Understanding principles of security: Integrity

The principles of Security

The foundational principles of security are: confidentiality, integrity and availability.
These principles known as the CIA triad is a guideline for information security for an organization.

Integrity

Integrity is accuracy, consistency, and trustworthiness of the data during its entire life cycle. Another term for integrity is quality.
Data must be unaltered during transit and not changed by unauthorized entities.
Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls.

Hashes and Checksum

The process of hashing involves passing data through a cryptographic function, called a hash or digest function.
This process yields a small – relative to the size of the original data- value that uniquely identifies the data.
Depending on the algorithm used, the value’s size is usually 128 or 160 bits.
Checksum hashing can be used to verify integrity of the data during transfer.

Hashing is a one-way function that creates a fixed-length output (known as the hash, hashing value, fingerprint, message digest, and so on)
from an input of any length.
Common hash functions include MD5, SHA-1, SHA-256, and SHA-512. These hash functions use complex mathematical algorithms.

For example, Message Digest 5 (MD5) is a 128-bit hash algorithm. This means that no matter what the size of the input data, the output hash will
always be 128 bits long.
Hashing is not an encryption algorithm. Instead, hashing is used to produce a unique identifier of data without modifying the original data. The data could be a file, a hard drive,
a network-traffic packet, or an email message.
The hashed value is used to detect when changes have been made to a resource.
For example, when a hard drive is being imaged to create an exact duplicate, a hash is produced of the original drive before the duplication process.

Fig 1. Summary of hashing algorithms

A hash tells you nothing about the data, but it uniquely identifies it.
The hashed value is simply there for comparison.

Fig 2. The hash function operates on fixed-size blocks of data

Writing a simple Hash Calculator with AngularJS, HTML5, C# and WCF.

I’ve written an app to demonstrate how to implement hash functions in a REST Service.
The app communicates with a WCF REST service that uses the C# abstract class System.Security.Cryptography.HashAlgorithm to achieve encryption.

  1. The user enters the text to encrypt, selects the algorithm to use.
  2. The user submits the information to the service in order to get the hash code.
  3. The hash web service presents the hash code to the user.

Testing with different algorithms, we can see the length of the output.

Fig 3. Using the MD5 algorithm.
Fig 4. Using the SHA1 algorithm.
Fig 5. Using the SHA256 algorithm.
Fig 6. Using the SHA384 algorithm.
Fig 7. Using the SHA512 algorithm.
Fig 8. Changing the text, we can see a totally different output, but without no changes in the length.

Conclusion

Keeep in mind that hash functions do not encrypt the data. They use the data to make a fingerprint or snapshot of the data that is given to you as a code.
That code is used to determine whether or not the data has been altered. If the data you receive has been altered, you will not get the same code number as the original data.


Download example source code.

The static keyword in C#

The static keyword declares members (attributes, methods) that are associated with the class rather than the instances of the class.

Sometimes it is desirable to have a variable that is shared among all instances of a class. For example, you could use this variable as the basis for communication between instances or to keep track of the number of instances that have been created.

You achieve this shared effect by making the variable with the keyword static. Such a variable is sometimes called a class variable to distinguish it from a member of instance variable, which is not shared.

Fig1. UML Object Diagram showing the Client class and two unique instances.

In this example, every object that is created is assigned a unique serial number, starting at 1 and counting upwards. The variable counter is shared among all instances, so when the constructor of one object increments counter, the next object to be created receives the incremented value.

A static variable is similar in some ways to a global variable in other languages.

Listing 1. Example marking the variable counter with the keyword static.

If a static is not marked as private, you can access it from outside the class. To do this, you do not need an instance of the class, you can refer to it through the class name.

Listing 2. Example referring to the static variable counter.

Sometimes you need to access program code when you do not have an instance of a particular object available. A method that is marked using the keyword static can be used in this way and is sometimes called a class method.

Listing 3. A method marked using the static keyword.
Fig 2. Output of the program is.

You should access methods that are static using the class name rather than an object reference.

Because you can invoke a static method without any instance of the class to which it belongs, there is no this reserved keyword applicable, because static variables and methods exist independently of any class objects, even when there are no objects of that class. The consequence is that a static method cannot access any variables other than the local variables, static attributes, and its parameters. Attempting to access non-static attributes causes a compiler error.

Listing 4. A complete example
Fig 3. Output for the complete example

You should be aware of the following when using static methods:

  • Inside the basic console application, we have the startup procedure Main. Main is defined as a static member, which means we do not have to have an instance of the enclosing class
  • Constants are considered static members. Therefore, they do not need to be-for that matter, they cannot be-marked with the static keyword.

Download the source code

Understanding Inheritance in C#

Inspired from biological modeling, inheritance allows new classes to be constructed that inherit characteristics (fields and methods) from ancestor classes while typically introducing more specialized characteristics, new fields, or methods. A subclass is logically considered to be a specialized version or extension of its parent and by inference its ancestor classes.

In programming, you often create a model of something, and then need a more specialized version of that original model.

Fig 1. Shows the UML class diagrams that model the Employee and Manager classes.
Listing 1. A possible implementation of Employee class.
Listing 2. A possible implementation of Manager class.

These codes illustrate the duplication of attributes between Manager class and the Employee class. Additionally, there could be a number of methods applicable to both classes.
In object-oriented languages, special mechanisms are provided that enable you define a class in terms of a previously defined class.

One of its main mechanism is called Inheritance. Inheritance is a form of software reusability in which classes are created by absorbing an existing class’s data and behaviors and embellishing them with new capabilities.
The next figure shows the diagram in which the Manager is a derived class of Employee base class.

Fig 2. Class diagram using Inheritance.
Listing 3. The Employee class.
Listing 4. The Manager class that inherits from class Employee.

Single Inheritance

The C# programming language permits a class to extend one other class only. This restriction is called single inheritance. With single inheritance, a class is derived from one base class. C# does not support multiple inheritance.

Once created, each derived class can become the base class for future derived classes. Typically, the derived class contains the behaviors of its base class. Therefore, a derived class is more specific than its base class and represents a more specialized group of objects.

The next image shows the base class Employee and three derived classes: Engineer, Manager and Secretary. The Manager is also the base class from which the derived class Director explicitly inherits.

Fig 3. An example Inheritance tree.

The Employee class contains three attributes (Name, Salary, and BirthDate), as well as one method (GetDetails). The Manager class inherits all of these members and specifies an additional attribute, department, as well as the GetDetails method. The Director class inherits all of the members of Employee and Manager and specifies a CarAllowance attribute and a new method, IncreaseAllowance.

Download source code

The this Reference

Every object can access a reference to itself, called the this reference. The this reference can refer implicitly to the instance variable, properties and methods of an object.

Two uses of the this keyword are:

  1. To resolve ambiguity between instance variables and parameters
  2. To pass the current object as a parameter to another method

The following class demonstrates these uses.

Fig 1 The Use of the this Keyword

The first constructor receives three uint parameters which names are identical to the instance variables of the class. I did this to illustrate explicit use of the this reference.

Fig 2 This reference output

The explicit use of the this reference can increase program clarity in some contexts where this is optional.

Download the example source code

C# Networking Basics: Sockets

Socket is the name given to an abstraction through which an application may send and receive data. The term “Socket” refers to the Berkeley Sockets Interface, which was developed in 1978 for network programming with UNIX and was popularized by C programmers.

Because of the popularity of that abstraction, this term has been reused in many programming model including .NET technology.
The main types of sockets in TCP/IP today are: stream sockets and datagram sockets, both use TCP as the end-to-end protocol with IP underneath, the .NET framework provides a clear distinction between using TCP and UDP, defining a separate set of classes for both protocols.

Stream Sockets

Socket based communications in C# employ stream sockets, when processes communicate over a network .NET Framework technology uses the streams model to establish a connection between two o more processes. With stream sockets, a process (running program) establishes a connection to another process.

A socket can hold two streams: one input stream and one output stream when the sender sends data to another process through the network by writing to the output stream associated with the socket, the receiver reads data written by the sender by reading from the input stream associated with the socket. While the connection is in place, data flows between the processes in continuous stream.

Addressing the connection

When you make a network connection, you need to know the address or the name of the remote machine, IPv4 uses 32 bit binary addresses to identify communicating hosts a client must specify the IP address of the host running the server program when it initiates the communication.
In addition, a network connection requires a port number, after you connect to the proper host, you must identify a particular purpose for the connection. So, you can use a particular port number to communicate with the specific program.

Port Numbers

In TCP/IP port numbers are 16-bit numbers and the values range from 0-65535. In practice, port numbers below 1024 are reserved for predefined services, and you should not use them unless communicating with one of those services, client port numbers are allocated by the operating system to something not in use, while server port numbers are specified by the programmer, and are used to identify a particular service.
Both client and server must agree in advance on which port to use. If the port numbers used by the two parts of the system do not agree, communication does not occur.
Ports are divided into the following ranges:

  • 0-1023: well-known ports
  • 1024-49151: registered ports
  • 49152-65535: dynamic or private ports
Minimal TCP/IP Server

The System.Net.Sockets.TcpListener class is used to create server applications. TcpListener provides a simple wrapper around the socket classes, here is a simple TCP Server that accepts a single client connection.

Example 1: Implementing a network streaming server

To compile this program using mono, type the following command at your command prompt:
$ mcs /t:exe -out:SimpleTCPServer.exe SimpleTCPServer.cs
And to run it, type this command line:
$mono SimpleTCPServer.exe
And you’ll see the following output on your screen:
Fig 1: Result of running the SimpleTCPServer program.
Minimal TCP/IP Client

The client is a simple console application, this application uses the TcpClient class to connect to the running server, and receives the returned message.

Example 2: Implementing a client

To compile this program using mono, type the following command at your command prompt:
mcs /t:exe -out:SimpleTCPClient.exe SimpleTCPClient.cs
And to run it, type this command line:
$mono SimpleTCPClient.exe
And you’ll see the following output on your screen:
Fig 2: Result of running the SimpleTCPClient program.

Download the SimpleTCPServer source code.

Download the SimpleTCPClient source code.