what is spicy to one person will be mild
to another. The code they give will
depend on their individual opinion.
Coding of value judgments will
inevitably lead to coarsening of the
data since there will be a wide range of
opinions that could be held and only a
limited number of codes available.

Advantages and Disadvantages of Coding Data
Advantages Disadvantages
Data entry can be faster Coarsening of data
Data entry can be more accurate Meaning of data can be obscured
Validation can further improve
accuracy
Value judgments are difficult to code
Less storage space required If people do not know the code, it can
slow down the data entry process
Faster searching for data If codes are complicated, the actual
data might be entered incorrectly
Coded data can be more secure if
people do not know what is means
Might run out of code combinations.

Encoding is the process of converting data into a format
required for a number of information processing needs,
including :-
 Program compiling and execution
 Data transmission, storage and
compression/decompression
 Application data processing, such as file conversion
Encoding can have two meanings :-
 In computer technology, encoding is the process of applying
a specific code, such as letters, symbols and numbers, to
data for conversion into an equivalent cipher.
 In electronics, encoding refers to analog to digital
conversion.

Encoding is also used to reduce the size of audio and video
files. Each audio and video file format has a corresponding
coder-decoder (codec) program that is used to code it into the
appropriate format and then decodes for playback.
Encoding should not be confused with encryption, which hides
content. Both techniques are used extensively in the
networking, software programming, wireless communication
and storage fields.
The type of code used for converting characters is known as
American Standard Code for Information Interchange (ASCII),
the most commonly used encoding scheme for files that
contain text. ASCII contains printable and nonprintable
characters that represent uppercase and lowercase letters,
symbols, punctuation marks and numbers. A unique number is
assigned to some characters.

Data is often encoded during collection or when input into an ICT
system. The reasons for this are:
 Coded data takes less effort to type in
 More data can appear on the screen
 Takes up less space (less important because storage is cheap)
 It is easier to check that a code is accurate using validation checks.
Examples of encoding :- GB = Great Britain, D = Germany, IRL = Ireland

 Encoding is done to reduce the number of bit to be transmitted
and save bandwidth. For Example, you have 10 line and your line
no. 4 is active and others are low, then transmitting this
information to another place require you to send all 10 lines or
bits. But if you encode it, then only four bits are enough and you
saved 6 bits.
 Encoding a data set using a cipher (a mathematical process of
transforming the normal text into what looks like gibberish, but
which can be unscrambled back into the original text later)
produces a new data set which disguises the original data's true
nature. This can be used to hide the data inside another data set
(stenography) or simply to make it unreadable by anyone not
sharing the secret to undoing the cipher (cryptography).

 Encoding is the method by which this mathematical process
turns the data into this cipher text. In most cases, a cipher do not
noticeably change the total length of the data.
 Encoding often can be used to produce redundancy in the data
set so that, if a portion of the data set is lost for any reason, the
encoding allows for the lost data to be reconstructed from the
existing encoded data. This makes the data more robust for
communication across methods which are prone to losing
portions of the transmission (to interference, collision, etc.)
 Error correction with encoding, adds more information to the
data stream to allow for reconstruction. Thus, adding error
correction encoding ALWAYS increases the length of the data. It
is possible to include all three methods in one operation :- that
is, a data set can be encoded via some algorithms which
compress, encrypt, and also add error correction.

Advantages Disadvantages
Organization of data : If the data is in a
standardized format, then it can be compared
and organized.
The user needs to possess sufficient
knowledge about the codes being used. If the
users does not know the codes, they cannot
use them.
Speed of input : The codes usually less time to
enter, therefore, it is comparatively quicker to
input large amount of data.
Precision of data can be coarsened. For
example – “Light Blue” might be mistakenly
encoded as “Blue”
Less Memory Requirement : Less amount of
information need to be stored, therefore, less
memory is required.
Coding options become limited if they are
made up, of a range of alphabets or numbers.
Security : If the codes are not apparent, then
it is difficult to know and understand the
meaning of the codes.
Errors are difficult to track. Although
validation will ensure the code is entered
correctly, however, the nature of the code will
make it difficult to see if the code is actually
correct.
Data Validation : Since the codes follow a strict
set of numbers and letters, they are easy to
validate
Encoding of value judgments. For example –
“Was the Film Good ?” to be encoded as a
judgment of 1-4. This will be encoded
differently by different people, which make
comparison difficult.

Data encryption is the act of changing electronic
information into an unreadable state by using algorithms
or ciphers. Originally, data encryption was used for
passing government and military information
electronically. Over time as the public has begun to enter
and transmit personal, sensitive information over the
internet, data encryption has become more widespread.
Nowadays web browsers will automatically encrypt text
when connecting to a secure server. You can tell you are
on a secure, encrypted website when the URL begins
with "https", meaning Hypertext Transmission Protocol,
Secure.

Whenever you enter sensitive data on the internet, you want to make sure
you are on secure website that encrypts the information. Some sensitive data
you should make sure you are entering on a secure, encrypted website are:
 Full name.
 Social Security Number.
 Credit and Debit card numbers.
 Billing and shipping addresses.
 Bank account and bank account log in information.
 Financial/salary information.
 Driver's license number.
 Date of birth.
 Health and patient information.
 Student information.
Ensuring that you use data encryption software or use a secure website
beginning with "https" when you enter personal, sensitive data will help
prevent identity theft.

Devices like modems, set-top boxes, smartcards and
SIM cards all use encryption or rely on protocols like
SSH, S/MIME, and SSL/TLS to encrypt sensitive data.
Encryption is used to protect data in transit sent from all
sorts of devices across all sorts of networks, not just the
Internet; every time someone uses an ATM or buys
something online with a smartphone, makes a mobile
phone call or presses a key fob to unlock a car,
encryption is used to protect the information being
relayed. Digital rights management systems, which
prevent unauthorized use or reproduction of copyrighted
material, are yet another example of encryption
protecting data.

 Symmetric Key / Private key
 Assymetric Key / Public key

Symmetric / Private Key Encryption
Symmetric key, or shared secret key, encryption is the process of encrypting
and decrypting data with the same key. Assuming the symmetric key stays
safe, this type of encryption is very secure. The encrypted data can be
transmitted or stored without fear of unapproved disclosure. Once
encrypted, anyone viewing it would only see the unintelligible data and
would have no way of determining the true contents of the data.

This method of encryption is very secure, but it has one
major drawback. Each step of the encryption and
decryption process requires the same symmetric key. It
is essential to ensure that all approved users have
access to the correct key prior to viewing the data. There
are many ways to pass this key, such as printing a hard
copy of the key or using a thumb drive to pass a soft
copy. A serious consideration for symmetric keys are that
the larger the number of people that have access to the
key, the more likely it is that there will be a breach. Due
to this limitation, “symmetric key encryption is particularly
useful when encrypting your own information as opposed
to when sharing encrypted information”

Assymetric / Public Key Encryption
Asymmetric key or public key encryption is a system that uses multiple keys in the
encryption and decryption process. It is very similar to private key encryption,
however the data is encrypted with a private key and is then decrypted with a
corresponding public key. The process can be reversed as well. For example, Bill
can send Sally a message encrypted with his private key. Then Sally, or anyone
with Bill’s public key, can decrypt the message. When Sally wants to respond to
Bill, she can use his public key to encrypt the message and Bill can use his
private key to decrypt that message. Only Bill’s private key can be used to decrypt
messages encrypted with his public key.

A limitation of asymmetric encryption is speed. The
computational resources required for asymmetric
encryption are much higher than those of symmetric
encryption.
Additionally, for distributing the public key often times a
certificate authority is required. Certificate authorities are
third party entities that are used to verify the identities of
parties on the Internet.

Encryption can be used to provide both confidentiality and
integrity. Confidentiality comes when the file is encrypted in
such a way that only authorized users have access to the
key. Integrity comes from hashing the file so any change, no
matter how minute, can be instantly detected. We can apply
both concepts to :-
 Data in transit
OR
 Data at rest

Data in transit is data being accessed over the network, and
therefore could be intercepted by someone else on the network or
with access to the physical media the network uses. On an
ethernet network, that could be someone with the ability to tap a
cable, configure a switch to mirror traffic, or fool your client or a
router into directing traffic to them before it moves on to the final
destination. On a wireless network, all they need is to be within
range. Wireless networks can be protected from unauthorized
snooping by encrypting all traffic. Strong enterprise networks can
use WPA2 Enterprise, but weaker networks may have to use pre-
shared keys to establish session keys, like in WPA Personal, or
worse, shared keys among all clients as in WEP. For purposes of
this post, consider an open network to be like the one you’d use
at a coffee shop or hotel.
Data In Transit

When you use a clear text protocol like TELNET, HTTP, FTP, SMTP,
POP, IMAP, or LDAP, that traffic is “in the clear” and if someone has
access to your network traffic and a readily available tool like Wireshark,
they can intercept your traffic and read your email, copy your credentials,
or even duplicate files. You need to protect your data’s confidentiality and
your own privacy by encrypting this traffic using SSL/TLS, or switching to
an encrypted equivalent. TELNET can be replaced by SSH. FTP can be
replaced by SFTP. The rest can use encrypted transport with SSL or
TLS. When data is encrypted in transit, it can only be compromised if the
session key can be compromised.
Some encryption in transit will use symmetric encryption and a set
session key, but most will use a certificate and asymmetric encryption to
securely exchange a session key and then use that session key for
symmetric encryption to provide the fastest encryption/decryption. Any
protocol that uses either SSL or TLS, uses certificates to exchange
Public Keys, and then the Public Keys are used to securely exchange
Private Keys, it becomes very difficult for an attacker to defeat.

Most encrypted protocols include a hashing algorithm to ensure no data was
altered in transit. This can also help defeat “Man in the Middle (MitM)” attacks,
because by decrypting and re-encrypting data, the attacker will alter the signature
even if they don’t change any of the key data.
If an attacker can fool you into using them as your proxy, or can convince you to
click past the certificate warning dialogue box so that you will trust their
certificates, they can run a MitM attack where they will establish an encrypted
session with you, and another with your destination, and be able to intercept your
traffic as it passes through their system. That is why it is critical to always use
certificates from a third-party Certificate Authority, to never accept a certificate
when your client software warns you about an untrusted certificate. You should
also train your users to do the same.
Encryption in transit should be mandatory for any network traffic that requires
authentication, or includes data that is not publicly accessible. You don’t need to
encrypt your public facing website, but if you want customers to logon to view
things, then you should use encryption to protect both the logon data, and their
privacy while they access your site.

Data At Rest
Encryption of data stored on media is used to protect the data
from unauthorized access should the media ever be stolen.
Physical access can get past file system permissions, but if the
data is stored in encrypted form and the attacker does not have
the decryption key, they have no more than a useful paperweight
or a drive they can format and use for something else.
Most encryption at rest uses a symmetric algorithm so that data
can be very quickly encrypted and decrypted. You don’t want
encryption to slow down system performance. However, since the
symmetric key itself needs to be protected, they can use a PIN,
password, or even a PKI certificate on a smart card to secure the
symmetric key, making it very difficult for an attacker to
compromise.

Hashing algorithms can be used on files at rest to calculate their
value and compare it later to quickly and easily detect any
changes to the data. Checksums or hashes are commonly run to
validate that a file you have downloaded from the Internet is in
fact the authentic file the creator intended, but investigators can
hash entire hard drives to validate that any copies made are
exact.
Encryption at rest should be mandatory for any media that can
possibly leave the physical boundaries of your infrastructure. USB
keys, external drives, backup tapes, and the hard drives of all
laptops should be encrypted without exception. To further
enhance the security of your servers and to protect against
malicious users or vendors, you should encrypt the hard drives of
all your servers too. That way, even if a failed drive is replaced,
you don’t have to worry about ensuring its physical destruction to
ensure your customers’ and company’s data is secure.

Examples of encryption at rest include the AES-
encrypted portable media, some of which include a
fingerprint reader for two-factor authentication, and
Bitlocker in Windows operating systems to secure both
the system drives and external media.
With encryption in use both in transit and at rest, data
can be protected from prying eyes, and users are
assured that the data has not been modified in any way.
With the prevalence of unencrypted Internet access, and
the loss and theft of IT assets today, using encryption
should be mandatory for all users and all businesses.

An Encryption Protocol (Cryptographic Protocol) is
an abstract or concrete protocol that performs a
security-related function and applies cryptographic
methods, often as sequences of cryptographic
primitives. A protocol describes how the algorithms
should be used. A sufficiently detailed protocol
includes details about data structures and
representations, at which point it can be used to
implement multiple, interoperable versions of a
program.

Encryption protocols are widely used for secure
application-level data transport. An encryption protocol
usually incorporates at least some of these aspects :-
 Key agreement or establishment
 Entity authentication
 Symmetric encryption and message authentication
material construction
 Secured application-level data transport
 Non-repudiation methods
 Secret sharing methods
 Secure multi-party computation

 SSL (Secure Socket Layer)
 TLS (Transport Layer Security)

SSL (Secure Socket Layer)
Secure Sockets Layer (SSL) is a protocol developed by
Netscape for transmitting private documents via the Internet.
SSL uses a cryptographic system that uses two keys to encrypt
data − a public key known to everyone and a private or secret
key known only to the recipient of the message.
SSL URLs
Most Web browsers support SSL, and many websites use the
protocol to obtain confidential user information, including
credit card numbers. By convention, URLs that require an SSL
connection start with https: instead of http:

How SSL Works
When a Web browser tries to connect to a website using SSL,
the browser will first request the web server identify itself.
This prompts the web server to send the browser a copy of
the SSL Certificate. The browser checks to see if the SSL
Certificate is trusted -- if the SSL Certificate is trusted, then
the browser sends a message to the Web server. The server
then responds to the browser with a digitally signed
acknowledgement to start an SSL encrypted session. This
allows encrypted data to be shared between the browser and
the server. You may notice that your browsing session now
starts with https (and not http).

Importance of SSL
SSL is the backbone of our secure Internet and it protects your
sensitive information as it travels across the world's computer
networks. SSL is essential for protecting your website, even if it
doesn't handle sensitive information like credit cards. It provides
privacy, critical security and data integrity for both your websites
and your users' personal information.
Uses of SSL
 SSL Encrypts Sensitive Information
 SSL Provides Authentication
 SSL Provides Trust

 SSL Encrypts Sensitive Information
The primary reason why SSL is used is to keep sensitive
information sent across the Internet encrypted so that only the
intended recipient can understand it. This is important because
the information you send on the Internet is passed from computer
to computer to get to the destination server. Any computer in
between you and the server can see your credit card numbers,
usernames and passwords, and other sensitive information if it is
not encrypted with an SSL certificate. When an SSL certificate is
used, the information becomes unreadable to everyone except for
the server you are sending the information to. This protects it
from hackers and identity thieves.

 SSL Provides Authentication
In addition to encryption, a proper SSL certificate also provides authentication.
This means you can be sure that you are sending information to the right server
and not to an imposter trying to steal your information. Why is this important?
The nature of the Internet means that your customers will often be sending
information through several computers. Any of these computers could pretend
to be your website and trick your users into sending them personal
information. It is only possible to avoid this by using a proper Public Key
Infrastructure (PKI), and getting an SSL Certificate from a trusted SSL provider.
Why are SSL providers important? Trusted SSL providers will only issue an SSL
certificate to a verified company that has gone through several identity checks.
Certain types of SSL certificates, like EV SSL Certificates, require more validation
than others. How do you know if an SSL provider is trusted? You can use our SSL
Wizard to compare SSL providers that are included in most web browsers. Web
browser manufactures verify that SSL providers are following specific practices
and have been audited by a third-party using a standard such as WebTrust.

 SSL Provides Trust
Web browsers give visual cues, such as a lock icon or a green bar, to
make sure visitors know when their connection is secured. This means
that they will trust your website more when they see these cues and
will be more likely to buy from you. SSL providers will also give you a
trust seal that instills more trust in your customers.
HTTPS also protects against phishing attacks. A phishing email is an
email sent by a criminal who tries to impersonate your website. The
email usually includes a link to their own website or uses a man-in-the-
middle attack to use your own domain name. Because it is very difficult
for these criminals to receive a proper SSL certificate, they won’t be able
to perfectly impersonate your site. This means that your users will be far
less likely to fall for a phishing attack because they will be looking for
the trust indicators in their browser, such as a green address bar, and
they won’t see it.

Vulnerability & Obsoletion of SSL
SSL version 3.0 is based on the 1996 draft. In 2014, the 3.0 version of SSL
was considered vulnerable due to POODLE (Padding Oracle On
Downgraded Legacy Encryption) attacks. These attacks allowed secure
HTTP cookies or HTTP Authorization header contents to be stolen from
downgraded communications. Today, SSL 3.0 is considered obsolete and
has been succeeded by Transport Layer Security (TLS), but it is still widely
deployed.
Considering “Secure HTTP (S-HTTP)” as an alternative :
Another protocol for transmitting data securely over the World Wide Web
is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection
between a client and a server, over which any amount of data can be sent
securely, S-HTTP is designed to transmit individual messages securely. SSL
and S-HTTP, therefore, can be seen as complementary rather than
competing technologies. Both protocols were approved by the Internet
Engineering Task Force (IETF) as a standard.

Transport Layer Security (TLS)
As the name suggests, TLS and its predecessor, Secure Sockets Layer
(SSL), both most frequently referred to as "SSL", are encryption or
cryptographic protocols that provide communications security over a
computer network. Several versions of the protocols find widespread
use in applications such as web browsing, email, Internet faxing,
instant messaging, and Voice-over-Internet-Protocol (VoIP). Websites
use TLS to secure all communications between their servers and web
browsers.
The Transport Layer Security protocol aims primarily to provide
privacy and data integrity between two communicating computer
applications. When secured by TLS, connections between a client
(e.g., a web browser) and a server (e.g., wikipedia.org) have one or
more of the following FEATURES :-

 The connection is private (or secure) because symmetric encryption is used
to encrypt the data transmitted. The keys for this symmetric encryption are
generated uniquely for each connection and are based on a shared secret
negotiated at the start of the session (i.e, TLS handshake protocol). The
server and client negotiate the details of which encryption algorithm and
cryptographic keys to use before the first byte of data is transmitted. The
negotiation of a shared secret is both secure (the negotiated secret is
unavailable to eavesdroppers and cannot be obtained, even by an attacker
who places themselves in the middle of the connection) and reliable (no
attacker can modify the communications during the negotiation without
being detected).
 The identity of the communicating parties can be authenticated using
public-key encryption. This authentication can be made optional, but is
generally required for at least one of the parties (typically the server).
 The connection ensures integrity because each message transmitted
includes a message integrity check using a message authentication code to
prevent undetected loss or alteration of the data during transmission.

 Careful configuration of TLS can provide additional privacy-related
properties such as forward secrecy, ensuring that any future disclosure of
encryption keys cannot be used to decrypt any TLS communications
recorded in the past.
 TLS supports many different methods for exchanging keys, encrypting
data, and authenticating message integrity. As a result, secure
configuration of TLS involves many configurable parameters, and not all
choices provide all of the privacy-related properties.

TLS Handshake
When the connection starts, the record encapsulates a
"control" protocol — the handshake messaging protocol.
This protocol is used to exchange all the information
required by both sides for the exchange of the actual
application data by TLS. It defines the messages formatting
or containing this information and the order of their
exchange. These may vary according to the demands of the
client and server— i.e., there are several possible procedures
to set up the connection. This initial exchange results in a
successful TLS connection (both parties ready to transfer
application data with TLS) or an alert message.

Many people think of TLS as a protocol is used with Web browsers to browse
the Internet more securely. However, it is also a general purpose protocol that
can be used whenever authentication and data protection are necessary. For
example, you can use TLS for:
 Secured transactions with an e-commerce Web site.
 Authenticated client access to an secured Web site.
 Remote access.
 SQL access.
 E-mail.
This is not an exhaustive list. In fact, the ability to access the protocol through
Security Service Provider Interface (SSPI) meaning that you can use it for just
about any application. Many applications are being modified to take
advantage of the features of TLS.

 Secured transactions with an e-commerce Web site
This situation is a typical use of TLS between a browser and a
Web server. An example is an e-commerce shopping site where
clients need to provide their credit card numbers. The protocol
first confirms that the certificate of the Web site is valid, and
then sends the client’s credit card information as cipher text.
For this type of transaction, where the server’s certificate
comes from a trusted source, authentication only occurs for the
server. TLS must be enabled for the Web page, such as an order
form, where the data transactions occur.

 Authenticated client access to a secured Web site
Both the client and server need certificates from a mutually-trusted
certification authority (CA), such as Schannel (a security service provision
architecture which is supplied with the Windows Server operating systems).
Client certificates can be mapped on a one-to-one or many-to-one basis to
their Windows Server user or computer accounts, and they can be managed
by Active Directory Users and Computers. Users can then be authenticated
to a Web site without needing to supply a password.
Many-to-one mapping has several uses. For example, if you want to give
several users access to confidential material, you can create a group, map
the users’ certificates to the group, and give the group the necessary
permissions to the material.
In one-to-one mapping, the server has a copy of the client’s certificate;
whenever the client logs in, the server verifies that they are identical. This
one-to-one mapping is typically used for private material, such as a banking
Web site, where only one individual has the right to view a personal account.

 Remote Access
In this situation, telecommuting is a common use for Schannel. You
can use this technology to provide authentication and data
protection when users remotely log in to Windows-based systems or
networks. Users can more securely access their e-mail or enterprise
applications from home or while traveling, reducing the risk of
exposure of the information to anyone on the Internet.
 SQL Access
With Microsoft SQL Server, you can require authentication of the
client when connecting to the server running SQL Server. Either the
client or server can be configured to require encryption of the data
that is transferred between them. Very sensitive information, such as
financial or medical databases, can be protected to prevent
unauthorized access and disclosure of information about the
network.

 E-mail
When using Exchange servers, you can use Schannel to help
protect data as it moves from server to server on the intranet
or Internet. Full end-to-end security might require the use of
Secure/Multipurpose Internet Mail Extensions (S/MIME).
However, helping to protect data in a server-to-server
exchange allows companies to use the Internet to securely
transfer e-mail among divisions within the same company,
subsidiaries and partners. This can be done regardless of
whether S/MIME is used.

 Organizations Involved in Health Services
For organizations involved in health services, using security
safeguards such as TLS may be a federal requirement. Any
organization that transmits electronic billing information to any
health insurance provider, Medicare, or Medicaid, is covered by
the Health Insurance Portability and Accountability Act (HIPAA)
and must meet certain security standards. Additionally, any
organization that stores or transmits user login or patient
information may need to be compliant with the HIPAA Security
Standard, even if it is not technically a covered entity. It is
important to remember that security protocol such as TLS can
help an organization become HIPAA Compliant, but they do not
provide compliance on their own.

 Organizations that Store or Process Payment
Information
For organizations that store or process payment information,
such as donor credit card numbers, implementing TLS may be a
requirement of the Payment Card Industry Data Security
Standard (PCI DSS). This standard was created by the PCI
Security Standards Council, a group of several major payment
card brands, to protect cardholder data. Organizations may be
required to comply with the PCI DSS by their acquiring bank or
payment processor. You may have heard the term PCI-compliant
in reference to certain websites, meaning that these sites have
proven their compliance with these standards. As with the
HIPAA standards, remember that security protocol such as TLS
can help an organization become PCI compliant, but they do not
provide compliance on their own.

 Other Organizations
If an organization stores confidential user information but does
not transmit health or payment information, they still might
need to implement security safeguards like TLS. First-time
visitors will appreciate knowing that their personal information
(like address and phone numbers) is secure when submitting it
to their website. Organizations associated with human rights
and justice could benefit from encryption by protecting the
information, and even the identities, of the people they serve.
The use of TLS can also provide secure connections for
organizations accessing their networks remotely. Though these
safeguards would not be required by the federal government or
a commercial entity, they could help to ensure that an
organization's mission is not compromised by security breaches.

 How Can An Organization Use TLS ?
Most uses of TLS require a digital certificate from a certification
authority or certificate authority (CA), a trusted authority that can
attest to the identity of the certificate owner. Organizations will also
need a system or network administrator who is familiar with whichever
client-server applications need to be secured to enable TLS encryption.
If an organization purchases a certificate from a trusted CA, that
certificate will contain the digital signature of the certification authority,
attesting to the certificate's validity. Organizations can also create their
own certificates, known as self-signed certificates, although these will
not be inherently trusted by a web browser if installed on a web server
and will usually display a security warning for any user who visits a
website with a self-signed certificate.

Certificates are usually issued for a one-year period, and different
security features may be available depending on the vendor. Most of
these features are targeted at organizations that will install these
certificates on web servers. Extended Validation (EV) certifies that the
certificate owner meets the highest standard of identity validation
criteria established by the Certificate Authority Browser Forum — a
voluntary organization of certification authorities — and vendors of
Internet browser software. EV certificates also enhance security
visibility by displaying the organization's name in green in the address
bar as well as displaying the name of the issuing certification
authority.
There are several commercial certification authorities, including
VeriSign, Comodo, GeoTrust and GoDaddy. Customers can visit each of
those organization's websites to compare prices or request a
certificate.

 Organizations That Use TLS/SSL
Organizations of various sizes have made use of TLS for many of the
purposes described before. A good example is the National Cristina
Foundation, a nonprofit organization that provides computers and other
technology to people with disabilities, students at risk, and the economically
disadvantaged. Their website uses TLS to secure an online form that is filled
out by parties who wish to donate computers or other items to the
organization. The organization also uses TLS to encrypt its online grant
application used by prospective recipients to obtain the technology they
need.
Another nonprofit organization, Blood Centers of the Pacific, uses TLS
encryption on its Blood Heroes blood donation website to allow donors to
securely enter their information, make appointments, and view health
information about their blood. And of course, TechSoup uses TLS certificates
to keep its own members' information secure. The TechSoup login page uses
this encryption, as does the entire check-out process on TechSoup's Get
Products donation site.

1.04 coding of data

Recommended

Recommended

More Related Content

Similar to 1.04 coding of data

Similar to 1.04 coding of data (20)

More from Haa'Meem Mohiyuddin

More from Haa'Meem Mohiyuddin (15)

Recently uploaded

Recently uploaded (20)

1.04 coding of data