DNS (Domain Name System) is just as important as fast content. DNS is what translates your familiar domain name (www.google.com) into an IP address your browser can use (173.194.33.174). This system is fundamental to the performance of your webpage, yet most people don’t fully understand how it works. Therefore, in order to help you better understand the availability and performance of your site, we will be publishing a series of blog articles to shed light on the sometimes complex world of DNS, starting with the basics.

Before the page and any resource on the page are loaded, the DNS must be resolved so the browser can establish a TCP connection to make the HTTP request. In addition, for every external resource referenced by a URL, the DNS resolution must complete the same steps (per unique domain) before the request is made over HTTP. The DNS Resolution process starts when the user types a URL address on the browser and hits Enter. At this point, the browser asks the operating system for a specific page, in this case, google.com.

Step 1: OS Recursive Query to DNS Resolver

Since the operating system doesn’t know where “www.google.com” is, it queries a DNS resolver. The query the OS sends to the DNS Resolver has a special flag that tells it is a “recursive query.” This means that the resolver must complete the recursion and the response must be either an IP address or an error.

For most users, their DNS resolver is provided by their Internet Service Provider (ISP), or they are using an open source alternative such as Google DNS (8.8.8.8) or OpenDNS (208.67.222.222). This can be viewed or changed in your network or router settings. At this point, the resolver goes through a process called recursion to convert the domain name into an IP address.

Step 2: DNS Resolver Iterative Query to the Root Server

The resolver starts by querying one of the root DNS servers for the IP of “www.google.com.” This query does not have the recursive flag and therefore is an “iterative query,” meaning its response must be an address, the location of an authoritative name server, or an error. The root is represented in the hidden trailing “.” at the end of the domain name. Typing this extra “.” is not necessary as your browser automatically adds it.

There are 13 root server clusters named A-M with servers in over 380 locations. They are managed by 12 different organizations that report to the Internet Assigned Numbers Authority (IANA), such as Verisign, who controls the A and J clusters. All of the servers are copies of one master server run by IANA.

Step 3: Root Server Response

These root servers hold the locations of all of the top level domains (TLDs) such as .com, .de, .io, and newer generic TLDs such as .camera.

The root doesn’t have the IP info for “www.google.com,” but it knows that .com might know, so it returns the location of the .com servers. The root responds with a list of the 13 locations of the .com gTLD servers, listed as NS or “name server” records.

Step 4:  DNS Resolver Iterative Query to the TLD Server

Next, the resolver queries one of the .com name servers for the location of google.com. Like the Root Servers, each of the TLDs has 4-13 clustered name servers existing in many locations. There are two types of TLDs: country codes (ccTLDs) run by government organizations, and generic (gTLDs). Every gTLD has a different commercial entity responsible for running these servers. In this case, we will be using the gTLD servers controlled by Verisign, who run the .com, .net, .edu, and .gov among gTLDs.

Step 5: TLD Server Response

Each TLD server holds a list of all of the authoritative name servers for each domain in the TLD. For example, each of the 13 .com gTLD servers has a list of all of the name servers for every single .com domain. The .com gTLD server does not have the IP addresses for google.com, but it knows the location of google.com’s name servers. The .com gTLD server responds with a list of all of google.com’s NS records. In this case, Google has four name servers, “ns1.google.com” to “ns4.google.com.”

Step 6: DNS Resolver Iterative Query to the Google.com NS

Finally, the DNS resolver queries one of Google’s name server for the IP of “www.google.com.”

Step 7: Google.com NS Response

This time the queried Name Server knows the IPs and responds with an A or AAAA address record (depending on the query type) for IPv4 and IPv6, respectively.

Step 8: DNS Resolver Response to OS

At this point, the resolver has finished the recursion process and is able to respond to the end user’s operating system with an IP address.

Step 9: Browser Starts TCP Handshake

At this point, the operating system, now in possession of www.google.com’s IP address, provides the IP to the Application (browser), which initiates the TCP connection to start loading the page. For more information on this process, we wrote a blog post on the anatomy of HTTP.

As mentioned earlier, this is worst case scenario in terms of the length of time to complete the resolution. In most cases, if the user has recently accessed URLs of the same domain or other users relying on the same DNS resolver have done such requests, there will be no DNS resolution required, or it will be limited to the query on the local DNS resolver.

Learn more »

·      Any participant can read a certificate to determine the name and public key of the certificate’s owner.

·      Any participant can verify that the certificate originated from the certificate authority and is not counterfeit.

·      Only the certificate authority can create and update certificates.

·      Any participant can verify the currency of the certificate.

Learn more »

A dramatic increase in the key space is achieved by allowing an arbitrary substitution. There are 26!  Possible keys. It is referred to as monoalphabetic substitution cipher, because a single cipher alphabet is used per message.

Learn more »

The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places down the alphabet .The alphabet is wrapped around, so that the letter following Z is A.

                   C = E (p) = (p + 3) mod (26)

The general Caesar cipher algorithm is

                   C = E (p) = (p + k) mod (26)

         where  k takes the value in the range 1 to 25

The decryption algorithm is

               p = D(C) = (C - k) mod (26)

Learn more »

            An encryption scheme is unconditionally secure if the cipher text generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much cipher text is available.

            An encryption scheme is said to be computationally secure if:

• The cost of breaking the cipher exceeds the value of the encrypted information.

• The time required to break the cipher exceeds the useful lifetime of the information.

Learn more »

The general two approaches for attacking a cipher

1. Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some samples plaintext-cipher text pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. If the attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with the key are compromised.
2.  Brute-force attack: The attacker tries every possible key on a piece of cipher text until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.

Learn more »

            A block cipher processes the input one block at a time, producing an output block for each input block.

            A stream cipher processes the input continuously, producing output one element at a time, as it goes alone.

Learn more »

            If both sender and receiver use the same key, the system is referred as symmetric, single-key, secret-key or conventional encryption. If both sender and receiver uses a different key, the system is referred as asymmetric, two-key or public key encryption.

Learn more »

            All the encryption algorithms are based on two general principles:

      Substitution: In which each element in the plaintext(bit, letter, group of  bits or letters) is mapped into another element.

      Transposition: In which elements in the plaintext are rearranged.

The fundamental requirement is that no information be lost(that is ,that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions.

Learn more »

•  A symmetric encryption scheme has five ingredients:
•  Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
•  Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.
•  Secret Key: The secret key is also input to the encryption algorithm. The key is the value independent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key.
• Cipher text: This is the scrambled message produced as output. It depends on the plaintext and the key.
• Decryption algorithm: This is essentially the encryption algorithm in reverse. It takes the cipher text and the secret key and produces the original plaintext.

Learn more »

      1.Gain unauthorized access to information(ie.violate secrecy or privacy)

      2.Disavow responsibility or liability for information the  cheater did originate.

      3.Enlarge cheater’s  legitimate license(for access ,origination, distribution etc).

      4.Pervert the function of software, typically by adding a covert function.

      5.Cause others to violate a protocol by means of introducing incorrect information.

Learn more »

       An attack on system security that derives from an intelligent threat: that is an intelligent act that is a deliberate attempt(especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

Learn more »

      A potential for violation of security, which exists when there is a circumstances,capability,action or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability.

Learn more »

Identification

Authorization

Concurrence

Liability

Endorsement

Validation

Time of occurrence

Registration

Learn more »

    There are three aspects of the information security.

Security attack

Security mechanism

Security Service

Learn more »

           Security recovery deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.

Learn more »

          Data appended to, or a data unit that allows a recipient of the data unit to prove the source and integrity if the data unit and protect against forgery.

Learn more »

      Information access threats intercept or modify data on behalf of users who should not have access to that data.

      Service threats exploit service flaws in computers to inhibit use by legitimate users.

Learn more »

1. Design an algorithm for performing the security-related transformation.                                            The algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of   the    security algorithm and the secret information to achieve a particular security.

Learn more »

.What is Encipherment?

       The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.

Learn more »