CRYPTOGRAPHY

As we tend towards a more and more computer centric world, the concept of data security has attained a paramount importance. Though present day security systems offer a good level of protection, they are incapable of providing a "trust worthy" environment and are vulnerable to unexpected attacks. Palladium is a content protection concept that has spawned from the belief that the pc, as it currently stands, is not architecturally equipped to protect a user forms the pitfalls and challenges that an all-pervasive network such as the Internet poses.

As a drastic change in pc hardware is not feasible largely due to economic reasons, palladium hopes to introduce a minimal change in this front. A paradigm shift is awaited in this scenario with the advent of usage of palladium, thus making content protection a shared concern of both software and hardware. In the course of this paper the revolutionary aspects of palladium are discussed in detail.A case study to restructure the present data security system of JNTU examination system using palladium is put forward.

INTRODUCTION

Need for security:

Many organizations posses valuable information they guard closely. As more of this information is stored in computers the need of data security becomes increasingly important. Protecting this information against unauthorized usage is therefore a major concern for both operating systems and users alike.

Threats of data:

From a security perspective computer systems have 3 general goals with corresponding threats to them as listed below:

The first one data confidentiality is concerned with secret data remaining secret. More specifically if the owner of some data has decided that the data should be available only to certain people and no others, then the system should guarantee that release of data to unauthorized people does not occur. Another aspect of this is individual privacy. The second goal, data integrity, means that unauthorized users should not be able to modify any data without the owner's permission. Data modification in this context includes not only changing the data, but also removing data and adding false data as well. Thus it is very important that a system should guarantee that data deposited in it remains unchanged until the owner decides to do so.

The third goal, system availability, means that nobody can disturb the system to make unstable. It must be able to ensure that authorized persons have access to the data and do not suffer form denial of service. The most classical example of a threat it this is excessive 'PING'ing of a web site, in order to slow it down.

Types of data threats: Intruders:

In security literature people who are nosing around places where they have no business being are called intruders or sometimes adversaries. Intruders can be broadly divided as passive and active. Passive intruders just want to read the files they are not authorized to. Active intruders are more malicious and intend to make unauthorized changes to data. Some of the common activities indulged by intruders are:

Casual Prying: non-technical users who wish to read other people's e-mail and private files mostly do this.

Snooping: This term refers to the breaking of the security of a shared computer system or a server. Snooping is generally done as a challenge and is not aimed at stealing or tampering of confidential data.

Commercial Espionage: This refers to the determined attempts to make money using secret data. For example an employee in an organization can secure sensitive data and sell it away to rival companies for monetary gains.It is very important that potential intruders (and their corresponding activities) are taken into consideration before devising a security system. This is essential as the level of threat and intended damage differ from one to another. 

Virus:Basically a virus is a piece of code that replicates itself and usually does some damage. In a sense the writer of a virus is also an intruder, often with high technical skills. In the same breath it must be said that a virus need not always be intentional and can simply be a code with disastrous run time errors. The difference between a conventional intruder and a virus is that the former refers to person who is personally trying to break into a system to cause damage whereas the latter is a program written by such a person and then released into the world hoping it causes damage.The most common types of viruses are: executable program viruses, memory resident viruses, boot sector viruses, device driver viruses, macro viruses, source code viruses, Trojan horses etc.

ADVANTAGES

As the process of question paper down load is highly secure, the chances of leakage are literally nil.

Since this method is highly trustworthy a single set question paper system can be employed.

An advanced system of Internet communication can be adopted for a broader reach, thus eliminating the role of C.D. Since the download of question papers is "request-specific and time bound" there can not be a case of question paper mis-match.

CONCLUSION

Today, it managers face tremendous challenges due to the inherent openness of end-user machines, and millions of people simply avoid some online transactions out of fear. However, with the usage of "palladium" systems, trustworthy, secure interactions will become possible. This technology will provide tougher security defenses and more abundant privacy benefits than ever before. With palladium, users will have unparalleled power over system integrity, personal privacy and data security.Thus it wouldn't be exaggeration to say that palladium is all to secure the computing world in ways unimaginable.